Monday, December 10, 2012

HIPAA for Law Firms - The Stakes are Getting Higher

With over 25 years of experience, the legal consultants at Carlson & Wolf know a thing or two about law firm information security and risk -- one partner is a lawyer, the other a former chief security officer.

Last week they kicked off a series of articles about impending updates to HIPAA/HITECH rules, with the bold proclamation: "We are entering a new era of HIPAA enforcement where law firms will find themselves in the crosshairs of regulators.":
  • "Legal professionals generally know that HIPAA is a federal health care law, but few understand how HIPAA privacy/security requirements impact law firms.  For firms subject to HIPAA, distributed responsibility for compliance adds to the challenge of meeting a complex set of requirements.  But fulfilling those requirements has suddenly become much more critical, given that the federal government will soon exercise its expanded enforcement powers pursuant to the HITECH Act.  Specifically, the federal government will enforce HIPAA directly against law firms.  With penalties for noncompliance at potentially six or seven figures, meeting HIPAA regulations has never been more important for law firms."
Read more at: "Law Firms and HIPAA Round One: Compliance via Contract," which provides general background on some of the issues at hand:
  • "Few will be surprised to hear that law firms were not the intended regulatory target of the original 1996 HIPAA legislation... In 1999, the federal agency responsible for issuing HIPAA regulations--the US Department of Health and Human Services (HHS)--recognized that CEs outsource a variety of operational functions to third parties (like law firms) and may need to disclose protected health information (PHI) to those third parties. While such outsourcing is perfectly legitimate, when HHS issued the Final Privacy Rule in 2000, it took steps to ensure that third parties providing services to CEs would be obligated to protect PHI."
  • "While signing a Business Associate Agreement before the HITECH Act did not directly expose firms to regulatory enforcement, firms were liable to their CEs if they breached provisions of their BAAs. A firm with a health care practice that failed to protect PHI in a reasonable manner would likely experience difficulty attracting new health care clients. However, as we’ll see in our next post the landscape changed dramatically with the HITECH Act, and firms under BAAs must now agree to comply with the entire Security Rule."

Wednesday, December 5, 2012

Conflicts of Interest + Interesting Conflicts

As many are customers of Autonomy, many law firms are following the recent allegations of impropriety connected with HP acquisition of the company with great interest. Interesting news on the potential conflicts front --
"In Autonomy Debacle, HP Turns to Morgan Lewis" --
  • "But in 2011 during the ill-fated acquisition of Autonomy, Morgan Lewis did not represent HP, a valuable and long-time client. Instead, Morgan Lewis served as an adviser to Autonomy, helping secure approval of the deal from antitrust regulators."
  • "That could raise a sticky set of conflicts for HP and Morgan Lewis as the company prepares to launch and defend an onslaught of legal actions related to HP's recent announcement it would write down $8.8 billion related to the problem-plagued deal."
  • "Rory Little, a law professor at UC-Hastings and ethics expert, said transactional lawyers tend to downplay conflicts of interest because everyone is working toward the same goal of striking a deal. 'Silicon Valley has never understood that conflicts rules applied to lawyers in transactions. It's all been on a handshake and trust,' he added. 'But something can always go sour. That's the reason you're not supposed to represent both sides in a transaction.'"
  • "Regardless of how Morgan Lewis crafted its engagement letter with Autonomy, there is no such thing as 'limited' representation of a client, Little said. 'It's like limited pregnancy. They either represent the client or they don't.'"
Here's one that has to be read to be believed (free registration required for full article) -- "Dallas judge boots Bickel & Brewer from multimillion-dollar lawsuit" --
  • "A Dallas judge has booted Bickel & Brewer from a big-dollar international lawsuit, after accusations that the law firm and its Chilean co-counsel paid a witness for insider information.
  • "The case has been fiercely argued by two of Dallas’ premier trial lawyers for more than four years. Legal fees and expenses for the two sides have likely exceeded $1 million. There have been allegations back and forth of witness bribery, withholding of evidence and fabrication of testimony."
  • "Among the allegations was that Bickel & Brewer offered to pay $1 million over three years to a former executive for the Chilean company for inside, privileged information about the case."
  • "In a 26-page ruling, Cortez [State District Judge] said 'there is without question a genuine threat' that Bickel & Brewer lawyers have knowledge of confidential documents and privileged information that give the law firm an unfair and improper advantage in the litigation. The judge, however, denied requests by defense lawyers to financially sanction Bickel & Brewer."

Tuesday, December 4, 2012

Risk News: Conflicts and Screening Updates

Via Bill Frievogel -- FP Genetic Inc. v. Lizee, 2012 SKQB 453 (CanLII) (Q.B. Sask. Nov. 2, 2012) --
  • "While at the defendants' law firm, Lawyer worked on this case.  Lawyer moved to the plaintiff's firm, and that firm set up a screen.  The defendants moved to disqualify the plaintiff's firm.  In this opinion, relying upon the plaintiff's firm's compliance with the screening provisions of the Saskatchewan Rules, denied the motion."
In-laws -- An interesting view of the role conflicts play in shaping law firm mergers and international expansion --
  • "There may be perfectly sensible reasons for Britain’s Norton Rose and U.S.-based Fulbright & Jaworski to join forces and for SNR Denton, headquartered in London and Washington, to seek a three-way tie up with French and Canadian peers. Cross-border deals can help lawyers serve companies increasingly going global. But culture, pay and client conflicts are tough to manage. The danger is sacrificing quality for scale."
  • "It’s not surprising, then, that some of the most successful law firms resist expansion. New York-based Paul, Weiss, Rifkind, Wharton & Garrison, for instance, has only 50 of 620 lawyers working outside the United States."

Cuts for Detroit to balance losses -- City mayor faces call to change firms:
  • "The next 30 or so days likely will show just how dire Detroit's fiscal plight is as Mayor Dave Bing's office pores over plans to make up millions of dollars in bond money the city failed to get from the state."
  • "Some on the council consider it a conflict of interest because Miller Canfield wrote milestone agreements in Bing's reform program."
  • "'If (Miller Canfield) were representing the state and the interests of the state does not conform to the interests of the city that has to be worked through.' Bernstein said all sides may need to reach some kind of accord as to the role Miller Canfield would play in advising Bing."
  • "But Council President Charles Pugh would prefer Bing select a different law firm."

Monday, December 3, 2012

Lateral Lawyer Movement (The What, Why & How)

On the risk front, we tend to look at laterals operationally -- how to identify and address conflicts, how to streamline lawyer on-boarding.

Here's a look at the issues and drivers underlying the entire process written by a lawyer recruiting firm: "Partners in Practice: Anatomy of a Lateral Move" [Part 1] [Part 2]. It provides interesting context regarding the various factors in play motivating lawyers and firms engaged in lateral activity:
  • "Each year, about one in 20 partners faces a lateral move. The process can seem irrational and daunting, especially to first-timers. Having gone through a lateral move myself, and overseen the hiring of numerous laterals as a managing partner, I’m more familiar with this arcane ritual than most. Now, after 10 years as a recruiter guiding dozens of candidates through the process, I offer an 'anatomy' of a lateral move."
  • "Bill had worked with a marquee high-tech client over the last decade, which constituted about three-quarters of his portable business. The client had followed Bill through several moves, but its conflicts policies necessitated the moves. So while the heft of the marquee client and its loyalty to Bill mitigated the diversification issue, a number of firms would likely shy away from hiring him because of definite or potential conflicts with his showcase client..."

Thursday, November 29, 2012

Law Firm Conflicts from the Corporate Perspective

Earlier this year, we called out part one of this excellent overview written by Michael Downey at Armstrong Teasdale for the ACC. Now comes part two, worth reading in its entirety: "Dealing with Outside Counsel’s Conflict of Interest, Part II" --
  • "Part I of this article – Still Talking – dealt with the first three of eight considerations for corporate counsel when analyzing and responding to outside counsel’s conflict of interest."
Consideration IV – Terminate the Conflicted Firm.
  • "Normally one consequence of a serious conflict of interest is that the affected client terminates the conflicted firm… More often, however, the client terminates the conflicted firm later in the process, after the two sides fail to reach a resolution or accommodation. Although the law firm’s representation of that client ends with termination, the firm must continue to protect the client’s interests, including turning over client files and property."
  • "Sometimes it might be impractical to terminate a firm, even though termination is often an important step before filing a motion to prevent that counsel from representing an adversary. For example, a particular matter may require immediate attention, or lawyers at the conflicted firm may be the only ones who can properly handle a matter. In such circumstances, corporate counsel may retain the conflicted counsel, but should be prepared to make a strong case for why the firm should be disqualified from representing someone else. This includes distinguishing corporate counsel’s own situation – where disqualification is apparently impractical – from the adversary’s."
Consideration V – Forced Disqualification.
  • A client may need to force the termination of the law firm’s relationship with other clients whose representation created the conflict. When asking (as part of the warning letter) does not work, normally such protections must be sought through a motion to disqualify (for a representation involving pending litigation) or an injunctive action (when there is no pending litigation).

Wednesday, November 28, 2012

Law Firm and Government Conflicts -- Incidents Touch High-Level Officials in Canada and Australia

Two conflicts stories making news today:

Gillard law firm claims AWU case presented conflict
  • "SLATER & Gordon has confirmed that Julia Gillard [the current Prime Minister of Australia] faced a fundamental conflict of interest when she represented both a crony of her boyfriend and his union as a salaried partner of the firm in the early 1990s."
  • "Slater & Gordon released details of the opinion in response to persistent media questions regarding Ms Gillard's role in giving advice on the incorporation of the now infamous AWU Workplace Reform Association in 1992."
  • "A police investigation later revealed that her then boyfriend, senior AWU official Bruce Wilson, had stolen more than $400,000 from the association - including $100,000 spent towards the purchase of a Fitzroy property."
  • "As a partner and deputy head of Slater & Gordon's industrial department, Ms Gillard represented both the West Australian and Victorian branches of the AWU. But she confirmed on Monday that she had been representing Mr Wilson and Mr Blewitt personally when she helped them, for the association, buy the Fitzroy property - and denied she had acted without authority."
  • "In acting for the official the firm had obtained information that was confidential to the official and the disclosure of which to the union would have been a conflict between the interests of the union and the official."
  • "''Slater & Gordon ceased acting for both clients after it became aware of this conflict situation,' the [firm's] statement said."

Alberta premier accused of conflict in tobacco case
  • "Premier Alison Redford, while justice minister, personally chose her ex-husband's law firm for a government tobacco-litigation contract worth potentially tens of millions of dollars in contingency fees, a CBC News investigation has found."
  • "One of Canada’s top experts in conflict of interest says Redford was in a clear conflict and should have not made that decision."
  • "Redford’s former husband is Robert Hawkes, a partner in JSS, who served as her transition team leader after she won the Progressive Conservative Party leadership race in 2011 and ascended to the premier’s office."
  • "CBC News searched public records of political contributions and found JSS, Cuming & Gillespie, and Tim Wade, the lobbyist, gave tens of thousands of dollars to the PC Party, to Redford’s riding, and to her leadership campaign before and after her December 2010 decision to award the tobacco litigation to the consortium."

Report from Chicago Risk Roundtable

Yesterday, we held another Risk Roundtable session in Chicago. Many thanks to Foley & Lardner for hosting. Brian Lynch, IntApp Risk Practice Group Director, moderated discussions and sends this timely summary:
  • Dan -- I'm pleased to report back on a very productive Risk Roundtable session in Chicago, where we had a chance to discuss risk trends affecting US firms.
  • As we've done in our other meetings this month, we focused on reviewing the findings of the recently-published Risk Roundtable surveys, comparing and contrasting US results with UK findings.
  • The first hour we discussed Information Risk, one of top cited concerns.  The second hour we dedicated to Conflicts and "Bad" Clients. It feels like we could explore these topics for days, but we had a good and productive discussion during the time we had, and participants shared some interesting perspectives. 
  • Client demands have driven information risk to the forefront, whether through Requests For Proposal ("RFPs"), Outside Counsel Guidelines, or security audits. All three are on the rise, and firms are finding different methods to standardize their approaches and prepare effectively. Clients have become more aggressive in their demands, and this trend appears to be increasing with a recent study from Lexis Nexis finding large law firms responding to more than 21 RFPs per month.
  • The parallel challenge is bringing in the right kind of client, with a due diligence process that ranges from ethical conflicts, to business conflicts, to industry alignment. This is not an easy assessment, and firms spend a significant amount of time tapping into institutional knowledge to ensure that they aren’t tripping on less obvious conflict situations. IP work has proven to generate complicated situations, and some firms have opted out of patent prosecution work altogether to avoid conflicts that are not always easy to discern.
  • Thanks again to our host, Foley & Lardner, for hosting an excellent forum.

Tuesday, November 27, 2012

Data Breaches In the News -- Managing the Risk

Judy Selby, a partner at Baker Hostetler, argues in Law Technology News: "Why Risk Data Breaches? Insurance against data breaches in a new era of data insecurity." --
  • "Data breaches can occur in a variety of ways, some by accident, some motivated by profit or political belief, and some simply for the sport of it. A breach can result from a malicious attack designed to destroy or disable a network or to steal private, competitive or proprietary information; from a disgruntled employee out for revenge; from the negligence of a vendor handling data; or from a laptop or thumb drive being left accidentally in a cab or airport."
  • "As all entities, particularly health care providers, law firms, financial institutions, and retailers, continue to gather and store more and more personal and protected information every year, the risk of a data breach grows in turn... Data breaches can have serious financial effects, including business interruption losses, regulatory and credit card company fines, legal defense costs, and civil damages. Further complicating the situation are federal and state laws imposing fines for and/or mandating public disclosure of data breaches to the affected parties and law enforcement. The Health Information Technology for Economic and Clinical Health Act (HITECH), the Health Insurance Portability and Accountability Act (HIPAA), and Gramm-Leach-Bliley, among other federal laws, can be implicated by a breach."
  • "Reputational damage resulting from a data breach can be devastating as well. Recent studies report that significant numbers of customers said they will terminate their relationships with companies after being notified of a data breach."
  • "Given this environment and the exponential growth of electronically stored information, the necessity of implementing, monitoring and updating systems and practices to safeguard sensitive data cannot be overstated."
  • "Recently, however, insurance companies have begun to offer policies specifically designed to provide coverage for data breaches, cyberattacks and similar incidents, so-called cyberinsurance...Coverage under cyberpolicies can extend to violations of privacy laws, including (where permitted under law) payment of fines."

Tuesday, November 20, 2012

Playbooks, Disqualifications & Ethical Screens

Earlier this year we pointed out an interesting discussion between Monroe Freedman, Professor of Law at Hofstra Law and John Steele, publisher of the Legal Ethics Forum. See: Conflicts of Interest -- Is "Playbook" Information (aka "Special Insight" into Former Client Thought Patterns/Strategies) a Basis for Disqualification?

The ever-watchful Bill Frievogel highlights a recent case where a playbook play played a key role (Yhan v. Hovensa, L.L.C., 2012 U.S. Dist. LEXIS 161593 (D.V.I. Nov. 12, 2012). He summarizes:
  • "A lawyer in the plaintiffs' law firm ("Lawyer") worked at the defendant's law firm for three years until November 2011.  While at the defendant's firm Lawyer worked on employment related cases for the defendant, but not this case.  The defendant moved to disqualify the plaintiffs' law firm. 
  • The magistrate judge granted the motion, implicitly adopting the playbook approach to the substantial relationship test. 
  • The magistrate judge also rejected the plaintiffs' claim that Lawyer had been screened at her new firm, because the firm had not complied with the notice provision of MR 1.10 (territorial courts and the federal District of Virgin Islands have adopted the ABA Model Rules). 
  • In this opinion the district judge vacated the magistrate judge's order and remanded the case to the magistrate judge to develop more fully the evidentiary basis for the magistrate judge's finding of substantial relationship.  The district judge did not address the screening issue."
It's unclear if an effective screen would have prevented the disqualification. The notification requirements of Model Rule 1.10 include requirements that:
  • (ii) written notice is promptly given to any affected former client to enable the former client to ascertain compliance with the provisions of this Rule, which shall include a description of the screening procedures employed; a statement of the firm's and of the screened lawyer's compliance with these Rules; a statement that review may be available before a tribunal; and an agreement by the firm to respond promptly to any written inquiries or objections by the former client about the screening procedures;
  • (iii) certifications of compliance with these Rules and with the screening procedures are provided to the former client by the screened lawyer and by a partner of the firm, at reasonable intervals upon the former client's written request and upon termination of the screening procedures.

Monday, November 19, 2012

Report from Toronto Risk Roundtable

Last week, we held another Risk Roundtable session in Toronto. Many thanks to Stikeman Elliott for hosting. Brian Lynch, IntApp Risk Practice Group Director, moderated discussions and sends this summary:
  • Dan -- I'm pleased to report back on a very productive Risk Roundtable session in Toronto, where we had a chance to discuss risk trends affecting Canadian firms, who are negotiating ever-more complicated legal requirements.
  • We focused on reviewing the findings of the recently-published Risk Roundtable surveys, comparing and contrasting Canadian results those with results presented in the UK and US reports.
  • Conflicts of interest, rogue partners, information risk, and undesirable clients were cited as top risk management concerns. Non-paying clients were included in the "undesirable client" category, and Risk Partners have become involved in preventing further exposure.
  • A growing trend is the increased scope of client requirements or Outside Counsel Guidelines. US companies have led this charge with required FCPA questionnaires, security restrictions, and representation edicts i/r/t subsidiaries and competitors. Many firms have seen an uptick in information barriers driven by client demand, rather than legal requirements. Some firms automatically apply extra security to certain types of files based upon the nature of the work and the perceived risk. US firms have been wrestling with this trend for the past couple of years, and US clients are now pressing their Canadian counsel to abide by these standards, as well.
  • Laterals have proven to be a tricky topic, as well, as different firms apply different approaches to the client information that can be shared to determine whether a transferring lawyer can join another firm. There are currently a number of initiatives underway to provide clarity and consistency. Sue Grundy (Blake, Cassels & Graydon) and Malcolm Mercer (McCarthy T├ętrault) shared some of the progress on those fronts.
  • Finally, many were waiting to hear how the new IFRS accounting standards would affect audit responses. Simon Chester (Heenan Blaikie) explained that the new standards could be months or years away and that every firm would need to take a closer look at their current audit response process when that change was due to arrive.
  • Thanks again to our host, Stikeman Elliott, for hosting an excellent forum.

Thursday, November 15, 2012

Report from California Risk Roundtables

Last week, we held Risk Roundtable sessions in Los Angeles and San Francisco. Many thanks to Paul Hastings and Gordon & Rees for hosting. Pat Archbold, Head of IntApp’s Risk Practice Group, delivered a presentation about the risks associated with default-open document management systems.

He was joined by Adam Carlson and Matt Wolf of Carlson & Wolf, who discussed the importance of human factors in managing a coordinated information security program. Kathryn Hume, a member of the IntApp risk practice team was on hand for both events and sends this report:

  • Dan -- We held two stimulating and informative Risk Roundtable sessions this week in Los Angeles and San Francisco. Both were well attended by a mix of Risk Management and IT leaders from multiple firms.
  • In Los Angeles, discussion focused on real-world challenges of and approaches for managing internal access to sensitive documents and information. Several participants described the tension between competing demands of fostering knowledge sharing vs implementing effective security. Overall, group consensus supported the idea of adopting a hybrid approach, using business rules to grant users access to content on a need-to-know basis. Everyone agreed that the primary challenge going forward will be cultural: IT leaders are looking for ways to convince lawyers that locking down certain sensitive information will not hamper knowledge transfer, but could lead to unanticipated new developments. The team from Carlson and Wolf also underlined the importance of training and awareness to alert lawyers to covert dangers in malware like Trojan horses, spear phishing, and Ransomware.
  • In San Francisco, there was an in-depth discussion about increasing information security audits from clients in financial services, hi-tech and energy sectors, and the measures firms are forced to adopt to survive close examination. One firm mentioned that it required months of preparation to pass a recent audit conducted by a major financial institution. Discussion also touched on new ethical requirements recommended by the ABA 20/20 commission. Lawyers now have an actual ethical duty to alert clients to the risks entailed by using certain technologies, and to prevent possible unauthorized disclosure of confidential information.
  • In both session, representatives from ILTA's LegalSEC initiative were on hand to update attendees on progress towards developing industry security standards and recommended practices. A special thanks to Steven Shock, Chief Technology Officer at Irell & Manella, and Kevin Moore, Director of IT at Fenwick & West.

Wednesday, November 14, 2012

Webinar Recording: Managing Litigation Holds

For those who missed the live presentation and discussion, we have a recording of the recent webinar on Managing Law Firm Litigation Holds. In this session, Brian Lynch with IntApp moderated a panel comprising speakers from Foley & Lardner, Holland & Knight, and Sidley Austin who reviewed legal hold requirements and discussed methods firms can use manage holds.

Facing the need to effectively manage litigation holds, law firms are increasingly replacing legacy approaches with structured, managed and automated systems. That’s because ad hoc and “manage-by-spreadsheet” hold processes don’t always provide suitable audit trails and create significant administrative burdens for risk staff, IT and lawyers. Those burdens include managing notifications, securing documents subject to holds and tracking details in a consistent and defensible manner.

Monday, November 12, 2012

Minneapolis Roundtable - Information Security Trends: ISO 27001

Our next event scheduled for Monday, November 19th in the Minneapolis office of Faegre Baker Daniels.

This session, presenting in collaboration with ILTA, will focus on ISO 27001 for law firms. Attend to:
  • Gain a real understanding of the value of ISO 27001 and the drivers behind it.
  • Learn about the various approaches taken by firms who have gone through the certification process.
  • Understand the value of ISO and its information security/client service needs, and whether it’s a fit for your firm.
Presentations will feature Pat Archbold, Head of IntApp's Risk Practice Group and Scott K. Larson (CISSP, CISM, CIPP, AME).

Scott brings and interesting history and perspective to the discussion, as a former Federal Bureau of Investigation (FBI) supervisory special agent who led the FBI's computer investigations and infrastructure protection program. He is well-known as a trusted adviser to Fortune 500 companies, law firms, nonprofits and government organizations in digital forensics, incident response, risk management, and other complex technical, legal and regulatory issues.

Attendance at these is by invitation only and is limited to qualified law firms and personnel. Please contact for more details.

Thursday, November 8, 2012

Burr & Forman Selects IntApp Wall Builder to Secure Microsoft SharePoint Document Management System

Burr Burr & Forman LLP, a Southeast regional firm with over 250 lawyers, has selected IntApp Wall Builder to enforce ethical screens and manage information security as part of its initiative to adopt Microsoft SharePoint as a document management system.

Said Burr & Forman CIO David Michel:
  • "Our firm made the decision to roll out Microsoft SharePoint for document management and needed a way to implement essential confidentiality controls, particularly the ability to explicitly grant and deny users access to specific information, and to update matter team membership over time."
  • "We chose Wall Builder because it's already being used by other organizations to secure Microsoft SharePoint DMS and we were confident that IntApp had the real-world experience to successfully execute our project on time and on budget."
Pat Archbold, Head of IntApp's Risk Practice Group added:
  • "Over the years, IntApp has made several enhancements to Wall Builder specifically engineered to address complexities in how Microsoft SharePoint stores, manages and secures information."
  • "We're pleased to apply the technology and experience we've developed by working with over 140 law firms to implement confidentiality management software, in support of Burr & Forman."
For more information, see the official news release.

Wednesday, November 7, 2012

Law Firm Conflicts Management Software -- ILTA Industry Survey

Here's additional interesting detail from the recently published ILTA survey of over 485 law firms. Well over 25% of participants weighed in on the question of which conflicts management software they use.

Aggregate data on product adoption by firms with 150 or more lawyers:
  • Elite -- 40%
  • LegalKEY (OpenText) -- 28%
  • Aderant/CMS -- 23%
  • CA/MDY (Autonomy) -- 4%
  • Rippe & Kingston -- 2%
  • TMC -- 2%
  • Microsoft Access -- 1%
  • Rainmaker -- 1%
  • Compliguard Analyze (Frayman Group) -- 0%
Data broken out by firm size:

Firms with 700+ lawyers:
  • Aderant/CMS -- 14%
  • Elite -- 18%
  • LegalKEY -- 68%
Firms with 350-699 lawyers:
  • Aderant/CMS -- 27%
  • CA/MDY -- 10%
  • Elite -- 28%
  • LegalKEY -- 35%
Firms with 150-349 lawyers:
  • Aderant/CMS -- 23%
  • CA/MDY -- 2%
  • Elite -- 56%
  • LegalKEY -- 9%
  • Microsoft Access -- 2%
  • Rainmaker -- 2%
  • Rippe & Kingston -- 3%
  • TMC -- 3%
For information about ILTA’s 2012 Technology Survey, see their web site.

Tuesday, November 6, 2012

Law Firm Information Security, Ethical Walls, Information Barriers & Confidentiality -- ILTA Industry Survey

Today, polls, surveys and statistics will no doubt be in the news (at least in the US).

For the legal community, ILTA just published its annual law firm technology survey. It presents responses collected from over 485 law firms, comprising over 90,000 lawyers.

Report data show that the vast majority of firms using commercial software to secure internal access to confidential information (for ethical screens/information barriers, client confidential matters or regulatory compliance) have standardized on IntApp Wall Builder, including:
  • 70% of firms with 700 or more lawyers
  • 69% of firms with 350 to 699 lawyers
  • 58% of firms with 150 to 349 lawyers
Aggregate data on product adoption by firms with 150 or more lawyers:
  • Wall Builder (IntApp) -- 65%
  • CompliGuard Protect (The Frayman Group) -- 8%
  • iMPrivate (DocAuto) -- 6%
  • WincWall (Wertheim Global Solutions) -- 6%
  • GX2 (Worldox) -- 5%
  • Milan (Prosperoware) -- 4%
  • SecurityGuard (Olson Consulting) -- 2%
  • The Wall (Younts Consulting) -- 2%
  • MasterEthics (RBRO Solutions) -- 1%
  • NetDocuments (NetDocuments) -- 1%
For information about ILTA’s 2012 Technology Survey, see their web site.

Thursday, November 1, 2012

Conflicts (Senatorial, Alleged or Otherwise) Making News

"NFLPA fights to keep Paul Tagliabue from hearing bounty appeals"
  • “In a statement, the NFLPA said Tagliabue's involvement is a conflict of interest because the former NFL commissioner works for a law firm that has handled bounty-related matters for the league, and represented current Commissioner Roger Goodell in a defamation lawsuit by one of the four players, Jonathan Vilma.”
"Ex-senator backs out of San Bruno blast talks"
  • “Former Sen. George Mitchell and his law firm have offered to withdraw as mediator in talks over how much Pacific Gas and Electric Co. should be fined for the San Bruno pipeline explosion after the city and consumer watchdog groups voiced their opposition, officials said Thursday… City officials and consumer groups said the law firm represents an insurance carrier for PG&E, which they called a conflict of interest…Jackson and Long said utilities commission officials had told them that they would convey their continued opposition to DLA Piper, thus making the firm's withdrawal official.”
"Danforth's tie with law firm may tinge History Museum role"
  • “Danforth is a law partner at Bryan Cave, the same firm that has enjoyed a long business relationship with the museum. The firm counseled the History Museum in the controversial land deal with former Mayor Freeman Bosley Jr., and has performed the studies that have helped justify President Robert Archibald's compensation… Danforth says there is no conflict of interest…The mayor and county executive didn't ask him to investigate the property purchase or executive pay, he points out. They asked him to broker a deal between the History Museum's government-appointed commission and its nonprofit board of trustees.”

Wednesday, October 31, 2012

Upcoming Webinar: Managing Litigation Holds (CLE Eligible)

Our next webinar features a panel comprising speakers from Foley & Lardner, Holland & Knight, and Sidley Austin and will review litigation hold requirements and discuss methods firms can use manage litigation holds.

Facing the need to effectively manage litigation holds, law firms are increasingly replacing legacy approaches with structured, managed and automated systems. That’s because ad hoc and “manage-by-spreadsheet” hold processes don’t always provide suitable audit trails and create significant administrative burdens for risk staff, IT and lawyers. Those burdens include managing notifications, securing documents subject to holds and tracking details in a consistent and defensible manner.

Speakers will review litigation hold requirements and methods for implementing effective litigation holds, addressing topics including:
  • Understanding litigation hold requirements
  • When to place a litigation hold
  • What information is affected
  • Managing litigation holds
  • Technology solutions
  • Crystal Adkins, Associate General Counsel, Holland & Knight
  • Dana Moore, Information Governance Compliance Manager, Foley & Lardner
  • Mark Lagodinski, Director of Records Management, Sidley Austin
  • Brian Lynch, Director, Risk Practice Group, IntApp
Date: Wednesday, November 7
Time: 8 am Pacific / 11 am Eastern / 4pm GMT
Duration: 75 minutes

CLE CREDIT: As a certified as a CLE approved educator by the State Bar of California, we are able to provide certificates to attendees upon request. (Attendees are responsible for confirming CLE reciprocity in their particular jurisdiction, but we are happy to provide any additional information you need to receive credit outside of California.)

Attendance is by invitation only. For more information, please contact:

Thursday, October 25, 2012

Law Firm Risk Management Survey Reports Now Available

I'm delighted to announce the availability of our 2012 Law Firm Risk Management Survey reports. Many thanks to the over 150 firms who participated in four separate surveys for the US, UK, Canada and Australia.

The survey reports provide statistical information and commentary about current industry trends designed to provide law firm risk and IT stakeholders with insight into the priorities and practices of their peers so that firms can plan and respond effectively. They examine specific issues including new business intake, lawyer lateral hiring and departures, ethical walls and information barrier management, confidentiality enforcement, internal education, and compliance tracking and verification.

While each report presents unique data and detail, several risk management trends and priorities manifest across all geographies:
  • Firms cite information risk (data security and confidentiality) as a top risk management concern.
  • Respondents overwhelmingly highlight rising client concerns about information risk management, as evidenced by the increasing quantity of security-related questions in Requests for Proposal (RFPs) and mandates in Outside Counsel Guidelines (OCGs).
  • Participants also noted increasingly internal concerns with regard to complying with regulatory rules and evolving professional standards.
Reports will be going out in the mail shortly to those who took part. (Additionally, firms that are clients of IntApp will be recieving reports as a customer benefit.) Other parties interested in obtaining copies of one or more reports can email for more information.

Upcoming Event: Chicago Risk Roundtable

The Risk Roundtable season continues...  We're pleased to announce our latest event, scheduled for Monday, November 26th in the offices of Foley & Lardner LLP.

These events always provide a forum for IT and risk professionals to connect in a collaborative environment.

Topics for discussion will include ISO 27001, client audit trends and considerations over “open” vs. “closed” document management approaches. We'll also review of news stories, issues, trends and developments affecting law firm risk management.

(We're delighted to be returning to Chicago, where many of our favorite risk leaders reside.) As a reminder, we have upcoming events already scheduled for:
  • Washington DC, October 30th
  • Philadelphia, October 30th
  • Los Angeles, November 5th
  • San Francisco, November 6th
  • Toronto, Canada, November 14th
Attendance at these is by invitation only and is limited to qualified law firms and personnel. Please contact for more details.

Wednesday, October 24, 2012

Upcoming Event: Toronto Risk Roundtable

It's been a very busy season for Risk Roundtable sessions. We're excited to announce our latest event, scheduled for Wednesday, November 14th in the Toronto office of Stikeman Elliott.

These events always provide a forum for IT and risk professionals to connect in a collaborative environment.

Topics for discussion will include ISO 27001, client audit trends and considerations over “open” vs. “closed” document management approaches. We'll also review of news stories, issues, trends and developments affecting law firm risk management.

(Several regular Toronto participants have already highlighted specific issues they'd like to explore with the group, and we look forward to these discussions as well.)
As a reminder, we have upcoming events already scheduled for:
  • Washington DC, October 30th
  • Philadelphia, October 30th
  • Los Angeles, November 5th
  • San Francisco, November 6th
Attendance at these is by invitation only and is limited to qualified law firms and personnel. Please contact for more details.

Tuesday, October 23, 2012

Law Firm Information Governance & Technology Challenges

Following yesterday's note about our recent webinar on proposed ABA Model Rule changes and implications for law firm information management, security and compliance efforts, comes a few interesting articles on information governance:

"Info Governance Model Expands Privacy, Security Roles" --
  • "Data privacy and security have been listed as necessary assets in the Information Governance Reference Model (IGRM) since its 2009 development by the Minnesota-based Electronic Discovery Reference Model organization. But previous versions of the model (which includes business and technology processes) did not prescribe that managers who are dedicated to privacy and security functions should be on the teams shaping these policies."
  • "'The updated model now includes privacy and security as primary functions,' the EDRM announcement states. 'When these stakeholders are not working in concert, information accumulates rapidly and indefinitely, which adds significant cost and risk and undermines the ability to get value,' the EDRM announcement stated."
  • "'Access, transport, and use limitations are not understood by employees with information custody or collections responsibility, and customer's or employee's rights are impacted,' the document states. 'The type and nature of data in a system or process is poorly understood, leading to incomplete or inaccurate application of retention, preservation, privacy, and collection and disposition policy.'"
"Managing Mobile Risk" --
  • "Of the top themes presented at this summer's International Legal Technology Association conference... [Slides available via this link.] While nearly every law firm urges clients to manage their data properly — as in having a formal information lifecycle management program in place — a large number of firms don't practice what they preach. A variety of new technologies have facilitated the breakneck growth of data volumes and they are shared and stored in locations outside the physical (presumably secure) firm walls. But this model no longer works — firms are beginning to recognize that the risk is too high to ignore."
  • "Controlling information is not a new concept for law firms and their personnel. But today's unmanaged mobility — in the form of BYOD (bring your own device) to work programs — and equally unmanaged use of popular Web services such as Dropbox and Evernote — represent a seemingly unstoppable phenomenon. This creates a set of issues that must be addressed before an information governance firestorm hits."
  • "Clearly, mobile is here to stay — and firms will encourage collaboration via these devices. It just makes plain business sense to do so. However it is critical that firms take a formal stance on data lifecycle management, and the larger information governance. If defined and controlled well, data collaboration and content delivery on mobile devices will not introduce any more risk than the data residing on the firm's servers, desktops, and laptops."

Monday, October 22, 2012

Webinar Recording: Understanding the ABA 20/20 Rule Changes

For those who missed the live presentation and discussion, we have a recording of the recent webinar on Understanding the ABA 20/20 Rule Changes. In this session, Pat Archbold, Head of IntApp's Risk Practice, and Matt Wolf, Consultant at Carlson & Wolf, review how changes to Model Rules proposed by the ABA affect lawyers and how firms can best respond.

Topics include:
  • ABA Model Rule changes
  • Client pressure
  • Insurer pressure
  • Evolution of technology
  • Response tactics
These changes clarify lawyers' ethical obligations to protect client information, including a requirement for lawyers to achieve a basic understanding of the benefits and risks of relevant technology, such as cloud computing, and to take reasonable steps to safeguard client confidential information, including information in electronic form, against unauthorized or inadvertent access by third parties.

Designed for non-technical audiences, this presentation provides a great overview for those looking to learn about current trends and emerging requirements, along with lessons they can apply at their firms.

Wednesday, October 17, 2012

Conflicts and Imputation News

A few interesting updates of note:

Conflict questions arise about law firms representing HOAs, banks --
  • "Disputes pitting homeowners associations against banks that owe fees on foreclosed houses have left some questioning whether the same law firms should represent parties on both sides of the fight.
  • "One firm that represents both banks and associations is Greenspoon Marder, with offices in Orlando and elsewhere in the state. Firm co-founder Michael Marder said his group guards against conflicts and is comfortable doing business with organizations at odds with one another, such as banks and associations. 'We don't operate on an ideological basis,' Marder said this week. 'We have a large firm with a broad base of clients, and we try to ensure we have no conflict.'"

Conflict of Lawyer Doing Outsourced Work Will Not Be Imputed to Firm That Pays Her --
  • "A law firm representing the plaintiff in a lawsuit is not subject to imputed disqualification based on the fact that it outsources work to a lawyer who formerly represented the defendant in the same litigation, the U.S. District Court for the Northern District of Florida decided Oct. 5 (Brown v. Florida Dep't of Highway Safety and Motor Vehicles, N.D. Fla., No. 4:09-cv-171-RS-CAS, 10/5/12)."
  • "Judge Richard Smoak determined that the former government lawyer--who has not had any involvement with the plaintiff in this matter--is not “associated” with the plaintiff's law firm under their working arrangement."

Tuesday, October 16, 2012

3M Disqualification -- News and Opinion Around the Web

Last week, a judge disqualified a law firm which had previously presented 3M (see our previous coverage): "Minn. Judge Disqualifies Covington from Representing State In Big Enviro Case Against Ex-Client 3M" --
  • "Agreeing that 3M Co. had been betrayed by a major law firm's decision to help the Minnesota attorney general pursue an environmental suit against its former longtime corporate client, a judge has disqualified Covington & Burling from continuing to represent the state in the litigation against 3M."
  • "Hennepin County District Court Judge Robert A. Blaeser wrote: 'Covington has exhibited a conscious disregard for its duties of confidentiality, candor, full disclosure, and loyalty to 3M by failing to raise its conflicts arising from the fact that it previously advised and represented 3M on FC [fluorochemical] matters. Additionally, Covington is disqualified in order to protect 3M's confidential information Covington obtained during its representation of 3M, which is relevant to the issues at the heart of the state's case.'"
This decision made news in the mainstream press and garnered commentary from industry pundits. See the interesting analysis on the details from the Professional Responsibility Blog:
  • "Interestingly, however, the basis for the ruling is not that Covington violated the "hot potato doctrine" (which penalizes a firm for dropping a client to clear the way to accept the representation of a new client) as argued by 3M.  The court simply held that Covington violated rule 1.9 on successive conflicts of interest.  Either way, 3M has scored a big win."
And some direct commentary from the players involved: "3M v. Lanny Davis: For the Record."

Wednesday, October 10, 2012

News & Updates: Global Legal Regulation, Choice of Law & Information Technology

Will we some day see a global regulation authority? "SRA throws weight behind global legal regulators’ network" --
  • "Legal regulators from around the world have agreed to create an information-sharing network as a first step towards the eventual formation of a global regulators’ organisation."
  • "The move was agreed at the first international conference of lawyer regulators, hosted in London last week by the Solicitors Regulation Authority (SRA). As well as representatives of the UK’s regulatory bodies, it was attended by senior regulators from many – mainly common law – jurisdictions, including the US, Canada, Ireland, Australia, Hong Kong and several African countries."
  • For more detail on participants and topics, see the conference web site.
With the ABA Ethics 20/20 Commission publishing new recommendations last month, the Legal Ethics Forum highlights an important recommendation: "Ethics 20/20 Proposals on Choice of Law Issues" --
  • "One draft proposal would permit lawyers and clients to agree that their relationship will be governed by a specific jurisdiction’s conflict of interest rules.  The proposal is designed to help lawyers and their clients predict, with more accuracy than Model Rule 8.5(b) can provide, which jurisdiction’s conflict rules would govern the lawyer’s representation of a client."
Finally, from the intersection of risk, information technology and corporate practice comes a call from Gartner for CIOs to interact more regularly with risk leaders: "CIOs Should Get to Know Their Chief Legal Officers" --
  • "The Gartner report recommends that CIOs and CLOs have regular, frequent and in-depth meetings so they can build a better relationship and understand each other's requirements, capabilities and outstanding issues. Of the CLOs who talk to their CIOs more than once a month, large majorities said they had changed their legal strategies or corporate policies after the conversation."

Tuesday, October 9, 2012

On Finding Joy in Law Firm Compliance...

Here's a very interesting article published by the KnowList on connecting the emerging trend of "gamification" to law firm compliance: "Where’s the fun in compliance? How to boost boring but essential tasks." --
  • "A perennial challenge with boring but necessary activities is that they are hard to keep doing... Unfortunately for Risk & Compliance officers, core compliance tasks like 'know your client' and anti-money laundering checks are in the category of important but dull, and firms of all sorts and sizes struggle to ensure that regulations are met and risks are minimised and managed."
  • "One approach is to threaten draconian punishment for non-compliance, but this rarely works. Some sort of incentive is required, but the fear of punishment is hard to instill and maintain – and rarely effective in the long term."
  • "Think back to our ultimate goal: we want to improve compliance and reduce risk, and to do this, we need our people to provide certain information. Simple techniques, borrowing ideas from psychology and falling under the banner of ‘gamification’, can be used to present targets, provide immediate and ongoing feedback, and improve information gathering whilst simultaneously reducing the perceived burden."
  • "With a gamification approach, measures of completeness equate to a score, and higher scores lead to rewards.Other measures can be scores too. Think of accuracy – possibly the most important measure for compliance. How might we measure and score accuracy? Think of the impact of inaccurate data – it has to be corrected. A score can be based around ‘correction’ levels, for example the number of fields that were modified after the form was submitted."
  • "Almost everyone responds to some kind of competition between groups, so consider league tables showing practice area measures of completeness and accuracy. Within practice areas, show individuals’ performance in comparison, and reward the leaders. Merely having visible measures in place will encourage most people to make some sort of effort to improve. Publicising practice group performance has another benefit – it brings partners into the game."
Will we see the day when lawyer and staff LinkedIn profiles contain highlights like: "Conflicts Clearing Wizard -- Level 5, Lawful Good," or "Winner -- Best lawyer intake response time (2014-2015)"? Only time will tell, says this Risk Blogging Bard...

Monday, October 8, 2012

Client RFPs on the Rise

Corporate Counsel and report: "More Frequent, Elaborate RFPs Challenge Outside Counsel" --
  • "According to a recent survey by LexisNexis, 42 percent of law firms have seen an increase in requests for proposal from in-house law departments this year. The increased pressure to compete for corporate business is putting added strain on firms."
  • "Larger firms respond to a higher level of solicitations than their small-firm counterparts. Sixty-six percent of respondents came from firms with at least 100 lawyers. Overall, firms averaged five to 16 proposals per month, but 15 percent — mostly firms on the higher end in terms of staff — averaged more than 21 RFPs each month. The largest firms in the survey dedicated 4,800 hours to law department proposals per year."
  • "'It used to be that law firms sent their rainmaker out to sit across the table from a company's general counsel and sell them on the firm,' says Sidwell. Today's departments are taking a much more methodical approach to the RFP process. 'It's a wake-up call for law firms,' he says."
This is an important trend for risk professionals to take note of. As we've highlighted, along with other industry reports including the Risk Roundtable law firm surveys, client RFPs increasingly address risk and compliance issues, including firm information governance and confidentiality practices.

Thursday, October 4, 2012

Upcoming Webinar: Understanding the ABA 20/20 Ethics Rule Changes

The ABA recently approved changes to the Model Rules of Professional Conduct proposed by the Commission on Ethics 20/20. These changes clarify lawyers’ ethical obligations to protect client information, including a requirement for lawyers to achieve a basic understanding of the benefits and risks of relevant technology, such as cloud computing, and to take reasonable steps to safeguard client confidential information, including information in electronic form, against unauthorized or inadvertent access by third parties.
In this webinar, Pat Archbold, Head of IntApp’s Risk Practice, and Matt Wolf, Esq., Consultant at Carlson & Wolf, providers of law firm security consulting services, will review how these rule changes affect lawyers and how law firms can best respond. Topics will include:
  • ABA Model Rule changes
  • Client pressure
  • Insurer pressure
  • Evolution of technology
  • Response tactics
CLE CREDIT: We are a CLE approved educator by the State Bar of California. Certificates will be provided to attendees upon request. (Attendees are responsible for confirming CLE reciprocity in their particular jurisdiction, but we are happy to provide any additional information necessary to receive credit outside of California.)

Attendance at Risk Roundtable webinars is by invitation only. For more information, and to request registration, email:

Wednesday, October 3, 2012

Risk News: Conflicts, Ethical Screens & Disqualification Attempts

Judge Andrews disqualifies attorneys based on their law firm's representation of plaintiff's parent company nearly twenty years earlier. --
  • "Judge Richard G. Anderson recently disqualified the law firm Latham & Watkins as defense counsel in a patent infringement action filed by the subsidiary of a former Latham client. Eon Corp. IP Holdings LLC v. Flo TV Inc., et al., C.A. No. 10-812-RGA (D. Del. Sept. 24, 2012).
  • "Latham represented the plaintiff's parent company between 1988 and 1995, but did not represent it in patent prosecution matters, or with regard to any licensing efforts involving the patent at issue. Id. at 3, 7. Instead, Latham represented the plaintiff's parent company in general corporate and regulatory matters. Id. at 3. The Court noted that some of those corporate and regulatory matters related to the same or similar technology at issue in the patent litigation. Id. at 3."
Former First Arena operator's lawyers may have conflict of interest, U.S. Trustee says --
  • "The U.S. Trustee’s office on Tuesday asked a federal judge not to let the former operator of First Arena hire law firms that have already represented the company in bankruptcy proceedings in Rochester. Assistant U.S. Trustee Kathleen Schmitt filed an objection to Elmira Downtown Arena LLC’s hiring of attorneys from Michigan law firm Schaefer & Weiner PLLC and from Phillips Lytle LLP, which has an office in Rochester."
  • "In her objection, Schmitt said Schaefer & Weiner may have a conflict of interest and that the way the Michigan firm would be paid may be improper."
And ethics maven Bill Freivogel flagged: Alnylam Pharm., Inc. v. Tekmira Pharm. Corp., 2012 U.S. Dist. LEXIS 136462 (D. Mass. Sept. 24, 2012) --
  • "Firm A represents Plaintiffs in this patent suit.  Firm B represents Defendant.  Lawyer moved from Firm B to Firm A in 2012. While at Firm B Lawyer worked on a Defendant matter and billed 137 hours to the matter in one month.  When Lawyer moved, Firm A set up a screen.  Defendant moved to disqualify Firm A.  In this opinion the court denied the motion.  The court said that while Lawyer did work on a matter involving a license agreement that was involved in this case, the license agreement was not central to the issues in this case, and, thus, the matters were not 'substantially related.'"

Tuesday, October 2, 2012

Upcoming Risk Roundtable: Philadelphia, PA

We're well into the swing of our Fall Risk Roundtable series. And we're excited to host simultaneous meetings on October 30th. We previously announced our Washington DC session, co-presented with Ames & Gough. That same day we'll also be presenting a session in Philadelphia, hosted by Post & Schell.

These events always provide an excellent forum for risk, IT and related professionals to connect in a collaborative environment.
  • At this session we’re pleased to feature a moderated discussion led by Eric Mosca from InOutsource, an independent consultancy focusing on law firm records management.
  • He'll review risk trends affecting law firms today and share insights from his consulting experience working with a variety of firms across the US.
Risk expert Brian Lynch will also provide an update on the Risk Roundtable Compliance Consortium, including an overview specific industry risk response guidelines this group is developing.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact for more details.

Monday, October 1, 2012

Report from Charlotte Risk Roundtable (Client Audits, Information Governance & More)

Last week, we held a  Risk Roundtable session in Charlotte, North Carolina. Many thanks to Parker Poe for hosting. Brian Lynch, chair of the Risk Roundtable Compliance Consortium, delivered a presentation updating attendees on current risk issues and trends, and moderated group discussion. He sends this update:
  • Dan, I'm pleased to report back a successful Risk Roundtable session in Charlotte, North Carolina. Parker Poe was generous enough to host our group of risk managers and technology leaders, who are blazing trails into risk management territory.
  • We spent a good deal of time discussing open vs. closed document management systems. With the ever-increasing pressures from many different sources, it has become difficult to manage varied levels of confidentiality across multiple systems of record. Open and closed approaches have their limitations. Could there be a middle approach, where business rules could automatically lock down sensitive information? The answer is tying together risk expertise and intelligent technology to reduce the risk of under-secured and over-secured information.
  • Many firms are subject to client audits, and these are more widespread than ever. Some firms that represent clients in highly regulated industries have reported multiple on-site audits per month. This trend is driving firms to adopt specific security standards and processes to be best prepared for the inevitable auditor's visit. In response, many firms are considering ISO 27001 certification.
  • For firms looking for a lighter alternative, ILTA's LegalSEC initiative is developing a set of "standards" to best equip a firm to standardize their security processes and perform well in audits.
  • Mark Brophy - IT Director at Rogers Townsend - shared some of the progress and initial thinking from the LegalSEC initiative. One of their objectives is to understand the ethical requirements per jurisdiction of lawyers in regards to security. In our upcoming November sessions in San Francisco and Los Angeles, we will connect those dots of bar requirements.
As Brian noted, dates and locations for several additional Roundtable sessions will be announced shortly. Watch this space for details.

Wednesday, September 19, 2012

On Waivable Conflicts of Interest...

Hat tip to the Legal Ethics Forum for the pointer to a new article published in the Rutgers Law Review: "What Conflicts Can Be Waived? A Unified Understanding of Competence and Consent."  From the abstract:
  • "Attorneys are frequently asked to represent more than one client in the same or related matters... Regardless of the setting, attorneys face the same challenge in deciding whether the conflict of interest posed by the joint representation can be waived by the clients."
  • "Under the Model Rules of Professional Conduct, the conflict of interest can be waived if (1) the clients provide knowing, informed consent to the joint representation, and (2) the attorney’s representation of the multiple clients will be competent..."
  • "In assessing whether the joint representation will be competent, however, the attorney encounters the enigma that has bedeviled practitioners, courts and commentators since the adoption of the Model Rules. A joint representation hampered by a conflict of interest materially limits the services that the attorney can perform for one client because of her competing duties to the other client. Thus, the challenge: how can we know which joint representations are competent (and therefore “consentable”) when nearly all suffer from material limits on the services that counsel can undertake for the clients?"

The articple proposes: "...a new test by which courts and practitioners can honor both the consent and competence elements of Model Rule 1.7(b)."
  • "In application, the proposed test calls for a rethinking of: the Supreme Court’s approach to conflict waiver in the criminal-defense setting; the analysis of courts that have considered conflict waivers in civil litigation and transaction matters; and the approach of attorneys who are charged with determining in the first instance whether to accede to client requests for a joint representation. Given the stakes for clients and counsel, it is time we understood why and when a conflict can be waived."

Tuesday, September 18, 2012

Upcoming Event: Washington DC Risk Roundtable

Plans are now set for our next Washington DC Risk Roundtable event. It's set forTuesday, October 30th and is co-sponsored by IntApp and Ames & Gough.

Many law firm IT and Risk Management professionals are taking a closer look at their information security strategy. While many firms have invested heavily in firewalls and malpractice insurance, many firms are considering cyber insurance, ISO 27001 certification and process and policy changes to address these new set of risks.

In this context, it’s vitally important that risk professionals continue to take steps to understand this changing landscape and minimize firm exposure.

This forum will include a review of news stories, issues, trends and developments affecting law firm risk management, and presentations by:

  • Eileen Garczynski, Vice President of Ames & Gough
  • Pat Archbold, Head of Risk Practice at IntApp
  • David Greenberg, law firm risk consultant
This group will discuss practical, proactive recommendations that firms can take back and implement to mitigate risk and protect firm assets.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact for more details.

Monday, September 17, 2012

Inappropriate Removal of Client Files

We've pointed to stories like these before [see here and here]. Now comes another extreme example of controversy over handling client files, and more: "Florida Supreme Court suspends Winters and Yonker for misconduct in leaving Mulholland law firm, including theft for removal of Mulholland firm’s client files" [The Florida Bar vs. William Henry Winters and Marc Edward Yonkers, Case SC10-1333 (September 6, 2012)] --
  • "In a highly publicized (and very contentious) case, the lawyers were prosecuted by The Florida Bar for their alleged misconduct related to their actions before, during, and after leaving the Mulholland law firm."
  • "The Florida Supreme Court opinion found that the lawyers solicited clients of the Mulholland law firm to terminate that law firm and hire their new law firm to represent them, made misrepresentations to the Mulholland law firm, made copies of and took files belonging to the firm, and improperly used a third lawyer’s name in their firm name."
  • "According to the opinion, '(t)he Bar argues that Winters and Yonker’s ‘personal use’ of the Mulholland firm’s client files constituted acts of criminal theft under section 812.014, Florida Statutes (2001), and that theft inherently reflects adversely on a lawyer‘s honesty, trustworthiness, or fitness as a lawyer. We agree…Winters‘ and Yonker’s conduct in appropriating client files from their employer for their own personal use constitutes theft."
See the complete article for more details.

Wednesday, September 12, 2012

SRA Risk and Compliance Updates

SRA supervision reduces law firm risk, report on pilot finds -- "A report on the Solicitors Regulation Authority’s (SRA) pilot on supervision of low and medium-risk firms has concluded that the regulatory risks posed by participating firms fell during the period of supervision."

Compliance officer failures bolster SRA bid for automatic fining powers -- "The Solicitors Regulation Authority (SRA) is to seek powers to levy automatic fines for breaches of its rules to avoid a repeat of the embarrassment caused by hundreds of law firms failing to nominate compliance officers on time."

SRA set to press ahead with leniency scheme for law firm whistleblowers -- "The introduction of a leniency scheme for those who reveal misconduct at law firms and alternative business structures will today be debated by the board of the Solicitors Regulation Authority (SRA)."

Tuesday, September 11, 2012

ILTA Conference: Information Risk & Security Notes

The team at Carson Wolf posted an update on key information risk and security developments and discussions at the recent ILTA conference in Washington DC: "ILTA 2012 Wrap-Up."
  • "It is clear that for most law firms, the increase in clients specifying security requirements or conducting assessments of the law firm environment were the driving force behind security initiatives."
  • "To meet these increasing client security requirements some law firms are seeking ISO 27001 certification and there were two good sessions presenting firsthand knowledge on the challenges and rewards of ISO certification."
  • "Like any great community organization, ILTA sees the security challenges as an opportunity to serve its members and recently announced the LegalSEC initiative, a new working group focused on law firm security."
ILTA itself also made several session slide decks publicly available. Here are some relevant topics worth exploring:
  • Information Governance and Security Policies: Two Peas in a Pod [Link]
  • Differentiate Your RFP from the Competition with ISO Certification [Link]
  • Information Governance: The New Records Management [Link]
On the lighter side -- ILTA's in-house band, the Legal Bytes, performed several original songs, including "Unethical Walls," written by Frank Gillman. The complete lyrics are also available online. Here's a preview:

You say we’re partners, that much is true.
Yet there’s a conflict ‐ between me and you.
You won’t take a meeting, you won’t take my calls,
You just shut me out ‐ while you build your walls.

(The Risk Management Blog would welcome a recording, live or studio quality, if anyone has one to share...)

Monday, September 10, 2012

Upcoming Event: Charlotte Risk Roundtable

Our next US Roundtable event is set for Charlotte, North Carolina on September 26th, hosted by Parker Poe.

These sessions provide a excellent forum for risk, IT and related professionals to connect in a collaborative environment and explore news stories, issues, trends and developments affecting law firm risk management.

At this meeting we’ll also feature a presentation from Mark Brophy from Rogers Townsend & Thomas PC, who will provide an overview and update on ILTA's LegalSEC initiative, a working group developing information security best practices and an asset protection framework for law firms.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact for more details.

Wednesday, September 5, 2012

UK Risk Roundtable Meetings (Bristol and Birmingham)

We've announced two upcoming Risk Roundtable events in the UK.
  • Bristol -- Wednesday, October 3rd
  • Birmingham -- Thursday, October 4th
The Risk Roundtable provides a forum for risk, IT and related professionals to connect in a collaborative environment. By attending this event, you will gain insights on:

  • Review of news stories, issues, trends and developments affecting law firm information security
  • The pros and cons of “Open” vs. “Closed” document management system (DMS) models
  • Update on industry ISO 27001 developments and approaches
  • A review of how law firms are leveraging technology to advance their information security initiatives

Join us and your peers to discuss the challenges you may be facing today managing your information risk. Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact for more details.

Tuesday, September 4, 2012

Law Firm Information Governance

Law Technology News Reports on developments for a "Framework Proposed for Law Firm Information Governance."
  • "A Proposed Law Firm Information Governance Framework," in the form of a 52-page report, debuted today. It came out of a series of discussions on strategies for safeguarding law firm information that law firm leaders had in May at a symposium in Chicago.The report defines information governance in the context of law firms, clarifies what's involved to administer it, suggests security assessments, and explains how to implement such policies."
  • "Such approaches should help lawyers meet their professional responsibilities regarding client information, recognize regulatory and privacy requirements, and rely on participation and collaboration, the report continues. 'With information governance, firms are better able to mitigate risk, improve client service through increased lawyer productivity, and reduce the cost of managing the information needed to support the efficient delivery of legal services,' it states."
  • "'There are so many different definitions for information governance out there, but none that were very specific to a law firm environment,' said Rudy Moliere, director of information governance and records management at White & Case, in New York. Moliere co-chaired the meeting. 'Most of the time [in the meeting] was spent synthesizing our thoughts as opposed to debating what should be on there," he said. For law firm information and technology leaders, 'This will provide them with a road map,' Moliere said."
Participants in the information security working group included Brian Lynch from IntApp, Shawn Knight from Venson & Elkins, Brianne Aul from Reed Smith, Mark Lagodinski from Sidley Austin, Eric Mosca from InOutsource, Paul Singleton from Bingham McCutchen, and Susan Trombley from Iron Mountain.

For more information and detail, see the complete report.