Tuesday, January 21, 2014

Recent Risk Updates: Paralegal Screening, Ethics Opinion

Bill Frievogel highlights a few interesting updates. First: Fedora v. Werber, 2013 R.I. LEXIS 164 (R.I. Dec. 20, 2013) --
  • "Paralegal worked on the case for Defendant.  Paralegal wound up at Plaintiff’s law firm, which erected a screen. The firm neglected to provide 'prompt notice' of the screen to Defendant as provided by Rhode Island’s version of MR 1.10.  The trial court refused to disqualify the firm, but ordered the firm to pay sanctions for violating the notice provision.  In a procedural twist, the supreme court vacated the sanctions award.  The court noted that the trial judge had applied Rule 1.10 to a non-lawyer and also noted that the appellant did not raise that issue in this appeal."
Next, an ethics opinion from the New York State Bar: "Representation of Conflicting Interests" -- 
  • "Lawyer wishes to represent Client B in lending money to Client A (represented by another lawyer).  Lawyer may later wish to represent B in collecting the loan from A.  Lawyer may also wish to take stock from B in lieu of a fee.  The gist of this opinion is that Lawyer may do all of these things so long as Lawyer complies with Rules 1.5, 1.7 and various provisions of Rule 1.8, including 1.8(a).  The opinion leads the reader through the various steps necessary to accomplish these goals."

Monday, January 20, 2014

Adding Conflicts Allegations and Cost to Controversy

Another law firm conflict allegation tied to a high profile newsmaker: "Christie bridge scandal: Lawyers may have conflict of interest, Port Authority says" --
  • "The Port Authority is raising concerns that the law firm chosen to represent the Christie administration amid several investigations into the George Washington Bridge scandal has a conflict of interest. Officials at the bi-state agency plan to send a letter to the firm Gibson, Dunn & Crutcher LLP expressing the concerns, which stem from the firm's work on a separate but potentially related case, said a knowledgeable source."
  • "The firm is representing the Port Authority in a lawsuit lodged by the motorist group AAA over the agency's controversial toll hikes in 2011. Christie jointly steers the Port Authority. The interests of the Port Authority and the Christie administration in both the toll hike lawsuit and the George Washington Bridge probes could diverge, presenting potential complications if the same law firm is representing both simultaneously, some within the Port Authority believe."
  • "A spokeperson at the firm dismissed the concerns in a statement: 'There is no conflict of interest in our firm's separate representation of the Port Authority and the Governor's Office in these separate matters.'"
And for the muggles in our midst (h/t to Legal Ethics Forum) comes: "Lawyer fined for telling friend that client ‘Harry Potter’ author wrote new novel under pseudonym" -- 
  • "A British lawyer has been rebuked and fined £1,000 by the Solicitors Regulation Authority for violating client confidentiality by revealing to his wife's best friend that the author of the best-selling "Harry Potter" children's book series had written a new novel under a pseudonym."

Monday, January 13, 2014

Data on Law Firm Security Breaches

Following our earlier post on New Year's Risk Resolution #1 (Improve firm information security), comes a pointer to an article from Jeff Brandt at Pinhawk: "70% of Large Firm Lawyers Don't Know If Their Firm Has Been Breached," which summarizes details from a recent ABA survey conducted by the ABA's Legal Technology Resource Center. (the summary of which is: "most lawyers don't know if their firm has experienced a data breach").

Jeff breaks down the key findings and notes that "all of this is disturbing at so many levels, I'm not sure what to say" --
  1. 70% of large firm respondents reported that they didn't know if their firm had experienced a security breach
  2. 15% of survey respondents had experienced a security breach
  3. No one seems to care about state breach notification laws
  4. from Sharon's personal experience, law firm administration doesn't tell the attorneys. 
The ABA Report highlights the implications of breaches that leak client information:
  • "A security breach that results in unauthorized access to a client’s sensitive data could have tremendous consequences for a firm, ranging from loss of business to potential disciplinary fallout.  It’s vital that firms work to minimize the risk of such a breach, but also that firms have solid response plans prepared in the event that a serious data breach does occur.  A firm that waits until after a security breach to come up with a response plan may end up making the situation worse."

Wednesday, January 8, 2014

New Year's Risk Resolution #2: More Intelligent New Business Intake

Industry consultant Mike Lowe wrote in with a prudent suggestion for New Year's Risk Resolution #2 -- Take a more intelligent approach to new business intake. His article on intake was just published by ILTA in its white paper on business and financial management. You can read more on his blog. Here are some highlights:
  • "I feel for you, new business intake professional. Standing between partners and their potential revenue is like standing between a grizzly and her cubs. You cannot possibly assess and approve matters quickly enough, nor can you ask too few questions to do so. And yet your firm, your clients and the legal landscape are growing more complex, increasing the risks you are responsible for managing...Competitive pressures are generating a larger range of alternative deal structures that must be approved and accommodated in downstream processes."
  • "It’s time to assess whether your current NBI capability is appropriate for a modern law firm. Firms find that improving their NBI results in reduced risk, increased revenue and happier
    attorneys. And, at long last, technology has developed to the point where it can enable whatever operating model works best for your firm’s strategy and culture."
He outlines several recommendations, including the always-key-to-effective-risk-management: "avoid denial" --
  • "Recognize the reality of how attorneys work while designing your capability... Support attorneys with analysis. Firms can differ in how much they centralize decision-making. However, for even the most decentralized firms, provide a core group of professional staff to support attorney decisions with analysis. Searching and data analysis are tasks done better and cheaper with trained staff. Attorneys don’t want raw data, they want recommendations."
While he notes that technology alone won't solve intake irritations, without revisiting policy and process, he calls out the promise of advanced intake-focused software that offers lawyers the user experience, analysis and responsiveness they're looking for, while enabling firms to address modern risk and business management demands --
  • "A new technology will not be the magic bullet that fixes a broken NBI function. You need to look at all the interacting components that together build a capability: policy, process, technology and people. Configure the technology to fit your business, not vice-versa."
  • "[software] specifically designed for law firms that aim to go beyond workflow tools in their out-of-the box usability, features (e.g., reporting, auditing, notifications) and flexibility."
In 2013 we saw a number of firms adopt this modern approach to new business intake, and expect the trend to continue as more fulfill their own Risk Resolutions.

Tuesday, January 7, 2014

Risk Opinion: Conflicts & Cloud Commentaries

Two interesting updates on always-hot topics. First is another conflicts allegation in the news. Once again we see a story and media commentary about public attention focused on behavior which may or may not trip actual professional/ethical rules:

"Bill Lockyer's outside legal work an obvious conflict of interest" --
  • "California's ethics laws need a major overhaul in 2014. That need is made clear not only by State Treasurer Bill Lockyer's taking a side job with a major law firm while he serves out more than a year in his elected term, but also because there is no prohibition in the law against him doing so. And, there's little in the state's disclosure requirements to make Lockyer publicly account for what he'll being doing for his new employer, Boston-based Brown Rudnick LLP."
  • "Lockyer, naturally said all the right things about the new job. He'll avoid conflicts. His priority's being treasurer. What did you expect him to say?"
  • "Brown Rudnick didn't hire a former attorney general to work on little matters. They got a former attorney general to make it rain by using his considerable influence and connections to hook big clients and add his reputation -- built at taxpayer expense -- to major cases."
  • "The conflict in this is inherent. He's doing it anyway. The state pays him $139,000 yearly -- not a lot for someone who could make tons more privately. But to the people who elected him, it is... But Californians should demand higher ethical behavior and disclosure from their elected officials, beginning with this: Lockyer either shouldn't join the law firm until his term ends of he should resign now. The rest of us need to work toward ethics laws that bear actual teeth. Very sharp ones."
And from the New York City Bar comes updated commentary on information security risks and compliance requirements associated with the use of cloud services:

"New York City Bar Report Offers Guidance on Ethical Risks of ‘Leaping Into the Cloud’"--
  • "A New York City bar report on cloud computing points to the travails of Puckett & Faraj, a Virginia law firm, as a 'chilling example' of one of the 'two key risks' posed by the remote-data-storage technology: the possibility of a security breach that results in the unauthorized disclosure of confidential client communications."
  • "Each lawyer will have a different view of the competing risks of hackers and provider outages, on the one hand, and convenience of access and protection from natural or other 'local' disasters, on the other.
  • "'With the Cloud becoming more ubiquitous, with clients demanding more responsiveness from their counsel, the question changes--from 'whether to go to the Cloud or manage data through remote access devices …' to 'how to use these tools safely and ethically.'"
  • "The one constant, however, is that a decision must be made thoughtfully, and the lawyer must be prepared to demonstrate to clients, regulators and, perhaps at some point, a court how the decision was reached and what factors went into it."

Monday, January 6, 2014

New Year's Risk Resolution #1: Enhance Information Security

Happy new year to our growing community of risk blog readers and Risk Roundtable participants. We're excited to continue to bring you the latest news, updates and analysis. (We're always interested in feedback if you have topics you'd like to see covered, or would like to suggest or contribute an article, please feel free to reach out.)

With 2014 upon us, it's time to consider New Year's Risk Resolutions. Our first is enhancing internal information security and access management, a topic of significant interest throughout 2013 as client mandates, professional rules and new regulations highlight the need for prudent response measures.

ILTA's Legal Security Initiative recently hosted an on-point webinar: "The Benefits of ISO 27001 for Legal Firms."
  • "ISO 27001 can greatly simplify "the process" of information security - particularly for legal firms faced with increased attacks, HIPAA Omnibus challenges, an increasingly mobile work force and the need to prove you are secure/compliant to shareholders and clients."
  • "The presentation lays out a "road map" for ISO-27001 including costs, internal work effort, time-line, and typical changes required."
See the slide deck and the event recording.

Several firms have turned to the ISO standard as a "checkbox" strategy for responding to diverse information security requirements and requests. We've watched ISO for several years and a growing number of firms pursuing ISO certification.