Wednesday, November 30, 2016

Positional Conflicts – Those Tweets & Posts (May) Create Serious Conflicts Problems



"Tweeting, Blogging Lawyers Warned About Positional Conflicts" --
  • "Lawyers who blog or tweet about legal developments should be cautious 'when stating positions on issues' because 'those stated positions could be adverse to an interest of a client, thus inadvertently creating a conflict,' the District of Columbia bar’s ethics committee advised in November."
  • "The guidance came in one of two simultaneously issued opinions that discuss a host of ethical issues involving lawyers’ use of social media (D.C. Bar Legal Ethics Comm., Ops. 370 and 371, 11/16)."
  • "But the D.C. panel also highlighted a few risks that were not emphasized in prior ethics opinions. One apparently novel warning was on the risks of creating so-called 'positional' conflicts when blogging or tweeting about legal developments. These are conflicts that can arise when a lawyer advances one position but needs to argue the opposite on a client’s behalf."
  • "The panel warned that lawyers who blog or tweet about legal developments may run into ethical problems if they state positions on legal issues that conflict with positions they have advanced, or may be called on to advance, on a client’s behalf."
  • "The committee said lawyers who engage in online musings of this sort may inadvertently create a positional conflict under D.C. Rule of Professional Conduct 1.7(b)(4). That rule says a lawyer may not represent a client in a matter if 'the lawyer’s professional judgment on behalf of the client will be or reasonably may be adversely affected by ... the lawyer’s own financial, property or personal interests.'"
  • "Accordingly, Cornett said, "If a blawger whose reputation is entwined with her blawg needs to take a contrary position in order to advance a client’s interests, she may be ‘materially limited’ from doing so because of that reputational interest.'"
This development is interesting on several levels -- The distinction between social/blogging commentary and other forms of expression being just one. (Though, the text of the opinion itself covers communications mechanisms as diverse as yelp, email lists and even general email, while acknowledging differences apply based on a number of factors.)

(I suspect that somewhere out there may be a lawyer who actually represents Twitter, who may be tempted to weigh in publicly on this particular opinion... maybe even via a tweet... but the circular logic loop of that potential conflict is too much to consider at the moment...)

Tuesday, November 29, 2016

New European Data Privacy and Security Rules (GDPR)



The newly launched GDPR Wiki site offers a plethora of information on these pending rules:
  • "Coming to you in May 2018, the GDPR is the most significant development in data protection that Europe, possibly the world, has seen over the past twenty years and therefore unsurprisingly is designed to better take into account modern technologies, the way we work with them today and are likely to work in the future. In addition, there is a much greater emphasis on compliance following a widely held belief that business had not taken data privacy seriously enough previously. As a consequence, penalties are considerably harsher and the compliance requirements are intended to spread a far wider net to include small and medium businesses."
This initiative is resource delivered by Tim Hyman, former IT director of law firms including Reed Smith and Taylor Wessing.

The site has published and distributes several resources, including: "The Essential Guide to GDPR" --
  • "Following recent presentations on the potential impact of GDPR at a number of global law firms and a presentation to the Institute of Barristers Clerks, I have been asked to compile a guide as to the basic principles of GDPR, how they may impact technology systems and which software tools/vendors could assist with compliance... The solution providers that appear in the guide are those that have come forward and described how their solutions can help businesses looking to get GDPR compliant."
  • "THE 6 GDPR DATA PROTECTION PRINCIPLES:
    1. (‘lawfulness, fairness and transparency’) processed lawfully, fairly and in a transparent manner in relation to the data subject
    2. (‘purpose limitation’) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
    3. (‘data minimisation’) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
    4. (‘accuracy’) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
    5. (‘storage limitation’) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
    6. (‘integrity and confidentiality’) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss destruction or damage, using appropriate technical or organisational measures."
As further context on the topic, Wikipedia offers:
  • "The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a Regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU. The Commission's primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1] When the GDPR takes effect it will replace the data protection directive (officially Directive 95/46/EC) [2] from 1995."
And Dell sponsored a third-party survey on these new rules. The report highlights the state of response from the general corporate sector (short version: likely lacking).

Is your firm ready? Or getting ready to be ready? May 2018 will come sooner than we think... And it looks like, on the compliance side, firms are already planning their GDPR litigation offerings.

Sunday, November 27, 2016

VIDEO: External Vendor Risk Management (Drivers, Trends & Approaches)



A recording of last summer's well attended session on vendor risk management is now available: "Vendor Procurement, Risk and Relationship Management" --

Jointly produced by Intapp and HBR Consulting, this video explores the various factors causing firms to pay even closer attention to the way they select, evaluate and manager their external vendors. (Client information security mandates are just one of several drivers.)

Scott Springer and Mark Denner from HBR reviewed industry trends and how innovative approaches, supported by new technology, enable firms to streamline procurement, evaluate vendors and address increasingly stringent client and industry requirements.
They also reviewed the vendor lifecycle and demonstrated of HBR Consulting's procurement management solutions, built leveraging Intapp Flow to manage the entire vendor lifecycle, including:
  • Evaluation & on-boarding
  • Information security review
  • Performance monitoring
  • Audit & compliance
  • Off-boarding
(They've nicknamed it "NVI." V for vendor, in the same way firms have an "NBI" approach for business. Clever.)

Monday, November 21, 2016

Ethics Opinion: Don't "Bug" Me -- aka On Monitoring Lawyer Behavior (Not Your Own)




Here's a fascinating ethics opinion for the technically inclined: "No ‘Web Bugs’ on E-mail to Opposing Counsel, Bar Panel Says" --
  • "Lawyers may not use “web bugs” to track e-mail communications with opposing counsel, the Alaska bar’s ethics committee advised in an Oct. 26 opinion (Alaska Bar Ass’n Ethics Comm., Op. 2016-1, 10/26/16)."
  • "The opinion is just the second bar advisory to address whether ethics rules permit lawyers to use 'web bugs'—also known as 'pixel trackers' or 'web beacons'—to discover information about how e-mails they send to opposing lawyers have been treated."
  • "According to the opinion, a common web bugging method “involves placing an image with a unique website address” into an e-mailed document and disguising that image “as a part of the document (e.g., part of a footer).” When the recipient opens the document his or her computer “looks up the image” and transmits information back to the sender about how the message was treated, the opinion said."
  • The opinion described “web bugs” as internet surveillance tools that can tell e-mail senders:   
    • whether e-mails they have sent, or attachments to such e-mails, were opened by their recipients;
    • when those messages or attachments were opened;
    • how many times those materials were opened;
    • how long recipients spent reviewing those materials;
    • whether a recipient forwarded those materials to other persons; and
    • the rough geographic locations of the recipients.
  • "Following the lead of the only other bar panel to address this issue, the Alaska committee concluded that 'tracking electronic communications with opposing counsel through ‘web bugs’ impermissibly and unethically interferes with the lawyer-client relationship and the preservation of confidences and secrets.'"
  • "The committee said web bugs can enable lawyers to discover how long opposing counsel or parties spent reviewing e-mail messages and how frequently they viewed them, which can be “a proxy for how important” those opponents may have deemed such communications to be."


Thursday, November 17, 2016

On Clients Regulating Law Firms (or "Meet the New Boss, Same as the Old Boss")




Inside counsel writes: "Law Firms, Meet Your New Regulator: Your Client" --
  • "While major banks, retailers, hospitals and insurance companies were the brick and mortar of a growing media monument to hubris and cyber overconfidence, law firm breaches went mostly unnoticed. That is, until government agencies and law enforcement grew concerned that the wealth of intellectual property curated by law firms could be used to manipulate financial markets by front running trades."
  • "As the expression goes, misery loves company, and law firms can now commiserate with their financial clientele. Law firms represent banking and investment funds, healthcare providers, pharmaceutical companies and themselves conduct myriad financial transactions."
  • "Law firms are at the cross roads of industry. Take for example, a firm that represents an investment institution in Manhattan and who has a position in a biopharma company across the river in New Jersey. The law firm now handles investment information that is regulated by the SEC and monitored by the FBI. The firm also handles healthcare information in the form of FDA drug test results, patient records, which now falls under Health Insurance Portability and Accountability Act (HIPAA). It might also house investor information from the fund, which means the law firm has PII and is ultimately on the hook for PII requirements."
  • "With an alphabet soup of regulators and laws, it’s no wonder that the clients of law firms are now taking cybersecurity seriously. It’s a big stakes loss in the event of a data breach, and it’s the kind of breach that will not go unnoticed. In fact, SEC regulations, HIPAA and PII all have disclosure requirements meaning that a law firm cannot quietly go about business while keeping the story out of the press. That is why today, more law firms are receiving cyber due diligence questionnaires (DDQs) from their clients. As regulators such as the SEC tighten their rules, implications now reach their vendors; most notably legal services."
And, as we know, information security is just one of several areas clients are exercising their power to shape law firm policies and practices.

Wednesday, November 16, 2016

EVENT: November Risk Roundtable



Our next Risk Roundtable event in our series on outside counsel guidelines is set for November 29th in Boston.

As with the NY, DC and Chicago events, we'll be featuring presentations and discussion lead by Anthony Davis from Hinshaw & Culbertson and Eric Nerland.


Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.
 

Tuesday, November 15, 2016

More Pessimism on the Horizon? (On Client Confidentiality & Law Firm Information Security)




Caroline Hill, editor in chief of Legal IT Insider, weighs in with: "Comment: Pessimistic security – a necessary evil?" --
  • "Given the amount of commercially and potentially nationally sensitive and valuable data held by law firms, and given recent security breaches such as the Panama Papers, the question is no longer whether firms are being targeted by hackers but how, and how far they need to go to protect against a leak."
  • "While law firms have historically focused on defending their perimeter wall, the wider trend shows that attacks are becoming far more sophisticated, with spear phishing attacks tricking employees into giving away passwords and login details, potentially giving a hacker the internal privileges and access rights of that employee."
  • "Says one commentator: 'The concern among large corporations is that law firms don’t have enough complexity in their record access rules and that they have been largely left to do what they want to do. If you are a large enterprise working on a greenfield project and you know it might attract negative publicity, particularly following the Panama Paper leaks, you want to know that your law firm has better security.'"
  • "The result is that a number of firms, particularly those from the United States, are looking at significantly limiting file access within the firm. Pessimistic security flips the normal ‘optimistic’ approach of law firms on its head, with staff only able to open files where they have explicit rights. If a user has different and potentially conflicting permissions, the default position adopted will be the most restrictive."
  • "This complex exercise in damage limitation – one already adopted by a number of accounting organisations – is, for many IT directors, the stuff of nightmares, given the fast pace that law firms work at, often through the night, with major financial drivers to complete work quickly and without technical impediments."
  • "That is not to mention the fact that the knowledge capital and precedents by which law firms differentiate themselves and add client value – and in the future are increasingly likely to monetise – also currently involve sharing vast amounts of client information around the firm."
We previously noted: "InfoScary (Part 1) : A Pessimistic View on Information Security"

Thursday, November 10, 2016

Your Brother's Keeper? (Disqualification News and Views)



Lending itself to any number of colorful comments and quotes, come: "Atty Beats DQ Bid In Case Involving Brother At Fox Rothschild" --
  • "A Pennsylvania judge on Friday shot down efforts to disqualify an attorney from defending a travel agency previously represented by his brother, a Fox Rothschild LLP attorney also accused in the suit of filing a meritless bankruptcy petition, noting that the clients have waived a cited potential conflict of interest."
  • "In his order, Philadelphia Court of Common Pleas Judge Ramy I. Djerassi denied a motion filed by solo practitioner Bruce J. Chasan, the owner of travel agency Carmen Enterprises Inc., to disqualify attorney Jeffrey Goldin from representing Murpenter LLC and two affiliated individual defendants."
  • "Chasan had argued that Goldin should not be permitted to represent the Murpenter defendants because his brother, Fox Rothshchild attorney Ely Goldin, had previously represented Murpenter in an underlying breach of contract suit over an aborted merger and is now named as a defendant in the instant litigation, alleging wrongful use of civil proceedings."
  • "But Goldin’s clients have stated that they are aware of the family relationship and the potential risk it could pose, and still choose to retain Goldin as their lawyer, Judge Djerassi said. 'Based on this informed consent and attorney Jeffrey Goldin’s own written and verified responses here, we believe his sworn promise that he will devote paramount loyalty to his client,' the judge said. 'We believe he will preserve all necessary confidentialities from his brother and represent his client zealously.'"
  • "In addition to seeking to remove counsel for Murpenter, the plaintiffs have also asked the court to disqualify Bochetto & Lentz and its attorneys George Bochetto and John O’Connell from representing Fox Rothschild because the firm’s other name attorney, Gavin Lentz, represented Chasan and his company in a breach of contract suit against his ex-wife in Montgomery County, Pennsylvania, nearly 20 years ago."
And: "Baker Donelson Fights DQ In Amazon Shipping Tussle" --
  • "Western Express Inc. argued in October that Phoenix counsel John Hicks and Jaime DeRensis of Baker Donelson’s Nashville office cannot continue on the case over allegedly unpaid invoices because the firm is actually counsel of record in currently stayed litigation launched in 2011 by the Amazon.com Inc. freighter. But the attorneys said Friday that it is only former counsel and there simply is no conflict since it informed Western of its Phoenix work several months ago."
  • "'While Western made vague statements that Baker Donelson's representation may present a conflict and prevent Western from using Baker Donelson as counsel in the future, it did not allege any specific conflict until almost eight months into Baker Donelson's representation of Phoenix,' the attorneys said in their opposition. 'There is no conflict of interest; even assuming a conflict of interest, Western's failure to timely assert such conflict waives any alleged conflict.'"
  • "As for the matter Baker Donelson formerly represented in, Hicks and DeRensis said that case, involving Western’s claims of embezzlement by a former employee, is not “substantially related” to the instant breach of contract matter, leaving no reason at all for disqualification under Tennessee conduct rules."
  • See the filing for more detail.

Wednesday, November 9, 2016

Conflicts, Ethical Screens and Electronic Paper Trails



Technology offers new opportunities to identify, address and mitigate risk. But it can also cut both ways -- preserving records of error, accident or omission. Over the years we've watched how standards for ethical walls and confidentiality management have evolved to keep up with the realities of how information is stored, accessed and managed. Consider a few examples [here and here] where, for example, internal access audits have played a role in discussions tied to conflicts, disqualifications and ethical screens.

This type of scenario is in the news again in: "Riker Danzig Must Review Database to Determine Disqualification Motion" --
  • "As a result of lawyers coming to and leaving the firm, Morristown's Riker, Danzig, Scherer, Hyland & Perretti must review its electronic database to see if it will be allowed to remain as counsel in a malpractice action... a three-judge Appellate Division panel said the firm, which currently represents the plaintiffs but which once represented one of the defendants, may have to be disqualified after an investigation determines who reviewed confidential files after lawyers were shuffled."
  • "In January 2014, a Riker Danzig attorney wrote an "Initial Case Analysis," which was placed in both a paper file and stored in the firm's database. The analysis, Sylvester said, was a "detailed case assessment" and strategy memorandum. On July 11, 2014, nine months after the estate lawsuit was filed in Bergen County, Sylvester and a number of other attorneys left Riker Danzig to joined Florham Park's Sherman Wells Sylvester & Stamelman. Riker Danzig was the Shoobe estate's counsel and Sherman Wells took over. Sylvester took the paper file with him, and the lawsuit was dismissed for an undisclosed reason on Aug. 27, 2014. However, a copy of the analysis remained in Riker Danzig's computer files."
  • "In April, Sylvester notified Riker Danzig of the conflict of interest. In response, Riker Danzig established what it called a "fire wall" to prevent Loalbo, along with attorneys who were also involved in the case, from accessing the file involving the Shoobe estate, including the initial case analysis... At the same time, a senior attorney at Riker Danzig, with the help of information technology personnel, reviewed the file to determine whether anyone had reviewed the analysis. That review showed that no one, other than the unidentified Riker Danzig senior attorney, had done so."
  • "The appeals court remanded the case to determine whether the Riker Danzig senior attorney only noted that the analysis existed, or whether he or she had read it. 'Reviewing anything more than the metadata concerning when the file was accessed, and perhaps a title to the document, would have unreasonably exceeded the need to determine the existence of a conflict,' Nugent said. 'In such case, there would certainly be a doubt as to the propriety of Riker's continuing representation of plaintiffs, and that doubt would be resolved in favor of disqualification.'"
  • "The firm has 20 days to file a certification from the senior attorney and the IT person who assisted him or her that generally describes the information that was accessed from the analysis and whether they reviewed the contents. The firm also must determine if the analysis could be deleted from its database and, if so, explain why the firm has not already done so. Riker Danzig has 30 days to access the file, in the presence of Sylvester and his IT person, to determine whether anyone other than the senior attorney accessed the analysis."
See the complete order.

Tuesday, November 8, 2016

Wave, Wave, Wave, Wave Goodbye...



The always excellent IP ethics and insights blog brought us its own Halloween themed, two part series on waivers (including a no-holds-barred approach to clip art), starting with: "Advanced Conflict Of Interest Waivers: Tricks Or Treats?" --
  • "Indeed, in large law firms that typically employ hundreds of lawyers in multiple offices around the globe, it is commonplace for their standard engagement agreements to include language in which the client agrees as part of the representation to waive in advance future conflicts of interest."
  • "But are such “advanced waivers” ethical?  It is one of the most vexing questions that has dogged law firms, regulators, and ethics counsel for years.  The question raises two competing schools of thought."
  • "On the one hand, the ethics rules require “informed consent” for a conflict waiver.  The idea that a client can give an “advanced” waiver of a conflict is anathema to this fundamental requirement.  How can a client be “informed” enough to give consent when they have no idea of the facts and circumstances giving rise to a conflict that has yet to arise?  Some authorities consider advanced conflict waivers to be unenforceable and in violation of public policy."
  • "The opposite school of thought treats advanced waivers based on freedom of contract principles.  A client desires to hire a law firm.  The client will do anything—including agreeing to an advanced waiver—as part of the price for retaining the firm’s services.  The client is free not to accept the provision and hire a different law firm.  But if they accept the advanced waiver, has not the client agreed to assume the risk of a future conflict?  And if the client chooses to accept the advanced waiver, why shouldn’t the law firm be entitled to rely upon the client’s agreement?"
  • "For lawyers who want a clear, definitive, black and white answer to the question of the legality and enforceability of advanced conflict waivers, unfortunately there is none.  Ethics opinions and court rulings have created a patchwork of opinions.  This lack of uniform treatment of advanced conflict waiver leads to unpredictability—the type of “trick” that most lawyers would rather avoid."
  • "Guessing incorrectly as to whether a court will uphold an advanced waiver may lead to unexpected, unfair, and even disastrous results for a law firm."
Read the full article for more detail and discussion, and see part two as well.


And with that, we hope to close the book on all scary developments this particular season...

Wednesday, November 2, 2016

Halloween Holdover: Risk Updates




Anyone who's been reading this blog for any amount of time has likely observed a slight predilection to keeping all of this risk news and commentary interesting (if not exactly edgy). So it's with delight that I highlight the creative spirit of the folks at Hinshaw for their latest newsletter. Points for creative adjectives and colorful metaphors.
  • "The editors of the Halloween edition of the Lawyers' Lawyer Newsletter invite you to enjoy frightening tales of shocking assaults by non-clients on an unsuspecting law firm; a lawyer's nail-biting escape from a disqualification motion thanks only to a less-than- diligent client; the slow motion nightmare of a lawyer's desperate and sometimes failed struggle for freedom when a client can't be contacted; and the gruesome results of an overly broad scope of engagement description. We hope these horror stories will frighten and delight just in time for All Hallows' Eve."
Disqualification — Substantially Related Matters — Waiver of Conflict by Lack of Diligence in Seeking Disqualification. State of Minnesota, et al v. 3M Company, Hennepin County (Minn.), Court File No. 27-CV-10-28862 (Feb. 5, 2016)
  • Risk Management Issue: Does a client waive its former attorney's conflict of interest by failing to promptly seek disqualification after the conflicted attorney undertakes representation of a party adverse to the former client?
  • Risk Management Solution: If there is an actual conflict on the part of an attorney who is representing a party adverse to the former client, it is imperative that the former client immediately — or at least very promptly — seek to disqualify the conflicted attorney as soon as the adverse representation becomes known. Without prompt action, the former client risks waiving the conflict and foregoing the right to seek disqualification of its former attorney — even though the attorney has knowledge of privileged information and attorney work product from a prior matter which is (or may be) substantially related to the current case. However, the law firm would nevertheless continue to be found to preserve the former client's secrets and to not to use them to the detriment of the former client.
  • Trick or Treat Editors' Note: This case is an unexpected treat for a lawyer facing a disqualification motion, if a former client fails to promptly seek disqualification after the conflicted attorney undertakes representation of a party adverse to the former client.
Disqualification — Overly Broad Scope of Engagement Creates Concurrent Representation Conflicts. M'Guinness v. Johnson et al., 243 Cal. App. 4th 602 (2015)
  • Risk Management Issue: What can counsel for a closely held corporation do to avoid disqualification in the event of shareholder disputes?
  • Risk Management Solution: This case highlights the importance of crafting engagement agreements in order to define in detail the structure and scope of the representation. A lawyer's eagerness to be a "jack of all trades" for a single client may appear to be good for business, but it could also expand the scope of duties owed to the client and thus the lawyer's malpractice exposure. Or, as in this case, it could lead to subsequent conflicts of interest and disqualification. Engagement letters need to be crystal clear about the scope of the representation, including the identity of the client and the method of termination, and abide by those terms. See also, Cal. Bus. & Prof. Code § 6147 (governing contingency fee agreements) and § 6148 (governing noncontingency fee agreements).
  • Trick or Treat Editors' Note: This case could be either a trick or a treat. For lawyers who don't specify the scope of their engagement, this case is a trick; but for lawyers who spend the time to carefully outline the scope of the engagement, it's a treat. If you've read our newsletter faithfully, we expect it will be the latter.
Like, zoinks — Several other frights in their complete update.

Tuesday, November 1, 2016

On Business Conflicts (And Avoiding Them)



Eric Mosca of InOutsource has an excellent article in the latest ILTA white paper: "The Business of Avoiding Business Conflicts" --
  • "Law firms have always been cognizant of the business conflicts that can arise when taking   on new work. Business conflicts can be described as relationships or knowledge which, while not violating professional responsibility rules, can affect a lawyer’s or law firm’s ability to be a zealous advocate for a client."
  • "Such conflicts of interest might include working with two clients in the same industry or starting a relationship with a new client that wants to confirm counsel is not averse to any of their affiliated entities. Conflicts identified too late in the game can cause difficulties, but working together within the firm, communicating with clients and utilizing the benefits of technology can help lawyers and firms maintain a legal space free of business conflicts."
  • "Business conflicts (and other issues) can arise from differing perspectives on who or what is 'the client.' Absent  clear  engagement  documentation,  a  potential client might assume their chosen counsel will represent all of the organization’s corporate affiliates and  corporate officers, or an individual might interpret their interests as represented when the lawyer’s obligation is to a corporate entity. There are myriad examples detailing discrepancies between the expectations of the client and counsel. It is increasingly common for clients to document these expectations within outside counsel guidelines."
  • "Technology and automation solutions are being employed to assist in the assessment of business conflicts — a necessity in sizable law firms to manage the volume of potential business conflicts."
  • "Business conflicts can present as much of a hurdle to taking on new engagements as traditional conflicts of interest, yet the rules outlining business conflicts are undefined and often based on assumptions. Lawyers and administrators armed with accurate data and the proper technology to analyze and communicate potential business conflicts are at a significant advantage."