Monday, April 30, 2012

Study Claims 40% of Law Firms "Don't Know if They've Lost Data"

via [Orange Rag]. An information security study just published by PricewaterhouseCoopers and Iron Mountain includes responses collected from 125 European law firms:

  • "Four in 10 (42%) law firms surveyed across Europe did not know whether or not they had suffered a data breach in the previous three years."
  • "Sensitive and confidential information held by legal firms is at risk of exposure because many do not check whether their employees implement information security measures."
  • "Commenting on the survey results, Christian Toon, head of information security at Iron Mountain Europe said: 'Our information risk study reveals a worrying level of complacency across the legal sector in Europe.'"

Adding color, Frank Maher, a lawyer at Liverpool-based Legal Risk LLP stated: “If you are looking at data protection, law firms are way behind, absolutely no doubt. A few of the largest firms are just about getting it right but the vast majority barely even get to base camp on compliance."

For more detail, see the report summary.

Friday, April 27, 2012

Conflicts Common Sense? (Firm Sanctioned for Representing Adverse Clients)

From Bloomberg BNA comes a doozy of a read, filled with jaw-dropping judicial commentary: "Firm Acted in Bad Faith in Not Withdrawing When Conflict Between Two Clients Surfaced." (Carnegie Cos. v. Summit Properties Inc., Ohio Ct. App. 9th Dist., No. 25622, 3/28/12)

In this case, a Midwest-based 180 lawyer firm finds itself on the hot seat (and $80,000 in attorneys' fees poorer):
  • "A law firm engaged in sanctionable bad faith conduct in refusing to withdraw as counsel for a client that was suing a company the firm was representing in a different matter, the Ohio Court of Appeals, Ninth District, concluded March 28, approving an award of attorneys' fees against the firm."
  • "The court faulted the firm for trying to ignore or conceal the conflict while pressing the company to waive it, rather than acknowledging the problem and withdrawing."
The judge in this matter did not mince words:
  • "This court concludes that a law firm that is aware it is representing a client in a matter which is directly adverse to the interests of another of its current clients, yet appears to act to conceal evidence of the adverse representation, is acting with a dishonest purpose, conscious wrongdoing, and in breach of a known duty premised on an ulterior motive. A refusal to withdraw from representation of a seemingly more important or lucrative client under such circumstances evidences an ulterior motive to put firm revenue and/or prestige above the interests of other clients.
  • There was: “competent, credible evidence to demonstrate that multiple attorneys at Ulmer & Berne acted to ignore or conceal the underlying conflict.”
  • We … conclude that a firm which is aware of its representation of directly adverse clients in separate matters, yet seeks a waiver of the conflict directly from one client despite the firm's knowledge that the client is represented by counsel from another firm, is acting in bad faith. By bypassing opposing counsel, the firm acts with a dishonest purpose, moral obliquity, conscious wrongdoing, and in breach of a duty premised on an ulterior motive to obtain a benefit or advantage it could not otherwise obtain."
See the complete article and decision for additional background.

Thursday, April 26, 2012

CNA Seminar: Enterprise Risk Management for Large Law Firms

Our colleagues Graham Delf and Gawain Charlton-Perrin at CNA, provider of professional liability insurance, write in with news on an upcoming seminar on enterprise risk management for large law firms, scheduled for May 16 in New York.

"The seminar also will explore current trends in professional liability claims, emerging risk exposures and the insurance marketplace. Presented by industry leading speakers and panelists, this educational event will enhance your understanding of these topics." Panels will cover topics including:
  • Enterprise Risk Management - General principles and practical application to law firms
  • Risk Control for Law Firms - New areas and initiatives
  • Lawyers Going Rogue - News and developments
  • Cyber Liability - Emerging trends and risks
  • Insurance Marketplace - Latest developments and claim activity
Attendance for qualified firms is complimentary, but space is limited. Please see the linked invitation for more detail on the session and how to RSVP.

As part of their program, CNA is also running a survey on what firms are currently doing in terms of ERM activity. An analysis of the results will permit CNA to identify effective and innovative ERM techniques and provide you with insight regarding the utilization of ERM techniques by peer law firms. Attendees are invited to participate via this link.

Wednesday, April 25, 2012

Law Firm Information Security: More Firms Taking Note of Very Real Threats

From the National Law Journal comes another detailed update on information security threats and challenges specifically facing law firms: "In the Tablet Age, Law Firms Face New IT Threats":
  • "We have seen over the last three years an increase in the targeting of law firms," said Trent Teyema, assistant special agent in charge of cybercrimes in the FBI's Washington field office. "As client companies become targets, their security becomes stronger. Softer targets to go after are law firms."
  • Says Stewart Baker,  partner at Steptoe & Johnson and former assistant secretary for policy at the U.S. Department of Homeland Security: "There is every reason to believe that foreign governments are breaking into American law firm networks."
  • Some firms are afraid to go on the record: "Several top law firms declined to comment for this story, as many felt that doing so would make them a target."
As the article describes in greater detail, firm size matters not -- big and small firm alike face very real and active threats:
  • As Carlos Rodriguez, network manager at Nexsen Pruet and vice president of the Server and Operations Peer Group with the International Legal Technology Association (ILTA) notes: " is a problem that plagues the entire firms need to band together to push back. His association, he said, has brought together firms that share information to help improve data security."
  • And at Hogan Lovells, director of information security Jeffrey Lolley describes the executive-level importance placed on information risk management via a: "dedicated information security organization, staffed with experts in information security, data protection, and privacy. The activity of the organization, and the security program as a whole, is guided by an executive governance body charged with protecting stakeholder information and securing the technology enterprise." He notes a common driver increasingly motivating law firms: "clients want to hear about our security practices and how we protect our data."
  • "At Steptoe, Baker said that the firm has a client that audits the security of the firm's network services annually to ensure that it meets the client's own standards. Ultimately, Baker said, the key to securing data is "eternal vigilance and willingness to accept inconvenience."

Tuesday, April 24, 2012

Mergers, Laterals, Conflicts & Confidential Information

With law firm mergers (and potential mergers) in the news, it's important to consider the very sensitive information that may often be shared during the "dating" process and beyond. Bill Frievogel notes a recent appellate decision in New York: Albert Jacobs, LLP v. Parker, 2012 N.Y. App. Div. LEXIS 2807 (N.Y. App. Div. April 17, 2012):
  • "In this opinion the appellate court affirmed.  Plaintiff, evidently a law firm, had previously discussed merging with Law Firm.  The disqualification was based upon the fact that Plaintiff had discussed with Law Firm Plaintiff's earlier representation of one of the defendants in this case, now being represented by Law Firm."
On related note, in the contex of lateral movement, the Connecticut Law Tribune weighs in with an editorial on proposed changes to ABA Model Rule 1.6:
  • "The proposed exception would permit the disclosure of information about current or former clients when a lawyer seeks to move to a new law firm.  The stated purpose of the proposed exception is to facilitate lawyer mobility by providing a way to determine if a conflict of interest would arise were the lawyer to associate with the firm. The client’s informed consent to such disclosure would not be required unless the job-switching lawyer believed that disclosure could prejudice a client or former client."
They do not approve:
  • "The 20/20 Ethics Commission has proposed this new confidentiality exception solely for the benefit of lawyers seeking to change jobs, and not at all for the benefit of the lawyer’s current or former clients... The proposed exception would sacrifice client confidentiality on the altar of a lawyer’s self-interest without the client even knowing that his confidentiality right had been violated. And if the client never finds out that the disclosure has been made, even after the fact, how can the client enforce the prejudice standard?"

Wednesday, April 18, 2012

More Conflicts in the Mainstream News

It's not everyday (or ever) one gets to quote the Hollywood Reporter on law firm conflicts issues: "Megaupload Lawyer Accused of Conflict of Interest by U.S. Government":
  • "The Quinn Emanuel firm has represented entertainment companies, and prosecutors hint that many Hollywood executives will be called to testify in the case against Kim Dotcom and Megaupload. "
  • "But probably the most chin-scratching argument is the idea that the court can't permit an appearance until all potential conflict situations are resolved. Quinn Emanuel has represented entertainment companies, and Schapiro himself represented YouTube -- a 'victim' of the alleged Megaupload crimes, according to the government."
The full story contains the defendants' response. (Readers may recall that earlier this year, a Hogan Lovells partner did in fact withdraw from this case, citing a conflict.)

Next, in the case of George Zimmerman:
  • "George Zimmerman’s attorney, Mark O’Mara, filed papers Monday to request a new judge in the Trayvon Martin case."
  • Previously: "The judge hearing the George Zimmerman case said Friday that her husband works for the law firm of Mark NeJame, who has been hired to act as a CNN analyst for the case. Circuit Judge Jessica Recksiedler said she had an ethical obligation to disclose that and allow Zimmerman's attorney or the special prosecutor to ask her to step down."

Tuesday, April 17, 2012

Risk Roundtable Meeting Report: Toronto Session

We hosted a Risk Roundtable last week in Toronto. Thanks again to McCarthy T├ętrault for hosting. Brian Lynch sent his customary summary of the day:
  • Dan – I'm happy to report that we kicked off our Spring Risk Roundtable series with an excellent session in Toronto. McCarthy T├ętrault was a gracious host, and we were pleased to be joined by General Counsels from the leading Canadian firms.
  • We spent our first hour reviewing a myriad of risk trends that IntApp is observing in the US and the UK. We covered familiar ground with the increased scope of Outside Counsel Guidelines, FBI discussions with US law firms as the "weakest link," privacy regulatory developments in US and UK, recent initiatives within the ABA, merger trends, lateral activity, and ABS and OFR evolution in the UK. Healthy discussion all around as participants discussed their specific challenges and, in some cases, provided potential solutions for others. It proved once again to be an excellent forum for exchanging ideas and viewpoints.
  • Malcolm Mercer - McCarthy Partner/General Counsel and LSUC bencher - walked us through the recent modifications to the Federation Model Code, rate of adoption by the different Law Societies, and the anticipated impact on conflicts. It was certainly a thought-provoking session, and there are certainly interesting developments re concurrent representation, former client representation, and the scope of client loyalty. Many thanks to Malcolm for showing us the inner workings of Model Code development.
Our next sessions will take place in Los Angeles on April 25th and San Francisco on April 26th. John Steele will be joining to discuss the provocative trend of clients "mandating" ethical behavior from their outside counsel. (Email: for additional details.)

Thursday, April 12, 2012

Law Firm Conflicts and Screening Updates

Screening saves another firm -- Hat tip to conflicts champion Bill Frievogel for detail on: Alere Inc. v. Church & Dwight Co., Inc., 2012 U.S. Dist. LEXIS 45475 (D. Mass. March 31, 2012). He writes:
  • "In this patent infringement case the defendant moved to disqualify a law firm for the plaintiffs because that law firm had brought in two lawyers who had previously done work for the defendant. In this opinion the court denied the motion because under Massachusetts' unique screening rule neither lawyer had 'substantial involvement' in the earlier matter nor had 'substantial information," and they were screened from this matter.'"
One-Click Disqualification? -- The Recorder notes: "Former Weil Patent Litigator May Have Conflict in First Suit at New Firm."
  • "Matthew Powers and his Tensegrity Law Group filed suit this week against Amazon, a company he represented before leaving Weil last year... just before leaving Weil in June, Powers and several lawyers there were defending Amazon, along with eBay Inc. and Yahoo Inc., in a closely watched patent infringement suit filed by Eolas Technologies Inc. in U.S. District Court for the Eastern District of Texas. Eolas was suing over patents involving online video, image rotation and search auto-complete. In July, Weil successfully moved to withdraw Powers from the case."
  • "Lawyers are allowed to stand adverse to former clients, as long as the matters are not substantially related, said Santa Clara University School of Law professor David Yosifon. The case may not involve the same patents, but if Amazon's lawyers can show that Powers had a substantial relationship with key players or decision makers at Amazon and learned confidential information that he could use against the company in court, he might not be on the case for long."

Wednesday, April 11, 2012

Delicious, Fattening Conflicts?

 A conflict allegation is a conflict allegation… But when it involves Coldstone Creamery, the ice cream vendor that boasts of its “expertise in innovating indulgence” at over 1400 locations, well, opportunities for creative commentary must be conspicuously consumed.

As reported by a franchise community news site Blue MauMau, it appears that in the dispute at hand: “Franchisee store owners claim the attorney who represented them in negotiating their lease agreement did not disclose that he also represented franchisor Cold Stone.”

According to the allegations, Coldstone recommended the services of this lawyer to franchisees looking to secure “the best possible terms” on their store leases:
  • “Aaron and Karin Tzamarot first retained attorney Craig Gruber of Salamon, Gruber, Blaymore & Strenger, PC in 2005. Gruber’s name was on a ‘preferred list’ of attorneys who had prior experience in negotiating the terms of leases for ‘hundreds, or even thousands, of franchisees across the country.’ The list was provided by Cold Stone to assure the franchisees that they would receive the best possible terms on their lease for their Cold Stone franchised store.”
See the complete story for various additional allegations swirled into the mix on this one, along with the lawyer’s reasoning as to why the cookie should crumble in his favor…

Tuesday, April 10, 2012

Making the Business Case for Investing in Confidentiality Management, Ethical Walls and Information Security (Webinar Recordings)

Today we have three case study presentations to share. Speakers from three firms answer the question: "How did you make the business case to invest in confidentiality management (ethical walls, information barriers, information security) at your firm?"

Each video runs about 8-10 minutes. Interestingly, each highlights a different approach. For example, at some firms these initiatives are driven by IT, at others, by risk teams.

Worth watching if you're looking to make the case at your own firm:

Mia Jiganti, Director of Risk Management, discusses how her firm made the business decision to adopt IntApp Wall Builder for confidentiality management. With increasing pressure from clients and a risk team with limited resources, the firm looked to automate confidentiality management. She explores how Wall Builder addresses their needs, without burdening or disrupting lawyer productivity.

Gavin Gray, CIO, discusses the business case his team made to select IntApp Wall Builder for information security. Because the firm's risk team did not have the bandwidth to completely change their existing processes, the IT team approached the project from a purely technical perspective, helping the risk team better execute and report on existing processes.

Eric Carpenter, Information Systems Director, describes why his firm decided to invest in Wall Builder for information barriers and ethical screens. When the firm embarked upon a matter centricity project, they first attempted to use the native security features in their document management systems, but quickly hit functional limitations and recognized the need for a separate system to manage security centrally across multiple information repositories. He explains how the firm was able to take advantage of a "mid market" product configuration and accelerated implementation plan (which took less than three weeks) to get up and running quickly.

Wednesday, April 4, 2012

How Law Departments View Law Firm Conflicts (Perspective from the Other Side)

From the ACC comes an interesting article offering advice law departments should follow when faced with law firm conflicts: "Dealing with Outside Counsel’s Conflict of Interest."

It's always valuable to understand the perspectives on the other side of the table. The author reviews eight considerations, a subset of which organizations should evaluate when faced with a law firm conflict. Three of which are reviewed in the first of this two part article:

Consideration I – Evaluate the Conflict --
  • "The first task, and sometimes among the most challenging, is to evaluate the nature of the conflict. For corporate counsel, this evaluation may occur on three separate levels.... A client may be willing to work with a firm when there has been a good law firm-client relationship in the past, particularly if the conflict was thrust upon the firm due to a merger or acquisition. Alternatively, a conflict that may involve relatively minor or no ethical issues, but suggest disloyalty to the client might lead to termination of a lawyer."
Consideration II – A (Strong) Warning Shot --
  • "The warning serves the dual purpose of (a) inducing a law firm and current or former client to undertake serious efforts to resolve the conflict of interest without incurring substantial delays and costs, and (b) evidencing that the law firm received full notice and an opportunity to avoid greater problems before the client seeks disqualification, disciplinary sanctions, or other remedies."
Consideration III – Seeking Justice, and Discounts --
  • "Three types of remedies are often sought. First, clients often demand that a law firm mitigate or cure the conflict. This may include demanding the firm end its representation of the adversary or erect an ethics screen."
  • "Second, the corporation may seek a discount or refund of some or all fees to reflect disloyal service as well as the aggravation and distraction a conflict caused."
  • "Third, clients often demand specific, written assurances that confidences have been protected, and that the firm will properly protect the client’s interests in the future. If a firm is not willing to provide such specific assurances, corporate counsel should assume a firm is not taking a conflict seriously."
See the complete text for much more detail. We'll post a link to the enticingly named part two ("Relationship Over, Let’s Litigate"), when it's available.

Monday, April 2, 2012

Information Security -- Are Law Firms "The Weakest Link"?

A month ago we noted bold opinions from Rupert Collins at LSN in the UK: "Why information security has now become a costly issue for law firms." Now comes a similarly-focused (and provocative) article from Jeff Brandt, former law firm CIO and present editor of the PinHawk Law Technology Daily Digest.

He just published: "When Good Enough Isn't: A spotlight on Law Firm Security," an excellent survey of several information risk and security challenges facing the industry:
  • "As the rest of the world and industries tighten their security, it places law firms in the unenviable position of being viewed as the weakest link."
  • "Unfortunately, for far too many law firms, security *is* an afterthought. Law firm culture and attorney convenience undercut and compromise security. Some firms don’t truly understand what needs to be done. They make half hearted attempts; get some good enough policies and such in place and cross security off their ToDo list."
  • "Why are law firms considered the weak link? Because even something as simple as enhanced network passwords requires intense partner debate and discussion rather than simple acceptance."
  • "I won’t argue the point that IT needs to be more flexible and responsive to users’ needs, but IT is still responsible for the electronic business control. Some seem to have forgotten this fact. As a colleague recently said to me, 'And the first time there is a breach or loss of data caused by these mobile/consumer devices, what will you say to your client? To your insurance broker? To the NY Times?'"
See the complete text for his recommendations for getting your firm into the minority he believes "seem to get the importance of security, who have the right attitude and who are truly doing enough," and some interesting reader insight in the comments section.