Wednesday, October 31, 2012

Upcoming Webinar: Managing Litigation Holds (CLE Eligible)

Our next webinar features a panel comprising speakers from Foley & Lardner, Holland & Knight, and Sidley Austin and will review litigation hold requirements and discuss methods firms can use manage litigation holds.

Facing the need to effectively manage litigation holds, law firms are increasingly replacing legacy approaches with structured, managed and automated systems. That’s because ad hoc and “manage-by-spreadsheet” hold processes don’t always provide suitable audit trails and create significant administrative burdens for risk staff, IT and lawyers. Those burdens include managing notifications, securing documents subject to holds and tracking details in a consistent and defensible manner.

Speakers will review litigation hold requirements and methods for implementing effective litigation holds, addressing topics including:
  • Understanding litigation hold requirements
  • When to place a litigation hold
  • What information is affected
  • Managing litigation holds
  • Technology solutions
Speakers:
  • Crystal Adkins, Associate General Counsel, Holland & Knight
  • Dana Moore, Information Governance Compliance Manager, Foley & Lardner
  • Mark Lagodinski, Director of Records Management, Sidley Austin
  • Brian Lynch, Director, Risk Practice Group, IntApp
Date: Wednesday, November 7
Time: 8 am Pacific / 11 am Eastern / 4pm GMT
Duration: 75 minutes

CLE CREDIT: As a certified as a CLE approved educator by the State Bar of California, we are able to provide certificates to attendees upon request. (Attendees are responsible for confirming CLE reciprocity in their particular jurisdiction, but we are happy to provide any additional information you need to receive credit outside of California.)

Attendance is by invitation only. For more information, please contact: info@riskroundtable.com.

Thursday, October 25, 2012

Law Firm Risk Management Survey Reports Now Available


I'm delighted to announce the availability of our 2012 Law Firm Risk Management Survey reports. Many thanks to the over 150 firms who participated in four separate surveys for the US, UK, Canada and Australia.

The survey reports provide statistical information and commentary about current industry trends designed to provide law firm risk and IT stakeholders with insight into the priorities and practices of their peers so that firms can plan and respond effectively. They examine specific issues including new business intake, lawyer lateral hiring and departures, ethical walls and information barrier management, confidentiality enforcement, internal education, and compliance tracking and verification.

While each report presents unique data and detail, several risk management trends and priorities manifest across all geographies:
  • Firms cite information risk (data security and confidentiality) as a top risk management concern.
  • Respondents overwhelmingly highlight rising client concerns about information risk management, as evidenced by the increasing quantity of security-related questions in Requests for Proposal (RFPs) and mandates in Outside Counsel Guidelines (OCGs).
  • Participants also noted increasingly internal concerns with regard to complying with regulatory rules and evolving professional standards.
Reports will be going out in the mail shortly to those who took part. (Additionally, firms that are clients of IntApp will be recieving reports as a customer benefit.) Other parties interested in obtaining copies of one or more reports can email info@riskroundtable.com for more information.

Upcoming Event: Chicago Risk Roundtable


The Risk Roundtable season continues...  We're pleased to announce our latest event, scheduled for Monday, November 26th in the offices of Foley & Lardner LLP.

These events always provide a forum for IT and risk professionals to connect in a collaborative environment.

Topics for discussion will include ISO 27001, client audit trends and considerations over “open” vs. “closed” document management approaches. We'll also review of news stories, issues, trends and developments affecting law firm risk management.

(We're delighted to be returning to Chicago, where many of our favorite risk leaders reside.) As a reminder, we have upcoming events already scheduled for:
  • Washington DC, October 30th
  • Philadelphia, October 30th
  • Los Angeles, November 5th
  • San Francisco, November 6th
  • Toronto, Canada, November 14th
Attendance at these is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

Wednesday, October 24, 2012

Upcoming Event: Toronto Risk Roundtable


It's been a very busy season for Risk Roundtable sessions. We're excited to announce our latest event, scheduled for Wednesday, November 14th in the Toronto office of Stikeman Elliott.

These events always provide a forum for IT and risk professionals to connect in a collaborative environment.

Topics for discussion will include ISO 27001, client audit trends and considerations over “open” vs. “closed” document management approaches. We'll also review of news stories, issues, trends and developments affecting law firm risk management.

(Several regular Toronto participants have already highlighted specific issues they'd like to explore with the group, and we look forward to these discussions as well.)
As a reminder, we have upcoming events already scheduled for:
  • Washington DC, October 30th
  • Philadelphia, October 30th
  • Los Angeles, November 5th
  • San Francisco, November 6th
Attendance at these is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

Tuesday, October 23, 2012

Law Firm Information Governance & Technology Challenges

Following yesterday's note about our recent webinar on proposed ABA Model Rule changes and implications for law firm information management, security and compliance efforts, comes a few interesting articles on information governance:

"Info Governance Model Expands Privacy, Security Roles" --
  • "Data privacy and security have been listed as necessary assets in the Information Governance Reference Model (IGRM) since its 2009 development by the Minnesota-based Electronic Discovery Reference Model organization. But previous versions of the model (which includes business and technology processes) did not prescribe that managers who are dedicated to privacy and security functions should be on the teams shaping these policies."
  • "'The updated model now includes privacy and security as primary functions,' the EDRM announcement states. 'When these stakeholders are not working in concert, information accumulates rapidly and indefinitely, which adds significant cost and risk and undermines the ability to get value,' the EDRM announcement stated."
  • "'Access, transport, and use limitations are not understood by employees with information custody or collections responsibility, and customer's or employee's rights are impacted,' the document states. 'The type and nature of data in a system or process is poorly understood, leading to incomplete or inaccurate application of retention, preservation, privacy, and collection and disposition policy.'"
"Managing Mobile Risk" --
  • "Of the top themes presented at this summer's International Legal Technology Association conference... [Slides available via this link.] While nearly every law firm urges clients to manage their data properly — as in having a formal information lifecycle management program in place — a large number of firms don't practice what they preach. A variety of new technologies have facilitated the breakneck growth of data volumes and they are shared and stored in locations outside the physical (presumably secure) firm walls. But this model no longer works — firms are beginning to recognize that the risk is too high to ignore."
  • "Controlling information is not a new concept for law firms and their personnel. But today's unmanaged mobility — in the form of BYOD (bring your own device) to work programs — and equally unmanaged use of popular Web services such as Dropbox and Evernote — represent a seemingly unstoppable phenomenon. This creates a set of issues that must be addressed before an information governance firestorm hits."
  • "Clearly, mobile is here to stay — and firms will encourage collaboration via these devices. It just makes plain business sense to do so. However it is critical that firms take a formal stance on data lifecycle management, and the larger information governance. If defined and controlled well, data collaboration and content delivery on mobile devices will not introduce any more risk than the data residing on the firm's servers, desktops, and laptops."

Monday, October 22, 2012

Webinar Recording: Understanding the ABA 20/20 Rule Changes

For those who missed the live presentation and discussion, we have a recording of the recent webinar on Understanding the ABA 20/20 Rule Changes. In this session, Pat Archbold, Head of IntApp's Risk Practice, and Matt Wolf, Consultant at Carlson & Wolf, review how changes to Model Rules proposed by the ABA affect lawyers and how firms can best respond.

Topics include:
  • ABA Model Rule changes
  • Client pressure
  • Insurer pressure
  • Evolution of technology
  • Response tactics
These changes clarify lawyers' ethical obligations to protect client information, including a requirement for lawyers to achieve a basic understanding of the benefits and risks of relevant technology, such as cloud computing, and to take reasonable steps to safeguard client confidential information, including information in electronic form, against unauthorized or inadvertent access by third parties.

Designed for non-technical audiences, this presentation provides a great overview for those looking to learn about current trends and emerging requirements, along with lessons they can apply at their firms.

Wednesday, October 17, 2012

Conflicts and Imputation News

A few interesting updates of note:

Conflict questions arise about law firms representing HOAs, banks --
  • "Disputes pitting homeowners associations against banks that owe fees on foreclosed houses have left some questioning whether the same law firms should represent parties on both sides of the fight.
  • "One firm that represents both banks and associations is Greenspoon Marder, with offices in Orlando and elsewhere in the state. Firm co-founder Michael Marder said his group guards against conflicts and is comfortable doing business with organizations at odds with one another, such as banks and associations. 'We don't operate on an ideological basis,' Marder said this week. 'We have a large firm with a broad base of clients, and we try to ensure we have no conflict.'"

Conflict of Lawyer Doing Outsourced Work Will Not Be Imputed to Firm That Pays Her --
  • "A law firm representing the plaintiff in a lawsuit is not subject to imputed disqualification based on the fact that it outsources work to a lawyer who formerly represented the defendant in the same litigation, the U.S. District Court for the Northern District of Florida decided Oct. 5 (Brown v. Florida Dep't of Highway Safety and Motor Vehicles, N.D. Fla., No. 4:09-cv-171-RS-CAS, 10/5/12)."
  • "Judge Richard Smoak determined that the former government lawyer--who has not had any involvement with the plaintiff in this matter--is not “associated” with the plaintiff's law firm under their working arrangement."

Tuesday, October 16, 2012

3M Disqualification -- News and Opinion Around the Web

Last week, a judge disqualified a law firm which had previously presented 3M (see our previous coverage): "Minn. Judge Disqualifies Covington from Representing State In Big Enviro Case Against Ex-Client 3M" --
  • "Agreeing that 3M Co. had been betrayed by a major law firm's decision to help the Minnesota attorney general pursue an environmental suit against its former longtime corporate client, a judge has disqualified Covington & Burling from continuing to represent the state in the litigation against 3M."
  • "Hennepin County District Court Judge Robert A. Blaeser wrote: 'Covington has exhibited a conscious disregard for its duties of confidentiality, candor, full disclosure, and loyalty to 3M by failing to raise its conflicts arising from the fact that it previously advised and represented 3M on FC [fluorochemical] matters. Additionally, Covington is disqualified in order to protect 3M's confidential information Covington obtained during its representation of 3M, which is relevant to the issues at the heart of the state's case.'"
This decision made news in the mainstream press and garnered commentary from industry pundits. See the interesting analysis on the details from the Professional Responsibility Blog:
  • "Interestingly, however, the basis for the ruling is not that Covington violated the "hot potato doctrine" (which penalizes a firm for dropping a client to clear the way to accept the representation of a new client) as argued by 3M.  The court simply held that Covington violated rule 1.9 on successive conflicts of interest.  Either way, 3M has scored a big win."
And some direct commentary from the players involved: "3M v. Lanny Davis: For the Record."

Wednesday, October 10, 2012

News & Updates: Global Legal Regulation, Choice of Law & Information Technology

Will we some day see a global regulation authority? "SRA throws weight behind global legal regulators’ network" --
  • "Legal regulators from around the world have agreed to create an information-sharing network as a first step towards the eventual formation of a global regulators’ organisation."
  • "The move was agreed at the first international conference of lawyer regulators, hosted in London last week by the Solicitors Regulation Authority (SRA). As well as representatives of the UK’s regulatory bodies, it was attended by senior regulators from many – mainly common law – jurisdictions, including the US, Canada, Ireland, Australia, Hong Kong and several African countries."
  • For more detail on participants and topics, see the conference web site.
With the ABA Ethics 20/20 Commission publishing new recommendations last month, the Legal Ethics Forum highlights an important recommendation: "Ethics 20/20 Proposals on Choice of Law Issues" --
  • "One draft proposal would permit lawyers and clients to agree that their relationship will be governed by a specific jurisdiction’s conflict of interest rules.  The proposal is designed to help lawyers and their clients predict, with more accuracy than Model Rule 8.5(b) can provide, which jurisdiction’s conflict rules would govern the lawyer’s representation of a client."
Finally, from the intersection of risk, information technology and corporate practice comes a call from Gartner for CIOs to interact more regularly with risk leaders: "CIOs Should Get to Know Their Chief Legal Officers" --
  • "The Gartner report recommends that CIOs and CLOs have regular, frequent and in-depth meetings so they can build a better relationship and understand each other's requirements, capabilities and outstanding issues. Of the CLOs who talk to their CIOs more than once a month, large majorities said they had changed their legal strategies or corporate policies after the conversation."

Tuesday, October 9, 2012

On Finding Joy in Law Firm Compliance...

Here's a very interesting article published by the KnowList on connecting the emerging trend of "gamification" to law firm compliance: "Where’s the fun in compliance? How to boost boring but essential tasks." --
  • "A perennial challenge with boring but necessary activities is that they are hard to keep doing... Unfortunately for Risk & Compliance officers, core compliance tasks like 'know your client' and anti-money laundering checks are in the category of important but dull, and firms of all sorts and sizes struggle to ensure that regulations are met and risks are minimised and managed."
  • "One approach is to threaten draconian punishment for non-compliance, but this rarely works. Some sort of incentive is required, but the fear of punishment is hard to instill and maintain – and rarely effective in the long term."
  • "Think back to our ultimate goal: we want to improve compliance and reduce risk, and to do this, we need our people to provide certain information. Simple techniques, borrowing ideas from psychology and falling under the banner of ‘gamification’, can be used to present targets, provide immediate and ongoing feedback, and improve information gathering whilst simultaneously reducing the perceived burden."
  • "With a gamification approach, measures of completeness equate to a score, and higher scores lead to rewards.Other measures can be scores too. Think of accuracy – possibly the most important measure for compliance. How might we measure and score accuracy? Think of the impact of inaccurate data – it has to be corrected. A score can be based around ‘correction’ levels, for example the number of fields that were modified after the form was submitted."
  • "Almost everyone responds to some kind of competition between groups, so consider league tables showing practice area measures of completeness and accuracy. Within practice areas, show individuals’ performance in comparison, and reward the leaders. Merely having visible measures in place will encourage most people to make some sort of effort to improve. Publicising practice group performance has another benefit – it brings partners into the game."
Will we see the day when lawyer and staff LinkedIn profiles contain highlights like: "Conflicts Clearing Wizard -- Level 5, Lawful Good," or "Winner -- Best lawyer intake response time (2014-2015)"? Only time will tell, says this Risk Blogging Bard...

Monday, October 8, 2012

Client RFPs on the Rise

Corporate Counsel and Law.com report: "More Frequent, Elaborate RFPs Challenge Outside Counsel" --
  • "According to a recent survey by LexisNexis, 42 percent of law firms have seen an increase in requests for proposal from in-house law departments this year. The increased pressure to compete for corporate business is putting added strain on firms."
  • "Larger firms respond to a higher level of solicitations than their small-firm counterparts. Sixty-six percent of respondents came from firms with at least 100 lawyers. Overall, firms averaged five to 16 proposals per month, but 15 percent — mostly firms on the higher end in terms of staff — averaged more than 21 RFPs each month. The largest firms in the survey dedicated 4,800 hours to law department proposals per year."
  • "'It used to be that law firms sent their rainmaker out to sit across the table from a company's general counsel and sell them on the firm,' says Sidwell. Today's departments are taking a much more methodical approach to the RFP process. 'It's a wake-up call for law firms,' he says."
This is an important trend for risk professionals to take note of. As we've highlighted, along with other industry reports including the Risk Roundtable law firm surveys, client RFPs increasingly address risk and compliance issues, including firm information governance and confidentiality practices.

Thursday, October 4, 2012

Upcoming Webinar: Understanding the ABA 20/20 Ethics Rule Changes

The ABA recently approved changes to the Model Rules of Professional Conduct proposed by the Commission on Ethics 20/20. These changes clarify lawyers’ ethical obligations to protect client information, including a requirement for lawyers to achieve a basic understanding of the benefits and risks of relevant technology, such as cloud computing, and to take reasonable steps to safeguard client confidential information, including information in electronic form, against unauthorized or inadvertent access by third parties.
In this webinar, Pat Archbold, Head of IntApp’s Risk Practice, and Matt Wolf, Esq., Consultant at Carlson & Wolf, providers of law firm security consulting services, will review how these rule changes affect lawyers and how law firms can best respond. Topics will include:
  • ABA Model Rule changes
  • Client pressure
  • Insurer pressure
  • Evolution of technology
  • Response tactics
CLE CREDIT: We are a CLE approved educator by the State Bar of California. Certificates will be provided to attendees upon request. (Attendees are responsible for confirming CLE reciprocity in their particular jurisdiction, but we are happy to provide any additional information necessary to receive credit outside of California.)

Attendance at Risk Roundtable webinars is by invitation only. For more information, and to request registration, email: info@riskroundtable.com.

Wednesday, October 3, 2012

Risk News: Conflicts, Ethical Screens & Disqualification Attempts

Judge Andrews disqualifies attorneys based on their law firm's representation of plaintiff's parent company nearly twenty years earlier. --
  • "Judge Richard G. Anderson recently disqualified the law firm Latham & Watkins as defense counsel in a patent infringement action filed by the subsidiary of a former Latham client. Eon Corp. IP Holdings LLC v. Flo TV Inc., et al., C.A. No. 10-812-RGA (D. Del. Sept. 24, 2012).
  • "Latham represented the plaintiff's parent company between 1988 and 1995, but did not represent it in patent prosecution matters, or with regard to any licensing efforts involving the patent at issue. Id. at 3, 7. Instead, Latham represented the plaintiff's parent company in general corporate and regulatory matters. Id. at 3. The Court noted that some of those corporate and regulatory matters related to the same or similar technology at issue in the patent litigation. Id. at 3."
Former First Arena operator's lawyers may have conflict of interest, U.S. Trustee says --
  • "The U.S. Trustee’s office on Tuesday asked a federal judge not to let the former operator of First Arena hire law firms that have already represented the company in bankruptcy proceedings in Rochester. Assistant U.S. Trustee Kathleen Schmitt filed an objection to Elmira Downtown Arena LLC’s hiring of attorneys from Michigan law firm Schaefer & Weiner PLLC and from Phillips Lytle LLP, which has an office in Rochester."
  • "In her objection, Schmitt said Schaefer & Weiner may have a conflict of interest and that the way the Michigan firm would be paid may be improper."
And ethics maven Bill Freivogel flagged: Alnylam Pharm., Inc. v. Tekmira Pharm. Corp., 2012 U.S. Dist. LEXIS 136462 (D. Mass. Sept. 24, 2012) --
  • "Firm A represents Plaintiffs in this patent suit.  Firm B represents Defendant.  Lawyer moved from Firm B to Firm A in 2012. While at Firm B Lawyer worked on a Defendant matter and billed 137 hours to the matter in one month.  When Lawyer moved, Firm A set up a screen.  Defendant moved to disqualify Firm A.  In this opinion the court denied the motion.  The court said that while Lawyer did work on a matter involving a license agreement that was involved in this case, the license agreement was not central to the issues in this case, and, thus, the matters were not 'substantially related.'"

Tuesday, October 2, 2012

Upcoming Risk Roundtable: Philadelphia, PA


We're well into the swing of our Fall Risk Roundtable series. And we're excited to host simultaneous meetings on October 30th. We previously announced our Washington DC session, co-presented with Ames & Gough. That same day we'll also be presenting a session in Philadelphia, hosted by Post & Schell.

These events always provide an excellent forum for risk, IT and related professionals to connect in a collaborative environment.
  • At this session we’re pleased to feature a moderated discussion led by Eric Mosca from InOutsource, an independent consultancy focusing on law firm records management.
  • He'll review risk trends affecting law firms today and share insights from his consulting experience working with a variety of firms across the US.
Risk expert Brian Lynch will also provide an update on the Risk Roundtable Compliance Consortium, including an overview specific industry risk response guidelines this group is developing.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

Monday, October 1, 2012

Report from Charlotte Risk Roundtable (Client Audits, Information Governance & More)

Last week, we held a  Risk Roundtable session in Charlotte, North Carolina. Many thanks to Parker Poe for hosting. Brian Lynch, chair of the Risk Roundtable Compliance Consortium, delivered a presentation updating attendees on current risk issues and trends, and moderated group discussion. He sends this update:
  • Dan, I'm pleased to report back a successful Risk Roundtable session in Charlotte, North Carolina. Parker Poe was generous enough to host our group of risk managers and technology leaders, who are blazing trails into risk management territory.
  • We spent a good deal of time discussing open vs. closed document management systems. With the ever-increasing pressures from many different sources, it has become difficult to manage varied levels of confidentiality across multiple systems of record. Open and closed approaches have their limitations. Could there be a middle approach, where business rules could automatically lock down sensitive information? The answer is tying together risk expertise and intelligent technology to reduce the risk of under-secured and over-secured information.
  • Many firms are subject to client audits, and these are more widespread than ever. Some firms that represent clients in highly regulated industries have reported multiple on-site audits per month. This trend is driving firms to adopt specific security standards and processes to be best prepared for the inevitable auditor's visit. In response, many firms are considering ISO 27001 certification.
  • For firms looking for a lighter alternative, ILTA's LegalSEC initiative is developing a set of "standards" to best equip a firm to standardize their security processes and perform well in audits.
  • Mark Brophy - IT Director at Rogers Townsend - shared some of the progress and initial thinking from the LegalSEC initiative. One of their objectives is to understand the ethical requirements per jurisdiction of lawyers in regards to security. In our upcoming November sessions in San Francisco and Los Angeles, we will connect those dots of bar requirements.
As Brian noted, dates and locations for several additional Roundtable sessions will be announced shortly. Watch this space for details.