Risk Update

(Security Week) Lawyer Edition — Safeguarding Standards and Breach Response Responsibilities

Posted on

David G. Ries, of counsel at Clark Hill reminds all: “Safeguarding Client Data: An Attorney’s Duty to Provide ‘Reasonable’ Security” —

  • “Confidential data in computers and information systems, including those used by attorneys and law firms, faces greater security threats today than ever before… Attorneys have ethical and common law duties to take competent and reasonable measures to safeguard information relating to clients and also often have contractual and regulatory duties to protect confidential information.”
  • “The ABA has issued two formal ethics opinions on security topics since the 2012 rules amendments. ABA Formal Opinion 477, “Securing Communication of Protected Client Information” (May 2017), while focusing on electronic communications, also explores the general duties to safeguard information relating to clients in light of current threats.”
  • “In October, the ABA published Formal Opinion 483, ‘Lawyers’ Obligations After an Electronic Data Breach or Cyberattack.’ It reviews lawyers’ duties to safeguard data and concludes ‘[w]hen a data breach occurs involving, or having a substantial likelihood of involving, material client information, lawyers have a duty to notify clients of the breach and to take other reasonable steps consistent with their obligations under these model rules.'”
  • “Law firms are increasingly obtaining cyberinsurance to transfer some of the risks of confidentiality, integrity and availability of data in their computers and information systems. This emerging form of insurance can cover gaps in more traditional forms of insurance, covering areas like restoration of data, incident response costs, and liability for data breaches.”

ABA issues new guidance on lawyer obligations after a cyber breach or attack” —

  • “‘How a lawyer does so in any particular circumstance is beyond the scope of this opinion. As a matter of preparation and best practices, however, lawyers should consider proactively developing an incident response plan with specific plans and procedures for responding to a data breach. The decision whether to adopt a plan, the content of any plan and actions taken to train and prepare for implementation of the plan should be made before a lawyer is swept up in an actual breach.'”
  • “In addition, lawyers should recognize that in the event of a data breach involving former client information, data privacy laws, common law duties of care, or contractual arrangements with the former client relating to records retention, may mandate notice to former clients of a data breach. A prudent lawyer will consider such issues in evaluating the response to the data breach in relation to former clients.”
Risk Update

(Security Week) Breach Edition — Anatomy of One, Fading Law Firm Cloud Concerns

Posted on

Ending yesterday’s update with a note about an actual breach, today we pull back to get a quite interesting big picture perspective published by the ABA: “The Anatomy of a Data Breach: An overview of the actors, roles and impacts of a cybersecurity breach” —

  • “Breaches come in many variants, far too many to cover in a single article. But there is a general flow to a breach. Since we make a living investigating breaches and remediating the vulnerabilities that caused them, let us take you on an anatomical tour of the common elements of a typical breach.”
  • “To make the reading more fun, we have offered up ‘quotes’ from the players typically involved in a breach. Many are taken from real life incidents.”
  • “If the point of the breach is to purloin data, hackers will use their malware to move laterally across your network and ‘pwn’—hackerspeak for ‘own’—everything they can. Imagine the value of data in a mergers and acquisition law firm. The hackers could sell the data to others or use it themselves to get rich in the stock market. State-sponsored hackers can give their countries a competitive advantage against the U.S.”
  • “If the law firm has an Incident Response Plan, it’s the first resource for those in charge of handling the breach. They begin by picking up the phone to call the regional office of the FBI; then their insurance company, data breach lawyer, digital forensics company and bank; and the list goes on. All 50 states have data breach notification laws, so carefully determine if a report (or reports) must be filed, and by when.”
  • “Rarely, if ever, does a law firm notify clients at this early juncture. In most breaches, it isn’t immediately known what data was compromised, and there is natural reluctance to tell clients anything until the investigation is well underway. When the breach goes public, however, there’s little choice but to talk to clients.”
  • “The cyber insurance world remains the Wild, Wild West… Buffett’s views are reflected in more and more cyber insurance policies, which often include requirements for security audits and include language about conforming to industry cybersecurity standards. The quintessential ‘we don’t cover stupid’ case is Columbia Casualty Co. v. Cottage Health System. There are now more cases where insurers are saying that the insured did not take the reasonable security steps required by the policy.”

With a complex threat landscape, and more of a track record to rely on, law firms are increasingly looking to shift some of the responsibility and risk for information security to their vendors in the cloud: “Lawyers And Cloud Computing: It’s Not So Complicated Anymore” —

  • “Cloud computing is a concept that most lawyers are familiar with in 2019. But it wasn’t always that way.”
  • “[b]eginning in 2010, cloud ethics opinions were issued quite frequently, with as many as three or four being handed down by various jurisdictions in some years. But beginning in early 2017, after the Illinois opinion listed above (Opinion No. 16-06), there was a noticeable lull, with no opinions being issued to the best of my knowledge until Texas addressed the issue a full year and a half after the Illinois opinion.”
  • “I would suggest that the reason for this is simple: cloud computing is now an accepted, trusted technology. As a result lawyers are comfortable using it, and thus don’t feel the need to submit inquiries to their bar associations’ ethics committees regarding whether it’s ethical to do so. In fact, according to the latest ABA Legal Technology Survey report, the majority of lawyers (55 percent) have used cloud computing software tools for law-related tasks.”

For example, several firms have cited security as a key driver in adopting cloud based document management solutions. Here’s a recent one from Anthony Garza Sr. Director of IT at Dickinson Wright, quoted: “What really changed the game for us was NetDocuments’ commitment to security and their willingness to help the firm navigate our cloud-based security challenges.”

Risk Update

(Security Week) Malware Edition — Potential Catastrophes and Actual “Panics”

Posted on

Why Hidden Malware May Be Potential National Catastrophe” —

  • “Another class of company being targeted aggressively by these super stealthy offerings are law firms. Speculation is–given these are mostly very large firms that do lots of M&A–that the effort is to get insider trading information. This is less of a global threat, but it would potentially be a firm killer, because the Securities and Exchange Commission typically takes a very dim view of anyone who participates in insider trading.”
  • “The SEC clearly could source the compromised law firm that was the cause of an identified insider trading event. Thinking more broadly, what will the clients of that firm do if/when they find that all their confidential information on that firm’s servers was now public?”
  • “This not only could kill the law firm, but it could do massive damage to the firm’s clients. Since we are talking about some of the largest law firms in the U.S., that devastation could be massive.”

Also making news recently is the malware attack on Wolters Kluwer, which provides software (and houses data) for accountants, lawyers and other professionals. Vendors matter: “A malware attack against accounting software giant Wolters Kluwer is causing a ‘quiet panic’ at accounting firms” —

  • “A malware attack on Wolters Kluwer, a popular tax and accounting software platform, has left many in the accounting world unable to work this week and sparked concerns about the security of the tax return and financial information stored on the company’s cloud servers.”
  • “Wolters Kluwer provides software and services to all of the top 100 accounting firms in the U.S., 90% of top global banks and 93% of Fortune 500 companies, according to its web site.”
  • “A cybersecurity professional at one Big Four accounting firm said she had received reassurances from Wolters Kluwer that account information had not been accessed. But she also said her firm took additional precautions to ‘limit any possible exposure’ to the malware attack through the accounting giant’s technology connections to the software company.”
Risk Update

(Security Week) Email Edition — Spoofed Law Firms, Cyber Scams & New Tools

Posted on

I’m always grateful to receive word from readers (don’t be shy & remember to tell your risk friends to sign up). Even more so when those notes include interesting updates. So a tip of the hat to Simon Chester at Gowling WLG for sending in this interesting story “about” Linklaters … which sparked a good amount of additional reading, lead up to: Security Week.

Linklaters Impersonated in Fake Job Posting Cyber Scam” —

  • “A scammer has been posing as Linklaters’ director of human resources in an attempt to con job seekers out of $1,500, in the latest example of a cyber scam affecting a top law firm.
    A report released by the Solicitors Regulation Authority (SRA) reveals that documentation misusing the ‘Linklaters LLP’ name is being used to advertise a fake ad to become a “Data entry professional” at the firm.”
  • “A Linklaters spokesperson said the firm alerted the SRA to this issue as soon as it became aware of it and also alerted clients with a note on its website. The Magic Circle firm’s name, as well as a fake partner, have now been used in three scams this year – also reported by the SRA.”
  • “Earlier this month, the SRA issued a warning after fake emails claiming to be from Michael Bates, the U.K. managing partner of Clifford Chance, were sent to members of the public. Last year, Herbert Smith Freehills had scam emails falsely attributed to it… And Simmons & Simmons had a similar situation, with emails claiming to be from corporate partner David Parkes that talked of unclaimed inheritance.”

A difficult risk question — How to prevent bad actors from attempting to fool with a bit of fraud? Particularly when recipients aren’t paying close attention to email domains (or domains are spoofed)?

I was not aware of some technology that firms are employing (or being asked to) to combat this type of thing, at least when a common standard is established with clients. The latest edition of The Orange Rag offered some timely education: “Clients demand DMARC is set to reject” —

  • “Clients are increasingly demanding that law firms have fully implemented email authentication protocol DMARC before they send them instructions.DMARC is a protective barrier for a firm’s email correspondence, sheltering staff and clients from the most common form of cyberattack, phishing.”
    “While no cyber solution is a silver bullet, DMARC is a global industry standard widely recognised as essential to protecting an organisation’s email, brand and reputation. It does this by preventing third parties from impersonating email domains.”
  • “Government bodies in both the UK and US, as well as a number of financial institutions and major corporates, understood to include Lloyds, are ramping up the pressure, however, by telling law firms they must reach ‘reject’ or risk losing their business.”

Thematically related and also interesting: “Nearly all 2020 presidential candidates aren’t using a basic email security feature” —

  • “Three years after Russian hackers targeted and breached the email accounts of Hillary Clinton’s presidential campaign, nearly all of the upcoming 2020 presidential candidates are still lagging in email security.”
  • “New data out by Agari confirms just one presidential hopeful — Democratic candidate Elizabeth Warren — uses domain-based message authentication, reporting, and conformance policy — or DMARC.”
  • “Agari said only 16 percent of the 500 world’s richest companies reject or quarantine unvalidated email — up from two years ago when just eight percent of the Fortune 500 were using DMARC.”
Risk Update

Law Firm Ethics Updates — Ethical Ethics Consultation, Conveyancing Conflicts, Pleading Plagiarism & Technology Implied

Posted on

New California Ethics Opinion Addresses Whether There is a Duty to Disclose Ethics Consultation to Clients” —

  • California State Bar Formal Opinion No. 2019-197
  • “The Committee determined that when attorneys have questions regarding their ethical obligations, they should seek advice and counsel, and doing so does not create an ethical conflict with a client. If, through the advice and counsel, an attorney learns of an ethical conflict with the client, that conflict must be disclosed.”
  • “However, the fact that the attorney may have learned that information from a consultation with another attorney does not always need to be disclosed and depends on whether the facts cause such consultation to be a material development requiring disclosure under California Rule of Professional Conduct (“Rule”) 1.4(a)(3). This same rule applies to in-house counsel at a law firm.”
  • ” This opinion provides an in-depth analysis of California’s new Rules of Professional Conduct related to communication with and loyalty to clients. It confirms that attorneys can—and should—seek ethical guidance from outside counsel and in-house counsel, to investigate concerns or potential errors and learn how to best proceed. The opinion also provides an endorsement of law firm in-house counsel and their ability to provide ethical advice to law firm attorneys without creating a conflict of interest with firm clients.”

Advisory Opinions From Ohio Board Of Professional Conduct”

  • Advisory Opinion 2019-02 replaces a 2002 advisory opinion and provides further guidance to lawyers considering the transfer of his or her interests or shares in a law firm to a revocable trust. The board concludes that a lawyer may not title his or her interests or shares as transfer-on-death to a trust due to rules that prohibit a lawyer from practicing in a law firm if a non-lawyer has an ownership interest in the firm. Because a transfer-on-death of shares in a law firm to a trust may eventually lead to an heir of a non-lawyer holding an ownership interest, remaining lawyers in the firm would be unable to maintain compliance with either rule. This opinion withdraws Adv. Op. 2002-12.

The Law Society’s Conveyancing Quality Scheme Is Changing” —

  • “Practices will now be required to have a set process on the handling of conflicts. This must include steps to follow when a conflict has been identified; or a policy for an assessment of a potential risk of conflict, when representing both sides of a transaction. The scope of this requirement reaches much further, however. It also seeks an assurance that any information, which may affect the lending decision, will be brought to the lender’s attention, provided consent to disclose it has been obtained from the client. In the absence of such consent from the client, the lender must be advised that a conflict of interest has arisen preventing the firm from continuing to act for the lender.”

State bar opinion guides lawyers on technology” —

  • “Now the Louisiana State Bar Association has weighed in, releasing a public ethics opinion in February that highlights state rules of professional conduct implicated in incorporating technology and adopting innovations in the practice of law.”
  • Louisiana’s rules do not include a technology component, but Grodsky [LSBA president] says that ‘technological competence is implicit’ in its competent representation rule and another that lawyers ‘should act with reasonable diligence and promptness’ when representing clients.”
  • “They include duties to not disclose information related to a client inadvertently or without authorization and to reasonably safeguard client information, as well as a rule that managing lawyers adopt measures and make reasonable efforts to ensure that other lawyers and non-lawyers, including vendors, are conducting themselves in ways compatible with legal professional conduct.”

And a fascinating one sent in by risk consultant Patrice Kennard: “Copying in Brief Writing: Where Is the Line?” — 

  • “Are the rules about copying different in brief writing than elsewhere? To some extent, yes. But litigators should not mistake that for a license to copy freely. The accepted practices may be different, but there are limits.”
  • “But copying in brief writing can go too far. Because courts have found that legal briefs are subject to copyright protection, large scale copying of another lawyer’s brief may be actionable as infringement. See Newegg v. Ezra Sutton, P.A., 2016 WL 6747629 (C.D. Cal. Sept. 13, 2016); accord White v. West Publishing, 29 F. Supp.3d 396 (S.D.N.Y. 2014) (upholding a fair use defense). Moreover, plagiarism in legal briefs can lead to sanctions.”
  • “It appears, however, that to be truly sanctionable plagiarism in a legal brief must be not only extensive, but also accompanied by something more. In Lohan, the offending submission was so heavily copied that it failed to address the “salient points” in the case, and the copying was aggravated by other misrepresentations to the court.”
  • “Exactly where is the line? The New York City Bar Association’s Committee on Professional Ethics grappled with this issue last summer in Formal Opinion Number 2018-3… At first blush, the Committee’s conclusion—that copying someone else’s work without attribution does not in itself appear to violate the ethics rules, but that its view on this might change and that such copying might meanwhile subject lawyers to sanctions—seems unsatisfying”
  • “The Committee’s conclusion is, in essence, that copying someone else’s work without attribution probably does not violate the rules if that is all the lawyer does (that is, if the conduct is not accompanied by other misdeeds such as an attempt to charge for work the lawyer did not actually do, or a failure to ‘tailor the brief to the situation before the court’), but it should be avoided.”
Risk Update

(OCG Week) Outside Counsel Guidelines — Turning to Technology

Posted on

In Part Three of our OCG update we’ll turn to content on coping, from Toby Brown, Chief Practice Management Officer at Perkins Coie: “Advancements in Outside Counsel Guidelines Compliance Technology” —

  • “Given the recent trends around Outside Counsel Guidelines (OCGs) becoming more common while also becoming more complex and demanding, you would think there would be a bevy of providers bringing new technology to the market to help firms address this issue. For now, that seems to not be the case, with limited exceptions. This is forcing too many law firms to cobble together their own solutions, utilizing basic tools (e.g. spreadsheets), alongside generic tools and home-grown options.”
  • “When a client OCG comes in to a firm (and this can happen in many ways), the firm should have a defined, consistent process for managing them. Since OCGs have a variety of clauses, numerous departments at a firm need to weigh in, therefore the first requirement is for a workflow management capability to handle the review and approval process. This workflow needs to manage multiple, simultaneous threads in parallel, and then bring each thread back into a final sign off. The workflow also needs to manage exceptions and document edits to OCGs. The review can no longer be limited to the Finance or Billing departments.”
  • “From a moderately advanced perspective, it would be a nice to leverage some level of artificial intelligence (AI) to determine the terms contained within each OCG. That functionality would allow firms to parse out clauses for review and to identify which clauses may need to be negotiated, reducing the amount of manual review needed. One frequent example is that of Most Favored Nation clauses; another example is security requirements. Sometimes these requests are not feasible or run counter to a firm’s policies and need to be negotiated and revised. And these revisions need to be tracked.”
  • “Of course, capturing all of these guideline documents means firms will need a repository of them. Integration with a document management system (DMS) is one option, with the bonus value that having a single, searchable repository will provide.”
  • “Beyond determining the contents of a single OCG, it would be helpful if the tools had data analytics components to understand the requirements across all client OCGs so firms can create processes and policies to better comply across all clients. Determining commonalities and trends in the clauses being included would be useful for firms as they prioritize their technology and systems.”
  • “There is a definite need for technology to support the review and management of OCGs. E-billing compliance has been largely tackled with solutions like eBILLINGHUB and it may be possible to leverage document analysis tools (employing AI) to assist in the review of new OCGs, identifying common components within an OCG that the firm has already identified how to address, as well as more easily identify new or “outlier” components that may be unreasonable or difficult to enforce compliance with. This could assist with initial review and negotiation but may not help in terms of compliance once an agreement has been reached.”


Risk Update

(OCG Week) Outside Counsel Guidelines — Firm Focus

Posted on

Part two of our OCG update focuses on the firm side of the equation, highlighting the theoretical and actual risk and compliance issues presented by the OCG landscape.

First, an update from Hinshaw & Culbertson: “Description of ‘Client’ in Outside Counsel Guidelines Prohibits Representation Adverse to Affiliates of Firm’s Current Client” —

  • “The U.S. Court of Appeals for the Federal Circuit has ruled that a law firm must withdraw from representing a company in patent appeals because the law firm had an ongoing attorney-client relationship with an affiliate of adverse parties in the litigation. The court found that the affiliate’s Outside Counsel Guidelines, incorporated by reference in the engagement letter, created an attorney-client relationship with the adverse parties in the patent appeals, which required disqualification.
  • “This matter came before the U.S. Court of Appeals for the Federal Circuit on motions to disqualify Katten Muchin Rosenman LLP (“Katten”) as counsel for Mylan Pharmaceuticals Inc. (“Mylan”) in three appeals…The attorneys from Katten who represented Mylan were lateral partners of Katten who had commenced the representation while partners at Alston & Bird LLP.”
  • “Katten had signed an engagement letter with Bausch & Lomb that governed ‘the overall relationship between [Katten] and Valeant Pharmaceuticals International, Inc.’ — i.e., Valeant-CA. This engagement letter referenced Valeant’s Outside Counsel Guidelines (‘Guidelines’). The Guidelines stated they ‘govern the relationship between Valeant Pharmaceuticals International [i.e., Valeant DE], its subsidiaries and affiliates … and outside counsel.’ The Guidelines did not define “conflict of interest,” but stated that ‘Valeant expects its firms to adhere to local rules and ethics rules relating to conflict of interest and client representation.'”
  • “Significance of Decision: A broadly worded description of the attorney-client relationship in an engagement letter or Outside Counsel Guidelines may create an unintended attorney-client relationship with entities a firm does not represent. Law firms should use caution when considering engagement agreements which incorporate Outside Counsel Guidelines that may include a client’s affiliates. Firms should also continuously update their conflicts database to reflect changes to corporate families, and vet potential lateral hires for similar issues.”

Next, the DC Bar is seeking input on OCGs, noting the various issues they’re raising in practice: “Rules Review Committee Requests Comment on Client-Generated Engagement Letters and Outside Counsel Guidelines” —

  • “The District of Columbia Bar Rules of Professional Conduct Review Committee is seeking input and comments from D.C. Bar members, representatives of law firms, solo practitioners, corporate legal departments, and nonlawyers about whether issues relating to client-generated engagement letters (ELs) and outside counsel guidelines (OCGs) should be addressed through changes in the D.C. Rules of Professional Conduct and accompanying comments, and if so, how. Comments must be received by June 30, 2019.”
  • “Specifically, the committee is considering whether changes should be recommended to regulate and clarify the extent to which clients may contractually require lawyers to engage or refrain from engaging in certain conduct or practices. Such contractual terms typically appear in client-generated ELs or OCGs. Although clients and lawyers have considerable latitude to contract with one another as they see fit, some have raised concerns as to whether in certain respects client-generated ELs and OCGs may overreach and unduly restrict the public’s access to legal representation and the professional independence of lawyers, or may conflict with the Rules.”
  • Examples of contractual terms that have been identified by some as raising concerns include (but are by no means limited to): Terms that define the “client” as including all subsidiaries, affiliates, or parent companies of the entity… Terms that restrict a lawyer from providing [unrelated] services to competitors of the client… Terms that otherwise expand the definition of a conflict beyond those found in the Rules… Terms that require lawyers to indemnify…” (See the full notice for more detailed breakouts of the issues associated with these areas of concern, and how to provide direct feedback to the Bar.)


Risk Update

(OCG Week) Outside Counsel Guidelines — Client Concerns and Challenges

Posted on

Disqualification week was a hit. So let’s focus on another theme this week. Several interesting stories, updates and perspectives to share on the always hot topic of Outside Counsel Guidelines. So many, that (like a lengthy document with many interesting nooks and crannies) it makes sense to break this update into a multi-day affair. First up, analysis and opinions from the client side of the equation, which is always helpful to keep in mind. (Guess what’s up tomorrow?)

First, Barnes & Thornburg partner Karoline Jackson and legal operations manager Shanna Davidson make some strong “Brussels Sprouts”-like assertions, worth reading in full in: “Outside Counsel Guidelines Drive Positive Change” —

  • “What we are seeing in the legal industry is that many clients are facing increased pressure to manage their corporate legal budgets… A positive change we are seeing, because of these internal changes, is that many law firms are now responding with their own centralized process improvement initiatives. Since a law firm’s retention of clients is often dependent on compliance with these guidelines, we see more law firms developing their own legal operations departments. Over time, we think that the institutionalization of legal operations will maximize the value of efficiencies across all departments and help build sustainable, outcome-driven partnerships with clients.”
  • “From a client’s perspective, outside counsel guidelines are a way to bring predictability and standardization to all of the law firms that work with a company. However, from a firm’s perspective, outside counsel guidelines are not standard, because each client has its own requirements. While this can be challenging, it also can be viewed as a positive, because the variety helps us identify trends in what the client values; then law firms can proactively collaborate with those clients on those issues throughout the year.”
  • It is important to build processes around reviewing those outside counsel guidelines at client intake or when a revision to an outside counsel guideline is made for an existing client. The goal is to centralize where those contracts are stored, not only from an electronic standpoint, but also in terms of who has responsibility for portions of those contracts. By extracting key information from the guidelines and setting validation rules to warn key stakeholders when there are possible upcoming violations, you can make sure that you don’t run afoul of any of the client’s technical requirements.”

Next a direct client view, though from an anonymous author only described as “in-house counsel at a well-known company that everyone loves to hate,” who published: “Outside Counsel: Work With Me, Not Against Me” —

  • “So, in this age of cost-cutting and zero-sum budgeting, you would think the outside counsel we do bring in for non-bet-the-farm litigation would get with the Program. And the Program is simple: ACT LIKE AN ATTORNEY AND DON’T MAKE ME LOOK BAD. No, really. It’s that simple. And yet, for as many outside counsel I adore and keep at the top of my rotation, there seems to be an equal number of bad eggs out there. And it all boils down to one true thing: Don’t act like a business person.”
  • “First, don’t make me chase you. If you say in your email you’ll have comments back by this Friday, then I should have the draft by (wait for it) Friday.”
  • “Follow directions. Particularly, when it comes to billing. Yes, I too hate our billing software. I completely support your theory it was designed by soulless millennials. I sometimes spend more time approving your invoice than I do reading that email guidance you gave me. But, like the tide, the software is inevitable. Please don’t try and skirt the process, or ask me to make an exception for you. Remember the Big 4 ex-pats? They’re all over these invoices and reports like flies on … garbage. I can’t move up your payment term. I can’t approve your block billing. Please just follow the directions in the outside counsel guidelines I gave you.”
  • “Maybe the answer is, I actually was right all those years ago on that panel, when I said the key to a successful partnership with an outside counsel is clear and concise communication and level setting of expectations. Maybe being more explicit up front as to how I expect us to work together is the way to go. And in any event, it should at least cut down on the amount of memos that cross my desk.”

And finally, law practice management consultant (and former GC of the ACC) Susan Hackett writes and excellent advisory for client eyes: “Are your outside counsel guidelines working for or against you?” —

  • “Most in-house and outside counsel feel that their outside counsel retention guidelines and RFP processes don’t do much to improve their inside/outside counsel relationships, even though both sides agree that both are very important and they spend large amounts of time on them. Why is this the case?”
  • “If you ask me, it’s because most guidelines and RFP processes are very often written poorly, promote dysfunctional behavior, and are not developed to promote the purposes they were designed to address. “The most jaw-dropping outside counsel retention document guideline I ever saw was one issued by a large company/large department that was 327 pages long. The idea that anyone was conversant with what was in that document (on either side) or had any intention of either implementing or enforcing it (until they wanted to prove their point in an argument) is crazy.”
  • “As a document written by corporate counsel, retention guidelines are a one-sided, one-way list of requirements or demands. Sure, the department owns its own business and relationships, and often these documents reflect the learnings of decades of relationships with firms… But it should be noted that a one-sided document in a relationship that is supposed to promote a partnership is not a governing document that will likely succeed in creating a win-win experience. It is like one hand clapping.”
  • “I’d also argue that many guidelines promote exactly the opposite behaviors than they are intended to promote. Lawyers may look to follow the letter of the rule, rather than the spirit or intention of the document. Or because a massive document exists that is supposed to regulate the relationship, lawyers on both sides may forget or forego conversations that should be part of the start of any successful relationship. Once a document like a guideline is filed, it is often forgotten and gathers dust.”
  • “But perhaps the best review of your guidelines and suggestions for how they could be more successful might come from some of the very firms they’re intended to “regulate.” Why not invite them to be partners in your guidelines, so that you can prevent both sides from being victims of them?”
Risk Update

(DQ Week) Disqualifications, Done (Side-switchers and Firms Fighting Themselves)

Posted on

Closing the circle, we reach “Done.” First up, the day after : “Disqualified Attorney Reprimanded” —

  • “In a complaint certified to the Board of Professional Conduct on November 30, 2017, relator, Cleveland Metropolitan Bar Association, alleged that Hackerd committed several ethical violations by representing the former spouse of a former client in a child-custody case and opposing the former client’s motion to disqualify him from that representation.”
  • [Ed: Fascinating that the opposition to a motion was flagged as an additional ethical violation.]
  • “Sanction. ‘Based on our independent review of the record in this case and our precedent, we agree that Hackerd’s continued representation of Mr. Krenn in violation of the trial court’s disqualification order violated Prof.Cond.R. 8.4. Given this single rule violation, the absence of any aggravating factors, and the presence of significant mitigating factors, we agree that a public reprimand is the appropriate sanction in this case.'”

Next: “HCCA successfully moves to disqualify Southern Inyo bankruptcy attorney” —

  • “Judge Frederick E. Clement ruled on April 10 that Ashley McDow and the law firm Foley & Lardner, which she works for, would be disqualified in the district’s bankruptcy case after HCCA argued that her prior work on HCCA matters represented a conflict of interest.”
  • “‘I would direct the Court’s attention to the August 29 hearing, where Ms. McDow asked this court to order the parties to mediation, in which she made numerous negative statements about her former clients, accusing them of bad faith, accusing them of failing to provide information as necessary, accusing them of slowing down the bankruptcy proceeding,’ Brandon Krueger, a legal malpractice attorney representing HCCA, said during the April 10 proceeding.”
  • “McDow had previously worked for the Baker Hostetler law firm, including on matters related to the Management Services Agreement, the main contract between HCCA and the Southern Inyo district.”
  • “The Baker Hostetler firm was preferred by HCCA and its CEO, Dr. Benny Benzeevi, until Bruce Greene, an attorney with the firm, wrote in September 2017 that it would “commence termination” of its services to him and any of his companies. Billing statements show that McDow billed HCCA 37.2 hours for activity related to Southern Inyo, Krueger said. Those hours included negotiations with Southern Inyo regarding the contract.”

And finally, for firms fighting internally: “Fifty-Percent Owner of Partnership Has Standing to Seek Disqualification of Partnership Counsel to Protect Partnership Interests” —

  • ” A general partner has standing to seek disqualification of an attorney who was being paid and directed by the other general partner. Further, the trial court did not abuse its discretion by ordering the disqualification, because the representation may not have been in the partnership’s best interest.”
  • “The appellate court determined General Partner 2 had standing to seek the attorney’s disqualification despite the fact that General Partner 2 did not have a current or former attorney-client relationship with the attorney. The disqualification motion was based on the attorney’s lack of authority to act on behalf of the partnership, as opposed to disqualification based on a conflict of interest which would require a current or former attorney-client relationship.”
  • ” Significance of Decision. Lawyers and law firms should have a baseline understanding of the partnership’s requisite authority to hire counsel prior to consenting to represent the partnership. This baseline inquiry and understanding will minimize the likelihood of a lawyer or law firm consenting to represent a partnership without the proper authorization from the partnership and risking a dispute and potential disqualification at a later date.”
Risk Update

(DQ Week) Disqualifications, Deflected (IP, “No Harm,” and Time-barred Scottish)

Posted on

Today we’re about disqualifications that didn’t (or haven’t yet) hit their marks. Several interesting ones to share. (And I’ll note that I am not left handed…)

First, an IP matter. (An area I’m finding myself spending a bit more time. For any curious about the latest operational and policy developments by the USPTO, I’ve done a bit of recent writing here, pardon the self promotion.) Regarding our DQ theme, we have: “Pierce Bainbridge Scolded But Dodges DQ In Patent Suit” —

  • “A New York federal judge has ruled that a Pierce Bainbridge attorney stepped over the line by recording a conversation with an employee for a Chinese company that is being sued for patent infringement by a company the firm represents, yet said the firm could still stay on as counsel in the suit.”
  • “‘[The attorney] went beyond general attendance or commercial transactions and asked specific, targeted questions related to the scope of Xiaomi’s business operations in New York,’ the judge said. ‘This line of questioning is reminiscent of that in a deposition.'”
  • “In a motion Dareltech filed immediately after Judge Hellerstein’s order, the company said the employee Hecht and an investigator spoke with in fact worked for Xiaomi Technology Inc., a separate company that was not added to the suit until January. Thus the employee was not a represented party, the motion said.”
  • “In a seeming effort to counter this, Hecht attended a promotional event in December with an investigator, the decision said. While there, Hecht questioned Xiaomi employees about the company’s New York presence, and were told that the company had a division based in Manhattan, but that it was ‘a secret operation,’ according to the decision.”

Next up: “Federal Judge Rejects Motion by DOJ to Disqualify Defense Attorneys in Illegal Drug and False Marketing Case” —

  • “A South Florida judge has rebuffed an attempt by the Department of Justice to prohibit two Miami attorneys from representing their clients in federal court.”
  • “U.S. Magistrate Judge William Matthewman denied a prosecution motion to disqualify the defense counsel for dietary supplement company Blackstone Labs and its CEO Phillip Braun on Monday. The department’s April 1 motion asked the court to bar attorneys Benedict Kuehne and Michael Davis from representing the defendants in the Southern District of Florida.”
  • “The agency’s motion contended the Kuehne Davis Law litigators ‘should not be allowed to handle the charged case because the firm also represented a number of company employees as fact witnesses during the grand jury investigation.'”
  • “However, Matthewman’s 17-page order rejected the DOJ’s motion and allowed Kuehne and Davis to appear as defense counsel. The judge asserted the three conflict-laden witnesses cited by the prosecution are no longer represented by Kuehne Davis Law.”
  • See the text of the order here.

Next, from Hinshaw: “No Harm, No Foul: Disqualification Not Warranted When City Attorney Obtained Privileged, But Irrelevant, Communications During Internal Affairs Investigation” —

  • City of San Diego v. The Superior Court of San Diego County, D073961 (Cal. Ct. App. 4th Dist. Modified Jan. 7, 2019)
  • “During an internal affairs investigation concerning the leak of a confidential police report, the Police Department of the City of San Diego (the “City”) questioned a police detective about communications she had with an attorney who was representing her in a harassment and retaliation lawsuit against the city.”
  • “Under the threat of discipline and termination, the detective invoked the attorney-client privilege. After the detective was informed the City Attorney had determined the privilege did not apply, the detective disclosed the privileged communications during a second interview with the Department and the City Attorney.”
  • “The appellate court found that the City Attorney violated the attorney-client privilege and the rule of professional conduct prohibiting an attorney from communicating with a represented party about a pending matter.”
  • “However, as disqualification is a drastic remedy meant to be prophylactic and not punitive, the appellate court reversed the trial court’s order disqualifying the City Attorney, determining that disqualification was not warranted because the transcript of the interview established there was no genuine likelihood that the City’s misconduct would provide it with an unfair advantage or in any other way affect the outcome of the proceedings before the court.”

And finally, from Scotland: “Client fails in appeal against decision to dismiss complaint against lawyer as ‘time-barred” —

  • “A disgruntled litigant whose complaints against a Scots lawyer and a law firm were rejected as time-barred has had an appeal against the decision dismissed.”
  • “A judge in the Inner House of the Court of Session held that the Scottish Legal Complaints Commission (SLCC), in exercise of its ‘gatekeeping or sifting function,’ was entitled to exercise to its discretion by reaching the conclusion which it did.”
  • “Lord Menzies heard that the applicant John Innes was seeking leave to appeal against the SLCC’s determination that the applicant’s complaints against a solicitor employed by Pinsent Masons were each time-barred in terms of rule 7 of the Rules of the Scottish Legal Complaints Commission.”
  • “‘The applicant did not identify any exceptional reasons why the complaint was not made sooner, either in his response to the commission or before this court, and the commission could find none. Similarly, the applicant provided no information about any exceptional circumstances relating to the nature of the complaint and the commission could find none.'”
  • Full text of the ruling here.