Monday, December 9, 2013

Law Firm HIPAA News & Analysis

Following a pointer from Jeff Brandt and PinHawk News to a story about one firm pursuing HIPAA compliance by activating document management encryption, Kathryn Hume from Intapp's risk practice group writes in with an update on industry developments and HIPAA news affecting law firms.

She highlights how encryption is just one part of the compliance requirements under the new regulations, and touches on ongoing developments such as potential changes coming in 2014: "Intapp Risk Bulletin: HIPAA Compliance for Law Firms — Addressing New Requirements" --
  • "The challenge firms face, of course, is to translate the Byzantine HIPAA requirements into an affordable, actionable and clear course of action. The first thing firms should understand is that, as Business Associates subject to HIPAA through their use of client data, firms are subject to the entire Security Rule but only portions of the Privacy Rule (the most important part of which is the “Minimum Necessary Standard,” which requires that firms limit access to PHI to those workforce members who need access to carry out their work)."
  • "The Security Rule does contain 40 distinct “implementation specifications,” but some of these specifications are required and others are merely addressable. As a result, law firms looking to make some headway to avoid a penalty of “willful neglect” in the face of an OCR audit can start by addressing those core, required aspects of the Security Rule that matter most."
Read on for additional detail and recommendations.

Wednesday, November 20, 2013

Law Firm Information Security -- UK Edition


Two interesting updates on law firm information security in the UK:

Government surveillance threatens law firms’ cloud data security, regulator warns
  • "Widespread data snooping by the US National Security Agency (NSA), as revealed by whistle-blower Edward Snowden, could threaten the security of cloud computing for law firms acting in confidential merger negotiations, the Solicitors Regulation Authority (SRA) has warned."
  • "In a detailed paper on the risks associated with cloud computing, Silver Linings: cloud computing, law firms and risk, the authority concluded that due diligence over outsourcing data processing, such as cloud computing – the use of the internet to store data remotely – should take into account government surveillance as a risk factor."
  • "The authority highlighted confidential merger negotiations conducted by a law firm as potentially at risk from NSA spying activities, which it said were rumoured to have led to data 'being passed to commercial organisations for business advantage', although that had been officially denied. 'With the heightened need for confidentiality of law firms, this represents a challenge to their ability to use cloud services,' it said."
UK Law Firms Less Prepared Than Other Sectors For Cyber Attacks, But Can Mitigate Risk, Survey Says --
  • "Law firms are in a unique—and perhaps precarious—position when it comes to cyber security. They not only have to protect their own electronically stored information, but they have a responsibility to protect the information of their clients as well. Are law firms doing enough? According to a recent survey of UK law firms, while 68 percent of law firm employees think firms are a likely target, only 35 percent have a response plan in place for an attack."
  • "'Locked down? A Closer Look at the Rise of Cyber Crime and the Impact on Law Firms' was produced by Legal Week in association with digital security firm Stroz Friedberg. Views of more than 370 senior business people were collected for the report, almost half of which worked in the legal profession."
  • "'The failure of UK law firms to tackle online security is leaving clients increasingly vulnerable to attacks,' Seth Berman, executive managing director of Stroz Friedberg, said in the report. “As custodians of clients’ intellectual property and commercially sensitive information, law firms are particularly attractive to hackers.'"
  • See also: video summary and discussion of the report.

Tuesday, November 19, 2013

Canadian Court on Client Rights and Lawyer's Files

Interesting update and commentary from the University of Calgary Faculty of Law Blog: "Client Rights and Lawyers’ Files." Commenting on a recent decision: Royal Bank of Canada v Kaddoura, 2013 ABQB 630 --
  • "In a recent decision, Master Prowse held that a client who sues a lawyer may obtain production of documents from the files of other clients of the lawyer. The production of specific documents may be resisted on the basis of solicitor-client privilege. Master Prowse did not, however, impose any requirement that those clients be given notice of the production of documents from their files, did not consider whether the documents contain confidential (as opposed to privileged) information, whether the documents are properly considered to be in the 'control' of the lawyer, or assessment of the risk of prejudice to the legal interests of those clients from disclosure."
  • "In short, the judgment appeared to give no weight or consideration to those clients. This result is unfortunate, and inconsistent with the usual respect afforded to the confidentiality of lawyer-client communications."
  • "The key point I am making here is that in any circumstances in which a court or party is producing information from a client’s legal file, and is doing so without representation of that client’s interests, there are reasons to be seriously concerned… At minimum, the client whose information may be producible as a consequence of a ruling such as this ought to be notified, and given the opportunity to object.  More substantially, the default position should be that information in a lawyer-client file is not producible, absent some basis for production of specific information in that file."

Monday, November 18, 2013

Webinar Recording: Complying with HIPAA "Minimum Necessary" Standard

For those who missed the live presentation and discussion, we have a recording of our recent webinar: "Complying with the "Minimum Necessary" Standard of the HIPAA Privacy Rule," presented in conjunction with the International Legal Technology Association (ILTA) Legal Security Initiative --

The minimum necessary standard, a key protection of the HIPAA Privacy Rule, mandates that protected health information should be used or disclosed only to satisfy a particular purpose or carry out a particular function. Complying with the minimum necessary standard poses particular challenges to law firms, often forcing them to modify practices for collecting client information and securing it throughout the matter life cycle.
  • This presentation explains why the minimum necessary standard is important and how it impacts common law firm operations.
  • Speakers include Kathryn Hume from Intapp, moderator of several recent Risk Roundtable sessions and Brian Donato, Chief Information Officer at Vorys, Sater, Seymour and Pease LLP
  • Content includes suggested processes, procedures and technologies to satisfy compliance obligations

Thursday, November 14, 2013

AmLaw Survey: Firms Rank Data Security as Key Concern

"2013 Am Law Tech Survey: Data Security Fears Rise"
  • "To be sure, security has always been a top-of-mind issue for law firms. But as The American Lawyer's 18th annual survey of law technology reveals, the worries, and the stakes, have never been greater. Eighty-six percent of respondents—technology directors and CTOs from 87 Am Law 200 firms—say they are more concerned about security threats now than they were two years ago. An array of factors, the chiefs say, are driving the heightened focus: tougher regulatory requirements, more security-conscious clients, and the more sophisticated techniques used by cyber-criminals, who are increasingly targeting law firms."
  • "'Law firms are often targeted [since] they store information on clients' pending deals and litigation,' Austin Berglas, assistant special agent in charge of the cyber branch in the FBI's New York office, told The American Lawyer earlier this year. 'Organizations who do not protect their 'crown jewels,' or proprietary information, and segregate it from any external facing network, run the risk of having this important information stolen during a cyber attack.'"
  • "Indeed, firms have been busy ramping up their defensive posture—and according to the survey, plan to continue that focus in the coming year. At some firms, this has involved creating new positions focused exclusively on security. Blank Rome hired its first director of information security this year. Ballard Spahr now has an IT security expert on staff. 'It's not like we weren't concerned about security before, but we see the need for a more targeted focus,' says Lisa Mayo, Ballard Spahr's director of data management."
  • "'The short, glib answer is, clients are driving the heightened focus,' says one CIO who asked not to be identified. 'There is a lot of noise, especially out of the banking industry, about looking specifically at your law firms.' Tougher regulatory frameworks, not just in finance but in sectors like health care, are causing clients to ask more questions about the security their firms do, and don't, have in place. 'We're seeing a significant increase in client security questionnaires and on-site reviews,' says another CIO, who asked not to be identified. 'Many firms are [secured] pretty well, but clients may require certain things and firms may have to add systems.'"
  • "Increasingly, these conversations are happening before engagements are won. 'Now as part of the RFP process, you'll need to provide very detailed specifications on what you have in place,' says Mayo. 'It's becoming a factor in whether you will get the business.'"
According to the interactive survey results: Two of the top reported security concerns are:
  • "Insiders taking intellectual property out of the data network"
  • and "Not knowing if data has been compromised"
See Intapp for information on technology approaches to addressing these law firm information security management, and a white paper highlighting several published corporate outside counsel guidelines, including examples of these more stringent confidentiality standards / audit requirements.

Wednesday, November 13, 2013

New Ethics Opinions: Email Edition

  • "On October 25, 2013, the North Carolina State Bar Council adopted a formal ethics opinion that impacts how North Carolina lawyers respond to emails with the 'Reply All' option."
  • "The formal opinion, titled “Copying Represented Persons on Electronic Communications,” addresses two specific inquiries regarding electronic communications with persons represented by opposing counsel."
  • "The first inquiry, and its answer, have not been controversial: a lawyer cannot respond to an email from opposing counsel by adding and thereby, copying the opposing counsel’s client on the email communication unless the lawyer receiving the email has consented to the communication to the client. Most lawyers would agree that this opinion is an appropriate application of Rule 4.2(a) of the Rules of Professional Conduct..."
  • "The second inquiry, which does not evoke the same consensus among lawyers and addresses the “Reply All” feature, is: Would the answer change if Lawyer A is replying to an electronic communication from Lawyer B in which Lawyer B copied her own client? Does the fact that Lawyer B copied her own client on the electronic communication constitute implied consent to a 'reply to all' responsive electronic communication from Lawyer A?"
  • "The short answer from the Ethics Opinion is that it depends on a good faith analysis of the facts and circumstances whether consent to the communication can be implied."
  • "Ethics rules permit a law firm to look through incoming e-mails addressed to a former partner to see what should be done with them, the Philadelphia bar's ethics committee said. [full opinion]"
  • "A departed lawyer may not insist that the law firm set his e-mail account to automatically bounce back incoming e-mails to the sender, the panel said. On the other hand, it added, any e-mails the firm reads that are clearly meant for the lawyer must be forwarded to him."
  • "The managing partner of a law firm contacted the ethics committee after disputes arose between the firm and a partner who left to start his own practice, taking some clients with him. One area of disagreement centered on the firm's handling of the former partner's e-mail."
  • "Some degree of interaction with the substance of the messages is necessary as a practical matter so that the firm can sort out its responsibilities to current clients, former clients, clients who have elected to follow the ex-partner, and third parties, it explained."

Tuesday, November 12, 2013

More Law Firm Conflicts in the Public Eye

"City officials dismiss outside legal counsel in LP&L investigation, citing conflict of interest" --
  • "After only a week and a half of investigation, a perceived conflict of interest prompted city officials to dismiss Andrews Kurth, the law firm Lubbock Power & Light’s governing body hired to conduct an investigation of LP&L’s 2019 power supply search."
  • "'...due to the fact that the firm currently serves as bond counsel to the city of Lubbock,' reads a statement LP&L released Friday afternoon, Nov. 1."
  • "However, Mayor Glen Robertson said he had reservations about hiring the firm from the beginning, and the potential conflict of interest was pointed out to LP&L’s general council, Todd Kimbrough, before the board voted on the issue."
"Outgoing chairman vows to steer clear of law firm's business, but others fear conflicts of interest" --
  • "The outgoing chairman of the Federal Energy Regulatory Commission today said that despite having already announced he will join a law firm, he can avoid conflicts of interest until the White House nominates his replacement -- something sources say could take a long time."
  • "Jon Wellinghoff said he has for months recused himself from all cases involving clients of Portland, Ore.-based law firm Stoel Rives LLP, where he plans to work after stepping down from leading the agency."
  • "The chairman also said he will continue to recuse himself from such cases until he leaves the agency, and that all of his actions have been cleared by FERC's Ethics Office."
  • "But agency watchers said the situation raises ethical issues... Some observers said the situation is 'somewhat uncomfortable' because Wellinghoff could work on policies that could affect the firm's clients."

Monday, November 11, 2013

When Conflicts Cost (Firm Sanctioned)

The always excellent Legal Ethics Forum highlights a recent conflicts decision "Boies Schiller's Conflict According to Judge McMahon" which concerns a $350 million antitrust suit --
  • "Judge Colleen McMahon (SDNY) has ordered Boies Schiller (“BSF”) to pay the legal fees of a former client (“Host”) that it sued. She held that the law firm had failed to detect a disqualifying conflict, causing Host to incur fees to prepare a disqualification motion. The firm withdrew before the motion was filed, following a meeting with Host’s current counsel, but not until two months after Host asserted the conflict. "
  • "The opinion is a painstaking (and for some painful) walk through the conflicts that Judge McMahon says the firm failed to discover or for a time even acknowledge. And it is quite critical not only of the firm but also of the outside ethics lawyer, Michael Ross, whom the firm hired to advise it after Host asserted the conflict. McMahon's characterizations of Ross's work should be instructive for lawyers asked to advise law firms."
  • "'A clearer conflict of interest cannot be imagined,' McMahon concluded. 'A first year law student on day one of an ethics course should be able to spot it."  Of course, first year law students don’t take ethics classes most places.'
Read the complete decision for details. For its part, Boies Schiller disagrees. See additional details and analysis via Reuters: "Scathing conflicts decision v. Boies Schiller: What’s enough checking?" --
  • "According to McMahon, ethics advisers from inside and outside Boies Schiller should have needed 'but a moment' to realize that its position in the Madison suit was untenable. It was attempting to assert on Madison’s behalf that an agreement Boies Schiller actually advised upon in 2002 was a sham, McMahon said, which meant that Host might call Boies lawyers who advised on the Marriott agreement as witnesses to defend against Madison’s claims."
  • "As McMahon’s opinion recounts, Boies Schiller acknowledged its conflict and withdrew from the case in February. She said Boies’s realization came more than two months too late and ordered the firm to reimburse all of Host’s fees and costs for investigating and litigating the conflicts question."
  • "Clearly, the investigation was insufficient or it would have revealed the irreconcilable conflict that ultimately led Boies to withdraw. But Boies contended in its brief opposing sanctions that part of the responsibility lies with its former client Host, which did not provide Boies Schiller with a precise explanation of the firm’s conflict and left Boies’s outside counsel and deputy GC to review 40 boxes of 10-year-old files without focus. Boies Schiller argued that it 'continuously made good faith efforts to understand and evaluate Host’s conflict.'"
  • "Boies Schiller put out a statement after the ruling: 'We are disappointed in the court’s ruling, which was made without an evidentiary hearing and ignored crucial, undisputed facts,' it said. 'We believe the ruling is wrong and its intemperate language, and the amount of sanctions awarded, wholly unjustified. We are confident that once the facts are fairly and properly evaluated on appeal, the ruling will be reversed.' The statement reiterated that Host refused to tell Boies Schiller why it believed the firm was conflicted and that Boies Schiller withdrew as soon as it understood the basis for Host’s demand."
With regards to conflicts review, Legal Ethics Blog contributor Milan Markovic, associate law professor at Texas A&M notes:"If the opinion is accurate, BSF and its expert not only overlooked a rather obvious conflict but misrepresented the nature of its investigation of the conflict to its former client. For example, BSF claimed to do a keyword search through its electronic files and yet missed documents that contained the keywords and would have shed light on the conflict."

With the stakes high, the landscape becoming increasingly complex, and information and process challenges growing, it's clear why many firms are pursuing more advanced conflicts management software approaches in response.

Thursday, November 7, 2013

Risk Roundtable Meetings set for Dublin & Bristol


We're pleased to announce two more Risk Roundtables.  
 
This session will explore how firms around the world are setting internal information security and access models to comply with professional rules, client demands and regulatory requirements, while supporting internal collaboration, lawyer productivity and firm culture.

Attendees will learn strategies to classify sensitive information at new business intake and maintain proper security throughout the matter lifecycle.
  • Dublin: Thursday, 21 November (11am – 2pm, lunch provided)
  • Bristol: Monday, 25 November (11am – 2pm, lunch provided)
These events always provide a forum for IT, risk and management professionals to connect in a collaborative environment.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

Wednesday, November 6, 2013

Conflicts Allegation – Firm Facing Probe

"Legal firm facing probe over sale of lottery licence" --
  • "One of the State's biggest and most successful legal firms could face the prospect of being investigated by the Law Society after admitting to a conflict of interest arising from its involvement in the Government's sale of the National Lottery operating licence."
  • "The Sunday Independent understands that A & L Goodbody has been informed by the Rehab Group that it is considering making a formal complaint to the Law Society."
  • "The move comes after it was revealed that the blue-chip law firm had been advising the successful bidding consortium of UK lottery giant Camelot and An Post while simultaneously providing advice to Rehab in relation to a €1.5bn claim it intends to bring against the State in relation to the National Lottery."
  • "While A & L Goodbody informed Rehab at a recent meeting that they had discussed the 'merits' of their case for compensation with a 'third party client,' it emerged subsequently that the client in question was the Camelot and An Post consortium.'"
  • "And while the law firm is understood to have assured Rehab at their meeting that they had not disclosed "full documents or information" in relation to Rehab's case with the representatives of Camelot and An Post, whom they described as their "third party client," the charitable group has been taking legal advice on the matter and, according to well-placed sources, is treating it with the 'utmost seriousness.'"
 

Tuesday, November 5, 2013

Conflict in the Court of Public Opinion – A “Congruence of Interests”?

We've covered several stories about general public attention on alleged conflicts (which may or not, in practice, pose any ethical or professional responsibility issues) [Example]. Here's another interesting one in the news: "One Law Firm On Both Sides of Controversy Over Alexandria Waterfront: McGuireWoods defends city in zoning change as well as developers who seek to benefit from it." --
  • "Lawyers at McGuireWoods are on both sides of the controversy over the waterfront, defending Alexandria taxpayers in court while seeking approval from city officials on behalf of three separate developers at the same time. Legal experts say that's not a conflict of interest, but neighborhood residents say it leaves the impression that city officials are in bed with developers. Critics say the city should have considered hiring a firm that does not regularly appear before city leaders seeking zoning approvals."
  • "In May 2012, Alexandria City Attorney James Banks signed a conflict waiver from McGuireWoods. Banks, who is a former partner at the firm, declined to be interviewed for this story although he issued a written response to questions. City officials have denied a Freedom of Information Act request for a copy of the conflict waiver."
  • "Critics of the waterfront plan say they are concerned about the appearance of impropriety. They say it looks bad for Banks to hire the firm where he was once employed, especially because that firm is now representing a trio of developers who seek to benefit financially from the zoning change that allows for increased density and overturns the longstanding ban on hotels. Some say the city should not have signed the conflict waivers. Others say they are concerned about how city officials will respond to permit applications from a firm on the city's payroll."
  • "Legal experts say a conflict of interest would exist if the developers and the city government had different interests. But because the City Council members adopted the zoning change allowing hotels and increasing the density, the city's corporate interest is in developing the waterfront. 'There is a congruence of interests right now,' said Michael Kraus, law professor at George Mason University. 'That is to say the city believes that it is in its interests to do what the developer wants to do.'"
  • "That conflict waiver remains a mystery, one that has been denied to the public because city officials have declined to make it available. Legal experts say it might be a document waiving a potential conflict that could arise in the future. Or it could draw attention to an existing conflict of interest between the law firm and city officials. A spokesman for McGuireWoods declined to comment on the issue. Banks said that these kinds of waivers are routine, although critics say the document should raise a red flag."

Monday, November 4, 2013

Shelter from the Storm: Risks & Rewards of Updating New Business Intake

The cover story in the latest white paper focuses on new business acceptance. James Edwards and Kathryn Hume from Intapp take us on a Bob Dylan-inspired journey in: "Shelter from the Storm: Risks & Rewards of Updating New Business Intake." They cover critical areas of consideration, including:
  • Here Comes the Story of the Hurricane: Business and legal risks addressed by NBI
  • A Hard Rain’s A-Gonna Fall: Common risks of updating NBI technology
  • The Answer, My Friend, Is Blowin’ in the Wind: The rewards of doing it right
And they counsel that "You Don't Need a Weatherman to Know Which Way the Wind Blows" --
  • "In today’s digital world, IT works increasingly close with firm risk leaders to manage risks related to compliance, client confidentiality, lateral departures and information security. The more serious the risk the firm is trying to manage, the more important it becomes that IT execute projects to manage them quickly and successfully."
  • "Client selection is the fundamental starting point for firm business, and identifying the right clients (while avoiding the wrong ones) is critical for a firm’s success. Managing client data with an eye on longterm strategy, however, is a complex balancing act that must reconcile competing interests from multiple departments. Lawyers want to take on as much new business as fast as possible, marketing wants to collect information to fuel analysis and risk wants the time required to vet clients thoroughly. Therefore, an intake project challenges IT to institute technology that is fast, thorough and sophisticated enough to manage multiple risk management requirements."
  • "In today’s increasingly competitive marketplace, IT is pressured more than ever to make investments that significantly improve firm performance, process efficiency and data quality. NBI supports all these goals because it unites efforts across systems and departments and provides firms with the core client data they need to improve strategy and compliance. The key to success is to find an approach that has the flexibility and foresight to accommodate all the unforeseen information flows, technologies and risk requirements that’ll come a’ramblin down on Highway 61."
(Because something is happening here, and we do know what it is...) Read the article here, and access the complete ILTA update, which includes essays on enterprise search, security awareness and outsourcing practice support services.

Thursday, October 31, 2013

New Business Intake – Choosing the Right Software Approach

The latest issue of "Briefing," published by the UK-based Legal Support Network includes a an industry analysis feature on law firm business inception by Sam Suri of Intapp: "Outcomes-focused Business Intake."

She outlines the many trends putting pressures on firms to enhance business intake, lays out the risks and dangers of relying a general business process management (BPM) or workflow tools to address today’s evolving complexities, and then explores how software designed specifically for business acceptance and modern conflicts management needs provides firms with a competitive advantage:
  • "Selecting the right technology requires analysis and  foresight: demands for data-driven intelligence will grow, compliance obligations will evolve and the firm may change. Getting stuck with the wrong product could seriously impact the firm’s ability to stay competitive – choosing the right one will help the firm thrive as business needs evolve."
  • "When evaluating technologies to update NBI, firms should consider that the system will likely be in place for years, so it will need to support unforeseeable business and risk management challenges. It should empower the firm to make future changes on the fly to increase ownership and cost effectiveness."
  • "An unsuccessful BPM implementation could end up amplifying the risks it is supposed to mitigate. By contrast, when coupled with a services approach that’s attentive to the firm’s culture and process needs, the right technology can transform NBI into a fulcrum to drive business success and firm-wide compliance."
  • "Firms should look for technology built specifically for intake, which also entails situating intake into the overall matter lifecycle. As practically everyone in the firm engages in some way with intake, the right system can be a vehicle for inter-department synergy and collaboration. And by enabling firms to take on the right clients, address their requirements,  protect their confidentiality and staff their matters accurately, the right NBI technology enables firms to address the SRA’s core principle – that firms focus first and foremost on client success."
See the complete article for more detail.

Wednesday, October 30, 2013

Canadian Conflicts Cleared in Corporate Case

Interesting resolution to an interesting story: "Lawyers cleared of conflict-of-interest charges over Hollinger newspaper deals" --
  • "Two Toronto lawyers have been cleared of any wrongdoing in a corporate case that dragged on for years after they were accused of conflict of interest."
  • "A Law Society of Upper Canada panel has ruled that there was no evidence Beth DeMerchant and Darren Sukonick acted improperly in their roles related to non-compete clauses, a small part of massive deals to sell Hollinger newspaper assets to CanWest Global Communications Corp. and Osprey Media Holdings Inc. more than a decade ago."
  • "The two lawyers had been fighting allegations that they violated the legal profession’s conflict-of-interest rules while acting for Conrad Black and his executives, as well as Hollinger International Inc. and subsidiaries."
The Legal Post adds additional detail and context, including a link to the complete ruling:
  • "Ms. DeMerchant and Mr. Sukonick worked on the matters at the law firm of Torys LLP from 2000 to 2003. The law society initiated proceedings in 2006. Hearings ran for 130 days over a period stretching from April 2010 to last summer."
  • "The discipline case collapsed due to a lack of evidence on the part of the prosecution, according to reasons released Thursday night. The law society’s evidence was simply 'incomplete,' the decision states."

Tuesday, October 29, 2013

Cooper Grace Ward Sees Success with Intapp Open for New Business Intake

 
Cooper Grace Ward, a leading Australian law firm, has chosen Intapp Open to replace its legacy business intake software and has successfully implemented the product.

 
Said the Firm's IT Director, Jason Mills:
  • "Delivering outstanding service to our organisation is the mission of our IT team. The Intapp Open foundation services approach allowed our team to quickly learn the intake platform, and then quickly build, modify and update workflows to respond to our changing requirements, without relying on the vendor or expensive consultants. The 'teach to fish' services model is a breath of fresh air in the industry."
Today, multiple trends are pressuring firms to improve how they evaluate and engage new business. These trends include clients with increasing expectations, and a risk landscape with evolving regulatory rules, compliance requirements and professional standards. In response, firms are looking to increase the sophistication, efficiency and agility of their business inception and conflicts management processes to enhance internal efficiency, reduce risk and improve lawyer productivity.

Intapp Open delivers a fresh approach to new business acceptance (intake business process management and conflicts clearance). It offers unique features, including a flexible business rules engine that enables effective management of practice-specific matter evaluation procedures as well as conflicts clearance practices that may be centralised, distributed among lawyers and practice heads, or both, depending on firm preferences. It doesn't require firms to wrestle with development tools or write a single line of custom code, while providing an architecture that simplifies change management, data integration and system automation.

Commenting on Cooper Grace Ward's Successful Implementation, Intapp Risk Practice Group Head Pat Archbold Added:
  • "We're delighted to see the success of Cooper Grace Ward, the latest firm to implement Intapp Open for new business intake. With Intapp Open, we aim to empower firms to easily configure, manage and extend business inception processes themselves, without forcing dependency on external vendors and requiring constant professional services investment. And this approach, which puts customer interests first, continues to resonate across the legal industry."
Visit Intapp.com for more information on how Intapp Open enhances law firm new business intake  and to request more information or a demonstration.

Monday, October 28, 2013

Dude, You Might Be Totally Getting Disqualified

(Apologies to those not immediately recalling the old Dell commercials, referenced in the title.)

As Law360 reports (further apologies for the paywall link, free trial available): "Dell Wants Adaptix Lawyers DQ'd In Patent Fight" --
  • "Dell Inc. asked a Texas federal court Friday to disqualify for conflict of interest Hayes Messina Gilman & Hayes LLC and the Tadlock Law Firm PLLC from representing technology licensing company Adaptix Inc. in a patent infringement suit against Dell over data encoding technology."
  • "Dell argued that certain Hayes Messina attorneys, including Kevin Gannon and Jonathan DeBlois, had previously represented Dell in a separate patent suit launched against it by Lodsys Group LLC over Dell printers made by Lexmark that’s still pending in the same Texas federal court, posing a significant conflict of interest in the instant case with Adaptix, according to its motion to disqualify."
  • While the five-partner firm argued for screening, Dell declined, stating: "'Where, as here, the entire Hayes Messina firm appears to be working on Adaptix matters in the same small office, no comfort exists that the conflicted lawyers Gannon and DeBlois can avoid collaborating, speaking with or otherwise communicating with their colleagues who represent Adaptix in this case against Dell,' the company said. 'Under the authorities cited above, any screen will not allay the conflict of interest and client confidentiality concerns that lie at the heart of the ABA Model Rules.'"
For more detail, read Dell's Motion to Disqualify

Wednesday, October 16, 2013

Client Information Security & HIPAA Compliance Response: Hinckley Allen Snyder Leverages Intapp

 
 
Hinckley Allen, a full-service law firm with offices across the northeast United States, uses Intapp Wall Builder and Intapp Activity Tracker to secure client data across firm systems, monitor internal use of sensitive information, respond to client outside counsel guidelines and audits, and address new HIPAA compliance requirements.
 
 
Said the Firm's IT Director, John Guyer:
  • "Like most law firms, we are experiencing an unprecedented number of information security audits from our clients. Traditionally, clients accepted firm assurances about information governance practices, but today more and more clients require explicit proof that firms have technical controls in place to properly restrict internal access to their sensitive business information."
  • "Intapp Wall Builder gives our firm a competitive edge when responding to client RFPs and enables us to confidently face client audits. The product also enables us to address the compliance requirements mandated by the new HIPAA Omnibus Rule."
  • "Information loss during lateral departures is another key risk affecting firms, but most organizations have no way to manage this risk because they lack visibility into how lawyers and staff use information."
  • "Intapp Activity Tracker provides our firm daily reports on usage patterns across our core systems. The product enables us to investigate abnormalities, address areas of concern before they become serious problems, comply with regulatory monitoring requirements, and, ultimately, provide firm management with greater peace of mind."
Commenting on Hinckley Allen's success, Pat Archbold, head of Intapp's Risk Practice added:
  • "We're delighted to highlight Hinckley Allen's success using our products to tackle a diverse range of information security and compliance requirements. Firms like Hinckley set the standard of care across the industry and inspire our team to extend our products' capabilities."
Visit Intapp.com for more information on how Intapp supports HIPAA compliance and client audit response.

Tuesday, October 15, 2013

Report from New York Roundtable



Last week, we held a Risk Roundtable in New York City. Many thanks to Cravath, Swaine & Moore LLP for hosting. The event featured an engaging debate about recent case law affecting advanced waivers for conflicts. Drawing upon their analyses of the various opinions, our presenters then suggested strategies for composing waivers that would avoid future litigation along with technologies to manage client and matter intake effectively. Kathryn Hume, who manages and moderates the Risk Program, sends this update:
  • Dan, I'm pleased to report back a successful New York Risk Roundtable. Cravath generously agreed to host a large and engaged group of risk and technology leaders. A special thanks to Jeff Franchetti, Cravath CIO, for his hospitality.
  • Roy Simon, Distinguished Emeritus Professor of Legal Ethics at Hofstra University, began the discussion by commenting upon McKesson vs Duane Morris (Georgia, 2006), Celgene vs KV Pharmaceutical Co. (NJ, 2008), GSI vs BabyCenter (NY, 2010), and Galderma vs. Actavis Mid-Atlantic (Texas, 2013). In his commentary, Roy elicited and analyzed multiple key issues:
    • How specifically should a request for an advanced waiver communicate the information, risks and alternatives of a potential future conflict in order to be defensible as having elicited the clients’ informed consent?
    • Should “blanket” waivers, open waivers that do not specify the types of matters (e.g. high-stakes IP litigation versus low-stakes transactional law) or clients, be admissible? What about for sophisticated clients, especially those with an experienced in-house counsel that firms can reasonably assume have the capacity to assess more opaque terms of engagement?  
    • Within complex corporate families (e.g. the McKesson group) is a well drafted provision defining the client as a specific, named entity (and excluding any parent, subsidiary, or other affiliate in the corporate family) equivalent to a broad advanced waiver provision from all other members of the corporate family?
  • Anthony Davis, Partner in Hinshaw and Culbertson’s Lawyers for the Profession Practice Group, continued the discussion by commenting upon Brigham Young vs. Pfizer (Utah, 2010) and Macy’s vs. JC Penny (NY, 2013). Anthony highlighted the following:
    • The need to specify whether a waiver affects all new matters, from existing as well as new clients, or simply new matters under the “continuing” representation of existing clients. 
    • The surprising provision in the Jones Day waiver for the JC Penny case that the client can “silently consent” to the conditions of the waiver by simply engaging the firms services, without ever actually signing a contract.
    • After analyzing the case law, Anthony highlighted the four key tasks a perfect new business intake system and process should accomplish: clearing conflicts of interest, informing future client selection strategy, vetting client financial reliability and inciting easy and accurate data input from lawyers and staff.
  • James Edwards, Intapp Solution Consultant, concluded the session by demonstrating how the Intapp Open software platform is architected and designed to address precisely these challenges, enabling law firms to update forms and processes on the fly to stay competitive and manage complex waivers from sophisticated clients effectively. 
Kathryn is hosting a session in Washington DC today, with remaining events set for Chicago, Los Angeles and San Francisco.

Monday, October 14, 2013

ILTA Webinar: Law Firm Compliance with HIPAA "Minimum Necessary" Standard

Frightened by the new HIPAA compliance requirements now in effect? ILTA is hosting the third in a series of HIPAA-related events for law firms, set for Halloween (Thursday, October 31st at 9am PDT / 12pm EDT) --

Complying with the Minimum Necessary Standard of HIPAA
The minimum necessary standard, a key protection of the HIPAA Privacy Rule, mandates that protected health information should be used or disclosed only to satisfy a particular purpose or carry out a particular function.
 
Complying with the minimum necessary standard poses particular challenges to law firms, often forcing them to modify practices for collecting client information and securing it throughout the matter life cycle.
 
This presentation explains why the minimum necessary standard is important and how it impacts common law firm operations. Suggested processes, procedures and technologies to satisfy compliance obligations will be provided.

Speakers:
  • Kathryn Hume is a member of Intapp's Risk Practice Group and focuses on law firm information security, data governance and HIPAA compliance. She analyzes how emerging technologies are influencing and being affected by evolving standards of professional responsibility and care, including the new HIPAA rules.
  • Brian Donato, Chief Information Officer at Vorys, Sater, Seymour and Pease LLP, has worked in information technology for over 27 years. Brian serves on ILTA's Risk and Records Management Peer Group Steering Committee, as well as the LegalSEC Steering Committee. He is also a Task Force leader for the Law Firm Information Governance Symposium work group. Brian is a frequent author and speaker on the use of mobile devices, security and information governance issues.
To attend this webinar, visit ILTA's registration page.

Thursday, October 10, 2013

Legal Ethics: Vereins, Professional Rules & Accountability

Hat tip to the Legal Ethics Forum for pointers to two interesting articles on law firm organization and legal ethics discussions:

"The Legal Ethics of Verein-Style Law Firms" --
  • "In a nutshell, a firm set up as a verein typically uses a common name (e.g., DLA Piper), but each office is administratively and financially separate from the other offices.  The ABA Journal column notes that this kind of structure raises possible problems under Model Rule 1.5(e), depending on how the firm handles the origination of business and the referral of matters among offices."
  • "Another interesting question -- not directly addressed in the column [link] -- relates to Rule 5.4.  For example, imagine that a verein-style firm has offices in New York and London, and the London office has nonlawyer partners.  The New York office may be asked to make certain cost contributions to a common fund for, say, marketing that benefits all offices.  Depending on how the common fund is administered (e.g., Is it just for marketing?  Or is "cost" sharing used in such a way that it rewards particular offices or lawyers for their origination of business?), such contributions could raise problems under Rule 5.4."

"Large Law Firms, Regulation and Accountability"
  • "There has long been a debate over whether lawyers should be more accountable. Much of the discussion has focused on the validity of the principle of non-accountability, particularly in the transactional setting. This important question focuses on what we want to hold lawyers accountable for."
  • "However other important questions require attention, namely, why we might wish to hold lawyers to account, that is, what purpose does accountability serve, and how we might wish to make lawyers accountable."
  • "This paper addresses these questions, focusing on how they play out in the context of large law firms in the UK and their lawyers. It will argue that one reason to make such lawyers accountable is to deter unethical but strictly legal behaviour and to address the problem of creative compliance."
  • "This is a pressing concern since one cause of the global financial crisis was the lack of integrity displayed by those participating in the markets, and transactional lawyers were a part of this."
  • "The paper will consider whether regulatory reforms in the UK will be effective in promoting desirable forms of accountability in large law firms, given the Legal Services Board’s view that large law firms and their lawyers should be subject to light touch and market regulation. Although focusing on UK regulation the paper’s conclusions on accountability and accountability mechanisms are of general application."

Wednesday, October 9, 2013

Webinar Recording: Client Information Security Audits

For those who missed the live presentation and panel discussion, we have a recording of our recent webinar on preparing for and responding to Law Firm Client Information Security Audits.

This session presented key client priorities and strategies for effective response. We were pleased to welcome a panel of speakers from Liberty Mutual, Security GRC2, Bradley Arant and Intapp.

Topics covered:
  • Analysis of how changing regulation are impacting client expectations
  • Overview of the top client information security priorities
  • Exploration of client audit questionnaires, reviews and processes
  • Discussion of common mistakes made by firms
  • Review of best practices and reference security frameworks
  • Review of technologies available to address compliance gaps, and to enhance firm response to RFPs from potential clients and audits from existing ones

Tuesday, October 8, 2013

Disqualification Avoided: Judge Rules in Class Action Conflicts Allegation

We noted this story earlier this year: "Latham & Watkins faces conflict charge in antitrust class action." Now comes an update: "Latham to Continue in Antitrust Case" --
  • "Latham represents Union Pacific Railroad Co., one of four U.S. freight rail companies accused of conspiring to raise customer rates through fuel surcharges. After Latham entered the multidistrict litigation last fall, several now-ex-clients who were unnamed class members—petroleum byproducts distributor Oxbow Carbon LLC and its subsidiaries—moved to disqualify the firm, arguing it suffered a conflict of interest."
  • "U.S. District Senior Judge Paul Friedman found that Latham's participation didn't create conflicts requiring the firm to step aside. As unnamed members of the potential class, the Oxbow companies weren't considered "parties" for the purposes of conflicts checks..."
  • "Friedman said there could be circumstances under which the relationship between an unnamed class member and a law firm was "so substantial that it raises questions about the firm’s ability to zealously represent the defendant, or where there is a risk that the class member’s confidential information could be used by the firm in preparing the defendant’s legal strategy," he said. 'But such circumstances are not present here.'"

Monday, October 7, 2013

Legal Ethics & IT: Lawyer Email Management

Jeff Brandt, editor of the Pinhawk Law Technology Digest writes:
  • "Has your risk partner come to your recently telling you of the latest in ethic opinions that could impact your IT work flows or procedures? Have you sought out your risk partner recently to ask if there have been any ethics rulings that might influence your IT operations? Let's take for example your departing attorney routines. Upon their departure, do you delete their user account and let emails bounce back to clients as undelivered? If you operate in Philadelphia, you may want to review that process. If you're not sure, you may want to check in with the Bars that govern where you operate."
Read more: "Ethics: How To Handle A Departing Lawyer’s Email Account" --
  • "On the contrary, the Committee finds that it would problematic, and in violation of the law firm’s duties, to acquiesce to B’s request and just automate a bounceback reply, without actually reviewing the emails."
  • "It is made clear that any email “that is clearly meant for the departing attorney” must be forwarded to the departing attorney, and that the sender of the email must be informed of the departing attorney’s updated contact information."

Monday, September 30, 2013

Risk Roundtables Set for Los Angeles & San Francisco


We're pleased to announce two more Risk Roundtables.  
 
We're delighted to feature guest speaker John Steele (publisher of the Legal Ethics Forum blog and legal ethics expert recently named “Lawyer of the Year – 2013,” Ethics and Professional Responsibility category, Northern California’s Best Lawyers). John will discuss client-driven compliance pressures including advanced waivers for conflicts, information security and other terms of business agreements.
  • The Los Angeles event is set for Wednesday, October 23rd at the offices of Cox, Castle & Nicholson LLP. Charles Noneman (Risk Management Partner at Cox Castle will co-present).
  • The San Francisco session will take place on Thursday, October 24th at the offices of Sedgwick LLP. Michael Guernon (Director, New Business & Conflicts, Orrick, Herrington & Sutcliffe LLP) will co-present.
Intapp experts will also discuss trends and challenges facing business intake and conflicts teams, and how technology can simplify this critical business process.
 
These events always provide a forum for IT, risk and management professionals to connect in a collaborative environment.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

Tuesday, September 24, 2013

Risk Roundtable Meeting Set for Chicago


We're pleased to announce another upcoming Risk Roundtable,  scheduled for Tuesday, October 22nd, in Chicago office of Kirkland & Ellis.
 
At this session, guest speaker Anthony Davis (Partner, Hinshaw & Culbertson LLP) will discuss recent opinions affecting advanced waivers for conflicts and strategies to manage conflicts of interest effectively.
 
Intapp experts will also discuss trends and challenges facing business intake and conflicts teams, and how technology can simplify this critical business process.
 
These events always provide a forum for IT, risk and management professionals to connect in a collaborative environment.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

Monday, September 23, 2013

Law Firm HIPAA Compliance Survey Report Now Available

 
Today is the enforcement deadline for compliance with the new HIPAA Omnibus Rule, which mandates new standards for law firms to actively safeguard client protected health information in their role as Business Associates. Law firms are now directly liable for compliance with the HIPAA Security Rule and Privacy Rule.

The 2013 Law Firm HIPAA Compliance Survey Report presents information gathered from over 70 organizations, measuring attitudes, priorities and response strategies.

Summary of Key Findings:
  1. Interest in and responsibility for HIPAA compliance spans departments and stakeholder roles – survey participants include firm management, risk management, heads of IT, information security managers and practice group leaders.
  2. Firms report that protected health information subject to HIPAA protections often appears in matters from firm healthcare, litigation, labor & employment, insurance, and medical/life science practice areas.
  3. Firms see reputational harm as the key risk and impact of a breach or compliance failure.
  4. Firms are actively pursuing compliance with new HIPAA regulations, employing measures including undertaking internal assessments and review of business associate agreements, implementing new policies and training and adopting security and monitoring controls.
  5. In many instances, compliance measures are spearheaded by IT, often working cross-functionally with risk and practice stakeholders.
  6. To manage future compliance, firms overwhelmingly plan to modify business intake procedures to identify and flag HIPAA-related matters at the point of inception.
  7. Many firms are discussing HIPAA compliance with their insurance brokers or underwriters to assess the applicability of current malpractice and cyber insurance policies or expand coverage.

Pat Archbold, head of Intapp's Risk Practice Group notes:
  • "We sponsored this survey to provide our customers and partners with insight into how the legal industry is responding to the new HIPAA Omnibus Rule, which affects a significant number of organizations. We’re working closely with many firms to help them respond, supporting their efforts to safeguard and monitor the treatment of sensitive information and meet their compliance objectives."
Thank you to the many who participated in the survey (your report copies are in the mail). For others interested in acquiring a copy of the report, contact: info@riskroundtable.com.

Thursday, September 19, 2013

Disqualification Discussions Making News

A few interesting disqualification-related stories in the news:

Judge expands independent review involving BP claims, threatens to disqualify lawyers --
  • "The federal judge overseeing a multi-billion-dollar BP claims settlement program has ordered former senior claims program attorneys and law firms they were connected with to explain why one law firm's $7.9 million claim shouldn't be disallowed."
  • "U.S. District Judge Carl Barbier also wants to know why the attorneys and associated law firms shouldn't be disqualified from representing claimants and collecting fees from those claimants."
  • "The order, issued Friday, followed Barbier's receipt of a report from former FBI Director Louis Freeh that said former senior claims office attorney Lionel Sutton expedited a claim on behalf of attorneys Glen Lerner and John Andry for their law firm. Sutton's wife, Christine Reitano, who also was a lawyer for the claims program, also is targeted by the order."
Move afoot to remove former Hawaii PUC Chairman Caliboso's law firm from Lanai wind farm case --
  • "Just two weeks after former Hawaii Public Utilities Commission Chairman and Honolulu attorney Carlito Caliboso recused himself from working on Castle & Cooke Inc.'s proposed 200-megawatt Lanai wind farm project, there’s now an effort to remove his entire law firm from the case, according to a filing with the PUC."
  • "Castle & Cooke said that both Caliboso and his firm are in compliance with “Hawaii Rules of Professional Conduct” because the current case involves a new matter that is separate and distinct from other dockets in which Caliboso took part in when he was the chairman of the PUC."

Wednesday, September 18, 2013

ILTA Conference: Ethical Walls/Screens & Information Security Session

From the recent ILTA conference: "Erecting Ethical Walls...Then What?" -- Culture, budget, technology, policy, process and staffing are all influencers in the development of an ethical wall initiative. With perspectives from small, medium and large firms, attendees will gain a greater understanding of what issues must be considered in all firms, as well as those of different sizes and cultures. Learn about common challenges, areas of focus and strategies to attack them. Our panel will share varied experiences in how to manage, staff and execute these initiatives; how to define success; and how long it takes to achieve success. Attendees will also hear about such topics as issues associated with lateral attorneys, new clients and existing clients/new matters where conflicts of interest exist. [Slides] [Session Recording]

The panel was moderated by Eric Mosca from InOutsource and featured speakers from Wiley Rein LLP (Doug Smith), Lewis Roca Rothgerber LLP (Eric W. Carpenter) and Orrick, Herrington & Sutcliffe LLP (Leigh Isaacs).

  • Eric Carpenter (Lewis Roca):
    • "Over time what has happened is that as more and more information got recorded in systems where we tagged it with client and matter information and we knew the users that were accessing that information , we needed...  something that’s put in place using the architecture of the systems that manage your information... because of the volume of information and because the movement of laterals that has increased so dramatically in the last few years, there’s such an increase in the need for screens to be set up."
    • "But I just want you to think about how that’s evolved in your own firm to be much more of a job to keep up with – with segregating all of this information, and the fact that today you can’t just rely on attorneys to do the right thing. You have to prove to clients, you have to certify to outside auditors and insurance companies, so it’s really a very different dynamic."
    • "I think client requirements and client audits that we're increasingly seeing also lends itself to this. You know, we need to be able to show that 'yes, we’re able to do this, we’re able to do it effectively.'"
  • Doug Smith(Wiley Rein):
    • "I think one of the other problems I've seen happen... is screens because of mergers and acquisitions in the marketplace. We had a client, not a major client, but a client that had a significant presence who was purchased by a competitor and that competitor had a major conflict with us; now not a conflict per se, or else we'd have to discharge the client, but it was significant enough that we had to put up a screen – within the practice group, basically screening off a segment of that group from this other client... So again that’s just one of those things. It’s not that the conflicts process created this, or that an intake process created it, it’s just that the market itself created it. So there’s a lot of good reasons these screens have been evolving now. "
    • "You’ve got so many disparate systems and you have to secure across all the systems at the same time, not just DM, not just Time Billing, but those File Shares – you know, you have to be able to secure the file shares too... When we were looking at solutions we found a couple that could do one or the other. We were struggling to find ones that could do both."
  • Eric Mosca (Inoutsource):
    • "... we have dozens of clients that have used screens to take on business that they couldn’t have taken on otherwise. So they’ve done the most important thing and made money as a result of setting up these screens. So it’s kind of used in a different way – not as defense, but as an offensive maneuver, and it’s worked out incredibly well for a lot of firms."

Tuesday, September 17, 2013

Risk Roundtable Meeting Set for Washington, DC


Traveling in packs, we're pleased to announce another upcoming Risk Roundtable. Scheduled for Tuesday, October 15th, in Washington DC office of Sterne, Kessler, Goldstein & Fox.
 
At this Roundtable, guest speaker Anthony Davis (Partner, Hinshaw & Culbertson LLP) will discuss recent opinions affecting advanced waivers for conflicts and strategies to manage conflicts of interest effectively.
 
Intapp experts will also discuss trends and challenges facing business intake and conflicts teams, and how technology can simplify this critical business process.
 
These events always provide a forum for IT, risk and management professionals to connect in a collaborative environment.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

Monday, September 16, 2013

Webinar: Client Audits – Understanding Current Trends, Responding Effectively

Our next webinar features a panel comprising speakers from Liberty Mutual, Security GRC², Bradley Arant and Intapp and will explore client priorities and expectations around information security, standard audit procedures and protocols, common pitfalls to responding, and technologies and policies firms can leverage to achieve repeatable success. 

Regulatory developments, new technologies and increasingly sophisticated threats are currently leading most clients to examine and audit the information security frameworks adopted by their law firms. To retain key clients and stay competitive, law firms must revisit their information security practices, often pursuing a standard security framework to negotiate client demands.
This webinar presents key client priorities and strategies for effective response. Topics will include:
  • Analysis of how the changing regulatory landscape is impacting client expectations
  • Overview of top client information security priorities
  • Explanation of client audit questionnaires, reviews and processes
  • Criticism of common mistakes
  • Best practices and reference information security frameworks
  • Demonstration of technologies available to remediate compliance gaps

Date: Wednesday, September 25
Time: 10 am Pacific / 1 pm Eastern
Duration: 75 minutes

CLE CREDIT: As a certified as a CLE approved educator by the State Bar of California, we are able to provide California certificates to attendees upon request. (Attendees are responsible for confirming CLE reciprocity in their particular jurisdiction. We are happy to provide additional information required to receive credit outside of California, attendees are responsible for researching and identifying information for their local jurisdictions and filing any necessary paperwork.)

Attendance is by invitation only. For more information, please contact: info@riskroundtable.com.

Wednesday, September 11, 2013

ILTA Webinar on Law Firm HIPAA Compliance

The International Legal Technology Association (ILTA) is presenting a webinar on Wednesday, September 18th: "HIPAA Compliance: What it is, what it means, and what to do about it." Set for 10am PST / 1pm EST, the session is free to existing ILTA members (visit iltanet.org to see if you qualify) and for a small fee for non-members. Contact Kristy Costello at kristina@iltanet.org or (512) 795-4674 for more information or register via this link.

Session Details:
The Health Information Portability and Accountability Act (HIPAA) was recently amended to impose a number of privacy and security requirements directly on law firms which handle certain types of health information. Failure to comply with the HIPAA requirements by the September 23, 2013 enforcement deadline may lead to a variety of regulatory penalties including mandatory compliance reviews or multi-million dollar fines. 

This presentation provides law firm personnel with a review of the recent changes and a brief overview of the HIPAA requirements. Some HIPAA compliance challenges unique to the legal environment will be discussed and advice for building an effective compliance program will be provided.

Speaker:
Adam Carlson (M.S.,CISM) is a security solutions consultant at Intapp, where he focuses on helping law firms achieve their information security and privacy objectives. He has over 12 years of experience in IT operations and security management.

Tuesday, September 10, 2013

Risk Roundtable Meeting Set for New York


We're pleased to announce another upcoming Risk Roundtable. Scheduled for Thursday, October 3rd, in New York at the offices of Cravath Swaine & Moore LLP.
 
At this Roundtable, guest speakers Anthony Davis (Partner, Hinshaw & Culbertson LLP) and Roy Simon (Distinguished Professor of Legal Ethics, Hofstra University) will discuss recent opinions affecting advanced waivers for conflicts and strategies to manage conflicts of interest effectively.
 
Intapp experts will also discuss trends and challenges facing business intake and conflicts teams, and how technology can simplify this critical business process.
 
These events always provide a forum for IT, risk and management professionals to connect in a collaborative environment.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

Monday, September 9, 2013

ILTA Conference: Information Security & Data Privacy Sessions

Here are most sessions of interest from the recent International Legal Technology Association conference. The organizers very graciously post both slides and recordings of many of the sessions. This update focuses on information security.

Develop and Run Effective Security Awareness Training
A security consultant (Intapp's Adam Carlson), a CIO and a security officer will share what they've done to implement  security awareness programs. What should you do to educate users on the behaviors they should avoid and those they should embrace to make their firms more secure? Return home with some practical steps to implement your own security awareness training program.
[Slides] [Session Recording]

The FBI and Experts Present Security Updates and Strategies for Firms of All Sizes 
As business entities become more security-savvy, hackers look for easier avenues to steal intellectual property and disrupt business deals. Law firms have become a hacker's target of choice, and hundreds of attacks and infiltrations of law firm networks have been uncovered. Our discussion will focus on the impact of user behavior on security, including noncompliance with security measures, BYOD expectations, IT consumerization, wireless access and more. Firms of all sizes will take away practical risk mitigation strategies for immediate and future use, so you can make the case for implementation to your executive management.
[Slides]

Security? What's the Big Deal? Law Firm Security Basics for Non-Security People
Law firms all have the same security issues, but not all firms have a security manager/department. In the absence of security personnel, whose job is it? What do litigation support, HR, attorneys, records and other non-security personnel need to know in order to begin the process of improving their firm security posture? What are the basic security issues/topics for law firms? What are the basic tenets of security, and how do they impact your job? We are only as strong as our weakest link. Come learn how to build a stronger chain.
[Slides] [Session Recording]

Responding to a Security Breach
You think you’ve been hacked. But are you sure? How do you know? What do you do next? Our panel of experts will share their knowledge and first-hand experience of network investigations and show you how the attackers got in, how they could have been stopped, and what you need to know in case it happens to you.
[Slides] [Session Recording]


Thursday, September 5, 2013

ILTA Conference: Risk Management Sessions

With the conclusion of its annual industry conference, the International Legal Technology Association has posted several session presentations and recordings. We'll be highlighting several of potential interest to our readers.

IT and Firm Risk Management: The Crucible
IT professionals calculate risk every waking moment. They work to quantify and manage it. In many ways, lawyers are professional risk managers for their clients. However, the way lawyers practice law and otherwise behave can pose risks to their clients and their firms, potentially culminating in lawyers’ professional liability, management liability and/or an employment practices liability claim against the firm. Despite these exposures, it remains a significant challenge for IT professionals in law firms to have meaningful discussions with their lawyers about risk and to develop a more integrated approach to risk within their firms. Let's examine the approaches and methods IT professionals can use to quantify risk metrics to advance their efforts. [Slides] [Assessment Framework] [Session Recording]

Data Preservation and Legal Hold Notice Programs
Learn from an experienced panel about the why and how of preserving data and issuing and managing legal hold notices. Following a review of case law, our panel will discuss the benefits and challenges of different options for preserving data: systemic preservation, user-driven preservation and collection to preserve. Requirements for the content of preservation notices based on rules and case law will also be provided. Come learn about the tips and tricks for successful implementation of a data preservation and legal hold notice program. [Slides] [Handout] [Session Recording]

Wednesday, September 4, 2013

Risk Roundtable Set for New Orleans


We're please to announce our upcoming Risk Roundtable. Scheduled for Friday, September 20th, in New Orleans at the offices of Phelps Dunbar LLP in New Orleans.
 
We’ll be discussing current trends and challenges facing business intake and conflicts teams. Topics will include:
  • Overview of business intake and conflicts management challenges facing law firms
  • Discussion of new approaches to streamlining business acceptance
  • Demonstration of Intapp Open
These events always provide a forum for IT, risk and management professionals to connect in a collaborative environment.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

Tuesday, September 3, 2013

Law Firm Conflicts Management - SJ Berwin Chooses Intapp Open

 
SJ Berwin, an international firm with more than 160 partners and over 1,100 employees, has selected Intapp Open to enhance firm conflicts management.

Said the Firm's IT Director, Simon Kosminsky:
  • "We’ve worked very closely with Intapp through the early adopter programme for this new product initiative. Intapp have worked hard to understand our specific documented requirements and factor these into the design of their new conflicts product."
  • "We know we set the bar high in this area – our requirements have been honed through many years of developing and using our own in-house conflicts product. I think it’s fair to say the team are very impressed with the progress Intapp is making."
Today, multiple market trends are putting new pressures on law firms to transform the way they evaluate and engage new business. These include clients with increasing service expectations, and a risk landscape with evolving regulatory rules, compliance requirements and professional standards. In response, firms are looking to increase the sophistication, efficiency and agility of their conflicts management processes to enhance internal efficiency, reduce risk and improve lawyer productivity.

Intapp Open delivers a fresh approach to conflicts. It offers unique features, including a flexible business rules engine that enables effective management of practice-specific matter evaluation procedures as well as conflicts clearance practices that may be centralised, distributed among lawyers and practice heads, or both, depending on firm preferences.

Commenting on SJ Berwin's Decision, UK Managing Director Kaye Sycamore added:
  • "We’re delighted to add SJ Berwin to the growing roster of firms adopting Intapp Open to enhance their business acceptance practices. We welcome the opportunity to address the real-world requirements and benefit from the insights provided by our diverse customer community as we continue to extend the unique capabilities of the product."
Visit Intapp.com for more information on how Intapp Open enhances law firm conflicts management and to request more information or a demonstration.