Thursday, September 16, 2010

Clients Increasingly Concerned about Law Firm Risk, Confidentiality and Compliance Practices

A reader sent an interesting document in response to the recent series of posts summarizing recent ILTA conference panels on law firm risk management (see: [1], [2], [3], [4]). One theme several sessions touched on was an increasing trend of corporate law departments promulgating significantly more stringent outside counsel guidelines, especially with regard to risk management, confidentiality enforcement and compliance tracking.

The reader linked to Bank of America's published Outside Counsel Procedures which highlight this trend quite nicely:
  • Law firms ultimately responsible for following all professional rules and statutory regulations: "Outside counsel must follow all statutory and regulatory provisions relating to privacy, confidentiality and nondisclosure of customer records, proprietary information of Bank of America, and other privileged or confidential information, including without limitation information or data protection laws and regulations... consistent with all codes of professional responsibility and applicable laws and regulations."
  • Audit rights to verify firm confidentiality and data privacy practices: "Bank of America reserves the right to review, test, and audit information and data protection plans and procedures of outside counsel and any third party in privity with outside counsel who accesses Bank of America confidential information."
  • Sensitive information must be transmitted securely: "Any law firm in possession of such information may only transmit it to or receive it from Bank of America via secure electronic means (i.e., encrypted e-mail). "
  • Confidential information can be shared internally only on a "need to know" basis: "In particular, the firm shall limit disclosure and access to customer and proprietary information to those members and staff of the firm who need to have such access to provide the services for which the information has been provided."
This last point is particularly noteworthy, given common practice for law firms to maintain open internal electronic information repositories, like document and records management software applications. Organizations must take special care to respond diligently to client requests, particularly when they conflict with common practice. Failure to do so, creates significant risk in a world where clients are increasingly interested in conducting their own audits...

No comments:

Post a Comment