Law Firm Risk Management Blog

Canadian Bar Association on "The Future of Legal Services"

noreply@blogger.com (Dan@riskroundtable.com) — Wed, 19 Jun 2013 06:24:00 PDT

With our Toronto Risk Roundtable taking place today, timing is right to highlight the Canadian Bar's latest update in its Legal Futures Initiative: " As part of our multi-phase project, we have conducted extensive research and analysis to understand the current legal environment in order to identify and understand what’s driving changes in the legal marketplace."

The report is now live: "The Future of Legal Services in Canada: Trends and Issues," and touches on issues facing multiple geographies --

"The challenges brought on by globalization and technology will also affect the regulation and oversight of the legal profession. Developments such as multi-jurisdictional practices (MJP) will require more cooperation and harmonization, nationally and internationally. Law firm ownership by non-lawyers will raise professional and regulatory questions regarding competence, conflicts of interest, confidentiality, independence, and fidelity to law and other related issues."
"There is increased thinking about achieving better regulatory outcomes by focusing on enhancing the 'ethical infrastructures' of law firms. This would prevent misconduct before the fact, rather than meting out punishment after the fact as a result of client complaints. While penalties to individual lawyers may be appropriate, law firms themselves also play a role either directly or indirectly."
"Choosing to adopt the newest forms of technology may not be an option for most lawyers and firms in the future. An entire generation has expectations that service providers will conduct business in a way to which they have become accustomed – quickly, directly, and online. One issue that must be considered are new standards for privacy, generally thought to be lower among younger people. This change may challenge established rules for older lawyers and more traditional law firms and legal organizations in areas such as client confidentiality and privilege."

Beazley on Evolving Standard of Care for Firm Information Security

noreply@blogger.com (Dan@riskroundtable.com) — Wed, 19 Jun 2013 14:20:09 PDT

Brant Weidner with professional liability insurance business Beazley sent a link to their latest brief, which includes a featured article on the evolving standard of care for law firm information security:

"The standard security model traditionally adopted by law firms focused on preventing an external breach. Firms invested in tools like firewalls to safeguard external network perimeters from attack and granted lawyers and staff “open-by-default” access to client information maintained in repositories like the document management system (DMS)."
"The prevention security model no longer suffices to mitigate the cyber risk generated by mobile devices, cloud services, lateral departures, matter centricity (e.g., a central document management system) and sophisticated hacking techniques. Instead, firms are increasingly adopting a data-centric information security approach, managing information more tightly and often restricting access to sensitive client information to only those lawyers and staff who need it to carry out work."
"Although law firm cultural preferences and business needs may justify an open-by-default information access model, clients and regulators are pushing for (or requiring) much more restrictive and protective approaches to content security. Firms therefore find themselves caught in a nexus of competing demands, with management struggling to find a reasonable solution that balances collaboration and compliance."
"In the past five years, client outside counsel guidelines and client audits have become more commonplace and more stringent. This creates extensive challenges for law firm risk managers, who must ensure that the proper policies and controls are in place to accord with client requirements. Financial services clients are reportedly the most stringent regarding security protocol for protecting sensitive information. Indeed, many firms report that client audits now extend far beyond yes/no questionnaires and can include month-long examinations to verify both controls and overall user training and awareness."

Reminder: Toronto Risk Roundtable (June 19)

noreply@blogger.com (Dan@riskroundtable.com) — Tue, 11 Jun 2013 09:18:53 PDT

Just a reminder that our upcoming Canada Risk Roundtable is set Wednesday, June 19th at the offices of Goodmans LLP.

At this session, Malcolm Mercer (General Counsel, McCarthy Tétrault) and Simon Chester (Partner, Heenan Blaikie) will join IntApp to lead a discussion about emerging trends in law firm risk management and compliance.

Attendance is by invitation only and is limited to qualified law firms and personnel. Please contact info@riskroundtable.com for more details.

More on Information Security -

noreply@blogger.com (Dan@riskroundtable.com) — Tue, 11 Jun 2013 09:16:13 PDT

Industry expert Jeffrey Brandt, a former AmLaw 100 CIO and CKO with 25+ years experience in these matters recently weighed in on current information risk trends with a two part piece: "Why Law Firm Security Makes Good Business Sense [part 1] [part2]" --

"I will be the first to admit that getting senior law firm management to develop a security conscious mindset can be tough. Many leaders have the attitude that 'it won't happen to me.' It is often seen as costly insurance or an unnecessary expense. Worse still, it’s seen as useless, as an impedance to work, an unwanted inconvenience. But times are changing. Security and awareness must change too."
"Recognizing the value and importance of security, corporations are requiring more answers from their outside counsel via security audits. Brief and sporadic to begin with, audits have become more frequent, more common and in some instances, much more complex. The first client security audit I ever answered was back in the early 1990s. That audit was nothing compared to the ones of today."
"Some firms like White & Case and Bond Pearce have achieved ISO 27001 certification and now use that as an aid in answering these complex audits. They also use it in their marketing, as a differentiator."
"Law firms, with the deserved reputation as corporations 'weakest link,' certainly have a lot of catching up to do, but I am happy to report that there are signs that the security winds continue to shift. More and more when I talk to CIOs, the topic of security is one that they bring up."
"The LTN/American Lawyer Law Firm Chief Information & Technology Officers Forum earlier this year put it well, 'Security needs to stop being considered a business impediment and start being viewed as a sound business decision.'"
"Good security is a sound business decision. Partner convenience should not always trump security. The winds of change are here. Will you join the movement or just end up as one of the statistics?"

Law Firm Information Security -- Bank of America is Serious, Scrutinizing (and Auditing)

noreply@blogger.com (Dan@riskroundtable.com) — Mon, 10 Jun 2013 07:07:00 PDT

Corporate Counsel shines a spotlight on information security, sharing highlights from its recent General Counsel Conference: "Outside Law Firm Cybersecurity Under Scrutiny" --

"Bank of America Merrill Lynch is auditing the cybersecurity policies at its outside law firms, partly under pressure from government regulators to do so, according to the bank’s assistant general counsel Richard Borden."
Borden says that law firms are "considered one of the biggest vectors that the hackers, or others, are going to go at to try to get to our information."
"Regulators at the Office of the Comptroller of the Currency, which oversees BofA and other financial services companies, 'have focused on law firms,' Borden said. "They are coming down on us about security at law firms. So we have no choice but to check the information security and to audit—to actually audit—the information security of our law firms that have confidential information. We spend a lot of money and use a lot of law firms, so this is casting a very wide net.'"
"It’s been really interesting dealing with the law firms, because they’re not ready,' said Borden, who is the bank’s in-house cybersecurity lawyer and is assisting the group that’s reviewing BofA’s outside counsel. 'Some of them are, I should say, but there are many that aren’t. And it actually does pose a threat.'"
"And the bank isn’t simply relying on the law firms’ own audits of their information security practices. 'We’re really looking at their whole structure and focus on information security, and we test it. We send in people to test it,' Borden said."

Information Barriers in the UK -- A Brief History and Recent Trends

noreply@blogger.com (Dan@riskroundtable.com) — Wed, 05 Jun 2013 22:00:01 PDT

A reader sent a link in to an interesting article just published in The Lawyer: Information barriers - approach with caution, which reviews the history and complexities in this market and asks: "The ‘Chinese walls’ technique is still widely used at top firms, especially on private equity deals. Did the great M&S conflict debacle of 2004 really change anything?" --

"Yet the incident appears to have done little to ward off firms from using Chinese walls as a prevention for conflicts or confidentiality breaches. Indeed, these seem even to have grown in popularity as firms eye revenues from bidding processes in which a number of companies are tendering. This is perhaps most common for firms majoring in the prime domain of competitive bidding: private equity. Indeed, the concept of the Chinese wall harks back to the late 1980s when banks lent to multiple M&A clients, including private equity houses, bidding against each other to take companies over."
"According to Weil Gotshal & Manges London private equity partner Marco Compagnoni, the nature of deals in his sector is such that the practice area’s leading firms would be foolish to minimise their role when one of a number of bidders could end up buying the company or asset. 'Where there is a competitive auction lots of companies will start out needing lawyers,” Compagnoni explains. “As the field narrows, [if you put up an information barrier] you’re not shut out and the clients aren’t shut out either. It happens all the time. We only do it if the client in the engagement letter has accepted you can do it.'"
"For Herbert Smith Freehills (HSF) partner Mark Bardell, a system aligned across the network is crucial, with the firm going beyond the letter of the law to ensure client confidentiality. 'For us, because it’s such a sensitive issue you apply best practice - you don’t just do what the rules say - and you apply that best practice wherever you are,' says Bardell, who recently experienced informational separation on Ithaca Energy’s £203m acquisition of Valiant Petroleum, announced earlier this year."
"The corporate partner acted for Valiant but worked on the other side of a Chinese wall from finance partner Jason Fox and senior associate Olivia Caddy, who advised Ithaca’s lenders, Banc of America Securities, BNP Paribas and Bank of Nova Scotia. The situation was made more unusual by the fact that Fox resigned to join Bracewell & Giuliani halfway through the deal."

Managing Law Firm Risk When Handling Personal Information

noreply@blogger.com (Dan@riskroundtable.com) — Tue, 04 Jun 2013 16:08:17 PDT

A reader sent in a link to an excellent article published by CNA, written by three lawyers from Hunton & Williams, including Lisa Sotto, head of their privacy and information management practice, and past risk webinar participant: "Law Firms Face Risks in Handling Personal Information" --

"Law firms may collect, use and disclose personal information in numerous circumstances, both as providers of legal services and as employers. In safeguarding personal information that pertains to their employees or clients, or other individuals, law firms must comply with applicable privacy and information security laws as well as their professional duty of confidentiality. The article provides an overview of potential legal issues that law firms may encounter."
The article also touches on privacy and information security laws outside the United States, including the legal requirements relevant to cross-border transfers of personal information."
"The final topics the article addresses are examples of privacy and information security enforcement actions, including judicial enforcement of professional ethics rules, and a brief discussion of some of the key pending privacy and information security legislative initiatives."

"Regardless of the circumstances in which a law firm handles personal information, the firm must appropriately safeguard the information to protect the interests of the firm and its clients. Law firms are uniquely positioned in that their need for adequate privacy and information security procedures arises not only from the obligations imposed by privacy and information security laws. Lawyers are bound by a professional duty of confidentiality, which is a paramount component of the attorney-client relationship."
"A law firm’s failure to safeguard personal information that results in an unauthorized disclosure may result in not only a legal enforcement action against the firm, but financial and reputational harm to the firm’s clients and, potentially, irreparable harm to one of the firm’s most valuable assets – its reputation."

See the complete article for more detailed discussion, analysis and citations.

Morgan Lewis Accused of Conflict by Client (Apple, Inc.)

noreply@blogger.com (Dan@riskroundtable.com) — Mon, 03 Jun 2013 17:18:52 PDT

In yet another conflicts story making news in the general press, Morgan Lewis stands accused of an ethical breach. As reported by Ars Technica and several other publications: "Apple, betrayed by its own law firm." --

"Court documents unsealed this week reveal who's behind FlatWorld, and it's anything but typical. FlatWorld is partly owned by the named inventor on the patents, a Philadelphia design professor named Slavko Milekic. But 35 percent of the company has been quietly controlled by an attorney at one of Apple's own go-to law firms, Morgan, Lewis & Bockius. E-mail logs show that the attorney, John McAleese, worked together with his wife and began planning a wide-ranging patent attack against Apple's touch-screen products in January 2007—just days after the iPhone was revealed to the world."
"The whole time she was advised by her husband, a lawyer who had access to reams of confidential Apple data—but who says he never touched it. (Apple doesn't see it that way.) Together, the McAleeses created 'an indirect and covert pipeline' of information pumped to FlatWorld's attorneys according to Apple lawyers. Now Apple wants FlatWorld's law firm, Seattle-based Hagens Berman Sobol Shapiro, kicked off the case."
"McAleese's involvement has become a very big deal, though, and it could get bigger. Apple fired off subpoenas to Morgan Lewis, and the firm—likely desperate to save its relationship with a premier client—worked quickly to get the evidence Apple wanted. Morgan Lewis handed over McAleese's relevant e-mails and files. When Apple had questions about metadata in a letter signed by Jennifer McAleese, Morgan Lewis gave Apple the confirmation it needed. (That letter, seeking to license a patent to someone named 'Michael,' had been edited by John McAleese, user MCAL5094.) That's when Apple started its all-out effort to argue that McAleese's connection to Morgan Lewis should halt the FlatWorld case, at least until FlatWorld gets new lawyers."

As with many of these stories, public opinion can weigh heavily. Legal news site Above the Law weighs in:

"I say 'allegedly' not to suggest there’s any question over whether the partner owned the trolling company, but because the partner claims he had no involvement in the decision to sue his firm’s most prominent tech client. Even if he didn’t, it hardly sounds kosher."

Improving Law Firm New Business Intake

noreply@blogger.com (Dan@riskroundtable.com) — Thu, 30 May 2013 07:47:00 PDT

Lathrop & Gage, a full-service law firm with more than 320 lawyers working across 11 offices nationally, has selected IntApp Open to streamline and automate its new business acceptance practices.

Said Lathrop CIO Sean Power:

"Effective business approval is the lifeblood of every law firm. We sought to invest in a product that we could deploy quickly, reconfigure easily as our needs evolve, and maintain ourselves over the long term. We considered many options and settled on IntApp Open for the high-quality user and IT experience it offers. The product aligns precisely with our larger risk management and data governance objectives. IntApp has delivered something really special here, and we’re proud to be at the forefront of a better way to manage new business intake."

Today, multiple market trends are putting new pressures on law firms to transform the way they evaluate and engage new business. These include clients with increasing service expectations, and a risk landscape with evolving regulatory rules, compliance requirements and professional standards. In response, firms are looking to increase the sophistication, efficiency and agility of their intake processes to better align client selection and terms of business with overall strategy, service models and internal policies.

IntApp Open replaces conventional workflow software with an application specifically designed to streamline how new clients are evaluated and new matters are created. It offers an intuitive, audience-specific user experience, tuned for management, lawyer, IT and risk stakeholders.

And it offers unique features, including a flexible business rules engine that enables effective management of practice-specific matter evaluation procedures as well as conflicts clearance practices that may be centralized, distributed among lawyers and practice heads, or both, depending on firm preferences.

The product also includes an integrated question library that provides visibility into the practices, standards and insights developed by industry peers. And it delivers unique value for IT, with an architecture that simplifies change management, data integration and system automation.

Commenting on Lathrop's Decision, Pat Archbold, Head of IntApp's Risk Practice Group added:

"We’ve seen tremendous response from the legal industry to IntApp Open as firms embrace a fresh approach to managing inception" We’re proud to count Lathrop & Gage as one of several firms adopting the product and look forward to supporting their ongoing success."

Visit IntApp.com for more information on how IntApp Open enhances law firm new business intake.

More Conflicts in the News

noreply@blogger.com (Dan@riskroundtable.com) — Wed, 29 May 2013 06:49:00 PDT

Sometimes it feels like these stories surface in packs. Here's the latest, coming out of Illinois: "House gambling sponsor recuses self because of potential conflict" --

"The Illinois House's longtime gambling expansion point man has dropped his sponsorship of a casino bill to avoid a potential conflict of interest. Democratic Rep. Lou Lang of Skokie wrote to the House clerk that he is now affiliated with a law firm that has a client with an "interest that could be impacted by" gambling legislation that has passed the Senate and is pending in the House."
"In the letter, Lang wrote that 'it was recently brought to my attention that there may be a perceived conflict of interest.' Lang, too, said he does no legal work for the client and insisted there have been no ethics violations 'of any kind.'"
"Lang said he is 'distancing myself from public perception that there may be something untoward because there isn't.' Lang also said he is weighing whether to vote on the legislation if it comes before the House. Rep. Bob Rita, D-Blue Island, is the new sponsor."

Another Conflict Allegation Makes Mainstream News

noreply@blogger.com (Dan@riskroundtable.com) — Tue, 28 May 2013 07:12:00 PDT

Here's another conflicts accusation playing out in the public eye. CalPERS even issued a press release with their side of the story: "CalPERS Files Motions to Disqualify Law Firm." For more detailed reporting, see:"CalPERS blasts move by law firm" --

"A law firm representing a Stockton creditor in bankruptcy is accused of playing dirty by raiding attorneys from an opposing firm that represents the California Public Employees' Retirement System. CalPERS, with which the city contracts to manage employee pensions, wants the judge overseeing Stockton's bankruptcy to kick Winston & Strawn, LLP, off the case in an argument also with implications in San Bernardino's ongoing Chapter 9."
"Winston & Strawn… represents National Public Finance Guarantee, which insures bonds Stockton stopped paying down in its financial crisis."
"CalPERS contends in court papers that Winston & Strawn recruited three members of a restructuring and insolvency team - one partner and two associates - from the Charlotte, N.C., office of K&L Gates. CalPERS contracts with K&L Gates for assistance in the Stockton bankruptcy."
"Those three attorneys were at the heart of a team forming CalPERS' strategy in Stockton's case, having collectively logged 500 hours at K&L Gates, CalPERS contends."
"Yet, Winston & Strawn says the attorneys in question will be appropriately screened from the case. The firm is well aware of its legal and ethical obligations while hiring attorneys, Winston & Strawn said in a statement."

New HIPAA Rules – Law Firms Taking Action to Address Compliance Deadline

noreply@blogger.com (Dan@riskroundtable.com) — Mon, 20 May 2013 11:12:41 PDT

With the new 2013 HIPAA Omnibus Rules in effect, and a September compliance deadline looming, firms are taking action. Waller, a law firm serving ten core industries and frequently advising clients and peer law firms on complex compliance issues, is using IntApp Wall Builder to satisfy core requirements of the 2013 HIPAA Omnibus Rule.

Said Waller Strategic Director of Information Services Doug Leins:

"Our firm has always paid close attention to the HIPAA/HITECH rules, as we advise multiple healthcare clients and peer law firms on their compliance and professional responsibility obligations. With the September HIPAA enforcement deadline rapidly approaching, we wanted to take additional steps to enhance our existing compliance measures. IntApp Wall Builder and Activity Tracker enable us to effectively respond to the HIPAA Security and Privacy Rules by locking down and monitoring internal use of electronic PHI."
"We worked with the IntApp risk practice team to scope a software configuration best suited to address our HIPAA requirements without disrupting lawyer productivity. With clients increasingly asking detailed questions about compliance, and new rules that explicitly mandate stricter protocol, this is an issue that is here to stay."

Wall Builder is the most-adopted information security management software by law firms with 150 or more lawyers. According to an independent survey by the International Legal Technology Association (ILTA), 72% of large law firms using commercial software to enforce information access controls use IntApp Wall Builder.

IntApp Activity Tracker supplements these security capabilities by monitoring how lawyers and staff use sensitive information. It notifies management of suspect activities so that firms can resolve potential problems before they become crises or compliance violations.

Pat Archbold, Head of IntApp's Risk Practice Group added:
"We're delighted to highlight Waller's focused efforts to enhance compliance with the new HIPAA rules. By using Wall Builder and Activity Tracker to safeguard and monitor PHI, the firm is demonstrating its strong commitment to client service and compliance."

For more information, see the official news release, background on how the new HIPAA rules affect law firms, and our recorded panel webinar on compliance requirements and strategies.

Law Firm Conflicts, Continued

noreply@blogger.com (Dan@riskroundtable.com) — Wed, 15 May 2013 06:23:00 PDT

"Ex-Dewey Lawyer's Move Adds Wrench to Firm's Bankruptcy" --

"The announcement earlier this week that onetime Dewey & LeBoeuf partner Stephen Best had moved from Brownstein Hyatt Farber & Schreck to Brown Rudnick has prompted a barbed email exchange between two lawyers representing clients with competing interests in now-defunct Dewey's bankruptcy proceeding."
"Bassen contends that Brown Rudnick should be immediately disqualified from representing Dewey liquidation trustee Alan Jacobs in a settlement that affects his clients because Best, before working at Brown Rudnick, consulted with DiCarmine and Sanders on the issues now in question."
"Jacobs and Brown Rudnick are pushing for court approval of a settlement reached by former chair Steven Davis, XL Specialty Insurance, and the bankruptcy estate that would see XL chip in $19 million to resolve mismanagement claims."
"As Bassen explains in his letter, which is addressed to U.S. Bankruptcy Judge Martin Glenn, DiCarmine and Sanders consulted with Best "for several hours" in 2012 during a daylong meeting and in several separate conversations "regarding their employment at Dewey and the facts and circumstances that led to the firm winding up in this Court." According to Bassen, the conversations included "their defenses to and strategies regarding potential claims, including mismanagement claims" as well as potential claims not covered by XL and other insurers."
"Brown Rudnick partner Edward Weisfelner explains in a three-page email that Bassen attached to his letter to Glenn why he believes there is "zero basis for disqualification here." Weisfelner says in the message that Best and Brown Rudnick created a complete ethical wall to prevent Best from seeing any Dewey-related documents and which prohibits lawyers working on the case from talking to him—and that the proposed settlement was filed with the court before Best even joined the firm."
"Weisfelner also lashes out at Bassen in the email for what he says are a series of delay tactics the Hughes Hubbard lawyer has used to prevent the XL settlement from getting court approval. Despite the opposition to Bassen's claims, Brown Rudnick did agree to delay depositions of Bassen's clients that were scheduled to take place Thursday, according to the court filing."

Conflicts in the News (School & Sports Edition)

noreply@blogger.com (Dan@riskroundtable.com) — Tue, 14 May 2013 07:22:52 PDT

"Judge says defendants in Atlanta public schools cheating scandal must have separate lawyers" --

"To avoid potential conflicts of interest, lawyers may not represent more than one of the 35 defendants in the case involving a cheating scandal in the Atlanta public schools, the judge in the case said Thursday."
"The lawyers who appeared Thursday for the conflict of interest hearing represented a dozen clients in the case."
"Fulton County Superior Court Judge Jerry Baxter said during a hearing for lawyers who already have been representing more than one client in the case that he was acting very cautiously because he doesn’t want to encounter any potential conflicts — even if none are immediately evident."
"A Fulton County grand jury in March indicted 35 educators, including former Superintendent Beverly Hall, and accused them of involvement in a broad conspiracy to cheat, conceal cheating or retaliate against whistleblowers. Prosecutors say the educators were driven at least in part by bonuses for improved student performance."
"Bob Rubin, who represents two former Atlanta Public Schools principals, said he was confident there was no conflict of interest between his clients, who he said worked at different schools and had never spoken or met each other prior to their indictment. Rubin has been working with his clients for more than a year, and forcing one of them to start over with a new lawyer now could hurt their defense, he argued. Three other lawyers who represent multiple clients made similar arguments. But Baxter denied all requests to reconsider his decision, saying all of the educators face a conspiracy charge implicating them in a coordinated scheme."

"Law firm hired to probe Rutgers basketball scandal quietly resigns over conflict" --

"Nearly three weeks after Rutgers University hired a high-profile law firm to conduct an independent review of its basketball coaching scandal, the school named a new firm to the job today after the original investigators quietly resigned — citing a previously undisclosed conflict of interest."
"The firm of Cahill Gordon & Reindel stepped aside Friday after it discovered a link to Connell Foley, the Roseland law firm Rutgers hired last fall to investigate claims basketball coach Mike Rice had physically and verbally abused players. Rutgers officials previously said Connell Foley gave them faulty advice."
"'We discovered after the announcement of the engagement that the Connell Foley firm, which represented Cahill as local counsel in litigation in New Jersey, is the same firm that issued a report to Rutgers about the coach Rice allegations,' said Cahill Gordon spokeswoman Lynn Tellefsen."

Law Firm Insider Trading News & Allegations

noreply@blogger.com (Dan@riskroundtable.com) — Mon, 13 May 2013 16:32:29 PDT

In interesting update about the growth of the "political intelligence" industry and the potential for concern, as reported in recent stories via the Washington Post:

"SEC subpoenas firm, individuals in a case of leaked information" --

"The Securities and Exchange Commission has issued subpoenas to a firm and individuals in connection with the leak last month of a federal funding decision that appeared to cause a surge in stock trading of several major health companies. The move deepens the government’s scrutiny of the growing 'political intelligence' industry, which has been thriving on delivering valuable information from Washington to investors. This relatively new breed of companies capitalizes on the fact that decisions made in Washington — whether a regulator blocking a big merger or a lawmaker tweaking legislation — can create opportunities for stock traders to make money."
"The latest case emerged April 1 when Height Securities, a Washington-based stock brokerage firm, alerted its clients that the government would soon make a decision favoring private health insurers who participate in a Medicare program. The alert went out 18 minutes before the end of the trading day, sparking a surge in trading in the shares of several major health-care firms, including Humana and Aetna. The official government announcement was made after trading closed for the day."
"On Wednesday, several people familiar with the probe confirmed that the SEC has subpoenaed a Height Securities analyst and Mark Hayes, a health-care lobbyist who advised the firm on legislative issues. Hayes’s law firm, Greenberg Traurig, was also subpoenaed by the SEC, according to the sources, who spoke on the condition of anonymity because the matter was under federal investigation. The SEC has conducted an interview with Hayes, who voluntarily submitted to four hours of questioning, these people said. The FBI was present at the meeting, suggesting that the Justice Department has taken a deep interest in the matter, one of the people said. A Justice Department spokesman declined to comment on an ongoing investigation."

"Greenberg Traurig law firm at the center of ‘political intelligence’ case" --

"How the lobbyist, who works at the law firm Greenberg Traurig, stepped into this morass offers a window into what has become a routine and profitable practice at law firms and lobbying shops: In addition to their usual work, lobbyists share with financial firms the latest political tidbits they are gathering from sources, sending an e-mail here and there with the latest ‘political intelligence.’ The financial firms value the information because it can inform their investments."
"Greenberg Traurig was not doing anything unusual for a law firm by sharing political insight with clients who have investment interests. But when that information then informs stock trading, the ethics can become murky. ‘The road to hell in this particular situation is not paved with clarity,’ said Stephen M. Ryan, head of the government strategies practice group at the law firm McDermott Will & Emery. ‘You wander into it.’"

New Playbook Disqualification Decisions

noreply@blogger.com (Dan@riskroundtable.com) — Mon, 13 May 2013 13:07:00 PDT

The always watchful Bill Freivogel notes two recent disqualification decisions where assertions of playbook knowledge where integral to the arguments at hand. (We've covered playbook debates, discussions and decisions several times, see here and here.)

"Khani v. Ford Motor Co., 2013 Cal. App. LEXIS 320 (Cal. App. April 2, 2013). Lawyer brought this action for the plaintiff under California's "lemon law." Defendant moved to disqualify Lawyer because, between 2004 and 2007, Lawyer had represented Defendant in 150 lemon law cases. The trial court granted the motion. In this opinion the appellate court reversed. In doing a playbook analysis the court felt that Defendant's evidence was 'bare-bones.' Among other things, the court noted that this case involved a 2008 Lincoln Navigator and that Lawyer had not worked on any cases dealing with that vehicle. The court also said that alleging that Lawyer's work for Defendant involved the same statute as that in this case was simply not enough to establish a substantial relationship." [Ed: See BNA for additional detail.]
"Childress v. Trans Union, LLC, 2013 U.S. Dist. LEXIS 61360 (S.D. Ind. April 30, 2013). The plaintiff's lawyer ("Lawyer") in this FCRA case previously represented the defendant in defending cases under the same provisions of that act. Lawyer billed more than 4,200 hours in defending 250 such cases. In a fact-intensive analysis the magistrate judge granted the defendant's motion to disqualify Lawyer. In this opinion the district judge affirmed. The opinion contains an interesting discussion of application of Indiana's Rule 1.9 and 'federal common law.' Among other things, the court held that Comment [2] to Indiana's Rule 1.9 is not inconsistent with disqualification in this case. (Indiana's Rule 1.9 and Comment [2] appear to be identical to MR 1.9 and its Comment [2].)"

Report from Recent Risk Roundtables in LA & SF

noreply@blogger.com (Dan@riskroundtable.com) — Fri, 10 May 2013 06:34:55 PDT

Last week, we held a Risk Roundtable series in Los Angeles and San Francisco. Many thanks to Sheppard Mullin and Sedgwick for hosting. The events featured lively discussions on risk issues ranging from law firm best practices for HIPAA compliance, strategic policies for information governance, new business intake and engagement management. Kathryn Hume, who manages and moderates the Risk Roundtable Program, sends this update:

Dan, I'm pleased to report back a successful west coast Risk Roundtable series. Sheppard Mullin and Sedgwick generously agreed to host our group of risk managers and technology leaders. A special thanks to Steven Shock, Chief Technology Officer at Irell & Manella, who led a spirited discussion about the challenges of changing and successfully executing an information governance program. Attendees shared various opinions on email management, document management, records retention and disposition.
At both events, Adam Carlson, who recently joined the IntApp team as an information security expert and consultant, lead a discussion about best practices for HIPAA compliance in law firms. Drawing on his experience helping firms improve their compliance posture before the September 23 enforcement deadline, Adam advised firms to survey systems and practice groups to identify PHI, designate a privacy and security official, tag PHI during intake and develop an access control and activity monitoring strategy to meet key HIPAA privacy and security requirements.
Firms agreed that there remains cultural resistance to implementing a "minimum necessary" model for information access in law firm environments, even as regulations, state laws and clients push firms to restrict access to those who need it to do their work. To contain risk without entirely closing down systems, many firms choose to lock down their most sensitive and valuable information, while leaving less sensitive information available for general internal use. Risk and IT stakeholders agree that it is crucial that management foster a culture of risk awareness to change organizational habits and drive project success.
Finally, we spent substantial time in our San Francisco meeting discussing engagement management and new business intake. Firms across the board reported that clients were demanding discounted rates, putting pressure on firms to budget matters on the front end to ensure profitability. In response, many firms are seeking to improve insights into matter pricing patterns so as to make informed decisions about engaging clients in the future. Firms are also revisiting intake to build processes and procedures lawyers endorse and comply with, both to improve data quality and decrease risk.

We're looking forward to our upcoming Roundtable in Toronto.

News & Updates: Conflicts, Information Security

noreply@blogger.com (Dan@riskroundtable.com) — Tue, 07 May 2013 07:35:00 PDT

"Greenberg Traurig Settles Heller Ehrman Suit for $4.9 Million" --

"Greenberg Traurig LLP agreed to settle a malpractice suit with defunct law firm Heller Ehrman LLP for $4.9 million. Heller alleged that Greenberg had a conflict of interest when it was retained by the firm for the bankruptcy proceedings because the firm also represented Bank of America, which was the law firm’s lender and claimed an interest in its assets
"Greenberg took the position that the claims were without merit, asserting that the scope of its engagement was narrower than alleged, according to court documents. The settlement was a result of mediation... It will be considered for approval before judge Dennis Montali on May 31."

The Daily Record has published: "Seven Tips for Better Law Firm Security" --

"Corporations allocate significant time and money for protecting their digital intellectual property. If you have ever met an information security professional, you know that they take their jobs seriously."
"Once possession of that data was transferred from ABC to the law firm, they became the custodian of that data. I would argue that they had a professional and ethical obligation to protect it."
"Too often I see little thought or effort put towards protecting client data that is in the custody of law firms. Don’t simply take my word for it. In late 2011, representatives from New York’s top 200 were asked to meet with the FBI’s cyber division in New York City..."
"Make security a priority. If the managing partner at the firm isn’t buying in to the security craze then you can bet no one below is either. Make it part of your company’s culture. Many big law firms are touting their security prowess to attract bigger clients. So putting security at the top of the list can also have the benefit of getting (or holding) clients. Security makes good business sense!"
"One hundred percent security can never be achieved. The goal is not to be a soft target. Most hackers will move on to the next victim if they find your systems difficult to penetrate. Is your law firm doing all it can to safeguard client data?"

Do Law Firms Have the Right Compliance Measures in Place?

noreply@blogger.com (Dan@riskroundtable.com) — Mon, 06 May 2013 06:42:00 PDT

That's the question Corporate Counsel magazine is asking: "Looking for Top Law Firms' Compliance Programs." They report that they: "thought it would be enlightening to check out how top law firms handle compliance issues. But what it found was that either many firms don't have formal compliance programs, or else they don't want to share how they do it."

This story is interesting both because of its substance and because it's raising the profile of law firm compliance with its corporate law readers:

"[Kenneth] Young, a member of the American Bar Association's law practice management section, said he has worked with law firms across the country. 'Candidly, I'm not seeing a lot of formal compliance efforts,' he said."
"And it's not like law firms haven't had any compliance problems—e.g., lawyers charged with insider stock trading for using or leaking confidential client information... Such high-profile cases 'should be a wake-up call to law firms that robust compliance and ethics programs are as critical to their business as to their clients,' said Donna Boehme, a compliance consultant who writes the Compliance Strategist column for CorpCounsel.com."
"Boehme also thinks law firms are missing a key chance to toot their own horns. 'It seems to me that a law firm that could boast of a robust approach to compliance and ethics would find that a significant competitive advantage,' she noted."
"One compliance attorney who advises corporations, and who asked not to be named, said most law firms are not set up to enforce their own compliance. 'There are no hotlines or compliance officers or other types of mechanisms' like the ones that corporations are advised to employ, he said. The lawyer suggested that compliance is a piece that accounting firms have gotten right, while law firms have morphed into full-service, global companies without making compliance a priority. 'But the services are similar, and the risks are the same sort of risks," he noted. "It's crazy.'"

Corporate Counsel reached out to top five AmLaw firms by revenue for comment and received little on the record feedback:

"Latham & Watkins chief operating officer LeeAnn Black also handed off to spokesman, Frank Pizzurro, who said, 'Latham will pass on discussing the compliance topic, but thanks for the outreach.'"

Ethics Opinion Updates

noreply@blogger.com (Dan@riskroundtable.com) — Wed, 01 May 2013 07:24:00 PDT

"Multiple Firm Practice Blessed By Ohio Ethics Opinion" --

"Finding “substantial justification for a new perspective on practice in multiple firms” and considering “the context of current rules and modern practice,” the board concluded in Opinion 2013-1 that practice in multiple firms can occur in compliance with the Rules of Professional Conduct."

"Client Identities, Legal Bills Can Be Disclosed, [Pennsylvania] High Court Says" --

"The court set a fact-specific standard in determining that client identities are typically not privileged unless they would be coupled with information about what type of work the attorney has done on behalf of the client that, when disclosed together, would essentially disclose attorney-client communications. The Supreme Court determined, however, that previous disclosure that the attorney is representing a client in a grand jury investigation is not enough to protect the identity of the client."

And, for those embracing every avenue of our new social world: “Ohio Ethics Opinion states that lawyers may use text messages to solicit clients if all lawyer advertising rules are followed”

Clearing Conflicts & Disqualification Disputes

noreply@blogger.com (Dan@riskroundtable.com) — Mon, 29 Apr 2013 06:17:00 PDT

New updates and articles to share. First: "Fourth Circuit says no conflict of interest in law firm’s appointment" --

"A federal appeals court has found no conflict of interest in a bankruptcy trustee’s appointment of a law firm that represented another party in a separate debt collection action against one of the bankrupt partnership at issue’s general partners."
"On July 6, 2010, the bankruptcy court approved the trustee’s employment of his law firm – McNeer, Highland, McMunn and Varner – as special counsel. The law firm had also been representing Wells Fargo Bank in an unrelated action to collect an outstanding debt of $208,000 from Rahmi."
"On April 1, 2011, Rahmi filed a Motion to Remove Trustee for Conflict of Interest based on the law firm’s involvement in both actions concerning him. The bankruptcy court denied the motion and Rahmi initially appealed to the district court, but then voluntarily dismissed the appeal."

And continuing developments following the disqualification in the matter of 3M and the state of Minnesota (covered previously). Bloomberg law reports:

"But the issue is not yet settled: 'Covington & Burling LLP sought to overturn a judge's ruling disqualifying the firm from working for Minnesota on a lawsuit alleging 3M Co. polluted state waters.'"
"'Disqualification of Covington would be a devastating and quite possible fatal blow to the state’s case,' Minnesota’s lawyers wrote in court filings."
"The appeals panel included judges Randolph Peterson, Edward Cleary and John Smith, according to Lissa Finne, a spokeswoman for the court. The court has 90 days to issue an opinion."

Continuing the theme of local media picking up coverage of these issues, see the Star Tribune's coverage as well: "3M, Minnesota spar over ousted law firm."

Law Firm Information Security & Governance – ISO 27001 + Expert Opinion

noreply@blogger.com (Dan@riskroundtable.com) — Thu, 25 Apr 2013 07:16:00 PDT

We've commented previously on how several law firms are leveraging ISO 27001 certification as a competitive and business development asset. Via The Lawyer, comes another example: "Anderson Strathern awarded world’s highest accreditation for information protection and security" --

"Scottish firm Anderson Strathern has announced that it has achieved the prestigious ISO 27001 certification across its entire business. ISO 27001 is the world’s highest accreditation for information protection and security, and is the only international benchmark for information security management verified by an independent audit."
"'The security of our clients’ information is of paramount importance to us. Our clients include governments, commercial organisations, and private individuals whose most sensitive information has to be strictly safeguarded in accordance with world-class standards. ISO 27001 confirms that our clients' sensitive data is robustly secure,' said Andy Lothian, Managing Partner. 'We are committed to maximising the trust and confidence our clients have in our quality of service, our security capabilities and in our sustainability.'"

And, in the US, comes an article from the ABA Journal: "As more hackers target lawyers, here’s how to protect client data" --

"Most major U.S. law firms have been victims of security breaches, and the unwelcome threats likely operated covertly for 8 to 9 months before they were discovered. For many firms, the first whiff of insidious action comes from a knock on the firm’s door by the FBI."
"…the U.S. government labeled New York City’s 200 largest law firms 'the soft underbelly' of hundreds of corporate clients, two experts warned at an ABA Techshow session on data security for lawyers. Even midsize, boutique and solo firms are at risk…"
"Updated ethics rules require lawyers to make reasonable efforts to make sure client data is secure. The new rules also require lawyers to be competent with technology or to hire someone who is. Judges will no longer buy arguments that tech and its threats are evolving too quickly for lawyers to keep up, Nelson said."

Law Firms + HIPAA Compliance – Could This Happen at Your Firm?

noreply@blogger.com (Dan@riskroundtable.com) — Wed, 24 Apr 2013 06:06:00 PDT

A reader sent word of a timely and relevant update, given the industry focus on complying with the new HIPAA requirements.

And while this story concerns a direct provider of health services and not a law firm, and is an example of (alleged) extreme malfeasance, it does highlight the risks and implications of making Protected Health Information (PHI) generally available to firm personnel and staff, particularly when enforcers put things under a microscope.

Worth noting, as material to the fact pattern are allegations of failing to implement security controls and monitoring – both explicitly required by the 2013 HIPAA Omnibus Rule. For more the complete story, see: "Health Data Theft Case Prompts Lawsuit - Suit Alleges Adventist Health Failed to Protect Information" --

"The class action lawsuit, filed April 9 in the U.S. District Court in Orlando, Fla., alleges that 'Florida Hospital breached its statutory obligation and express promise by maintaining its patients' sensitive information in an electronic database that lacked crucial - and statutorily required - security measures and protocols, in addition to failing to adequately train and monitor its employees access to sensitive information.'"
"The lawsuit alleges that Florida Hospital employees were "able to easily gain access to the sensitive information of thousands of patients across 22 campuses using nothing more than employer provided log-in credentials, even though they were not authorized to access such information."

Streamlining New Business Intake – Lewis Silkin Deploys IntApp Open

noreply@blogger.com (Dan@riskroundtable.com) — Tue, 23 Apr 2013 07:07:00 PDT

Lewis Silkin, a full service commercial firm based in London, has deployed IntApp Open as part of a strategic initiative to streamline new client review and accelerate new matter inception.

The firm partnered with IntApp on its new business acceptance initiative in 2012, joining an industry advisory consortium focused on identifying industry trends, responding to industry requirements and shaping an industry-changing approach to client and matter intake.

On the choice to deploy IntApp Open, Lewis Silkin Director of IT & Operations, Jan Durant remarked:

"We implemented our first IntApp product, Time Builder, two years ago and found IntApp great to work with – they are open, collaborative and highly responsive. IntApp products are first-rate – clever technology, slick user interface and straightforward delivery. Quite simply, IntApp are one of my favourite suppliers."

With market forces putting new pressures on firms to improve the way they engage new business, organizations are looking to increase the sophistication, efficiency and agility of their intake processes to better align client selection and terms of business with overall strategy, service models and internal policies.

IntApp UK Managing Director, Kaye Sycamore added:

"We’re delighted to see the continuing adoption of IntApp Open by the legal community and are particularly pleased to highlight our collaboration with Lewis Silkin, an acknowledged IT innovator. Jan Durant has time and time again demonstrated a knack for identifying emerging trends and responding with winning technology approaches that deliver significant value and competitive advantage for her firm."

IntApp Open is a true new business intake application. It doesn’t require firms to wrestle with development or write a single line of custom code. It offers unique features, including a flexible business rules engine that enables effective management of practice-specific matter evaluation procedures and an integrated question library that provides visibility into the practices and insights developed by industry peers.

Visit IntApp.com to learn more about the philosophy behind the product and how it can simplify law firm new business intake.

Conflicts Allegations in the Public Eye

noreply@blogger.com (Dan@riskroundtable.com) — Mon, 22 Apr 2013 11:02:19 PDT

It’s been interesting to watch the public reaction to conflicts allegations regarding the appointment of a former law firm partner as Detroit’s emergency city manager, while his former firm providers services to the city. The evening news covered the issue and legal ethicists have opined "no conflict." Now a Detroit Free Press Columnist weighs in: "Don't be too quick to judge Jones Day Detroit contract" --

"The temptation is to call it an outrageous conflict of interest… I get it. The connection, the relationship ... it all sounds a little hinky. But ask around, and you’ll find that legal experts don’t see anything wrong with this deal. Orr resigned from Jones Day after his appointment as emergency manager, which he wasn’t required to do. Oftentimes, legal ethics consider acknowledgment of a potential conflict, with all parties declaring themselves satisfied, as a remedy for any possible conflict."
"Could this matter have been handled better? Sure. It’s the type of needlessly created controversy in which Snyder, state Treasurer Andy Dillon and Detroit Mayor Dave Bing sometimes seem to specialize. But the deal’s done now, and no one questions that Jones Day is eminently qualified to perform the work."

And in keeping with today's theme, another city government conflict issue covered by local media: "Delray Beach fires lobbying firm, nicely" --

"Delray Beach no longer has ties to the law firm of Weiss, Handler & Cornwell. Mayor Cary Glickstein said the lobbyist firm the city hired in December also employs Sen. Joe Abruzzo, D-Wellington, who has launched an aggressive audit of the Delray Beach Community Redevelopment Agency — an action that may be perceived as a conflict of interest."
"'If there's a perception of conflict, that's enough,' said Glickstein at a Tuesday special meeting scheduled to consider terminating the contract between the city and the law firm."
"Glickstein then said he was uncomfortable with the city's relationship with the lobbying firm Abruzzo works for and ordered City Attorney Brian Shutt to bring the contract to the commission for review. But at Tuesday's meeting, Henry Handler, a principal of the firm, tendered the firm's resignation, saying he didn't want to create any kind of "awkwardness or potential distraction" for the city."