Tuesday, November 8, 2011

Law Firm Ethical Walls and Confidentiality Screens: Not Just for Conflicts

Nancy Beauchemin, president of law firm client intake and record management consultancy InOutsource, recently published an excellent article on law firm confidentiality management: "Ethical Walls and Confidentiality Screens: Not Just for Conflicts."

The piece provides a concise summary of the expanding confidentiality drivers facing law firms, from traditional scenarios like waiver-driven ethical screens, to expanding regulatory rules and increasingly stringent client outside counsel guidelines:
  • "Today, law firms are applying confidentiality screens for a variety of reasons, including an increasingly complicated legal and regulatory environment that demands compliance with record-keeping requirements defined by their clients. Law firms are realizing that they must know where their information resides and how it is accessed and stored before they can protect it from inadvertent disclosure. Clients will sometimes exercise their right to audit a firm’s internal record-keeping processes to ensure compliance with their guidelines. In a legal proceeding, courts will require evidence that policies were consistently followed."
She cautions firms about the need to understand and update their current practices:
  • Law firm confidentiality policies are often disconnected from requirements mandated by clients and regulatory bodies. Firms need to understand where they have gaps and commit to correcting deficiencies in policies and use of technology to ensure that their clients’ confidential information is protected.
  • Ideally, repositories and applications that store confidential client matter information should be centrally maintained and managed by a firm’s IT department, and all client matter information should be readily identifiable by the applicable client matter.
  • The screening function should be centralized within the office that is primarily concerned with risk management and loss prevention issues. This is sometimes the responsibility of the firm’s general counsel.
  • There must be immediate and direct communication with affected users, records and IT staff. Screening processes should be documented and require affected individuals to acknowledge and comply with the screen.
  • Screens should be regularly reviewed and removed when no longer needed. There should also be policies to notify appropriate governing bodies and clients of data breaches.

No comments:

Post a Comment