Thursday, April 29, 2010

HITECH Heating Up Again

Originally scheduled to go into effect in February, the HITECH Act, which extends HIPAA confidentiality and information protection rules to entities including law firms, was put on hold in March. The government had promised more detailed guidelines would be published ahead of time, but didn't deliver.

Now the Department of Health and Human services announced that it plans to issue these updates next month. It remains to be seen if they deliver these guidelines on schedule, but law firms should not lose site of these coming data privacy regulations.

Tuesday, April 27, 2010

Imputation Risk and Joint Defense Agreements

Nintendo is a defendent in a patent suit (SHARED MEMORY GRAPHICS, LLC v. Apple Inc. et al). As reported today in Corporate Counsel, it just moved to disqualify the plantiff's firm on the grounds that it previously participated in a joint-defense where it was exposed to Nintendo's confidential information:
  • "...during the course of a prior representation in a substantially related matter and pursuant to a joint defense agreement, Floyd & Buss attorneys received Nintendo's confidential information." Nintendo's motion claimed that Floyd & Buss' representation of Shared Memory is "directly adverse to its current client Advanced Micro Devices (AMD) Inc."
It remains to be seen if Nintendo will prevail, what the nature of the confidential information was, what the specific details of the joint defense agreement were (the Nintendo brief was filed under seal), or if the plantiff's firm employed any ethical screening measures.

But as reported by Corporate Counsel, the plantiff's firm's managing partner noted that if Nintendo prevails it would be: "extremely risky for a company entering into an joint defense agreement in that all knowledge is imputed to everyone in your organization. Companies often enter into joint defense agreements with their own competitors."

Monday, April 26, 2010

Upcoming Risk Roundtable Events: New York & Philadelphia

Upcoming Risk Roundtable events scheduled for May 18 (Philadelphia) and  May 19 (New York). These sessions will explore: "How Advanced Technology is Transforming Risk Management for Law Firms," and will feature speakers from Autonomy, InOutsource and IntApp. Topics for discussion include:
  • Current risks tied to common firm information and data lifecycle management practices
  • Evolving industry rules, case law and standards for ethical screening and client confidentiality
  • Mitigating risk associated with intake, conflicts and records through the use of Meaning Based Computing technology
  • The role of technology in mitigating email risk through Email Management tools that deliver new levels of automation and protection
For more event information, visit:

Monday, April 19, 2010

Washington DC Bar: Law Firms Can Screen Temporary Lawyers to Avoid Imputation

The Washington DC Bar recently issued an opinion that supports the use of screening to avoid imputation issues when firms employ temporary or contract attorneys. While this ruling only applies to organizations in this particular jurisdiction, it presents yet another example of the continuing evolution of screening rules across the industry, and the acceptance of screening as a necessary response to new real-world scenarios. See the complete text of Opinion 352.

Friday, April 16, 2010

Event: International Legal Ethics Conference IV

Hosted by the Stanford Center on the Legal Profession, the International Legal Ethics Conference IV is scheduled for July 15-17 at Stanford Law School. Co-sponsored by the ABA Center for Professional Responsibility, the event will explore: “The Legal Profession in Times of Turbulence.”
  • "... and will focus on a broad range of issues including the conditions of legal practice, bar regulatory structures, law firm culture, access to justice, diversity, cause lawyering, client relationships, conflicts of interest, globalization, and legal ethics education."
More information at the conference web site.

Monday, April 12, 2010

Monday Risk Roundup

Several risk management and compliance updates and links to start off the week:
  • Webinar on Ethical Screening Rules, Trends & Technology: Produced by the Risk Roundtable initiative and featuring speakers from IntApp, Zuckerman Spaeder and the Association of Professional Responsibility Lawyers (APRL), this CLE webinar reviewed current professional rules and new case law developments supporting the need to enhance law firm ethical screening and confidentiality management practices. A recording is accessible online here, and topics Include: 
    • Confidentiality News & Updates
    • Screening Rules & Case Law Requirements
    • Mapping Requirements to Firm Practices
    • The Role of Technology and Ethical Screening / Information Barrier Software
  • More Ethical Screening: The Legal Ethics Forum provides a good summary of the recent California decision to accept unilateral ethical screening, along with a broader discussion of the true costs of screening and comparison of scenarios in which walls are allowed vs. not.
  • Data Privacy: Hunton & Williams notes that Mississippi just joined 45 other states by putting place a data security / breach notification law that will take effect mid-2011.
  • Online Social Media Risk Event: Produced by Chubb and featuring two Hogan & Hartson Privacy Lawyers.

Friday, April 9, 2010

California Appeals Court Accepts Ethical Screening

Less than a month ago, the California Bar rejected recommendations by its own working group to adopt a modified version of ABA Model Rule 1.10, which would allow for ethical screening of lateral hires. But that hasn't settled the matter -- This week, Los Angeles' 2nd District Court of Appeal came down in favor of screening.

The court ruled that the presumption of imputed knowledge was rebuttable. As reported by The Recorder: "The firm only needs to prove "by evidence," the court held, that the tainted lawyer's confidential client information wasn't shared with others on the staff who represent an opposing party."

The ruling calls out the fact that ethical walls have been shown to be effective in several contexts and that the modern practice of law doesn't necessarily mean that knowledge is imputed: "These are not attorneys discussing their cases regularly, passing each other in the hallways or at risk of accidentally sharing client confidences at lunch."

Finally, the court also noted that these scenarios should be reviewed on a case-by-case basis and that the strength of an ethical screen or wall matters: "The more steps a firm has taken to prevent any disclosure, however, the more likely it is that a court will find the ethical wall to be sufficient." This bodes well for the increasing number of firms who are making use of electronic ethical screening software for confidentiality enforcement and information risk management.

Thursday, April 8, 2010

Data Protection & Risk Management Update -- New Rules, New Standards

Several updates and articles of note:
  • Today's PinHawk Law Technology Daily Digest focuses on information risk management. Editor Curt Meltzer writes: "Data security has taken on added urgency as significant breaches are publicized and government regulation increases. Read about recent developments in the UK, and how they might help the US stay ahead of the curve as US regulators play catch up," and links to several articles and resources on technology and related issues.
  • New UK Data Regime Loss (via the Orange Rag): "The Data Protection Act in the UK requires those who process personal data to ensure that it is kept secure with appropriate technical and organisational measures taken to protect it and that it should not be retained longer than necessary. From 6 April 2010 the Information Commissioner’s Office will be able to impose penalties of up to £500,000 for serious breaches of the Act."
  • Department of Defense Proposes New Information Security Requirements for Contractors (via Hogan & Hartson LLP): "The U.S. Department of Defense (DOD) has issued an advanced notice of proposed rulemaking regarding amendments to the Defense Federal Acquisition Regulation Supplement (DFARS) that would add new data protection requirements for unclassified DOD information used or handled by contractors."
  • Law Technology News: The Evolving Landscape of Data Privacy: "...a broad class of businesses will face an array of new privacy obligations as a result of new requirements adopted on both the federal and state levels. In addition, Congress is actively considering new data privacy legislation that would, among other things, require firms to notify customers in any instance of a data breach."
Readers should also be aware of proposed US legislation, H.R. 2221: Data Accountability and Trust Act (DATA), which passed the House late last year. "DATA would require those entities doing business in interstate commerce that maintain data containing personal information (including those that contract with another party to maintain such data) to comply with future Federal Trade Commission (FTC) regulations designed to protect such data from disclosure, identity theft, and fraud."

Sunday, April 4, 2010

Articles on Law Firm Lateral Risk, Ethical Screening and Confidentiality Enforcement

Two articles recently published by ILTA in its quarterly journal:

The first, written by Pat Achbold, head of the risk practice group at IntApp, "Managing Information Risk with Lateral Hires and Lawyer Departures," explores current trends in law firm ethical screening practices and looks at current industry standards for confidentiality management and enforcement/compliance tracking.

The second article is written by John Guyer from Hinckley, Allen & Snyder LLP. In it, he describes how his firm is using confidentiality management technology to protect the firm and track compliance in reposnse to issues including ethical screening rules, client confidentilaity requirements and new data privacy standards like the HITECH Act and the Massachusetts Privacy Law.

Thursday, April 1, 2010

SRA Will Not Relax Conflicts Rules

The Solicitors Regulation Authority (SRA), which establishes professional rules of conduct for lawyers in England and Wales, announced today that it has abandoned efforts to relax conflicts rules. The organization had been exploring rule changes that would have allowed firms to act for adverse clients who were willing to consent and were deemed "sophisticated" enough to understand the implications of doing so. Evidently, clients did not welcome the proposed change. More detail provided by, along with some history behind the long running debate. The SRA continues efforts to revise law firm confidentiality rules.