Thursday, April 7, 2016

Disqualifications (Attempted), Patents (Pursued), Conflicts (Contested) & Malpractice (Alleged)

Several interesting updates to share today. First: "Skadden Hit With Malpractice Suit By Evergreen Creditors" --
  • "Lenders who are owed $90 million by bankrupt Evergreen International Aviation Inc. on Thursday made good on their vow to sue Skadden Arps Slate Meagher & Flom LLP, claiming the firm’s conflicted representation cost Evergreen $35 million in damages."
  • "The creditors accuse the law firm of having an “incestuous relationship” in which it represented multiple Evergreen entities and their late founder, Delford Smith, turning a blind eye to 'impermissibly conflicting and divided loyalties' that arose as a result of Skadden’s multiple representations."
  • "'Defendants cannot and should not be able to retain substantial legal fees drained from the debtors’ estates as Skadden disloyally and simultaneously represented other Smith-owned entities with conflicting interests,' the lenders said."
  • "U.S. Bankruptcy Judge Mary F. Walrath on March 23 granted standing and authority to the prepetition lenders to sue Skadden over its representation of the Evergreen entities, after Chapter 7 trustee Alfred Giuliano refused to pursue claims against the firm."
Next, costs avoided (hat tip to Bill Freivogel for flagging) commentary via David Hricik: "Baker Botts Dodges $42 million Verdict in Patent Conflict Case" --
  • "This is a fascinating case on several levels, Axcess International, Inc. v. Baker Botts LLP (Tex. App. Dallas March 2016).  Baker Botts was representing one client, Axcess International, Inc. (“Axcess”) in prosecuting patent applications involving certain radio frequency identification technology. After it had filed those applications, it began to represent another client, Savi Technologies, Inc. (“Savi”) in prosecuting applications on similar technology. There is a lot going on in the case, but essentially Axcess sued Baker Botts and alleged two breaches of duty."
  • "First, that, but for a conflict of interest between Savi and Axcess, Baker Botts would have broadened claims the firm had been pursuing for Axcess. The opinion is hard to follow but there seem to be two, related, claims made by Axcess."
  • "Axcess argued that had it broadened its claims, the USPTO would have declared an interference with a then-pending Savi application, and Axcess would have prevailed. Put the other way, Baker Botts “pulled its punches” – had a material limitation in terms of 37 C.F.R. 11.107, I presume — on its ability to represent Axcess – because of its representation of Savi. Had it prevailed in the interference, Axcess would have claims to subject matter that turned out to be the lucrative technology. That leads to the second basis, which is that the broadened claims would have issued to Axcess and would have covered the lucrative terrain."
  • "The case went to trial and the jury awarded $42 million dollars to Axcess. However, Baker Botts moved that judgment be entered in its favor, and raised four grounds. The trial court granted the motion without saying why."
Next, another patent matter: "Fish & Richardson Ducks DQ Bid Over Patent Judge Hire" --
  • "Fish & Richardson PC, which represents the last five among scores of retailers and travel companies Parallel Networks LLC targeted in a data processing patent case, on Thursday survived a disqualification bid over the firm's hire of a onetime federal judge who previously oversaw the litigation."
  • "In an order denying the patent-holding company's June disqualification request, U.S. District Judge Robert W. Schroeder III of the Eastern District of Texas said the firm’s notification to Parallel Networks and the court about the hire of former federal Judge Leonard Davis was timely."

Wednesday, April 6, 2016

Feeling a Little Insecure about Information Security? (Lawsuits Coming?)

It looks like the source of the 'Panama Papers' was external: "'Panama papers' came from e-mail server hack at Mossack Fonseca" --
  • "The staggering, Wikileaks-beating “Panama Papers” data exfiltration has been attributed to the breach of an e-mail server last year... Bloomberg says co-founder Ramon Fonseca told Panama's Channel 2 the leaked documents are authentic and were 'obtained illegally by hackers.'"
  • "According to The Spanish, the whistleblower (here in Spanish) accessed the vast trove of documents by breaching Mossack Fonseca's e-mail server, with the company sending a message to clients saying it's investigating how the breach happened, and explaining that it's taking 'all necessary steps to prevent it happening again.'"
This story comes on the heels of reports last week of other hacked law firms. The Recorder notes: "Law Firm Data Practices Draw New Scrutiny" --
  • "Several of the nation's largest law firms acknowledged this week that a cyberhacker seeking highly valuable details of M&A deals in the works had sought to breach their computer systems. No one was surprised. For years, law enforcement agencies, security consultants and legal experts have warned that law firms and their electronically stored records are potential treasure troves for criminals eager for an edge in the stock market or a particularly sensitive batch of data to sell or ransom."
  • "But when it comes to overseeing the information-handling practices of lawyers and law firms, regulators have largely shied away. The Federal Trade Commission and the U.S. Department of Health and Human Services police businesses' health record practices. The Federal Reserve has pages and pages of rules governing financial institutions. Securities broker-dealers and investment advisers must register with the U.S. Securities and Exchange Commission. Law firms, however, with their own corporate structures and unique ethical obligations, don't fall neatly under the jurisdiction of those regulatory agencies. And those agencies don't appear to be scrambling to add legal practices to their oversight duties."
  • "Law firms could be subject to a limited scope of data regulatory scrutiny soon. The Department of Health and Human Services' Office of Civil Rights announced in March that for the first time it will audit a small number of business associates of entities covered by the Health Insurance Portability and Accountability Act, or HIPAA. Law firms, in some instances, will qualify as those targeted associates."
  • "[Days before the Panama Papers incident,] John Reed Stark, a former SEC enforcement lawyer who now runs a consulting firm in Bethesda, Maryland... said that he could foresee a breach so catastrophic that "given the expense, and given the damage they could incur ... it may very well be the death knell of a law firm. 'I'm not sure that law firms truly appreciate that,' he said."
And then comes: "BigLaw In Crosshairs As Firm Plans Data Breach Litigation" --
  • "Following reports that Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP suffered data breaches at the hands of hackers, a plaintiffs law firm said Thursday that it plans to bring class action legal malpractice litigation against legal industry players over the exposure of client information."
  • "Law firms have a professional duty to protect the privacy of client information, but most of them are not doing a good job when it comes to protecting that information from hackers, according to Jay Edelson, founder and CEO of privacy class action law firm Edelson PC, which nearly a year ago began investigating class action litigation against as-of-yet unnamed law firms over client data breaches."
  • The planned class action litigation will involve claims for breach of contract and legal malpractice, Edelson said. 'There's no question the firms have a legal duty to take reasonable protections to protect data, and if they're not doing that they’re breaching their standard of care,' he asserted.
  • He added that, according to the firm’s research, he believes that many law firms targeted by hackers do not inform clients about resulting data breaches in a timely manner. 'We’ve heard story after story from our friends on the defense side — it’s a worst-kept secret that there are data breaches all the time at law firms, and there are a ton of state laws which require notification of data breaches, and the law firms seem to not care about those laws,' Edelson said."

Tuesday, April 5, 2016

A (Risky) Man, a (non-compliant) Plan, a (Perilous) Canal – Panama

Read any interesting articles lately about law firms, leaks and information security?

The legal community is clearly abuzz at the revelations coming out of the leak from law firm Mossack Fonseca, described as the world’s fourth-largest offshore services provider.

Upon hearing the news this weekend, my immediate thought was: Was this an external hacker? Or an internal leaker? As we've covered many instances of incidents like these (on much smaller scales) origination from within and without. Facing surprising sunlight into is operations and client roster, the firm said:

  • "We are responsible members of the global financial and business community. We conduct thorough due diligence on all new and prospective clients that often exceeds in stringency the existing rules and standards to which we and others are bound. Many of our clients come through established and reputable law firms and financial institutions across the world, including the major correspondent banks, which are also bound by international 'know your client' protocols and their own domestic regulations and laws."
We're actively reviewing several interesting stories and developments highlight the emerging facts, unfolding impact,  underlying issues, and continuing industry discussions about this shocking development. Here's one via the American Lawyer: "'Panama Papers' Put Spotlight on Law Firm Data Security" --
  • "The Panama Papers leak is reportedly the biggest ever data breach and calls into question the ability of law firms to protect clients' data. Some 11.5 million leaked documents reveal information on the offshore fortunes of public figures such as Icelandic Prime Minister Sigmundur Gunnlaugsson as well as information on individuals associated with Russian president Vladimir Putin."
  • "Benedict Hamilton, Europe, Middle East and Africa managing director of risk consultant Kroll Experts, said that although firms are already taking security measures to protect private data, much more still needs to be done. ‘I definitely think they need to up their game on data security... I don't think they are doing nearly enough,’ said Hamilton. ‘No company can totally protect itself against an employee abusing trust, but there are things you can do that make it harder for people to leak documents.’"
  • "Ropes & Gray privacy and data security partner Rohan Massey said: ‘The risk we have is incredibly real and we are now as a sector being targeted because of the sensitivity of the information we hold. As a profession we do need to ensure that our houses are safe and maybe we lag behind because we focus on clients.’"