Sunday, June 21, 2015

Risk News: Screening, Security (ISO 27001) and Cloud Concerns (or Not)

For those in the US, Happy post-Fourth of July. Here's a set of interesting updates to kick of the month on a variety of topics. First up: "DC Bar Revisiting Ethical Screening: Comments Sought on Move to Amend Rules 1.10, 1.15, and 7.1" --
  • "The proposed amendments were submitted to the court by the D.C. Bar Board of Governors on recommendation of the Bar’s Rules of Professional Conduct Review Committee. The proposed amendments [include]:"
  • "A. Rule 1.10 (Imputed Disqualification: General Rule)
    Amend Rule 1.10 and its comments to allow ethical screening (without client consent) of lawyers moving laterally between private employers with certain initial notice requirements to former clients. The committee further recommends the addition of a new subparagraph (f) to address situations in which a law firm cannot provide required notifications without violating confidentiality obligations to an existing client."
Jeff Brandt at Pinhawk noted a resource of interest to the security-focused: "The brain of an ISO auditor – What to expect at a certification audit" by Advisera, a consultancy --
  • "If your company is going for the ISO certification (e.g., ISO 9001, ISO 14001, OHSAS 18001, ISO 20000, ISO 22000, ISO 22301, or ISO 27001), you’re probably not very happy about it – certification auditors are usually perceived as persons who are not very open minded and who will insist on a whole bunch of unnecessary details. But the truth is, it doesn’t have to be this way – if you understand how the auditor thinks, your audit can turn out to be much more pleasant and useful. Here’s what you need to know."
We also recently noted several updates concerning law firm risk and information governance practices tied to cloud services. (Watching the industry discussion unfold on this topic conjures memories of the industry's adoption and debate about electronic mail...) Here's another bit of commentary from outside of the legal space, which raises some important points: "Enterprise financials in the cloud? Why the fog of skepticism may be lifting" --
  • "Spreadsheets and email documents are a bigger threat than the cloud, says Forrester Research’s Liz Herbert"
  • "One of the HubbleUp speakers was Liz Herbert, a vice president and analyst at Forrester Research. During her talk, she emphasized that when it comes to keeping private data inside the enterprise, the horse has already left the barn. She talked about one customer engagement, which the C-level officers brought Forrester in to begin – to begin! – a feasibility study of placing some corporate information into the cloud. However, once onsite, she learned that the company was already using to manage its customer interactions. The lesson: The company was already storing sensitive information in the cloud, but didn’t even realize it."
  • "Herbert urged business to 'get real' and accept that security breaches, such as HIPAA violations, occurred from the use and misuse and abuse of locally stored data, not data in the cloud. The common scenario, she said: documents and spreadsheets being emailed around the company. It’s very, very easy to accidentally send critical information to the wrong address, or intentionally leak the information via email, or even copy it off a hard drive onto a USB key. 'Spreadsheets and email documents are a bigger threat than the cloud,' she said."

Thursday, June 18, 2015

Risk News: Conflicts (Quirky, Canadian or Common) Collide Consent & Cost

It's not every day we quote the Hollywood Reporter (and our television habits trend towards more towards episodic drama -- IP claims about who really-but-fictionally invented the infamous Coke commercial is the debate du jour in your editor's household -- rather than situation comedies). Regardless, this story does merit a viewing: "Judge Throws Out 'New Girl' Idea Theft Claims" --
  • "On Friday, a California federal judge rejected a key portion of an ongoing lawsuit brought by Stephanie Counts and Shari Gold that alleges that the Fox series New Girl was derived from their own proposals for a show about a woman who moves in with three single men."
  • "In support, the two said they had hired an attorney to pursue claims in 2011 and had gotten a $10,000 offer from Fox to settle the matter in 2012. Counts and Gold rejected the offer, but there was something a little off about the situation; their law firm at the time also represented New Girl executive producer and director Jacob Kasdan. Their lawyers advised them about the conflict and suggested that if they wished to pursue claims against Kasdan, they'd need to discuss further involvement in the dispute."
  • "According to the complaint, they 'were unaware of just how tightly aligned Defendants and their then-counsel were in the entertainment industry: The firm representing Plaintiffs also absurdly represented the director and executive producer of New Girl, the very show Plaintiffs claimed took their ideas and artistic expression. The extent to which this relationship had truly affected then-counsel’s representation of Plaintiffs only became truly evident to Plaintiffs in February 2012.'"
  • "In today's opinion, U.S. District Judge Stephen Wilson is hardly impressed with the argument. He writes that the plaintiffs admitted being informed about the potential conflict and 'apparently consented.' He adds that they might have found the $10,000 settlement offer insulting, but he doesn't believe the prior lawyer's 'failure to elicit a larger sum indicates that they were 'incapacitated' by their conflict of interest.'"
In another matter, involving substantially larger sums comes a conflict cleared: "Judge: No conflict of interest for Troy Kelley's lawyer" --
  • "Federal prosecutors said Friday they are satisfied that an attorney for indicted Washington State Auditor Troy Kelley does not have a conflict of interest that might warrant his removal from the case."
  • "The government last month said Kelley had paid more than $900,000 in stolen money as a retainer to Davis Wright Tremaine, the Seattle firm where his attorney, Mark Bartlett, works. Prosecutors said they were concerned that it could create a conflict of interest if Bartlett had provided Kelley with advice about spending that money, and they asked U.S. District Judge Ronald Leighton to consider whether a conflict might exist."
  • "They said they were concerned Bartlett might need to be called as a witness in the case or that he might have to cross-examine partners in his own law firm about how the retainer was handled. They said it could also raise issues that Bartlett previously represented Kelley's wife. Bartlett said no conflicts existed. He said he did not give Kelley advice on paying the retainer, and he noted his firm is holding Kelley's money in trust rather than spending it."

Wednesday, June 17, 2015

Cost of Changing Lawyers and Lawyers Changing (Malpractice, Billing, Conflicts and Other Allegations)

Some interesting allegations and updates making news. First: "Telstra has tripped over a legal conflict of interest issue as it fights a patent infringement claim" --
  • "Telstra has been sideswiped by conflict of interest issues after suddenly changing lawyers while defending claims that its mobile eCommerce platform has been infringing an inventor’s patents for many years."
  • "King & Wood Mallesons had been representing Telstra in the Federal Court, but last month the telco filed notice that it had changed to another top-of-town firm, Herbert Smith Freehills, with Sue Gilchrist as the representing lawyer."
  • "The Telstra account, a plump piece of business for any law firm, is potentially worth millions each year. However, Telstra’s new firm, Freehills, is known to have acted for Upaid as recently as last month when it filed a patent application in Australia. Upaid has now made an application to the Federal Court seeking to restrain Freehills from acting against the interests of Upaid. A hearing is set down for later this month."
And, as reported by Law360 (subscription or free trial) come allegations tied to a lateral departure of a lawyer (and more): "Mayer Brown 'Abandoned' Client In Trade Secrets Row: Suit" --
  • "In a legal malpractice complaint filed in Illinois court, Think Tank Software Development Corp. alleges that Mayer Brown unexpectedly withdrew as its counsel in March 2013 after the firm’s lead lawyer on the case, Thomas Durkin, accepted a federal judgeship."
  • "Adding insult to injury, according to the suit, Mayer Brown hit Think Tank with more than $1.1 million in legal fees after leaving the case. Many of the charges for the firm’s four-plus years of work “were excessive, duplicative and/or otherwise unnecessary and unreasonable,” Think Tank said."
  • "The firm’s alleged unreasonable billing practices also included 'vague and unintelligible time entries,' unauthorized rate increases and block-billed time entries, Think Tank said. The firm’s 'billing abuses,' various legal missteps and early departure from the case amount to negligence and also to breaches of the retainer agreement Think Tank had signed with the firm, according to the suit."

Tuesday, June 16, 2015

Upcoming Webinar: The State of LegalKEY – Responding to New Risks

Intapp is hosting a webinar for firms using LegalKEY for conflicts management, focused on understanding the current state of and emerging risks associated with that software product.
featuring three law firm case studies: The State of LegalKEY: Responding to New Risks
  • Date: Thursday, June 25th
  • Time: 9 am PST / 12 pm EST
  • Registration: Limited to select firms. Please email Jason Yu for more information.

Session Details

Effective conflicts clearance is critical to law firm risk management. The cost of missing a conflict can be significant – from loss of business, to serious reputational damage. It’s why enhancing conflicts management consistently rates as a top concern in industry surveys.

For nearly two decades, LegalKEY software has helped firms manage conflicts.  But today, years after  the last enhancements have been made to this product, and with future development concluded, the product is starting to show its age... and creating new potential risks.

For example, the pending end-of-life of Windows Server 2003 and 2008 will create significant  maintenance and support issues for firms. What’s more, growing evidence suggests that in common use data quality issues often surface in the product.
In this environment, now is the time to start thinking about the future of conflicts management at your firm.
This webinar will provide more detail on the state of LegalKEY, including product risk, Intapp and third-party support, and a review of response options.
Moderated by Dan Bressler, head of Intapp marketing and the Risk Roundtable Initiative, the session will feature a deep-dive presentation from conflicts and LegalKEY expert Eric Mosca, Director of Operations at InOutsource.

Eric has worked with a number of firms to improve their conflicts policies and practices, including technology optimization and migration projects. He’ll provide an overview of the LegalKEY “Health Check” his organization has developed.

They’ll be joined by Mohit Thawani who will provide guidance for making the internal business case for investing in new software to enhance, conflicts, intake and overall business acceptance practices.

Attendance is limited to select firms and partners. Please email Jason Yu for more information.

Monday, June 15, 2015

Little Fluffy Clouds: New Ethics Opinion, New Policies, New Trends

With musical accompaniment optional (but recommended), we take note of the new ethics opinion from the State Bar of Wisconsin: "Cloud Computing is the New Norm: Ethics Opinion Outlines Lawyer Obligations" --
  • "Wisconsin Formal Ethics Opinion EF-15-01 (Ethical Obligations of Attorneys Using Cloud Computing), issued by the State Bar of Wisconsin’s Professional Ethics Committee, notes that increased lawyer accessibility to cloud-based platforms and services comes with a direct loss of control over client information... Lawyers can use cloud computing services if the lawyer uses reasonable efforts to adequately address the potential risks associated with it, the opinion concludes."
  • "'To be reasonable,' the opinion states, 'the lawyer’s efforts must be commensurate with the risks presented.' The opinion acknowledges that lawyers cannot guard against every conceivable danger when using cloud-based services, but lists numerous factors to consider when assessing the risk of using cloud-based services in their practices."
Next, we turn to news of an interesting intersection of these issues driven by client and management concerns meeting lawyer expectations and the line between personal and professional activity at work: "Which Biglaw Firm Has Blocked Personal Email?" --
  • "We’ve received tips that not one, not two, but three different Biglaw behemoths have recently made moves to block all personal, web-based email, such as Gmail, AOL (is that still a thing? I think it’s a thing.), Yahoo!, Hotmail, etc. from computers on the firms’ networks."
  • As reported in the linked new story, one 1400+ lawyer firm's memo reads: "One of the repeated demands by our clients is that we prevent our users from accessing Webmail programs (Gmail, AOL, Yahoo, Comcast…) through our network. In general, there are two reasons for that insistence. First, accessing Webmail programs through our network enables client and firm data to leave the Firm without tracking. Second, Webmail programs can be the vehicle for the introduction of malware into the Firm’s network. This is not a hypothetical risk: our IT team reports that that has occurred in the Mayer Brown network."
  • The article also notes an update from a source at a 2000+ lawyer firm with similar policies, which have evolved: "[Webmail] has been disabled for all our 'normal' browsers, but we have been given a new, limited functionality “External Webmail Browser” by which we can access gmail/personal email accounts and external instant messaging services. Our reasons were also driven by client security demands."
Industry tech luminary Jeff Brandt published an open letter in response, which stops short of explicitly shoeing millennials, with their various chats and grams apps, off his law, but might be best (cheekily) summed up as "Welcome to the new age. Lol. Kthxbye."

Still, with some clients actively embracing the cloud and looking for closer collaboration with law firms in that realm, and recalling security and privilege debates about email in its infancy, it feels like there's a balance to be struck on all fronts...

Thus, we close with an excellent overview from the Legal IT Insider (aka "The Orange Rag") highlighting firms' navigating cloud adoption: "Passing Clouds: The Cloud Club – Client Consent Not Required?" --
  • "IT departments backed by their partnerships, by bringing in or looking at bringing in what they still often dare not call cloud, are – unusually for the legal sector – ahead of many of their clients, particularly those in regulated industries such as the finance and insurance sectors."
  • "Other clients say they would be prepared to give informed consent subject to certain assurances – Vodafone’s group general counsel Rosemary Martin told the Legal IT Insider: 'No-one has asked me yet but it would depend – anything very sensitive such as major litigation or major M&A we would be a bit twitchy about. More run of the mill stuff we would probably be fairly relaxed about. I’d want assurance the cloud and access to it were truly secure.'"
  • "A similar position is taken by Suzanne Wise, group GC and company secretary at Network Rail, who said: 'I would want to be informed and would ideally like confirmation that the information was as secure as it had been.'"
  • "At Keystone Law, which operates a heavily IT-reliant dispersed model and signed with NetDocuments earlier this year, IT Director Maurice Tunney said: 'Most of our clients are start-ups or small-to-medium enterprises who want to be assured that their data is secure and for our larger banks and insurance companies, we have not had any concerns raised about the fact that their data is stored in the cloud. If it was raised then we would re-assure them that it is highly secure and meets all the necessary security accreditations and requirements.' Tunney was previously at FieldFisher, which became one of the first firms to place its DMS in the cloud with Virtustream on a PaaS model."
  • "At Farrer & Co, which went through a stringent DMS tender process involving numerous partners as part of an 11-strong project committee, Davison said: 'Clients trust us to make sure their documents are secure. We are now answering the question ‘are you ISO27001 certified?’ with a ‘yes’. ‘Is your data encrypted?’ ‘Yes’. We couldn’t have done that before and most law firms can’t.'"
  • "Firms are, of course, not obliged to seek client consent by the Solicitors Regulation Authority (SRA), which acknowledges in its November 2013 Silver Linings: cloud computing, law firms and risk paper that from a client care perspective, solicitors have implied consent to confidential information being passed to external IT providers. They are also largely updating their terms and conditions to reflect the fact they have a hosted DMS."

Sunday, June 14, 2015

Implications of Unfolding Conflicts Allegations: On Engagement Letters and Waivers

As reported in the American Lawyer (and previously noted here), while the firm strongly disagrees that its representation represents any form of conflict: "Kirkland's Conflict Woes Worsen in Teva Takeover Case" --
  • "It's too early to declare the litigation for Mylan, since Tuesday's report by U.S. Magistrate Judge Lisa Pupo Lenihan could be rejected by the district judge. Lenihan blasted Kirkland for ignoring conflicts related to its past work for Mylan, finding that the firm breached its ethical duties. Kirkland immediately vowed to contest Lenihan's findings, saying in a statement that it rejected Mylan's conflict of interest claims."
  • "Still, Lenihan's unsparing, 61-page report, which heavily cites the opinions of Harvard Law School professor and former Wachtell, Lipton Rosen & Katz partner John Coates, makes Kirkland out to be the clear villain in the dispute. Her holding that Kirkland should be preliminarily enjoined from representing Teva in the takeover battle is likely to carry a great deal of weight with Chief Judge Joy Flowers Conti, who must decide whether to adopt the report. And the damage may already be done: Teva told Reuters late Tuesday that Sullivan & Cromwell will be taking over Kirkland's role on the deal front."
Bloomberg BNA offers up its own commentary on these matters: "To Dodge Conflicts, Make Waivers Specific" --
  • "Should law firms rethink their client engagement letters, and more specifically, the advance waiver clauses they include? That’s the question emerging after a federal magistrate’s lengthy report recommending that Kirkland & Ellis LLP be disqualified from representing Teva Pharmaceutical Industries Ltd. in its attempt to acquire Mylan NV because of the work Kirkland had done for Mylan."
  • "The issue is particularly fraught because of partners moving laterally and because of law firm consolidation as well as consolidation within industries."
  • "Kirkland was already representing Teva when Mylan became a client. According to the magistrate’s report, Mylan was aware of Kirkland’s work for Teva, 'including regulatory matters and products liability litigation with respect to certain drugs, some of which were matters in which Teva’s interests were directly adverse to Mylan.' In addition, Mylan had agreed to a waiver agreement that allowed Kirkland to represent others, “including in litigation, arbitration or other dispute resolution” procedures that might be adverse. Nonetheless, that agreement, known as an advance waiver, shouldn’t be read to permit Kirkland to represent Teva, the magistrate said."
The judge has yet to issue a final ruling, so the debate remains live. With that context, here is additional commentary via Reuters: "Lessons from Kirkland’s ‘unfortunate and unethical’ Mylan mess" --
  • "What the Kirkland case shows, however, is that conflict waivers may not give lawyers broad rights to represent hostile bidders for current and former clients, even if the clients have said it’s okay for the law firm to pursue adverse litigation and even if the firm has set up ethical walls."
  • "Kirkland had originally wanted Mylan to waive conflicts on cases that were not “substantially related,” according to the magistrate’s report, but “substantially” fell out in negotiations over the wording of the waiver."
  • "Mylan sued Kirkland for breaching its duty in May. Its lawyers at Wilson Sonsini Goodrich & Rosati, Peacock Keller & Ecker and Pietragallo Gordon Alfano Bosick & Raspanti argued that Mylan’s conflict waiver in no way contemplated that the firm would represent a hostile bidder trying to take over the company. Kirkland, they contended, was violating the terms of its engagement agreement with Mylan by representing a Mylan adversary in a takeover bid necessarily related to the products at issue in Kirkland’s work for Mylan."
  • "Ultimately, Judge Lenihan read the agreement only to permit Kirkland to represent Mylan in the sorts of cases in which the firm was already working for Mylan competitors."
And the Wall Street Journal weighs in with: "Dealpolitik: Mylan-Kirkland Decision Should Give Big Law Firms Shivers" --
  • "Finally, the magistrate turned the way Kirkland tried to protect Mylan’s confidential information it obtained on the drug products representation against Kirkland. Kirkland had put in place what the magistrate called an “ethical screen” to be sure Mylan’s information was accessible only to lawyers representing Mylan (which in my experience is not an unusual action). The magistrate seemed to agree with Mylan that such a screen would not be necessary if the takeover were not 'related' to the Mylan representation. I find that conclusion dubious, but I think law firms now need to write into their engagement letters that a client agrees that specified procedures for the protection of client confidential information are appropriate and not evidence of a prohibited representation."
  • "In short, large law firms view themselves as a business. If a client wants its services, the client should expect prescribed terms of engagement giving a law firm maximum freedom to act on other assignments.  Because this thinking is so different from how the default ethical rules are structured, every once in a while a case has to remind the firms how explicit they need to be to get that permission and to make it stick."

Tuesday, June 2, 2015

Risk News: Conflicts, Disqualifications, Screens and Bright Lines in Canada

Interesting update from Thomson Hine: "'Comprehensive' ethical screen fails to avoid disqualification from side-switching paralegal" --
  • "Small may be beautiful, but when it comes to law firms, small can signal disqualification troubles that a bigger firm might sometimes be able to avoid, according to the reasoning of a recent opinion."
  • "In the recent case, Ullman v. Denco, a  New Mexico federal court magistrate judge granted disqualification, booting defendants’ counsel from eleven consolidated employment cases after the firm hired a paralegal from the firm representing the plaintiffs."
  • "The paralegal had worked extensively on the cases; she had interviewed most of the clients, and had  detailed information about plaintiffs’ legal strategies and bottom line settlement numbers."
  • "Under those circumstances, the side-switching paralegal clearly could not herself participate in the consolidated case.  The question was whether her personal disqualification would be imputed to the entire six-lawyer defense firm — especially considering the fact that the defense firm had quickly put up an elaborate ethical screen."
  • "The magistrate judge held that the paralegal’s disqualifying conflict would not be imputed to the rest of the firm. Comment [4] to New Mexico’s version of the conflict imputation rule, Model Rule 1.10, says that the disqualification rules do not 'prohibit representation by others in the law firm where the person prohibited from involvement in a matter is a non-lawyer, such as a paralegal or legal secretary. However, the defense firm’s continued representation of its employer clients was doomed anyway, because the magistrate judge held that even the comprehensive screen the firm proposed 'would not be effective'  — in part because the firm was just too small."
We've seen several stories about IP-related matters. Here's another: "Motion To Disqualify Law Firm Is Granted" --
  • "Plaintiff accuses defendant’s NAND flash products of infringing eight patents. Two of the attorneys in that firm were previously employed by Weil Gotshal & Manges where the represented defendant in seven patent cases and a trade secret case focused on NAND flash technology.  The court finds that the current representation is substantially related to the prior NAND flash and trade secret cases. The law firm is disqualified."
Finally, from Canada comes an interesting conflicts update and extensive analysis: "The “bright line” rule is dimmed by the Alberta Court of Appeal in Statesman" --
  • "Joint retainers are common in modern legal practice. But what happens when a dispute is brewing between two parties represented by the same law firm? How is a lawyer to know when the “bright line” of conflict of interest has been crossed? And when the duty of loyalty to a client is breached, when is disqualification of the law firm an appropriate remedy? The Alberta Court of Appeal addressed these issues in Statesman Master Builders Inc v Bennett Jones LLP, 2015 ABCA 142 (“Statesman”)."
  • "The Court of Appeal discussed the duty to avoid conflicts of interest in the context of the “bright line” rule set out by the Supreme Court of Canada in R v Neil, 2002 SCC 70 (“Neil”). The bright line rule prohibits a law firm from representing one client whose interests are directly adverse to the immediate interests of another current client, even if the two mandates are unrelated, unless both clients consent after receiving full disclosure."
  • "The Court of Appeal said that the bright line rule appeared “at first glance” to apply because Statesman was still a client of the Law Firm when Matco commenced planning its legal strategy in the oppression action. The Court of Appeal, however, emphasized the limitations of the bright line rule..."
  • "In the absence of the bright line rule, there was no evidence that the Law Firm’s representation of Statesman on the builders’ lien matter was materially and adversely affected during the “short overlap” between Matco first discussing the oppression action with the Law Firm, and the termination of Statesman’s limited retainer."