Sunday, July 27, 2014

More on Security: ISO 27001 and GRC for Law Firms


Previously, we noted that ILTA has posted the recordings of several sessions at their recent Law Firm Information Security Symposium (LegalSEC). Here are more relevant and interesting sessions:

ISO 27001 for Law Firms
ISO 27001 can be a powerful tool for law firms interested in demonstrating information security maturity to both their firm management and clients. Whether you plan to get certified or just leverage ISO 27001 standards, this session will provide information on how the standard can benefit your organization and help you respond to client outside counsel guidelines and security audits.

A 360-Degree Look at eGRC
A paradigm shift is happening in regard to enterprise governance, risk and compliance (eGRC) — we want to be proactive instead of reactive. Legacy and siloed approaches no longer will be successful. Organizations need to plan and implement GRC efforts that are truly "enterprise" and involve all key players and departments in a coordinated organization-wide effort. What does it take to have a successful implementation of a systematic, well-planned, coordinated enterprise approach? What are the overall benefits?

Learn more about the overarching goals of an eGRC program and how it can improve strategic and timely decision-making, enhance the focus and effectiveness of internal audits, and assist in identifying key performance metrics and risk indicators. No angles here...we're giving you a 360-degree look!

What To Do When (Not If) Data Breaches Occur
When security threats emerge, quick response is imperative to contain risk and protect data assets. Often, the expertise and pace with which an event is managed can make as much media buzz as the data breach itself. Come walk through a mock data breach incident and see how well-defended law firms and corporate legal departments are those that prepare for the unexpected.

Thursday, July 24, 2014

There is Only One Lord of the (Risk) Ring?

 
  
 
As first covered in June (poetically), we noted a disqualification motion tied to a matter involving a fight over merchandising rights to the "Lord of the Rings." Now, fresh off the pages of Variety, comes an update: "Judge Refuses to Disqualify Tolkien Attorneys in ‘Lord of the Rings’ Dispute" --

  • "A federal judge is refusing to disqualify Greenberg Glusker as the law firm representing the estate of “The Lord of the Rings” creator J.R.R. Tolkien, which is engaged in a legal tangle with Warner Bros. and the Saul Zaentz Co. over merchandising rights to the lucrative franchise."
  • "Last month, Warner Bros., represented by Dan Petrocelli of O’Melveny & Myers, filed a motion claiming that Greenberg Glusker had “invaded” attorney-client privilege by hiring former MGM studio lawyers as expert witnesses."
  • "Warner Bros.’ claim is that Greenberg Glusker attorneys, led by Bonnie Eskenazi, contacted Alan Benjamin and William Bernstein, who represented UA as in-house lawyers at the time, to serve as expert witnesses, offered to represent them for free as 'percipient witnesses' and 'had direct communications with them.'"
  • "Collins wrote that in making her decision, she considered the Tolkien estate’s right to chosen counsel, Greenberg Glusker’s years of work on the litigation, the length of time that had passed since Bernstein and Benjamin were involved, and the “extremely attenuated relationship” between Warner Bros., the Zaentz Co. and United Artists. UA and MGM had filed a “joinder” to the Warner Bros. motion to disqualify Greenberg Glusker, even though they are not parties in the case."
  • "Collins also denied Warner Bros. and Zaentz’s request for an order of disclosure of Greenberg Glusker’s communications with Benjamin and Bernstein and for a deposition of Eskenazi. She wrote that the discovery is 'likely to be costly and fruitless, and will not advance the litigation.'""

Wednesday, July 23, 2014

Law Firm CIO Responds to Suggestions Industry Security is Lacking

Industry expert, Judith Flournoy, CIO at Kelley, Drye & Warren and chairwoman of ILTA’s legal security working group, takes to the pages of Law Technology News to address frequent stories suggesting that law firms are a juicy and attractive target for hackers: "Law Firms Respond to Security Risks in Client Data: After being dubbed the "soft underbelly of American cybersecurity," law firms embrace robust security programs." --
  • "So, we may have been characterized as the 'soft underbelly' but we are no softer than any other industry, government or institution.  On behalf of my colleagues around the world in firms large and small, we understand the call to arms and we are engaged."
  • "Law firm clients in the financial services industry heavily scrutinize their outside counsel with vendor security audits. Governed by the Office of the Comptroller of Currency and the Federal Financial Institutions Examination Council in compliance with the Gramm-Leach-Bliley Act, all law firms who have financial institution clients are required to respond to a comprehensive security audit."
  • "The audit process is detailed, and in many cases includes questionnaires with several hundred questions, on-site interviews and or on-site physical security assessments covering everything from hard-copy file security to data center security."
  • "Why does this matter?  For the first time in the history of our industry, we find ourselves in a position where we not only have to provide highly detailed information about our security programs but we are also required to remediate any risks identified in the audit process.  The end result for many firms is to redirect efforts and funds for security based projects and policies, including security education programs, resulting in a battle for resources."
  • "Law firms continue to adjust to the 'new normal' business model based on client demands. Prior to 2008, firms provided services to clients based on the billable hour and what the lawyer believed was the value of the work performed. Since 2008, clients have been demanding alternative fee arrangements, fixed fee projects and have been generally unwilling to pay for the work of junior attorneys.  Combine the new normal with clients requiring outside counsel firms to adhere to a much more stringent security practice.  These are the newer set of demands we find ourselves adjusting to."
  • "The good news is that many firms have already begun the complex process of implementing a more robust security posture.  As previously mentioned, many firms have acquired, or are in the process of obtaining, ISO 27001 certifications."

Tuesday, July 22, 2014

A Couple of Compliance Chronicles: Screens Standing & Waivers Working


Two updates to share today. First, from Canadian Lawyer Magazine comes: "Court approves law firm’s ethical screen: Lawyer from opposing side allowed to stay on case at new firm," which is noteworthy as it involves successful screening by a 14-lawyer firm --
  • "When a lawyer for an opposing party joined its firm, Lloyd Burns McInnis LLP faced a real possibility of removal from a case due to a conflict of interest. But in an exemplary case of a timely ethical screen, the firm was allowed to stay on the case this week despite its small size and close working relationships between its lawyers."
  • "Lloyd Burns McInnis is representing AIG Insurance Co. in a class action coverage dispute with the Ontario government. The firm’s new lawyer, Michael Foulds, represented Ontario in the same matter while he worked at Theall Group LLP. Foulds now spends 50 to 60 per cent of his time working with his colleague Douglas McInnis, who is representing AIG in the Ontario-AIG matter. In fact, McInnis and Foulds work together on other files involving AIG."
  • "Despite the province’s argument there’s a high risk of an inadvertent leak of confidential information from Foulds to McInnis, Justice Alfred O’Marra found Lloyd Burns McInnis put up a sufficient ethical screen at the right time to significantly reduce this risk."
  • "'In considering the timely and comprehensive compliance by LBM with the institutional measures set out in the guidelines, in addition to appointment of a supervising senior partner, and isolating Mr. Foulds from any Ontario-AIG matters, I find that a reasonably informed person would be satisfied that the use of confidential information had not occurred or would likely occur, and it is in the interests of justice to allow Mr. McInnis to remain as AIG’s counsel of choice.'"
  • "Davis LLP lawyer Gavin MacKenzie, who represented Lloyd Burns McInnis, says even large law firms can take notes from the steps the firm took in this case. 'I think it’s a good example for small firms and large,' he says, adding if large firms follow the same approach, 'it’s highly likely' that the courts will be satisfied."
Next comes our waiver story: "Attorneys from same firm represent Wilmette, park district in negotiations" --
  • "Sometimes being one happy family comes with a few complications, as Wilmette Park Board members learned when they heard the attorney who represents them in negotiations with the Village of Wilmette belongs to the same law firm as the attorney who represents the village."
  • "That won’t be a problem, district Director Steve Wilson assured board members at their July 14 meeting, before recommending they let him sign a so-called conflict of interest waiver so the negotiations could go forward."
  • "Wilson explained the situation originally occurred because the law firm of Tressler LLC acquired the separate practices of attorneys who had been working as outside counsel for the village and park district: Raysa and Zimmerman, in which village attorney Michael Zimmerman was a partner, and the practice of park district outside counsel Charlene Holtz. Tressler merged with Raysa and Zimmerman in 2012; Holtz joined Tressler in 2009."
  • "Negotiations between Wilmette and the park district are friendly, Frenzer said, so it makes sense to waive any suggestion of conflicts of interest. Otherwise, both governments would have to hire new attorneys to handle the issues, which could prove expensive for everyone."

Monday, July 21, 2014

On Managing Client Terms of Business, OCGs and Rules of Engagement

 
Our colleagues at Paragon have written in to note that Gilda Russell (who served as partner and Ethics & Conflicts Counsel to Holland & Knight LLP for fifteen years), has joined their Panel of Preferred Service Providers and authored an excellent white paper: "Dealing with Client Outside Counsel Guidelines and Other Non-Standard Client Engagement Terms" --
  • "Such OCG and client terms are now utilized by a wide range of clients, including business and financial institutions, federal, state and local governments and agencies, health care organizations, defense contractors, and even non-profit groups. OCG and client terms cover a large number of subjects and demonstrate attempts by organizational clients and their in-house law departments to maintain control over and loyalty from outside counsel through various restrictions and obligations."
  • "Yet, OCG and client terms can cause enormous problems for law firms -- however large or small the firms -- given the obligations they create, many of which may be adverse to law firm policies, more restrictive than professional ethics rules, designed for other types of businesses than law firms, in conflict with professional liability policies, and/or unduly burdensome."
  • "Accepting OCG and client terms without a clear understanding and assessment of the many obligations they impose can result in subsequent breach of contract and malpractice claims, disqualification motions based on conflicts of interest, exposure to potential civil and criminal penalties at least in the government representation context, and loss of client business."
  • "Consequently, firms should develop effective processes for dealing with OCG and client terms. These processes should focus on monitoring the avenues by which OCG and client terms come into firms as well as requiring review and approval of OCG and client terms by designated persons well versed in the subject matter of the provisions and related compliance issues."
Note: Longtime readers will recognize Gilda as a participant in several Roundtable programs, including a webinar on this very topic. (And, similarly, readers are also likely aware that OCGs can be more effectively reviewed, evaluated and implemented at the point of client engagement through the use of modern approaches to new business intake and acceptance…)

Wednesday, July 16, 2014

Upcoming Webinar : Conflicts Management — Focus on IP Matters

 
At a recent Risk Roundtable, we asked participants which conflicts were most challenging to manage. The response was unanimous: subject matter conflicts associated with IP prosecution and litigation matters.
 
IP matters often involve subject matter conflicts which are notoriously hard to manage, requiring a different approach than ethical or commercial conflicts. The bring with them unique, complex challenges and questions, such as:
  • Who is the client, an individual inventor or the corporation where he or she works? 
  • When can a firm file similar patents for two different clients and when is the subject matter too close for comfort? 
  • Can a firm litigate against a patent that it previously achieved for a former client?
This webinar features four speakers who will explore current trends and approach for tackling these issues.
 

IP Matters, Intellectual Challenges
In this webinar, an expert panel will explore strategies and approaches firms are taking to address these issues and provide insights relevant to lawyers, general counsels, conflicts analysts, practice managers and IT leaders.
Intapp Open for IP Conflicts Management
This session will also include an overview of how Intapp Open, a modern business acceptance and conflicts management system, provides firms with data management and reporting to identify and resolve conflicts related to IP matters.
Intellectual Discussion
  • Bill Freivogel, Independent Consultant and author of Freivogel on Conflicts, will review recent case law pertaining to IP conflicts, highlighting applicable lessons
  • Chris Kave, Principal, Aurora North Software, will provide advice on how firms can develop workflows and data integrations to manage IP conflicts effectively
  • Gillian Power, CIO, Lathrop & Gage, will describe how her firm is leveraging Intapp Open together with data from IP Manager to identify and analyze IP conflicts
  • Kathryn Hume, Risk Practice, Intapp, will show how Intapp Open integrates information and business rules to deliver a fresh, effective approach to IP conflicts management.

Event Details
  • Date: Thursday, July 24th
  • Time: 10:00 am PDT / 1:00 pm EDT / 5:00 pm GMT
  • Registration: Limited to select firms and partners. Please email Jason Yu for more information.

Tuesday, July 15, 2014

Help Support the Law Firm Risk Blog!


The ABA Journal is working on its annual "Blawg 100" list. If you're a regular reader of this blog and like to show your support by giving us a vote or nomination, we'd certainly be delighted (and grateful).

Over the past five years, we've published over 500 updates. The growth of our readership over the years has been very rewarding to see... but there's something nice about making the list. Nominations are due August 8th and can be submitted at the ABA's Blawg Site. Thank you!

Monday, July 14, 2014

Law Firm Risk News & Updates

Several interesting updates and resources to start the week off with. First, two more talks from the recent ILTA legal security summit:
  • "Practical Approaches to Business-Aligned Security" -- Join us for an interactive discussion on bridging the gap between the business side of your organization and those responsible for security and risk management. We will identify common challenges encountered, ways to deal with them and a practical approach to building strong business cases for security initiatives, such as technical controls, user awareness, risk management and IT governance. Make sure you're doing all you can to have business-aligned security practices in place!
  • "Don't Believe the Hype! What Data Leak Prevention Solutions Can and CAN'T Do" -- Can you identify and restrict unwarranted attempts to copy or transmit sensitive information, deliberately or inadvertently (and generally by personnel who are authorized to access the sensitive information)? Take an in-depth look at best practices for implementing enterprise and point solutions for data leak prevention (DLP) as we cover the Web, email gateways, networks and mobile devices, and the mechanisms used to secure them. There's a lot of talk about what DLP solutions protect against...it's time the hype be laid to rest.
 
And from the Kansas Bar Association comes "Legal Ethics Opinion No. 14-01: Duty to report attorney memory lapses" --
  • "Law firm had a partner with 'possible cognitive degeneration,' evidenced by memory lapses… The subject lawyer has now left the law firm, but continues to practice. The law firm questions whether – now that the lawyer has left the firm -- it has a duty to report the subject lawyer to the Kansas Disciplinary Administrator under Rule 8.3."
  • "A lawyer is not required to report another lawyer to the Disciplinary Administrator unless the lawyer has knowledge of an action, inaction or conduct of the other lawyer which constitutes misconduct under the Kansas Rules of Professional Conduct. Rather, in the event there are memory lapses, cognitive deteriorations, or other potentially disabling conditions, the subject lawyer should be referred to the Kansas Lawyers Assistance Program or other suitable service."

Sunday, July 13, 2014

How McCullough Robertson Protects Client Confidentiality

 
McCullough Robertson, a leading Australian law firm, uses Intapp Wall Builder to secure client data across firm information repositories and support its risk management protocol. The firm is leveraging Intapp software to limit access to confidential information and prevent accidental contravention of defined information governance policies.

 
Said the Firm's Director of Governance and Knowledge, Kim Trajer:
  • "Because risk management is core to our firm's culture, we made a significant investment in technology that would enhance our existing client data privacy and confidentiality management practices, without disrupting lawyer productivity or client service.
  • "With clients increasingly mandating matter-team-only internal access policies, the automated enforcement, auditing and alerting capabilities provided by Intapp’s risk management software provide vital compliance capabilities."
Intapp Wall Builder is a web-based information security and confidentiality management software application that enables organizations to centrally control and report on user access permissions across multiple applications, including document management, accounting, portal, CRM, time entry and records management systems. It also automates notifications to individuals subject to specific policies and tracks acknowledgments for compliance purposes.

Wall Builder is the most-adopted information security management software by law firms with 150 or more lawyers. According to an independent survey by the International Legal Technology Association (ILTA), 72% of large law firms using commercial software to enforce information access controls use Intapp Wall Builder.


Said Intapp's APAC Managing Director, Bruce Heaney:
  • "We’re proud to highlight McCullough Robertson’s adoption of our information security products to improve their risk management programme. By auditing for compliance with central policies, the firm is taking strong steps to guard client information and protect the organisation’s reputation."
Visit Intapp.com for more information on how Intapp enhances law firm information security, or to request more information and a demonstration.

Thursday, July 10, 2014

Risk Updates: Information & Records Ownership + the Value of Firm Cyberinsurance?

First, another audio recording (and slide deck PDF) of a recent ILTA talk now available online: "To Purchase Cyber Insurance or Not: That Is the Question" --
  • "We've heard of car insurance, life insurance and even pet insurance ... why not cyber insurance? It's available, but why should your organization consider purchasing cyber insurance? What is and is not covered by a typical policy? What are some contractual terms and other items to consider when seeking or negotiating a cyber insurance policy for a law firm? Learn the answers to these questions and more from an expert panel offering various perspectives."
For those focused on information security, Law Technology News recommends: "Get Cozy With the FBI and Secret Service to Ameliorate Data Breaches Woes" --
  • "The first step to avoiding a data breach is to create a security framework, Georgetown panelists advise. It's no secret that law firms are magnets for sensitive corporate information. So, said Ayiotis, companies should vet outside counsel the same way they hire other third-party vendors, holding law firms to the same level of due diligence and security checks."
  • "Forming proactive relationships with the government, namely the FBI and the Secret Service agents who handle cybercrimes, can help organizations avoid complications associated with a breach, he said. During a data breach investigation, there is a “high probability” that a company can go from being the victim to the defendant because of a lack of proper data security measures."
On the records management and information ownership front, BNA reports: "Firm Doesn’t Have to Give Ex-Client Originals Unless They’re Needed or Came From Client " --
  • "A client cannot force its former counsel to turn over original papers or documents in the client's files because the client did not show that he gave the firm any original papers or that any originals in its possession are necessary for the client's representation, the Ohio Court of Appeals, Second District, ruled June 20."
  • "A client has the right to any original paper that he gave the lawyer because these are the client's personal property, the court said. There were no such documents in the case files here, it noted.
  • "It could be inferred from a comment to the rule, the court said, that it is the originals of the reasonably necessary items that must be returned. But here, there is no original paper or document that is demonstrated to be necessary to Sacksteder's representation, the court said."
  • "With regard to documents that were created and stored electronically, the court noted that such materials have no single original. Under an Ohio evidence rule, the “original” of an electronic document is any printed copy, it pointed out."


Wednesday, July 9, 2014

On Information Security -- Law Firms - the "Soft Underbelly of Corporate America"?

The folks at ILTA have graciously posted the recordings of several sessions at their recent Law Firm Information Security Symposium (LegalSEC). We’ll be highlighting several worth reviewing in the posts to come. Here's a recording from their keynote presentation: "The Soft Underbelly of Corporate America? Law Firms and the Cybersecurity Threat Matrix"--

  • Each day we hear about another data breach in the news. More personally identifiable information (PII) and account information is being siphoned out of respected companies. What about our intellectual property, our trade secrets and other business capital?
  • Oftentimes, the easiest place to attack is when the data is outside the walls of the owner — in many cases at their law firm.
  • During our keynote, we will walk through the cybersecurity threat matrix and its evolution, discuss how various state and federal laws drive forward controls that may or may not help protect our data, and the role of active defense and intelligence.
  • Attendees will learn what programs and controls will position their firms for success in assurance reviews, certifications and competing for business.
  • Together we will explore this topic — as you hear from someone who has worn the hats of law firm counsel, chief privacy officer, chief security officer and chief compliance officer — so we can operationalize against this threat.
See ILTA's web site for the audio recording and downloadable mp3.

Tuesday, July 8, 2014

Law Firm Conflicts Allegations Making News

It's always fascinating to see coverage of conflicts allegations and related news cross over into general media channels. Here are two stories that caught our eye. First, a situation which highlights challenges of finding representation when the conflicts landscape is more complex: "DVDFab files motion in lawsuit – shows it’s David vs. Goliath case" --
  • "Recently filed documents on the AACS-LA vs. DVDFab case show similarities of the battle between David and Goliath. It shows how little time DVDFab had to prepare itself and how hard it was to find a law firm to represent the company in the United States. Because the AACS-LA is a consortium of many companies (e.g. movie studios, Microsoft, Toshiba, Panasonic, IBM and more), many well known law firms were unable to defend DVDFab due to conflict of interest."
  • "Between February 26th and the 4th of March, DVDFab tried to find a law firm to represent them. Due to conflict of interest several law firms rejected DVDFab and referred DVDFab to other law firms, some of those didn’t want to handle the case or didn’t have time. It wasn’t until the 17th of March before DVDFab signed an agreement with a law firm to represent them."
  • "Between February 26th and the 4th of March, DVDFab tried to find a law firm to represent them. Due to conflict of interest several law firms rejected DVDFab and referred DVDFab to other law firms, some of those didn’t want to handle the case or didn’t have time. It wasn’t until the 17th of March before DVDFab signed an agreement with a law firm to represent them."
For our second, we turn, oddly enough, to twitter, where we often post risk stories (and track those of you retweeting or reposting our updates -- thank you!): "Gibson Dunn defends GFH role after jailed ex-GC claims conflict" --
  • "Gibson Dunn & Crutcher has defended its representation of Dubai-based private equity firm GFH Capital, after the client's former general counsel accused the firm of having a conflict of interest."
  • "David Haigh, the former managing director of Leeds United and one-time GC of GFH, has taken to Twitter to make the accusation against his former employer's lawyers.
    Haigh is currently in jail in Dubai, having been arrested on 18 May after GFH accused him of committing fraud, embezzlement and money laundering while he was employed at the bank."
  • "Gibson Dunn's litigation team is being led by partner Peter Gray, described by Haigh's spokesperson as "for many years a friend, legal adviser and business partner of [Haigh's]". In an email to Legal Week, Gray called the conflict allegations 'untrue and defamatory'."
For those without access beyond the linked paywall, a summary of the general story unfolding is available via the guardian and the accuser/accussed's twitter stream in question is located here.

Monday, July 7, 2014

Risk News & Updates: Legal Ethics, Regulations and Matters of Firm Business

From the always linkable Legal Ethics Forum comes an interesting post from NY professor of Law Stephen Gillers: "When and How Does Change in Lawyer Regulation Happen?" in which he reviews a bit history behind the Model Rules, touching on Ethics 2000 and the ABA 20/20 Commission. And he lays down the gauntlet:
  • "…the current bar leadership will not be bold. In this, it is like the leaders of the 50s through the early 80s. It will be the next generations that approach the issues with  appetite for change."
  • "I suggest that legal scholars have been and will continue to be the antennae of the profession. The momentum for change, which is different, will come from elsewhere -- from economic forces (rules change when it is in the economic interest of lawyers to change them, witness the adoption of lateral screening after 20 years of rejection), and to beat back external threats (witness the 2003 amendments to Rules 1.6 and 1.13, after repeated rejections, in order to dissuade the SEC from invoking its full Sarbanes-Oxley powers; it worked)."
That blog also notes a recent New York decision: "New York joins California federal court in rejecting unfinished business claims" --
  • "We hold that pending hourly fee matters are not partnership "property" or "unfinished business" within the meaning of New York's Partnership Law. A law firm does not own a client or an engagement, and is only entitled to be paid for services actually rendered."
  • "Treating a dissolved firm's pending hourly fee matters as partnership property, as the trustees urge, would have numerous perverse effects, and conflicts with basic principles that govern the attorney-client relationship under New York law and the Rules of Professional Conduct. By allowing former partners of a dissolved firm to profit from work they do not perform, all at the expense of a former partner and his new firm, the trustees' approach creates an "unjust windfall," as remarked upon by the District Court Judge in Geron (476 BR at 740)..."

Wednesday, June 25, 2014

Report from CNA Risk Management Roundtable Event in New York


 
"CNA Hosts Risk Management Roundtable for Law Firms" --
  • CNA hosted a roundtable panel yesterday (co-sponsored by Intapp) in New York to address the emerging risks facing law firms. The roundtable began with a discussion of significant claim trends for law firms, such as the expansion of claims by non-clients of the law firm, claims involving allegations of conflicts of interest, fraud and misrepresentation, and claims arising from the Trusts & Estates practice area.
  • In a discussion led by CNA Claims and Risk Control, a diverse group of law firm personnel, comprised of general counsels loss prevention partners, conflicts attorneys, and information technology directors, shared their professional experience with respect to effectively managing the client intake process and handling conflicts of interest at their respective law firms.
  • Participants also heard directly from the general counsel of three prominent law firms on mitigating risk in several key areas: managing the lateral hiring process, compliance with outside counsel guidelines and maintaining law firm data security.
Said Michael Barrett, CNA Director of Risk Control, Professional Services, Lawyers --
  • "Identifying and managing the risks associated with a successful lateral hire is a difficult exercise. With lateral hiring continuing to outpace entry level-hiring, the risk is now commonplace in law firms.  Having general counsel from several prominent law firms lead the discussion about successful strategies to avoid these potential risks was invaluable."
Said Kathryn Hume, -- Intapp Senior Risk Practice Specialist --
  • "We know that to truly help law firms control risk, the new business intake, conflicts management and information security software we deliver must continuously evolve to address real-world priorities. We're proud to partner with CNA and support this event as part of our ongoing investment to stay abreast of industry risk trends and foster peer dialogue on response strategies."
CNA also noted the publication of two of their white papers: Taking Stock of a Potential Fee Collection Suit and Logistics of a Lateral Move Between Law Firms.

Thursday, June 19, 2014

Webinar Recording: Lateral Moves & Hacking - Addressing Information Risk

 
We saw tremendous interest in the recent webinar produced with ILTA (Anomalies, Hacks and Lateral Moves: Monitor & Address Information Risks). A recording of the session is now online and available for viewing.

This session featured two law firm speakers and presented an overview of how Intapp information security software enables firms to control and monitor use of sensitive information, enabling intervention early enough to prevent unwanted outcomes).
  • Client guidelines and security audits mandate that firms have visibility into who does what with their data, new regulations like HIPAA require activity monitoring on personally identifiable information, lawyers increasingly use unsanctioned cloud tools without notifying IT and, with lateral movement on the rise, firm management needs a means to identify unauthorized activity to avert potential problems.
  • In this session, we will explore how firms can leverage technology to monitor and address information risks. Hear from panelists who will present diverse perspectives, ranging from cyber insurance and regulatory trends to process and technical best practices.

On this same topic, John  Guyer, Director of Information Technology at Hinckley Allen, wrote in noting that recent best practices released by the Department of Homeland Security: "Combating Insider Threat" recommend that those managing price sensitive and insider information leverage this class of software to: "Build a baseline based on volume, velocity, frequency and amount based on hourly, weekly, and monthly normal patterns."

Tuesday, June 17, 2014

Conflicts: You Can Run, But You Can't Always Hide...


Interesting story via the New Jersey Law Journal: "Firm's Exit From Lawsuit Not Enough To Cure Conflict, Appeals Court Says" --
  • "Norris McLaughlin & Marcus, a major New Jersey law firm that withdrew from representing one side in a lawsuit just before oral argument on whether it had a disqualifying conflict of interest, still appears to have one, a state appeals court ruled on Wednesday."
  • "The firm’s representation of the landlord and a tenant in the commercial lease that lay at the heart of the lawsuit “presented prima facie evidence of a concurrent conflict of interest, waivable only by informed written consent, which has never been presented,” the court said in Comando v. Nugiel."
  • "Although the firm mooted any conflict by getting out of the case, its continued relationship with two parties outside the litigation continues to be a problem. Its representation of the tenant 'impinges upon its allegiance to protect' the landlord’s interests, 'raising a significant risk that the representation of one or more clients would be materially limited by the lawyer’s responsibilities to another client,' the court wrote. 'This may not continue.'"
In other conflicts news, expert Bill Freivogel highlights two interesting recent conflicts cases, including a Canadian decision:
  • "Koloff v. Metropolitan Life Ins. Co., 2014 U.S. Dist. LEXIS 80322 (E.D. Cal. June 10, 2014). Suit for employment benefits. Plaintiff had earlier filed another suit for the same benefits in 2011 (Case 1), but it was dismissed without prejudice on procedural grounds. Plaintiff then filed this case (Case 2). Defendant was aware of a possible conflict of Plaintiff’s law firm during Case 1 but made no motion. Moreover, Defendant waited four months before filing a motion to disqualify in this case. In this opinion the magistrate judge denied the motion because of the delay."
  • "Jajj v. 100337 Canada, 2014 ONSC 3411 (CanLII) (Super. Ct. Ont. June 5, 2014). In this opinion the court held that lawyers acting 'in association' are subject to the same rules on conflicts and disqualification as lawyers in the same law firm."

Monday, June 16, 2014

Legal Industry Consultants Ally to Improve Law Firm New Business Intake


 
"Project Leadership Associates and HardingLowe Announce Partnership to Provide Consulting and Implementation Services for Intapp Open" --

Project Leadership Associates (PLA), the largest business and technology consulting firm focused on the legal market, and HardingLowe, a boutique strategy and management consultancy serving top-tier law firms, have teamed up to implement Intapp Open, a true New Business Intake (NBI) application for law firms. 

The partnership combines PLA’s holistic expertise in defining NBI and conflicts strategy, processes and best practice and delivering NBI systems to dozens of law firms over the past 10 years, with HardingLowe’s specialty in law firm process and business integration, along with its deep NBI experience.  Intapp has selected the PLA-HardingLowe team to be a preferred implementation provider for Intapp Open.

Said Michael Lowe, HardingLowe President --
  • "This partnership was born from the realization that law firms need a holistic solution to NBI – one that combines changes to policies, people, processes, and technologies. We saw in each other the opportunity to offer that complete solution, as well as the scale and reach to serve all sizes of firms in all regions of the country. Together, we have the best positioning and experience in the global legal marketplace."
Said Dan Safran, PLA Executive Vice President, Legal Solutions -- 
  • "Having worked with a majority of the NBI technology leaders over the past decade, we believe that Intapp Open offers the superior NBI technology today, and we are very pleased that Intapp has selected the PLA-HardingLowe team  as implementation partners.  We are already delivering Intapp Open to top-tier, mid-sized and small firms, and have built the tools and methodologies necessary to enable these firms to gain the most benefit from their technology investment in an expedited and cost effective manner."

Said Dan Tacone, Intapp President --
  • "Many firms are using Intapp Open as part of a broader strategy to transform their new business intake and conflicts management processes. Intapp Open streamlines new matter inception, as well as client and matter evaluation – all while ensuring alignment with firm-wide business objectives."
  • "Partners such as PLA and HardingLowe offer insight into best practices that can be adapted to the needs of individual firms. We’re excited about the momentum behind Intapp Open, and welcome the collaboration of two of our preferred implementation and consulting partners in supporting the success of our customer community."

Friday, June 13, 2014

Law Firm Information Security: Guidelines, Advice & Best Practices

Managing Partner magazine presents an interesting write up on the topic of firm information security and cyber defense, including detailed advice and guidelines. See "Web of Trust" --

"Law firms are increasingly at risk of cyber security breaches by staff, vendors and hackers. Elizabeth A. Ferrell, Shari L. Klevens and Alanna Clair suggest five steps to protect your business:
  1. How to implement a cyber security programme
  2. How to adopt a robust incident response plan
  3. How to test whether your firm’s systems are secure
  4. How to protect your firm’s breach assessments
  5. How to deal with client guidelines on data security

Thursday, June 12, 2014

Conflicts in its Pocketses, Precious?

 
  
 
"Warner Bros Wants Bert Fields’ Law Firm Tossed From ‘Lord Of The Rings’ Case" --
  • "The $80 million legal battle between Warner Bros and the Saul Zaentz Company and the estate of The Lord Of The Rings author J.R.R. Tolkien over copyright and digital merchandising just took another turn – this time against some of the lawyers. The studio and its partner in this case this week filed a motion to have Fourth Age’s lawyers Greenberg Glusker Fields Claman & Machtinger LLP disqualified from the case."
  • "'Warner and Zaentz bring this motion to disqualify Greenberg as counsel of record for the Tolkien/HC Parties in this litigation and for other relief, because the firm impermissibly gained access to privileged information in violation of Rules of Professional Conduct,' said the motion filed yesterday in federal court."
  • "The other side says this is all a smokescreen. 'There is absolutely no basis for the motion filed by WB and Zaentz yesterday,” said Greenberg attorney Bonnie Eskenazi today. ”Greenberg Glusker acted properly in all respects at all times.  The motion was filed for purely and transparently tactical and strategic reasons. We look forward to the Court vindicating our position.'"
  • "To the point of the disqualification motion, the 33-page filing says that Fourth Age’s law firm hired former United Artists in-house attorneys Alan Benjamin and William Bernstein as experts and potential witness for $10,000. The duo represented UA in negotiations concerning the matter."
  • "'Greenberg thereby placed itself in the position of representing not only the key witnesses on both—and opposite—sides of the contracts at issue, but also its adversaries’ former counsel who worked on the very contracts at issue,' it adds. 'In doing so, Greenberg invaded the attorney-client privilege now held by MGM, which controls UA, positioning UA’s former lawyers to be adverse to the interests of MGM and UA’s successors-in-interest, Warner and Zaentz.'"
Of course, the key question is whether this matter will be settled quickly, or whether it will be drawn out over several cycles comprising multiple, three hour hearings, complete with heavy use of exhibits (in the form of musical renditions and battle reenactments). On that note, an anonymous editor submitted the following commentary, dedicated to fellow enthusiasts:

Three risks for the cloud services under the sky,
Seven for the internationals joined in vereins,
Nine for the clients and their strict guidelines,
One for the dark lord on his dark throne
In the land of legal, where great change does brew
New risks to rule them, new risks to find them,
New risks to bring them all and in the model rules
bind them

Wednesday, June 11, 2014

Risk Updates: Law Firm Privilege, Client Relationships


"Oregon Supreme Court holds conversations within law firm are privileged in malpractice case against the law firm" --

"Law firm stayed on McDonnell case despite being let go, newly released invoices show" --
  • "The private law firm representing current and former Virginia employees in the federal corruption case against the state’s former governor never stopped working for their clients or billing for their services — even as Attorney General Mark R. Herring (D) announced in January that he was letting the firm go, according to recently released invoices."
  • "The day after Herring announced in a news release that he was dismissing Baker & McKenzie, those at the firm spent more than an hour corresponding with clients 'regarding continued representation' — and billed the state accordingly, the invoices show. The firm continued to work throughout January, February, March and April, charging the state a little more than $23,600, the invoices show."
  • "Kelly said that Herring cut ties with Baker & McKenzie 'because the conflict the previous attorney general had did not apply to him.' The governor, though, decided that their services were necessary to spare state employees the potentially 'exorbitant' cost of hiring their own attorneys, according to Coy and the invoices."
     

Tuesday, June 10, 2014

Law Firm Risk Survey - Last Call!

 
Response continues to be strong for the 2014 Law Firm Risk Survey. Over 150 firms have participated to date. (Across four geographies: US, Canada, UK and Australia.)

The survey will be open through the end of the week for participation and then will close.

As a reminder an incentive, copies of the final published report are distributed to those firms who participate.

Monday, June 9, 2014

Conflicts News and Updates


"Lateral Hire’s Brief Role in ‘Dormant’ Case Doesn’t Require New Firm’s Disqualification" --
  • "A law firm representing defendants in a copyright infringement suit need not be disqualified even though one of its lawyers never formally ended her representation of the opposing party in a 'long dormant' matter at her former firm, the U.S. District Court for the Middle District of Florida ruled May 12."
"Court of Appeals for the 7th Circuit decides case on conflicts in class action representation" --
  • "…the Court of Appeals for the 7th Circuit dismissed a settlement agreement reached in a class action case citing a laundry list of what it said were conflicts of interest on the part of the plaintiff lawyers and inequities in the agreement itself, which the court called 'scandalous.'"
  • "'Class counsel sold out the class,' Judge Richard A. Posner wrote for a three-member panel of the court. The case is called Eubank v. Pella Corp. and the opinion is available here."

Tuesday, May 27, 2014

2014 Law Firm Risk Survey

 
In April we kicked off the 2014 Law Firm Risk Survey program. Response has been tremendous -- over 120 firms have participated to date.

We're sending a second round of invitations for those who have yet to take part. (As a reminder an incentive, copies of the final published report are distributed to those firms who participate.)

Survey Overview
Once again, we're running four separate exercises, inviting risk and IT stakeholders at participating mid-sized and large firms in each of four geographies – US, UK, Canada and Australia.

The surveys explore several topics including risk priorities, risk policies and education, intake and conflicts management practices, lateral hiring and departures, confidentiality/information security management, and compliance tracking.

Please watch your inbox for an invite!

Monday, May 26, 2014

Risk News & Updates : Lawyer Insider Trading, Playbook Conflicts, and Information Governance



Various risk updates to share today. First, allegations of lawyer inside trading. In this case, the story involves someone directly in the matter. (As we've always noted, direct malfeasance is always a tough risk scenario to manage in any information security context.) This story involves an individual who was previously with a 300+ lawyer firm: "Mayor of Kentucky town settles civil charges of insider trading"--
  • "A lawyer previously employed at a corporate law firm who now serves as mayor of Fort Mitchell, Kentucky, has agreed to pay nearly $118,000 to resolve civil charges of insider trading by the U.S. Securities and Exchange Commission."
  • "In an order issued Tuesday, the SEC said Christopher Wiest in 2010 bought InfoLogix Inc stock based on inside information that the company was about to be bought by Stanley Black & Decker Inc. Wiest had worked on the deal while at a law firm retained by Stanley Black & Decker, the SEC said. He subsequently began buying stock in InfoLogix, a provider of mobility solutions for healthcare and commercial industries, the SEC said."
Regarding playbook conflicts, the prolific Bill Freivogel notes: "SalDan v. Super. Bus. Dev. Bank, 2014 ONSC 2979 (CanLII) (Ont. Super. Ct. May 15, 2014)" --
  • "Law Firm represented Defendant in Defendant’s creation. In this case Law Firm is asserting a construction lien for Plaintiff against Defendant. Defendant moved to disqualify Law Firm. In this opinion the court granted the motion. In a fact-intensive analysis the court found the earlier representation sufficiently related to the construction project. The court also noted playbook elements such as Law Firm’s knowledge of Defendant’s 'legal and business strategies and risk tolerances,' which would provide Plaintiff with 'a distinct advantage' in this case."
ILTA posted a recording of an interesting webinar featuring the risk consulting experts at InOutsource on the topic: "Measuring the Return on Investment of Strong Information Governance Processes." --
  • "In addition to providing access to information while reducing risk, improved information governance (IG) processes can be leveraged as a cost-saving measure -- resulting in significant savings for your firm. Join us as we demonstrate how we calculated the true costs of managing information and how we defined metrics to measure savings."

Thursday, May 22, 2014

Law Firm Information Security Summit


Set for June 11-12 in Lombard, IL, ILTA's annual law firm information security summit always provides food for thought and ample opportunities for peer networking and exchange. (Anyone who's been exposed to ILTA already knows the effort they put into their programs and standard of quality they hold themselves to.)

Learn more at their event web site. The keynote should be of special interest:

  • The Soft Underbelly of Corporate America? Law Firms and the Cybersecurity Threat MatrixEach day we hear about another data breach in the news. More personally identifiable information (PII) and account information is being siphoned out of respected companies.

    What about our intellectual property, our trade secrets and other business capital? Oftentimes, the easiest place to attack is when the data is outside the walls of the owner — in many cases at their law firm.

    During our keynote, we will walk through the cybersecurity threat matrix and its evolution, discuss how various state and federal laws drive forward controls that may or may not help protect our data, and the role of active defense and intelligence.

    Attendees will learn what programs and controls will position their firms for success in assurance reviews, certifications and competing for business.

    Together we will explore this topic — as you hear from someone who has worn the hats of law firm counsel, chief privacy officer, chief security officer and chief compliance officer — so we can operationalize against this threat.
Intapp's Kathryn Hume (of Risk Roundtable fame) will also be leading a panel worth watching, featuring Michael Aginsky (CTO of Gibbons P.C.) and Galina Datskovsky (noted information governance expert):
  • Don't Believe the Hype! What Data Leak Prevention Solutions Can and CAN'T DoCan you identify and restrict unwarranted attempts to copy or transmit sensitive information, deliberately or inadvertently (and generally by personnel who are authorized to access the sensitive information)? Take an in-depth look at best practices for implementing enterprise and point solutions for data leak prevention (DLP) as we cover the Web, email gateways, networks and mobile devices, and the mechanisms used to secure them. There's a lot of talk about what DLP solutions protect against...it's time the hype be laid to rest.