Sunday, December 11, 2016

EVENT: Toronto Risk Roundtable (January 2017)

Our next Risk Roundtable event in our series on outside counsel guidelines is set for January 11th in Toronto. We're delighted to feature Simon Chester, Senior Counsel, Client Solutions at Gowling WLG, as our guest speaker.

He'll revisit his the point he made last year that outside counsel guidelines (OCG) are “bombs” waiting in law firm files, and that firms need to take action now to mitigate the substantial risks associated with OCG management.

Simon will by joined by Eric Nerland, Risk Practice Leader at Intapp, who will focus on the increasing compliance pressures being imposed by clients and how a firm can deliver on key client commitments. He will also share a short update on Intapp Open terms of business management system, a solution that helps firms finally manage, centralize, classify and report on client terms, RFPs and communications in a structured fashion.

And, as always, we’ll have plenty of time for open discussion, peer exchange and networking.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact for more details.

Thursday, December 8, 2016

VIDEO: Law Firm Perspective: Risk Case Study

Here's a seven minute video interview of Andy Jurczyk, CIO of Seyfarth Shaw on his firm's investment in risk technology:

Intapp Open — A Journey Forward
  • "We just recently finished the Open implementation, and finally brought our new business intake process into the electronic world, and the workflow associated with that, which is a project that went great."
  • "We originally had a contract with The Frayman Group, and we were ready to roll out our workflow software, and the acquisition happened. Of course, there's always questions about what's going to happen next. We had a number of Intapp meetings, and agreed on a delivery schedule and resource allocation to complete the project. Everything went great from that point on. We had some good resources that were applied."
Intapp Open — In Practice
  • "We finally finished the workflow and programming associated with the open product, and chose our Boston office as our pilot. Our Boston office is a little bit challenging because of some of the work that we do and the volume of the matters that get opened up in that office."
  • "We thought that would be great from a stress test perspective, and we rolled it out, and everybody loved it. It had more requirements, from a data collection perspective, which we thought we'd get some pushback on, but just the opposite happened. It was easy. It gave people insight into the matter opening process. They knew what the status was, where it was going."
  • "We still thought: 'Well, I wonder if that's an anomaly. Let's roll out another office,' and we went to the other side of the coast to our West Coast office, with the same results. Everybody was very happy about the product and welcomed it. We just finished the rollout firm wide, and it's been accepted, and everybody has provided very positive input for it. I'd think the value of the workflow is important for us."
On Intapp
  • "Intapp is one of those companies that I think is easy to do business with. In my role, I spend a lot of time with a lot of companies and a lot of people that run those companies, and one of the most impressive thing, for me, is the focus on the client at all levels from all personnel within the firm. It's a very well run company. It's easy to do business with. There's a lot of transparency on current product and future product, and so you have a good feel for what they're working on, where they're going, and that personally helps me strategically in budgets and being able to determine what the next steps are for our business and where we're going to take it."

Wednesday, December 7, 2016

Recent Conflicts News & Updates

A few stories and updates of note, starting with the latest from Bill Freivogel:
  • "Screening; Electronic Files: Estate of Kennedy v. Stuart A. Rosenblatt, C.P.A., 2016 WL 6543629 (N.J. App. Div. Nov. 4, 2016). This opinion’s description of the parties and the procedure is somewhat befuddling (to us, at least).  Therefore, we will take extreme liberties in simplifying the facts in order to reach the key issue for this audience: the application of N.J. Rule 1.10(b) (same as M.R. 1.10(b)) to electronic files remaining in the law firm when the lawyers handling the matter in question have left, taking the paper files with them. Law Firm defended a lawyer (“Defendant Lawyer”) in a prior malpractice case (“Prior Case”). After Prior Case was dismissed, the lawyer representing the plaintiff in Prior Case (“Lawyer”) joined Law Firm. Lawyer then filed the same case as before, including against Defendant Lawyer (“This Case”). In This Case Defendant Lawyer moved to disqualify Law Firm. Law Firm defended the motion because the lawyers working on Prior Case had left and taken the paper files with them. The issue was whether the electronic files left behind disqualified Law Firm under Rule 1.10(b)(2). The trial court granted the motion. In this opinion the appellate court reversed “conditionally” and remanded for further proceedings. Law Firm had erected a “screen” around the electronic files. However, the court said that if someone in Law Firm looked at the substance of the retained electronic files, Law Firm should be disqualified. If, however, all Law Firm lawyers did was look at metadata to determine whether anybody in Law Firm had looked at the files substantively, then the Law Firm should not be disqualified. The appellate court felt that New Jersey’s recent adoption of its version of M.R. 1.6(b)(5) (N.J. Rule 1.6(d)(5)), helped inform its decision here, even though the N.J. version came after the events in question. The opinion also discusses the nuts and bolts procedure that should be followed in resolving the remaining issues, and directs Law Firm to delete any electronic files remaining."
  • "Waiver; Passage of Time (posted December 2, 2016) Worth v. Worth, 2016 WL 7007721 (E.D. Pa. Nov. 29, 2016). The parties litigated this derivative action in state court for nine months. They now appear in federal court with different lawyers. Law Firm is representing the company and individual defendants. The plaintiff moved to disqualify Law Firm. In this opinion the court denied the motion because the plaintiff allowed a different law firm to represent the company and individual defendants for nine months in state court without objection."
  • "Of Counsel (posted November 30, 2016) LoPorto v. County of Rensselaer, No. 1:15-CV-0866 (LEK/DJS) (N.D.N.Y. Nov. 16, 2016). Lawyer filed this case for Plaintiff. Two individual defendants, A and B, were represented by Law Firm. After filing this case Lawyer became of counsel to Law Firm. Plaintiff and A and B reached an agreement to settle by dismissing A and B. The court held a conference to discuss the settlement. There the court learned of Lawyer’s of counsel status at Law Firm. The court ordered the lawyers to address this conflict.  After the lawyers did so, the court, sua sponte in this opinion disqualified Lawyer and Law Firm."
"More Conflicts Arise On Kirkland Team for Turkish Trader" --
  • "A hearing Wednesday in a New York federal court intended to address two possible conflicts with a Kirkland & Ellis LLP team representing a Turkish gold trader accused of violating Iran trade sanctions revealed several additional issues with the firm’s banking clients."
  • "Instead, one of Zarrab’s 14 lawyers, Viet Dinh of Kirkland & Ellis, told Judge Berman than six additional banks involved in transactions worth hundreds of millions of dollars at the heart of the case are also on Kirkland’s client roster."
  • "Moreover, he and another one of Zarrab's lawyers, Paul Clement, were also representing one of the banks that prosecutors claim were victimized by Zarrab's scheme in another ongoing federal case, representing a "metaphysical" conflict issue in the case."
  • "Zarrab and two others were charged in March with acting on behalf of the Iranian Bank Mellat and others on a U.S. sanctions list. He was initially represented in part by a Bancroft PLLC team that including Dinh and Clement."
  • "But in September, Kirkland announced it was absorbing the entire 17-attorney team at Bancroft, a renowned appellate firm. That created conflict issues for the four former Bancroft partners on Zarrab's deep legal team."
  • "Dinh argued Wednesday that the possible conflicts between the Zarrab and the banking clients were at worst indirect, and could be handled with an ethical wall in the firm. He also said he’d gotten Zarrab’s informed consent for the former Bancroft lawyers to continue to represent him, as well as conflict waivers from Bank of America and Deutsche Bank."
  • "He likened the issue to lawyers who represent a plaintiff suing a defendant who happens to have insurance coverage from a company also represented by the plaintiff firm in unrelated matters. 'It’s analogous to an indirect springing conflict,' he said."
  • "But Dinh also acknowledged that even if he could secure waivers from the other six Kirkland clients and erect an ethical wall in his new firm, he and Clement were also personally representing one of them, HSBC, in a Second Circuit appeal. 'We can’t wall ourselves off, and Mr. Zarrab understands that metaphysical issue,' he said."

Tuesday, December 6, 2016

Outside Counsel Guidelines -- Keeping up on the Conversation

Always important to listen to the client side of the equation. Here is a recent article from Sterling Miller, former General Counsel for Sabre Corporation (and Travelocity prior to that): "Ten Things: Preparing Outside Counsel Guidelines – The Keys" --
  • "Managing your relationship with outside counsel can be challenging. The good ones work hard to make it easy but, even so, there are times when you and your outside lawyers are not on the same page... There are many facets of your relationship with outside counsel that you need to think about and constantly manage. One way to do this is through an engagement letter. While this is a good device to manage some aspects of a particular project, the better path is to create and maintain a set of 'Outside Counsel Guidelines' — a standing set of rules for how you and your outside counsel will interact on key issues, especially on billing."
  • "1. Be reasonable. I have been on both sides of the aisle as General Counsel and as outside counsel. One thing I always tried to ensure was that, as in-house counsel, we were reasonable in what we included in our outside counsel guidelines and in the manner in which we interacted with our outside counsel, especially over billing and invoicing. My assumption was that outside counsel wanted to do a good job, wanted to comply with our guidelines, and wanted to ensure that we felt that we got value for the money we spent with them."
  • "7. Conflicts. As firms consolidate, conflicts become a real issue. One thing I have seen larger firms try to obtain is a blanket waiver of conflicts (sometimes called “advance conflicts waivers”). I would say no to this, and set out your policy on this in your guidelines. Moreover, you should set out that you expect the firm to advise you before undertaking any representation of a client who’s interests are generally adverse to the company, for example a competitor. It may not be an actual “conflict” under the ethical rules, but it’s fair to ask outside counsel to advise you of such representations."
  • "Additionally, if your law firm for some reason needs to withdraw from a representation of your company (either voluntarily or via court order) because of a conflict, you should require that the firm pick up the cost of transferring the matter to new counsel and for getting new counsel up to speed on the matter and if for some reason there is work product that can no longer be used due to the conflict, that the firm refund you the fees and costs associated with that work product."
  • "8. Guidelines trump retention letter. Most retention letters are prepared by outside counsel, which is fine. However, when you get the retention letter don’t just skim over it and sign it as is (even if they send it to you as a signed pdf). Take the time to read through it and ensure that a) it accurately reflects your understanding of how the engagement will work and any special terms or pricing you agreed to, and b) that there is nothing in the retention letter that conflicts with your Outside Counsel Guidelines. If either is not the way you want, change it – do not be afraid to mark up the retention letter. One thing I frequently did (especially if most of the letter was fine) was simply hand-write by my signature “Nothing in this letter trumps the [Company Name] Outside Counsel Guidelines and in the event of a conflict, the Outside Counsel Guidelines shall govern.” On occasion, I am glad I wrote this into the engagement letter."
  • "9. Guidelines do not replace a conversation with outside counsel. You can write the most elaborate Outside Counsel Guidelines, covering everything from A to Z, but in my experience your guidelines do not replace the one thing that is most important – regular conversations with your outside counsel about the relationship, especially around billing and costs. It may feel a bit scary and even awkward but nothing will pay back dividends like an honest conversation with your outside counsel about the bills."
  • "10. Review annually. If you are a regular reader of my blog you know that one thing I preach consistently is that you cannot prepare policies and guidelines and then just leave them on the shelf until “something happens.” You need to schedule regular reviews and you need to create the right team to help with that review – potentially even folks outside the legal department... Outside Counsel Guidelines can be a very helpful tool to help manage your relationships with outside counsel. Don’t be afraid to rewrite them from scratch every few years – the legal profession is changing way too fast to just sit back and assume what you already have is good enough. And, there are many other topics you can/should cover in your guidelines, e.g., confidentiality, media relations, “up-the-ladder” reporting, dispute resolution."

Wednesday, November 30, 2016

Positional Conflicts – Those Tweets & Posts (May) Create Serious Conflicts Problems

"Tweeting, Blogging Lawyers Warned About Positional Conflicts" --
  • "Lawyers who blog or tweet about legal developments should be cautious 'when stating positions on issues' because 'those stated positions could be adverse to an interest of a client, thus inadvertently creating a conflict,' the District of Columbia bar’s ethics committee advised in November."
  • "The guidance came in one of two simultaneously issued opinions that discuss a host of ethical issues involving lawyers’ use of social media (D.C. Bar Legal Ethics Comm., Ops. 370 and 371, 11/16)."
  • "But the D.C. panel also highlighted a few risks that were not emphasized in prior ethics opinions. One apparently novel warning was on the risks of creating so-called 'positional' conflicts when blogging or tweeting about legal developments. These are conflicts that can arise when a lawyer advances one position but needs to argue the opposite on a client’s behalf."
  • "The panel warned that lawyers who blog or tweet about legal developments may run into ethical problems if they state positions on legal issues that conflict with positions they have advanced, or may be called on to advance, on a client’s behalf."
  • "The committee said lawyers who engage in online musings of this sort may inadvertently create a positional conflict under D.C. Rule of Professional Conduct 1.7(b)(4). That rule says a lawyer may not represent a client in a matter if 'the lawyer’s professional judgment on behalf of the client will be or reasonably may be adversely affected by ... the lawyer’s own financial, property or personal interests.'"
  • "Accordingly, Cornett said, "If a blawger whose reputation is entwined with her blawg needs to take a contrary position in order to advance a client’s interests, she may be ‘materially limited’ from doing so because of that reputational interest.'"
This development is interesting on several levels -- The distinction between social/blogging commentary and other forms of expression being just one. (Though, the text of the opinion itself covers communications mechanisms as diverse as yelp, email lists and even general email, while acknowledging differences apply based on a number of factors.)

(I suspect that somewhere out there may be a lawyer who actually represents Twitter, who may be tempted to weigh in publicly on this particular opinion... maybe even via a tweet... but the circular logic loop of that potential conflict is too much to consider at the moment...)

Tuesday, November 29, 2016

New European Data Privacy and Security Rules (GDPR)

The newly launched GDPR Wiki site offers a plethora of information on these pending rules:
  • "Coming to you in May 2018, the GDPR is the most significant development in data protection that Europe, possibly the world, has seen over the past twenty years and therefore unsurprisingly is designed to better take into account modern technologies, the way we work with them today and are likely to work in the future. In addition, there is a much greater emphasis on compliance following a widely held belief that business had not taken data privacy seriously enough previously. As a consequence, penalties are considerably harsher and the compliance requirements are intended to spread a far wider net to include small and medium businesses."
This initiative is resource delivered by Tim Hyman, former IT director of law firms including Reed Smith and Taylor Wessing.

The site has published and distributes several resources, including: "The Essential Guide to GDPR" --
  • "Following recent presentations on the potential impact of GDPR at a number of global law firms and a presentation to the Institute of Barristers Clerks, I have been asked to compile a guide as to the basic principles of GDPR, how they may impact technology systems and which software tools/vendors could assist with compliance... The solution providers that appear in the guide are those that have come forward and described how their solutions can help businesses looking to get GDPR compliant."
    1. (‘lawfulness, fairness and transparency’) processed lawfully, fairly and in a transparent manner in relation to the data subject
    2. (‘purpose limitation’) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
    3. (‘data minimisation’) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
    4. (‘accuracy’) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
    5. (‘storage limitation’) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
    6. (‘integrity and confidentiality’) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss destruction or damage, using appropriate technical or organisational measures."
As further context on the topic, Wikipedia offers:
  • "The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a Regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU. The Commission's primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1] When the GDPR takes effect it will replace the data protection directive (officially Directive 95/46/EC) [2] from 1995."
And Dell sponsored a third-party survey on these new rules. The report highlights the state of response from the general corporate sector (short version: likely lacking).

Is your firm ready? Or getting ready to be ready? May 2018 will come sooner than we think... And it looks like, on the compliance side, firms are already planning their GDPR litigation offerings.

Sunday, November 27, 2016

VIDEO: External Vendor Risk Management (Drivers, Trends & Approaches)

A recording of last summer's well attended session on vendor risk management is now available: "Vendor Procurement, Risk and Relationship Management" --

Jointly produced by Intapp and HBR Consulting, this video explores the various factors causing firms to pay even closer attention to the way they select, evaluate and manager their external vendors. (Client information security mandates are just one of several drivers.)

Scott Springer and Mark Denner from HBR reviewed industry trends and how innovative approaches, supported by new technology, enable firms to streamline procurement, evaluate vendors and address increasingly stringent client and industry requirements.
They also reviewed the vendor lifecycle and demonstrated of HBR Consulting's procurement management solutions, built leveraging Intapp Flow to manage the entire vendor lifecycle, including:
  • Evaluation & on-boarding
  • Information security review
  • Performance monitoring
  • Audit & compliance
  • Off-boarding
(They've nicknamed it "NVI." V for vendor, in the same way firms have an "NBI" approach for business. Clever.)

Monday, November 21, 2016

Ethics Opinion: Don't "Bug" Me -- aka On Monitoring Lawyer Behavior (Not Your Own)

Here's a fascinating ethics opinion for the technically inclined: "No ‘Web Bugs’ on E-mail to Opposing Counsel, Bar Panel Says" --
  • "Lawyers may not use “web bugs” to track e-mail communications with opposing counsel, the Alaska bar’s ethics committee advised in an Oct. 26 opinion (Alaska Bar Ass’n Ethics Comm., Op. 2016-1, 10/26/16)."
  • "The opinion is just the second bar advisory to address whether ethics rules permit lawyers to use 'web bugs'—also known as 'pixel trackers' or 'web beacons'—to discover information about how e-mails they send to opposing lawyers have been treated."
  • "According to the opinion, a common web bugging method “involves placing an image with a unique website address” into an e-mailed document and disguising that image “as a part of the document (e.g., part of a footer).” When the recipient opens the document his or her computer “looks up the image” and transmits information back to the sender about how the message was treated, the opinion said."
  • The opinion described “web bugs” as internet surveillance tools that can tell e-mail senders:   
    • whether e-mails they have sent, or attachments to such e-mails, were opened by their recipients;
    • when those messages or attachments were opened;
    • how many times those materials were opened;
    • how long recipients spent reviewing those materials;
    • whether a recipient forwarded those materials to other persons; and
    • the rough geographic locations of the recipients.
  • "Following the lead of the only other bar panel to address this issue, the Alaska committee concluded that 'tracking electronic communications with opposing counsel through ‘web bugs’ impermissibly and unethically interferes with the lawyer-client relationship and the preservation of confidences and secrets.'"
  • "The committee said web bugs can enable lawyers to discover how long opposing counsel or parties spent reviewing e-mail messages and how frequently they viewed them, which can be “a proxy for how important” those opponents may have deemed such communications to be."

Thursday, November 17, 2016

On Clients Regulating Law Firms (or "Meet the New Boss, Same as the Old Boss")

Inside counsel writes: "Law Firms, Meet Your New Regulator: Your Client" --
  • "While major banks, retailers, hospitals and insurance companies were the brick and mortar of a growing media monument to hubris and cyber overconfidence, law firm breaches went mostly unnoticed. That is, until government agencies and law enforcement grew concerned that the wealth of intellectual property curated by law firms could be used to manipulate financial markets by front running trades."
  • "As the expression goes, misery loves company, and law firms can now commiserate with their financial clientele. Law firms represent banking and investment funds, healthcare providers, pharmaceutical companies and themselves conduct myriad financial transactions."
  • "Law firms are at the cross roads of industry. Take for example, a firm that represents an investment institution in Manhattan and who has a position in a biopharma company across the river in New Jersey. The law firm now handles investment information that is regulated by the SEC and monitored by the FBI. The firm also handles healthcare information in the form of FDA drug test results, patient records, which now falls under Health Insurance Portability and Accountability Act (HIPAA). It might also house investor information from the fund, which means the law firm has PII and is ultimately on the hook for PII requirements."
  • "With an alphabet soup of regulators and laws, it’s no wonder that the clients of law firms are now taking cybersecurity seriously. It’s a big stakes loss in the event of a data breach, and it’s the kind of breach that will not go unnoticed. In fact, SEC regulations, HIPAA and PII all have disclosure requirements meaning that a law firm cannot quietly go about business while keeping the story out of the press. That is why today, more law firms are receiving cyber due diligence questionnaires (DDQs) from their clients. As regulators such as the SEC tighten their rules, implications now reach their vendors; most notably legal services."
And, as we know, information security is just one of several areas clients are exercising their power to shape law firm policies and practices.

Wednesday, November 16, 2016

EVENT: November Risk Roundtable

Our next Risk Roundtable event in our series on outside counsel guidelines is set for November 29th in Boston.

As with the NY, DC and Chicago events, we'll be featuring presentations and discussion lead by Anthony Davis from Hinshaw & Culbertson and Eric Nerland.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact for more details.

Tuesday, November 15, 2016

More Pessimism on the Horizon? (On Client Confidentiality & Law Firm Information Security)

Caroline Hill, editor in chief of Legal IT Insider, weighs in with: "Comment: Pessimistic security – a necessary evil?" --
  • "Given the amount of commercially and potentially nationally sensitive and valuable data held by law firms, and given recent security breaches such as the Panama Papers, the question is no longer whether firms are being targeted by hackers but how, and how far they need to go to protect against a leak."
  • "While law firms have historically focused on defending their perimeter wall, the wider trend shows that attacks are becoming far more sophisticated, with spear phishing attacks tricking employees into giving away passwords and login details, potentially giving a hacker the internal privileges and access rights of that employee."
  • "Says one commentator: 'The concern among large corporations is that law firms don’t have enough complexity in their record access rules and that they have been largely left to do what they want to do. If you are a large enterprise working on a greenfield project and you know it might attract negative publicity, particularly following the Panama Paper leaks, you want to know that your law firm has better security.'"
  • "The result is that a number of firms, particularly those from the United States, are looking at significantly limiting file access within the firm. Pessimistic security flips the normal ‘optimistic’ approach of law firms on its head, with staff only able to open files where they have explicit rights. If a user has different and potentially conflicting permissions, the default position adopted will be the most restrictive."
  • "This complex exercise in damage limitation – one already adopted by a number of accounting organisations – is, for many IT directors, the stuff of nightmares, given the fast pace that law firms work at, often through the night, with major financial drivers to complete work quickly and without technical impediments."
  • "That is not to mention the fact that the knowledge capital and precedents by which law firms differentiate themselves and add client value – and in the future are increasingly likely to monetise – also currently involve sharing vast amounts of client information around the firm."
We previously noted: "InfoScary (Part 1) : A Pessimistic View on Information Security"

Thursday, November 10, 2016

Your Brother's Keeper? (Disqualification News and Views)

Lending itself to any number of colorful comments and quotes, come: "Atty Beats DQ Bid In Case Involving Brother At Fox Rothschild" --
  • "A Pennsylvania judge on Friday shot down efforts to disqualify an attorney from defending a travel agency previously represented by his brother, a Fox Rothschild LLP attorney also accused in the suit of filing a meritless bankruptcy petition, noting that the clients have waived a cited potential conflict of interest."
  • "In his order, Philadelphia Court of Common Pleas Judge Ramy I. Djerassi denied a motion filed by solo practitioner Bruce J. Chasan, the owner of travel agency Carmen Enterprises Inc., to disqualify attorney Jeffrey Goldin from representing Murpenter LLC and two affiliated individual defendants."
  • "Chasan had argued that Goldin should not be permitted to represent the Murpenter defendants because his brother, Fox Rothshchild attorney Ely Goldin, had previously represented Murpenter in an underlying breach of contract suit over an aborted merger and is now named as a defendant in the instant litigation, alleging wrongful use of civil proceedings."
  • "But Goldin’s clients have stated that they are aware of the family relationship and the potential risk it could pose, and still choose to retain Goldin as their lawyer, Judge Djerassi said. 'Based on this informed consent and attorney Jeffrey Goldin’s own written and verified responses here, we believe his sworn promise that he will devote paramount loyalty to his client,' the judge said. 'We believe he will preserve all necessary confidentialities from his brother and represent his client zealously.'"
  • "In addition to seeking to remove counsel for Murpenter, the plaintiffs have also asked the court to disqualify Bochetto & Lentz and its attorneys George Bochetto and John O’Connell from representing Fox Rothschild because the firm’s other name attorney, Gavin Lentz, represented Chasan and his company in a breach of contract suit against his ex-wife in Montgomery County, Pennsylvania, nearly 20 years ago."
And: "Baker Donelson Fights DQ In Amazon Shipping Tussle" --
  • "Western Express Inc. argued in October that Phoenix counsel John Hicks and Jaime DeRensis of Baker Donelson’s Nashville office cannot continue on the case over allegedly unpaid invoices because the firm is actually counsel of record in currently stayed litigation launched in 2011 by the Inc. freighter. But the attorneys said Friday that it is only former counsel and there simply is no conflict since it informed Western of its Phoenix work several months ago."
  • "'While Western made vague statements that Baker Donelson's representation may present a conflict and prevent Western from using Baker Donelson as counsel in the future, it did not allege any specific conflict until almost eight months into Baker Donelson's representation of Phoenix,' the attorneys said in their opposition. 'There is no conflict of interest; even assuming a conflict of interest, Western's failure to timely assert such conflict waives any alleged conflict.'"
  • "As for the matter Baker Donelson formerly represented in, Hicks and DeRensis said that case, involving Western’s claims of embezzlement by a former employee, is not “substantially related” to the instant breach of contract matter, leaving no reason at all for disqualification under Tennessee conduct rules."
  • See the filing for more detail.

Wednesday, November 9, 2016

Conflicts, Ethical Screens and Electronic Paper Trails

Technology offers new opportunities to identify, address and mitigate risk. But it can also cut both ways -- preserving records of error, accident or omission. Over the years we've watched how standards for ethical walls and confidentiality management have evolved to keep up with the realities of how information is stored, accessed and managed. Consider a few examples [here and here] where, for example, internal access audits have played a role in discussions tied to conflicts, disqualifications and ethical screens.

This type of scenario is in the news again in: "Riker Danzig Must Review Database to Determine Disqualification Motion" --
  • "As a result of lawyers coming to and leaving the firm, Morristown's Riker, Danzig, Scherer, Hyland & Perretti must review its electronic database to see if it will be allowed to remain as counsel in a malpractice action... a three-judge Appellate Division panel said the firm, which currently represents the plaintiffs but which once represented one of the defendants, may have to be disqualified after an investigation determines who reviewed confidential files after lawyers were shuffled."
  • "In January 2014, a Riker Danzig attorney wrote an "Initial Case Analysis," which was placed in both a paper file and stored in the firm's database. The analysis, Sylvester said, was a "detailed case assessment" and strategy memorandum. On July 11, 2014, nine months after the estate lawsuit was filed in Bergen County, Sylvester and a number of other attorneys left Riker Danzig to joined Florham Park's Sherman Wells Sylvester & Stamelman. Riker Danzig was the Shoobe estate's counsel and Sherman Wells took over. Sylvester took the paper file with him, and the lawsuit was dismissed for an undisclosed reason on Aug. 27, 2014. However, a copy of the analysis remained in Riker Danzig's computer files."
  • "In April, Sylvester notified Riker Danzig of the conflict of interest. In response, Riker Danzig established what it called a "fire wall" to prevent Loalbo, along with attorneys who were also involved in the case, from accessing the file involving the Shoobe estate, including the initial case analysis... At the same time, a senior attorney at Riker Danzig, with the help of information technology personnel, reviewed the file to determine whether anyone had reviewed the analysis. That review showed that no one, other than the unidentified Riker Danzig senior attorney, had done so."
  • "The appeals court remanded the case to determine whether the Riker Danzig senior attorney only noted that the analysis existed, or whether he or she had read it. 'Reviewing anything more than the metadata concerning when the file was accessed, and perhaps a title to the document, would have unreasonably exceeded the need to determine the existence of a conflict,' Nugent said. 'In such case, there would certainly be a doubt as to the propriety of Riker's continuing representation of plaintiffs, and that doubt would be resolved in favor of disqualification.'"
  • "The firm has 20 days to file a certification from the senior attorney and the IT person who assisted him or her that generally describes the information that was accessed from the analysis and whether they reviewed the contents. The firm also must determine if the analysis could be deleted from its database and, if so, explain why the firm has not already done so. Riker Danzig has 30 days to access the file, in the presence of Sylvester and his IT person, to determine whether anyone other than the senior attorney accessed the analysis."
See the complete order.

Tuesday, November 8, 2016

Wave, Wave, Wave, Wave Goodbye...

The always excellent IP ethics and insights blog brought us its own Halloween themed, two part series on waivers (including a no-holds-barred approach to clip art), starting with: "Advanced Conflict Of Interest Waivers: Tricks Or Treats?" --
  • "Indeed, in large law firms that typically employ hundreds of lawyers in multiple offices around the globe, it is commonplace for their standard engagement agreements to include language in which the client agrees as part of the representation to waive in advance future conflicts of interest."
  • "But are such “advanced waivers” ethical?  It is one of the most vexing questions that has dogged law firms, regulators, and ethics counsel for years.  The question raises two competing schools of thought."
  • "On the one hand, the ethics rules require “informed consent” for a conflict waiver.  The idea that a client can give an “advanced” waiver of a conflict is anathema to this fundamental requirement.  How can a client be “informed” enough to give consent when they have no idea of the facts and circumstances giving rise to a conflict that has yet to arise?  Some authorities consider advanced conflict waivers to be unenforceable and in violation of public policy."
  • "The opposite school of thought treats advanced waivers based on freedom of contract principles.  A client desires to hire a law firm.  The client will do anything—including agreeing to an advanced waiver—as part of the price for retaining the firm’s services.  The client is free not to accept the provision and hire a different law firm.  But if they accept the advanced waiver, has not the client agreed to assume the risk of a future conflict?  And if the client chooses to accept the advanced waiver, why shouldn’t the law firm be entitled to rely upon the client’s agreement?"
  • "For lawyers who want a clear, definitive, black and white answer to the question of the legality and enforceability of advanced conflict waivers, unfortunately there is none.  Ethics opinions and court rulings have created a patchwork of opinions.  This lack of uniform treatment of advanced conflict waiver leads to unpredictability—the type of “trick” that most lawyers would rather avoid."
  • "Guessing incorrectly as to whether a court will uphold an advanced waiver may lead to unexpected, unfair, and even disastrous results for a law firm."
Read the full article for more detail and discussion, and see part two as well.

And with that, we hope to close the book on all scary developments this particular season...

Wednesday, November 2, 2016

Halloween Holdover: Risk Updates

Anyone who's been reading this blog for any amount of time has likely observed a slight predilection to keeping all of this risk news and commentary interesting (if not exactly edgy). So it's with delight that I highlight the creative spirit of the folks at Hinshaw for their latest newsletter. Points for creative adjectives and colorful metaphors.
  • "The editors of the Halloween edition of the Lawyers' Lawyer Newsletter invite you to enjoy frightening tales of shocking assaults by non-clients on an unsuspecting law firm; a lawyer's nail-biting escape from a disqualification motion thanks only to a less-than- diligent client; the slow motion nightmare of a lawyer's desperate and sometimes failed struggle for freedom when a client can't be contacted; and the gruesome results of an overly broad scope of engagement description. We hope these horror stories will frighten and delight just in time for All Hallows' Eve."
Disqualification — Substantially Related Matters — Waiver of Conflict by Lack of Diligence in Seeking Disqualification. State of Minnesota, et al v. 3M Company, Hennepin County (Minn.), Court File No. 27-CV-10-28862 (Feb. 5, 2016)
  • Risk Management Issue: Does a client waive its former attorney's conflict of interest by failing to promptly seek disqualification after the conflicted attorney undertakes representation of a party adverse to the former client?
  • Risk Management Solution: If there is an actual conflict on the part of an attorney who is representing a party adverse to the former client, it is imperative that the former client immediately — or at least very promptly — seek to disqualify the conflicted attorney as soon as the adverse representation becomes known. Without prompt action, the former client risks waiving the conflict and foregoing the right to seek disqualification of its former attorney — even though the attorney has knowledge of privileged information and attorney work product from a prior matter which is (or may be) substantially related to the current case. However, the law firm would nevertheless continue to be found to preserve the former client's secrets and to not to use them to the detriment of the former client.
  • Trick or Treat Editors' Note: This case is an unexpected treat for a lawyer facing a disqualification motion, if a former client fails to promptly seek disqualification after the conflicted attorney undertakes representation of a party adverse to the former client.
Disqualification — Overly Broad Scope of Engagement Creates Concurrent Representation Conflicts. M'Guinness v. Johnson et al., 243 Cal. App. 4th 602 (2015)
  • Risk Management Issue: What can counsel for a closely held corporation do to avoid disqualification in the event of shareholder disputes?
  • Risk Management Solution: This case highlights the importance of crafting engagement agreements in order to define in detail the structure and scope of the representation. A lawyer's eagerness to be a "jack of all trades" for a single client may appear to be good for business, but it could also expand the scope of duties owed to the client and thus the lawyer's malpractice exposure. Or, as in this case, it could lead to subsequent conflicts of interest and disqualification. Engagement letters need to be crystal clear about the scope of the representation, including the identity of the client and the method of termination, and abide by those terms. See also, Cal. Bus. & Prof. Code § 6147 (governing contingency fee agreements) and § 6148 (governing noncontingency fee agreements).
  • Trick or Treat Editors' Note: This case could be either a trick or a treat. For lawyers who don't specify the scope of their engagement, this case is a trick; but for lawyers who spend the time to carefully outline the scope of the engagement, it's a treat. If you've read our newsletter faithfully, we expect it will be the latter.
Like, zoinks — Several other frights in their complete update.

Tuesday, November 1, 2016

On Business Conflicts (And Avoiding Them)

Eric Mosca of InOutsource has an excellent article in the latest ILTA white paper: "The Business of Avoiding Business Conflicts" --
  • "Law firms have always been cognizant of the business conflicts that can arise when taking   on new work. Business conflicts can be described as relationships or knowledge which, while not violating professional responsibility rules, can affect a lawyer’s or law firm’s ability to be a zealous advocate for a client."
  • "Such conflicts of interest might include working with two clients in the same industry or starting a relationship with a new client that wants to confirm counsel is not averse to any of their affiliated entities. Conflicts identified too late in the game can cause difficulties, but working together within the firm, communicating with clients and utilizing the benefits of technology can help lawyers and firms maintain a legal space free of business conflicts."
  • "Business conflicts (and other issues) can arise from differing perspectives on who or what is 'the client.' Absent  clear  engagement  documentation,  a  potential client might assume their chosen counsel will represent all of the organization’s corporate affiliates and  corporate officers, or an individual might interpret their interests as represented when the lawyer’s obligation is to a corporate entity. There are myriad examples detailing discrepancies between the expectations of the client and counsel. It is increasingly common for clients to document these expectations within outside counsel guidelines."
  • "Technology and automation solutions are being employed to assist in the assessment of business conflicts — a necessity in sizable law firms to manage the volume of potential business conflicts."
  • "Business conflicts can present as much of a hurdle to taking on new engagements as traditional conflicts of interest, yet the rules outlining business conflicts are undefined and often based on assumptions. Lawyers and administrators armed with accurate data and the proper technology to analyze and communicate potential business conflicts are at a significant advantage."

Wednesday, October 26, 2016

Bzzzzt: Disqualification (Discussions, Determinations, Decisions)

Several stories to share on the theme of disqualifications. First up:"Latham Dodges DQ Bid In Zurich Lead Coverage Suit" --
  • "A Missouri federal judge on Tuesday denied Zurich American Insurance’s attempt to disqualify Latham & Watkins LLP from representing Fluor Corp. in a coverage dispute arising from lead smelting operations, saying there is no evidence the firm violated a protective order in a related state case."
  • "'The court suggests, in the future, counsel for the parties focus on the substantive issues in this case,' the order reads. 'The court has, for some time, formed an impression the acrimony among counsel is costing their clients unnecessary expense and clearly delaying disposition of this case.'"
  • "Zurich’s attorneys at Brown & James PC and Hunt Ortmann Palffy Nieves Darling & Mah filed a motion for disqualification in August, alleging that Fluor lifted protected discovery materials from its related state case against policyholder Doe Run Resources in order to fuel a counterclaim in the federal case between Zurich and Fluor."
Bill Freivogel notes: Konjevic v. Uber Techs. Inc., 2016 ONSC 5832 (CanLII) (Super. Ct. Ont. Sept. 30, 2016).
  • "Toronto sued Uber in 2015 for an injunction (“Other Case”). Represented by Firm 1, Uber won the Other Case. Lawyer was at Firm 1 and had a tangential role in the Other Case. This case is a class action by cab drivers against Uber. Firm 2 is class counsel. Lawyer has joined Firm 2."
  • "Lawyer was told on day one that he would have no role in the Uber case. Thirty days after Lawyer joined Firm 2, Uber claimed Firm 2 had a conflict. Upon receiving that objection, Firm 2 erected a formal screen. Uber moved to disqualify Firm 2."
  • "In this opinion the court denied the motion. All issues involved fact-intensive analyses. First, the court held that Lawyer’s role for Uber at Firm 1 was too insignificant to be concerning. Second, the court held that during the thirty days after being hired Lawyer was alone in Firm 2’s new Toronto office, and his only role in this case was commissioning two affidavits. Thus, on balance, the court held that no harm to Uber occurred, or was likely to occur, with Lawyer’s being at Firm 2."
Finally: "Locke Lord Wants to Weigh In On Swiss Knife DQ Appeal" --
  • "Locke Lord LLP on Monday asked the Second Circuit to allow it to intervene in a Texas knife maker's appeal of a trademark lawsuit brought by Victorinox AG after a New York federal judge decided not to disqualify the firm from representing the Switzerland-based company, despite a possible breach of ethics rules."
  • "Locke Lord said it will be better able to address the alleged conflicts cited by knife maker The B&F System Inc. stemming from the firm's merger with Edwards Wildman Palmer LLP if it acts separately from Victorinox, the Swiss Army knife maker that sued B&F over the use of its famous red handle design."
  • "B&F appealed to the Second Circuit and in February asked that the court disqualify Locke Lord. B&F said that Locke Lord violated its ethical obligations by briefly representing both Victorinox and B&F after Locke Lord merged with Edwards Wildman Palmer LLP in January 2015."

Tuesday, October 25, 2016

Conflicts From Russia, with...

Here's an update on a matter we noted earlier this year: "Law Firm Booted Off $230M Russian Mob Case" --
  • "Baker Hostetler cannot now represent the accused perpetrator of a $230 million fraud linked to the Russian mob since the white-shoe law firm already represented one of the scheme's victims, the Second Circuit ruled, calling the circumstances of the case 'extraordinary.'"
  • "One victim of the Russian treasury fraud, according to Monday's ruling, is Hermitage Capital Management. In 2007, the U.S. hedge fund's Moscow office was raided by members of the Russian mob. It is undisputed that the perpetrators stole corporate identities of Hermitage's portfolio funds to fraudulently claim tax refunds from Russia. Reuters reported that a Hermitage entity eventually retained Baker Hostetler to investigate the crime, trace the proceeds, and report their findings to U.S. prosecutors between 2008 and 2009. Once the U.S. government filed its action, however, Prevezon hired Baker Hostetler for its defense. Though the move prompted a motion to disqualify by Hermitage, accusing the firm of having "switched sides," Baker Hostetler insisted that no conflict existed because both Prevezon and Hermitage were innocent."
  • "Earlier this year, U.S. District Judge Thomas Griesa found no conflict-of-interest in what appeared to be Baker Hostetler's game of legal musical chairs. 'This case is not about Hermitage, nor is this case centrally focused on the Russian fraud,' Griesa wrote on Jan. 8. 'Even if it were, to the court's knowledge, Hermitage was never the target of a U.S. investigation for the Russian fraud, let alone an actual lawsuit. In this way, Moscow did not 'switch sides,' nor is he now accusing a former client of the 'same crime' that he was 'retained to defend against.''
  • "The Second Circuit unanimously disagreed in a scathing, 37-page opinion on Monday. 'If crime victims fear that the attorneys they hire may turn against them, they may be less likely to assist government in its investigations,' U.S. Circuit Judge Rosemary Pooler wrote for a three-judge panel. Pooler said the 'extraordinary circumstances' of this case require the rarely granted writ of mandamus. 'It is rare that a nonparty, nonwitness will face the risk of prosecution by a foreign government based on the potential disclosure of confidential information obtained during a prior representation,' the 37-page opinion states. 'That real risk, however, coupled with the misapplication of the law by the district court, outweighs the delay and inconvenience to Prevezon of obtaining new counsel.'"

Monday, October 24, 2016

Interview with a Conflicts Guru

Bill Frievogel was recently interviewed by Bloomberg BNA. An important voice in the risk community shares his latest thinking in: "Conflicts Guru Gives Lowdown on Firms' Top Frustration" --
  • "No other ethics issue has as wide an effect on the day-to-day business of law as do conflicts of interest. A conflict can mean turning away a great client or lateral hire, exposing you and your firm to malpractice liability, and even—in thankfully rare cases—criminal liability. It's no wonder that law firm general counsel cited conflicts as their top risk management concern in a recent study."
  • "Q.What are the most common types of conflicts for large firms? A.While I have not done a statistical analysis, I would guess former-client situations under Model Rule 1.9(a) and the application of the “substantial relationship” test—for law firms of all sizes. Related to that, in particular for larger firms, are lateral movements among law firms where the firms are opposing each other, and the lateral may be infected with having participated in the matter or has information about it. This implicates imputation under Model Rule 1.10 and the issue of whether a screen will cure the problem."
  • "Q.Can firms use screening mechanisms to avoid or deal with conflicts? A. About half the states specifically recognize non-consensual screens as a way to deal with lateral lawyers. Almost all states recognize screens in the case of lateral government lawyers and judicial personnel. Screens established with the consent of all involved should always work. Getting the consent is another issue."
  • "Q.What's the idea of “conflicts counsel”? A.In litigation where a law firm finds that a current or former client will be an adverse witness, and hostile cross-examination is probable, a few courts have allowed the law firm to stay in the case if another firm is brought in to conduct the cross-examination. Other courts disagree. In a Chapter 11 bankruptcy, a law firm may be able to represent the debtor or the unsecured creditors' committee if the firm will designate “conflicts counsel” who will be on call to handle a matter that might otherwise disqualify the law firm. Such was the case in Exco Resources, Inc. v. Milbank, Tweed, Hadley & McCloy LLP (In re Enron Corp.)"
  • "Q. When is a conflict of interest likely to engender a malpractice claim? A. The situations are many and varied. There are two prominent categories in my mind. First, where a law firm loses a litigation costing a client a lot of money. Then the client learns that the law firm had other representations or relationships possibly causing the law firm to “throw” the case, or not do the best job. The other category is a business failure where the failed client learns the law firm had other relationships, which caused the law firm to structure the business or transaction in a way to favor someone else, to the detriment of the client."
  • "Q.You're in Chicago. Are the Cubs going all the way? A. Argh! You would ask that. I am a lukewarm Cubs fan, because I grew up in Southern Illinois with Harry Caray and the Cardinals. The Major League playoffs can break your heart, but it would be a great party here."

Sunday, October 23, 2016

EVENTS: Risk Roundtables (New Chicago Session + DC Report)

We were pleased to announce the next Risk Roundtable. Our first session of the season took place in New York, and we recently hosted a Washington DC event that was quite successful. Here's a snapshot:

This series focuses on outside counsel guideline  and terms of business management.

Our next event in this series is set for November 9th in Chicago. As with the NY and DC events, we'll be featuring presentations and discussion lead by Anthony Davis from Hinshaw & Culbertson and Eric Nerland.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact for more details.

Thursday, October 20, 2016

InfoScary (Part 4b) : Medical Issues, Personal Details (Compromised)

While no law firm is mentioned, this update certainly brings the risks of PHI and HIPAA compliance into view: "Another Way to Violate Privacy: PHI in Court Documents" --
  • "A recent court ruling illustrates yet another way patient privacy can be compromised. A federal court slapped WakeMed Health and Hospitals, a North Carolina healthcare system, with financial penalties for exposing patient information in filings it made for cases."
  • "The court also ordered WakeMed to send breach notification letters and offer one year of free credit monitoring to potentially thousands of adults and minors whose Social Security numbers or full dates of birth were included in court documents the healthcare organization filed between December 2007 and December 2015."
  • "Those documents, which were publicly available online via a subscription-based court records system, were filed in WakeMed's attempt to seek payment for debts allegedly owed by patients who had filed for bankruptcy protection."
  • "'There is a real tension between some 'public records' laws related to court filings and other kinds of laws,' says privacy attorney Kirk Nahra of the law firm Wiley Rein. 'Major advice is to always be incredibly careful whenever you are disclosing any kind of patient information in any kind of public setting - it is possible that you need to do it, but usually there is a better way.'"
  • "'The HIPAA training did not cover bankruptcy claims filing,' the court ruling states. 'Ms. Soles also had no supervision with respect to filing claims, and testified that no one else in her department knew how to file bankruptcy claims. There was no audit system in place, and Ms. Soles had no direct contact with the legal department of WakeMed.'"

Wednesday, October 19, 2016

InfoScary (Part 4a) : Medical Issues, Personal Details

Today, let's revisit the scary world of government regulation and personal health information. This September article in the Indiana Lawyer sums things up quite nicely:"Business associate classification and HIPAA liability for lawyers" --
  • "When business associates such as law firms come in contact with PHI from covered entities, they have to comply with regulations that include using the information only for the purposes for which they were engaged, safeguarding the information and helping the covered entity comply with its obligation under the privacy rule."
  • "PHI is interpreted broadly and includes any information about health status, provision of health care or payment for health care that can be linked to a specific individual. It includes any part of a patient’s medical record or payment history. Business associate agreements (BAA) are contracts between HIPAA-covered entities and business associates. BAAs are used to protect PHI in accordance with HIPAA guidelines."
  • "What is the impact of the business associate classification on lawyers and law firms?  The lawyer qualifies if he or she provides legal services to such covered entity other than as a member of the workforce of the entity... The commentary in the final rule provides insight into what qualifies an entity as a business associate by stating, 'a person becomes a business associate by definition, not by the act of contracting with a covered entity or otherwise.'"
  • "Therefore, liability for impermissible uses and disclosures attaches immediately when a person creates, receives, maintains, or transmits protected health information on behalf of a covered entity or business associate and otherwise meets the definition of a business associate.” If the answer is yes, then lawyers and law firms must ensure compliance with the HIPAA regulatory scheme."
  • "As for the security rule, it mandates that business associates address the following areas about their required security risk management program: administrative safeguards; physical safeguards; and technical safeguards. Business associates must implement security measures to reduce risks and vulnerabilities. For example, one measure provided by the security rule is the identification of a security official who is responsible for the development and implementation of the policies and procedures required for the covered business associate. This individual designated by a law firm manages the implementation of security rule requirements and safeguards. Under HITECH, the government is required to conduct random audits of business associates to determine if they are complying with the privacy, security and breach notification rules of HIPAA. In the event this occurs, the security official will be the person the government initially speaks with."
  • "As a business associate, a law firm must notify a covered entity if unsecured protected health information is breached, used, accessed, acquired, or disclosed in violation of the privacy or security rules. Lawyers and law firms that represent covered entities as clients must comply with all relevant HIPAA regulations. As business associates, law firms must adhere with the requirements established by HIPAA including the required security risk management program consisting of administrative safeguards; physical safeguards; and technical safeguards."
  • "First, administrative safeguards include implementing policies and procedures regarding security and confidentiality of PHI, training new and existing employees on security and protecting PHI, and adopting measures to identify and resolve security violations where individuals improperly access and/or disclose PHI. Second, physical safeguards such as facility access controls, secured floors, networks, offices and computers, security for work stations, and device and media controls should be implemented. Lastly, technical safeguards include computer access control, audit controls, data transmission security, secure password and encryption, network security, set up systems to automatically log off work stations, and assign unique user identifier to identify and track user activity."
  • "In light of this enforcement action and with Phase 2 HIPAA audits underway, law firms that qualify as business associates need to ensure compliance with HIPAA’s business associate provisions by reviewing current business associate relationships and executing written agreements (if not already in place) and by reviewing current policies and procedures related to business associates to ensure there are individuals who are monitoring, negotiating and documenting business associate relationships."

Tuesday, October 18, 2016

InfoScary (Part 3) : Insider (Trading) Threat, Tricks (No Treats)

Adding to our Halloween theme comes the coda to one story about insider threats, delivering a bit of punishment to address the crime: "Law firm employee sentenced in $5.6M insider trading scheme" --
  • "A former employee of a Manhattan law firm that deals in mergers and acquisitions was sentenced to nearly four years in prison Wednesday, after admitting he provided information used in an insider trading scheme to net $5.6 million in profits, U.S. Attorney Paul Fishman announced Wednesday."
  • "The employee, Steven Metro, 42, of Katonah, N.Y., who managed the firm's law clerks, was indicted in January 2015 and later pleaded guilty to two counts charging him with securities fraud and conspiracy to commit fraud. He was sentenced Wednesday to 46 months in federal prison by Judge Michael A. Shipp in U.S. District Court in Trenton, Fishman said."
  • "Like something out of an Oliver Stone film, prosecutors say that from 2009 to 2013, Metro searched the computer system of the firm, Simpson Thacher & Bartlett LLP, using key words like 'merger agreement,' 'bid letter,' and 'due diligence,' to find information on impending transactions involving companies represented or advised by Simpson Thacher."
We covered this episode when it first came to light, along with several other examples of the years about how unfortunate actors, taking advantage of internal access in pursuit nefarious ends.

These stories are not just about lawyers, several include staff: both support staff and even IT staff with administrator access to document repositories (raising even more complex questions about who watches the watchers).

Monday, October 17, 2016

InfoScary (Part 2) : Confidentiality Protection Matters

Information security is not just about preventing external breaches. It’s also about controlling and tracking internal access to and use of sensitive information (both client and firm data). Take protective orders.

Often coming into play during litigation, protective orders limit how sensitive information may be accessed with a firm or disclosed to external parties. In these instances, lawyers, internal staff and external expert witnesses may be required to read and sign the order and follow its guidelines. Such guidelines usually stipulate that only parties actively working on the matter may have access to designated materials in both physical and electronic form. Pleadings filed with the court referring to protected materials may need to be filed under seal. Firms must also control access to such work product during the creation process. This means restricting access to relevant work product stored in generally accessible information repositories such as document management libraries.
Here are a few recent related stories in the news

"Robins Kaplan Sued For $1M Over Disclosing Discovery Docs" --
  • "Robins Kaplan LLP was hit with a $1 million trade secrets suit in California federal court Thursday by two garment manufacturers that allege the firm publicly disclosed confidential discovery information the plaintiffs had filed in underlying copyright infringement suits."
  • "Garment manufacturers and distributors Ms. Bubbles Inc. and R&S Worldwide Inc. are accusing discount clothing retailer Rue 21 and its attorney, David Martinez — the co-chair of Robins Kaplan's retail industry practice groups — of publicly revealing the confidential company information in court filings, violating state and federal trade secrets laws, and causing them at least $1 million in damages."
  • "'Plaintiffs never would have produced the aforementioned information to Rue 21 or its counsel, even under an 'attorney's eyes only' designation, had they known that this information would be disseminated to the public at large through court filings,' the manufacturers contend."
  • "As part of those suits, both manufacturers provided Rue 21 with detailed information about their costs of goods, revenues and profits in response to interrogatories filed by Rue 21, with the expectation that the information would be kept for 'attorneys eyes only.'"
  • "The manufacturers also allege Rue 21 and Robins Kaplan are liable for breach of contract because they violated protective orders that were entered in both of the copyright suits specifically to keep the discovery responses at issue confidential."
  • "The U.S. International Trade Commission on Wednesday publicly reprimanded Quinn Emanuel Urquhart & Sullivan for 'pervasive problems at the firm' in safeguarding confidential business information from Apple Computers that it obtained while representing Samsung in patent litigation against the computer company. No monetary sanctions attached to the reprimand, which stemmed from the fact that the firm breached an administrative protective order issued by the ITC."
  • "The ITC summarized its reprimand: The Commission determined that the law firm of Quinn Emanuel Urquhart & Sullivan breached the Administrative Protective Order by failing to adequately control access to confidential business information ('CBI') in the investigation and litigation in [San Jose federal court]. As a result, Quinn Emanuel attorneys and [Samsung] employees … improperly disclosed CBI to more than 140 unauthorized persons over a 14-month period. Quinn Emanuel is being publicly reprimanded for pervasive problems at the firm in safeguarding CBI."
  • "The ITC also provided a more detailed version of events that related how a junior associate at Quinn Emanuel failed to redact confidential information in one document, which was then repeatedly shared with Samsung employees and at one point was disseminated in an Italian Court."
  • "Firm chair John Quinn issued the following statement: As stated in the ITC order, we had an associate who did not fully redact a small amount of information that had been designated as confidential from an expert report before sending it to our client. Although, as the Commission found, this was inadvertent, it was a serious matter.  Unfortunately, we missed opportunities to discover and remedy the problem, which was compounded when the report was later forwarded to many other lawyers and consultants working on related matters and some of the information was unknowingly included in other documents which were similarly distributed."

Sunday, October 16, 2016

InfoScary (Part 1) : A Pessimistic View on Information Security

With the success of "Shark Week" this past summer, our focus on Outside Counsel Guidelines and Terms of Business Management, and a brimming list of new updates to share on an old theme, we're kicking off the Halloween fright season with "InfoScary," and focusing on information security and confidentiality management.

First up, comes a fascinating story from the Legal Technology Insider (known also as "The Orange Rag," because of it's roots -- It was originally paper based... distributed on orange media to prevent photocopying). They note: "Dentons trials NetDocuments & pessimistic security model" --
  • "Dentons is set to launch a proof of concept of NetDocuments’ cloud-based document management system, as the 7,300-lawyer firm also moves closer to locking down its files to all but those immediately involved in its matters. Dentons is a long term iManage client but, as part of a five-year plan put in place by global chief information officer Marcel Henri, will review its DMS and knowledge management arrangements in two years’ time."
  • "The trial comes as Dentons also moves closer to a pessimistic security model, under which documents are only accessible by staff who are granted access by the firm. Fears over security, particularly sophisticated phishing attacks, where a hacker tricks staff into handing over confidential login details and assumes their privileges, have led a number of firms to discuss increasing their internal security measures. However, for reasons of convenience, cost, and resources, the vast majority of law firms still operate an optimistic security model, whereby documents are often restricted but the default position is that they are accessible across the firm."
  • "Henri told Legal IT Insider: 'There is a push within the firm for a completely pessimistic security model; it’s what clients expect. The business gets it but of course some parts of the business are resisting it because it limits your ability to share knowledge and content. Firms have invested heavily in search but what is a search if everything is locked down?'"
  • Dentons is currently trialing a pessimistic security model in Germany and Henri added: 'Whatever solution we go with, whether it be iManage or NetDocuments, it will most likely be under a pessimistic security model... ne scenario we have discussed is to draw a line in the sand and say that, from a given date, we will apply a pessimistic security model and lock things down. In order to be able to share best practice and model documents, you are going to have to put more effort in the qualification of those documents and you are going to have to clean them and profile them, which is an extra workload.'"
  • "he decision follows recent high profile security breaches and leaks such as the Panama Papers. Henri said: 'In light of the many recent security breaches that have made the headlines, I simply don’t think firms will have a choice.'"
We've covered these issues before, but it's fascinating (and quite informative) to see such a prominent firm so publicly discuss its plans in motion. We previously noted:
  • "There has been a growing legal industry shift towards adopting 'members only' internal security models, where only individuals that are members of a particular matter team can access sensitive client data, or 'hybrid' models where matters in specific practice groups or geographies default to closed access, while others remain open."
  • "According to the just-published ILTA technology survey, the number of firms moving to a "pessimistic" security model grew by 50% in the past year. (Though, for context, we note that the survey reports that 6% of firms have embraced the closed or hybrid confidentiality model.)"
I'd be remiss if I also didn't note that given the complexities associated with managing complex and often overlapping information access and security policies, firms look to commercial solutions. And the ILTA technology survey highlights the growing adoption of these solutions (and the market leader):
  • 81% of firms now report using software to manage ethical walls and internal confidentiality controls – a 16-point jump from last year.
  • Intapp continues to lead in this category, serving 79% of firms with 150+ lawyers using commercial information security software.
For more information about enhancing information security and confidentiality management, there's no better voice than webinars and case studies of peer firms: Intapp Walls Webinar Library.

Thursday, October 13, 2016

Insurance Matters (Mysteries Explored)

Hat tip to the Legal Ethics Forum for noting: "The Mystery of Mutual Insurers in Lawyers Professional Liability Insurance" --
  • "Large law firms in the U.S. rely heavily on lawyers-only mutual insurers to manage their malpractice risks. Yet, under classic economic theory, mutual insurers should not be able to compete with stock insurers, at least absent a market failure. Mutuals have less access to capital and thus less ability to spread risk. Also, mutuals demand much more law firm partner time."
  • "Our research into the lawyers’ professional liability (LPL) insurance market makes three contributions. First, while we find evidence consistent with the traditional explanations for mutual insurance — market failures related to moral hazard and adverse selection and a problem with long-term contracting, we also provide a new autonomy explanation. Many lawyers, and presumably other professionals, perceive that mutual insurance promotes professional independence in the face of the social control imposed by liability and insurance.
  • "Second, we crack open the windows on a secretive aspect of law firm risk management, revealing the variable, hybrid nature of LPL mutual insurance arrangements."
  • "Third, we reframe the scholarly understanding of the relationship between organizational forms. The corporate law and insurance literature typically views mutual and stock insurers solely as competitors. We show that they also play complementary roles, as all of these mutual insurers engage extensively with commercial insurers through reinsurance or excess insurance."
  • "At least in this context, mutual insurance is not an alternative to stock insurance, but rather a way to manage access to the powerful risk distributing potential of stock insurance. Indeed, the availability of mutual insurance may favorably affect the behavior of stock insurance companies even outside of their relationships with the mutual insurers. Accordingly, our research suggests that lawyers’ participation in their mutual insurers provides benefits not only to their firms, but also to the legal profession."

Wednesday, October 12, 2016

Recent Ethics Opinions: More Naming From Texas + Not-So-Well-Known Knowns

Several ethics updates to share. First, recalling a bit of fun poked back in 2014 when the state took aim and title inflation (aka "The Too Many Chiefs in Texas" saga), comes a new update from a state famous for not being messed with and doing things big: "Ethics Opinion Questions Use of Swiss Verein Firm Names in Texas" --
  • "Texas lawyers practicing at firms organized as a Swiss verein may change how they identify themselves because of a recent opinion issued by the State Bar of Texas Professional Ethics Committee. Opinion 663, issued in September, concludes that under the Texas Rules of Professional Conduct, Texas lawyers in an organization such as a Swiss verein may not use the name of the organization as their law firm name on pleadings or other public communication unless all names in the verein are current or former lawyers in the firm or a predecessor as permitted by Rule 7.01(a)."
  • "The opinion, issued at the request of a Texas attorney practicing at one of the vereins, would presumably affect Texas lawyers in a number of firms, including five firms on the Am Law 100 ranking of the nation's highest grossing firms. Firms identified as Swiss vereins on that list include DLA Piper, Baker & McKenzie, Hogan Lovells, Norton Rose Fulbright and Squire Patton Boggs."
  • "A Swiss verein is a corporate holding structure wherein the firms share activities such as strategy and branding but maintain financial independence."
  • "Mark Osborn, a partner in Kemp Smith in El Paso who chairs the committee, said Texas ethics opinions are considered advisory and not binding on the Texas Supreme Court. 'Literally nothing is going to happen unless someone else does something,' Osborn said. For instance, he said, a Texas lawyer could face disciplinary action if someone files a grievance against the lawyer for using a Swiss verein name in the wake of the opinion. That would be a 'rare' occurrence, Osborn said. More likely, firms will read the opinion and decide if they need to make changes because of it, he said."
That last quote about "doing something" almost begs for a joke about "drawing," or Jack Palance in Shane..

Next, speaking of names, North Carolina notes that: "Equity Stake Isn’t a Prerequisite for ‘Partner’ Label" --
  • "The North Carolina State Bar Association issued Formal Ethics Opinion 9 advising that professional corporations are allowed to designate lawyers in their firm as 'partner,' 'income partner,' and 'non-equity partner,' even if those lawyers do not own any interest in the firm and have no authority to vote on corporate governance matters."
  • "However, a lawyer who is designated as a partner must have been promoted based on legitimate criteria. Additionally, the Ethics Committee noted that any firm lawyer who has been promoted to “partner” will be held to all professional responsibilities that accompany that role, such as the supervisory responsibilities required by Rule of Professional Conduct 5.1."
Here in California, we sometimes like things complicated and nuanced, which brings us a reconfirmation of what might be called the "Not-So-Well-Known Knowns" principle: "California opinion reaffirms traditional view on the extent of the duty of confidentiality" --
  • "On that point, California's interim ethics opinion reaffirmed the old principle concluding that '[a] lawyer may not disclose his client’s secrets, which include not only confidential information communicated by the client to the lawyer, but also publicly available information that the lawyer obtained during or related to the professional relationship which the client has requested to be kept secret or the disclosure of which might be embarrassing or detrimental to the client.' More than a year later, the interim opinion has been officially published as Formal Opinion 2016-195 and it is available here."
Finally, from Iowa, comes a bit of truth or dare: "Lies to Counsel Violate Rule on Truthful Statements" --
  • "The ethics rule against making false factual statements to third persons covers lies to opposing counsel, the Iowa Supreme Court held Sept. 16 ( Iowa Supreme Court Attorney Disciplinary Bd. v. Barnhill , 2016 BL 305056, Iowa, No. 16-0731, 9/16/16 )."
  • "Rule 32:4.1(a) of the Iowa Rules of Professional Conduct forbids false statements to third persons about material facts when representing a client. Opposing counsel is a third person within the meaning of that rule, even though there’s a separate professional conduct rule on fairness to opposing counsel, Justice Daryl L. Hecht said."
  • "The opinion highlights the broad duty of honesty lawyers have towards anyone they deal with on behalf of on a client. Opposing counsel isn’t excluded from the universe of third persons to whom lawyers owe the obligation of truthfulness, according to the court."