Tuesday, August 28, 2012

Carlson & Wolf on Law Firm Information Security

The C&W blog reports from this week's ILTA 2012 conference: "Legal Security: It Takes A Village." --
  • "While the ethical duty exclusively obligates the lawyer, lawyers rely heavily on the technologists and vendors (many of whom will be attending ILTA 2012) to provide good information and good direction.  It is a mistake to believe that lawyers will have the time and necessary knowledge to drive security forward in this industry in isolation. Rather legal security must be seen as a community effort where all parties (lawyers, technologists, clients, and vendors) are actively involved in specifying and designing protections appropriate for confidential client data."
  • "The challenge of law firm security is a shared one and working together will reduce costs for everyone. After all, it’s really not just about one law firm dealing with one vendor. Law firms are outsourcing and adopting diverse technologies to improve efficiency and maximize value for clients. A single law firm may deal with many vendors, each of whom needs to implement the appropriate level of security. Vendors may also be dealing with many law firms, each bringing its own set of security questions or requirements."
  • "If we approach this problem the traditional way--each isolated from the other--with every law firm trying to validate the security of every vendor, there could be an enormous amount of duplicative effort and unnecessary cycles on both sides. As Pat Archbold's observations demonstrate, in some cases vendors may need to cooperate in order to provide a law firm the required level of security (so vendors, talk to each other!)"

Monday, August 27, 2012

On Managing Conflicts of Interest Globally

A reader sent word of an interesting article recently published in the Fordham Law Review: "Regulating Conflicts of Interest in Global Law Firms: Peace in Our Time?"
  • "While globalization has no doubt brought positive developments for me, it has created significant challenges for others. As clients increasingly seek specialist advice at competitive prices, traditional professional values are more and more at odds with lawyers’ commercial interests and with the commercial interests of a highly privileged client group. Some have questioned whether the emergence of a commercially given professional paradigm is the best way forward.Others have described globalization as a “slippery concept” that fundamentally challenges the jurisdiction and authority of regulators. The global expansion of legal practice has prompted several jurisdictions to consider how their own legal services markets should be regulated in an ever-increasing global economy."
  • "Yet, although significant attention has been paid to factors that drive cross-border legal work, only limited scholarly consideration has been given to the practicalities of regulating the day-to-day practice of law on an international scale."
  • "This Article attempts to 'shed light' on methods of regulating the conduct of lawyers in the context of a reasonably well-defined area of difficulty for the global law firm—namely, conflicts of interest. By focusing on just one area of cross-border practice and by describing the particular difficulties experienced by lawyers, regulators, and clients, we hope to inform the debate on how best to regulate lawyers in a global environment."

Wednesday, August 22, 2012

ILTA Risk Management Session: Best Practices for Managing Document and Data Confidentiality Rules

Here's a session of interest for those attending the annual ILTA conference next week: "Best Practices for Managing Document and Data Confidentiality Rules" --

Clients are increasingly demanding that firms more closely control internal access to their materials. Waiver-driven ethical screens, concerns about the scope of access to contract attorneys and compliance with regulations all call for greater confidentiality controls. Come witness real-world case studies, an interactive group discussion and an optional technology demonstration that will provide attendees with an understanding of the challenges and best practices when creating and managing different types of confidentiality screens. Hashtag #INFO1

Date: Monday, August 27
Time: 11am
Location: Maryland D
  • Jeffrey Franchetti - Cravath, Swaine & Moore LLP
  • D. Gavin Gray - Perkins Coie
  • Patrick Archbold - IntApp, Inc.

Tuesday, August 21, 2012

ILTA Risk Session: ISO 27001/27002: What Can They Do for Me?

Here's another ILTA session for those interested in the growing attention placed on ISO 27001 for law firms: "ISO 27001/27002: What Can They Do for Me?" --

attending the annual ILTA conference next week: "Best Practices for Managing Document and Data Confidentiality Rules" --

Gain a real understanding of the value of ISO 27001/27002 as those who have gone through the process discuss strategies for success, best practices and a guide on how to get started down the road to achieving the ISO 27001/27002 standards for international security management systems. Hashtag #TECH11

Date: Thursday, August 30
Time: 3:30 pm
Location: Nat'l Harbor 2
  • Brian T. Lynch - IntApp, Inc.
  • Renee Murphy - Latham & Watkins LLP
  • Paul McKay - Bond Pearce LLP
  • Andrew Rose - Forrester

Monday, August 20, 2012

ABA Updates Model Rules (Details and Discussion)

The ABA recently approved updates to the model rules, based on the work of the Ethics 20/20 commission. Bloomberg BNA has an excellent overview of both the details of the changes and the specific pro/con arguments expressed by delegates and participants.

The new rules affect areas including:
  • Disclosure for Checking Conflicts
  • Practice Pending Admission
  • Easier Admission by Motion
  • Technology and Confidentiality
  • Technology and Client Development
  • Outsourcing
  • Fee-Sharing With Nonlawyers
Regarding conflicts checking:
  • "Model Rule 1.6 prohibits lawyers from disclosing information relating to the representation of a client except in certain listed circumstances. A new exception urged by the Ethics 20/20 Commission and approved by the delegates permits disclosure reasonably necessary 'to detect and resolve conflicts of interest arising from the lawyer's change of employment or from changes in the composition or ownership of a firm, but only if the revealed information would not compromise the attorney-client privilege or otherwise prejudice the client.'"
For additional detail and discussion, see also the Legal Ethics Blog.

Wednesday, August 15, 2012

Law Firm Information Security -- Heads in the Sand?

An interesting article from LTN on law firm information security: "Is Your Law Firm Practicing Head-in-the-Sand Security?" --
  • "Criminals are waking up to the fact that law firm computer systems are abundant sources of valuable, but not necessarily well-protected, client data. The risk isn't just hype. 'It is still very, very apparent that a lot of law firms are still not aware of the situation, and if they are aware, they have their head in the sand and are saying, 'That doesn't apply to us' for some reason,' said Kelley Drye & Warren security manager Jim Fortmuller."
  • "The security measures in certain legal technology applications, such as the LexisNexis Concordance review platform, are easily broken. The weakness is easily solved if system administrators lock their databases, but many do not for reasons of convenience and performance."
  • "It may be a wake-up call that most firms dealing with government and international clients have probably had security problems, Fortmuller asserted."
  • "'The financial vertical, the healthcare vertical, and of course the defense vertical are all sending us RFPs to ask, 'What do you do,'' Fortmuller observed. 'If you're incapable of saying that you can keep that stuff safe, why would they want to keep you as an attorney when they can go to a house that does do that? My point of view is this is a business decision, not a security decision.'"

Wednesday, August 8, 2012

Journal on Legal Malpractice & Ethics

Hat tip to John Steele at the Legal Ethics Blog for noting the publication of Volume 2 of the Journal on Legal Malpractice & Ethics, which contains a few articles of potential note for risk readers:
For those specifically interested in technology, see also:

Monday, August 6, 2012

Conflicts Between Inside and Outside Counsel

Interesting story from Corporate Counsel: "3M Outside Counsel Suit 'Troublesome' to Many General Counsel" --
  • "An assistant general counsel at St. Paul-based 3M Company has become caught up in a nasty legal fight between the company and its one-time outside counsel, Covington & Burling."
  • "3M didn’t realize it had a problem, Brewer said, until Covington started doing discovery in the state suit and was deposing the same in-house counsel that it once represented on the same issues. 'It’s a very disturbing case for in-house lawyers,' Brewer [Partner representing 3M] said."
  • "3M assistant general counsel David Overstreet was especially involved when Covington used him to, in Brewer’s words, 'orchestrate the situation where they thought they could pursue a large economic opportunity with the state.'"
  • "The suit alleges that Covington communicated with the state in November 2010 about the possibility of serving as the special attorney against 3M—while still representing 3M at the time, and well before Safra wrote his December completion letter or obtained Overstreet’s email."
  • "Not true, insisted Covington in a brief [PDF] filed over the disqualification motion in the environmental suit. Covington’s brief called 3M’s claims 'inflammatory and unsubstantiated accusations.'"
There's more to this fight, including accusations over an unusual matter closing process and opinions from legal ethicists. See the complete article for details.

Thursday, August 2, 2012

Conflicts and Disqualification News

We're no strangers to food-related conflicts (recall this interesting ice cream conflict from a few months ago). Now comes another story from the that same franchise community news site Blue MauMau: "Marks and Klein Disqualified for Hiring Quiznos Lawyer." --
  • "After Marks & Klein represented 8,000 franchise owners in litigation and spearheaded a $206 million class action settlement, an appellate court ruled last week to disqualify the firm in representing another Quiznos franchisee. The high court cites a conflict in attorney-client privilege when the law firm hired one of the franchisor’s lead attorneys."
  • "Just months after the settlement was approved in August 2010, Bleiman crossed over to the other side, joining Marks & Klein’s legal team, despite his long history of defending Quiznos in litigation. The attorney had racked up 952 billable hours to Quiznos in 2006 and 2007, in connection with the four class lawsuits of Brunet, Siemer, Westerfield and Bonanno. He also billed another 1631 hours representing Quiznos and its affiliates in other matters."
  • "The judges said the lower court finding that Bleiman was not properly screened is not supported by the record. Therefore they concluded it wasn’t necessary for them to address whether Bleiman was properly screened, and instead took Marks & Klein to task on not having written screening procedures in place. 'Because Marks & Klein was already representing the plaintiffs [Mody] when Bleiman joined the team, it is inexplicable that written [screening] procedures were not established at the outset.'"
Fox Rothschild's White Collar Defense and Compliance blog writes: "Third Circuit Reminds That In Criminal Cases A Joint Representation Conflict Of Interest Is Not Avoided Simply Because The Clients Consent And Waive Any Conflict" --
  • "A recent illustration of the point is presented in United States v. Self, 681 F.3d 190 (3rd Cir. 2012), in which two brothers initially retained counsel from the same, small law firm. All disclosures and waivers necessary to meet the governing ethics rule were in place. After being questioned by the district court, the lawyer for one of the brothers had a change of heart and moved to withdraw from the case, agreeing that no ethical screen could practically be established to avoid a conflict between the two brothers and their partnered lawyers."
  • "After the first attorney was allowed to withdraw, the court turned its attention to the second attorney. While the second attorney insisted that his representation of the second brother would be unfettered by his firm's former representation of the first, he had during the joint representation period curiously changed positions on an important scheduling issue involving the timing of the trial; after indicating to the court that the second brother wanted to go to trial immediately, attorney number two then told the court that he had no objection to a continuance requested by his partner, attorney number one, for the first brother."
  • "This flip-flop on the timing of the trial led to the second attorney's being involuntarily disqualified by the district court, and led the Third Circuit to uphold the ruling."

Wednesday, August 1, 2012

Chinese Hackers Penetrate US Law Firm

Bloomberg reports: "Hackers Linked to China’s Army Seen From EU to D.C." Last July, a major hacking
  • "During almost two months of monitoring last year, the researchers say they were struck by the sheer scale of the hackers’ work as data bled from one victim after the next: from oilfield services leader Halliburton Co. (HAL) to Washington law firm Wiley Rein LLP; from a Canadian magistrate involved in a sensitive China extradition case to Kolkata-based tobacco and technology conglomerate ITC Ltd. (ITC)"
  • "Around the time the hackers were sending malware-laden e- mails to U.S. nuclear facilities, six people at the Wiley Rein law firm were ushered into hastily called meetings. In the room were an ethics compliance officer and a person from the firm’s information technology team, according to a person familiar with the investigation. The firm had been hacked, each of the six were told, and they were the targets."
  • "Dale Hausman, Wiley Rein’s general counsel, said he couldn’t comment on how the breach affected the firm or its clients. Wiley Rein has since strengthened its network security, Hausman said. 'Given the nature of that practice, it’s almost a cost of doing business. It’s not a surprise,' he said."
  • Researchers watching the hackers’ keystrokes last summer say they couldn’t see most of what was stolen, but it was clear that the spies had complete control over the firm’s e-mail system.