Bressler Risk Blog

A few weeks ago a lawyer working on a conflicts presentation asked me if it felt like there were more disqualifications in the air these days versus “back then.” I said my sense was that the flow is pretty constant, at least over the past decade. There was a time where firms may have opted to forgo a motion, but today conventional wisdom is that disqualification pursuits for reasons including tactical disruption of opponent efforts are common.

But I wonder what the true picture looks like. Sounds like an opportunity for any enterprising data analysts or scientists out there to dig in. (If you’re out there reading, let’s chat.)

Meanwhile, here are a host of interesting DQ activities I’ve noted in my propriety risk story queue, starting with: “In Huawei Case, Prosecutors Ask Judge to Remove Lead Lawyer” —

• “Federal prosecutors want to disqualify the former deputy attorney general who is defending the Chinese telecommunications giant Huawei Technologies in a bank fraud case because the government believes his previous work for it poses a conflict of interest.”
• “…prosecutors said the attorney, James M. Cole, should not be permitted to represent Huawei because he had been briefed on an undisclosed investigation while serving as a top prosecutor in the Obama administration.”
• “The filing is redacted, making it difficult to ascertain the exact nature of the investigation. But Mr. Cole’s tenure at the Department of Justice — from the end of 2010 to the beginning of 2015 — may have overlapped with the period when federal authorities were gathering information on Huawei and its business dealings.”
• “Mr. Cole is now co-head of the white-collar and investigations practice at the Sidley Austin law firm… The 26-page redacted motion said that Mr. Cole had refused a request to recuse himself, and that his representation of Huawei ‘poses real and irresolvable conflicts of interest.'”

“Four Lewis Brisbois Lawyers Excluded From Bias Case” —

• “Four attorneys with Lewis Brisbois Bisgaard & Smith LLP retained to take over a sex discrimination investigation from the director of human resources at Newman University are barred from defending the school against her whistleblower claims.”
• “The attorneys are disqualified because they possess evidence material to the determination of the claims and defenses in the case brought by the Wichita-based university’s former HR director, Mandy Greenfield, the U.S. District Court for the District of Kansas said May 24.”
• “Newman asserts that the reasons for her firing were discovered during the independent investigation by the law firm, making the lawyers Newman’s only witnesses.”
• Note: Only the lawyers, not the firm were disqualified.

“Pierce Bainbridge DQ’d From Manilow Films Copyright Suit” —

• “A California federal judge on Tuesday disqualified Pierce Bainbridge Beck Price & Hecht LLP from representing a production company suing a management company for Barry Manilow over the copyrights of two films featuring the singer performing, finding the firm has a conflict of interest involving the parties.”
• “U.S. District Judge Dale S. Fischer granted the disqualification bid by intervenor Garry Kief, as Pierce Bainbridge cannot represent the production company, Stiletto Television Inc., in the copyright case while also representing two owners of the company in separate litigation initiated by Kief, according to Tuesday’s order.”
• “Kief argued in his disqualification bid last month that because a California state court has disqualified Pierce Bainbridge from representing Stiletto Television in the separate litigation because the company’s interests are conflicted with that of Grove and Queen, the firm may not represent the production company in this case, according to court documents.”

And, stretching the above reference of a certain musician to conjure an admonition not forget about an influential music producer, here is the latest from Mr. Freivogel, who is always in my reading queue:

• “Chingee v. Canada, 2019 FC 532 (CanLII) (Fed. Ct. Canada May 1, 2019). Lawyer No. 1 did work for Indian Band in the 1980s on a title claim, and in the 1990s on an election dispute regarding interpretation of Indian Band’s election law. Lawyer No. 1 brought this action on behalf of Plaintiff against Indian Band seeking a declaration that Plaintiff is a “Headman” under a certain treaty. Lawyer No. 2 substituted for No. 1 under a notice of change of solicitor. Indian Band moved to disqualify No. 1 and No. 2. In this opinion the court denied the motion. In a fact-intensive analysis the court found that No. 1 did not learn anything confidential and relevant to this case in his earlier representations of Indian Band. It would appear that whatever information possibly relevant to this case held by Indian Band had been public for many years. Thus, No. 1 was not in a position to relay to No. 2 any confidential Indian Band information relevant to this case.”
• “Encore Energy, Inc. v. Morris Ky. Wells, LLC, No. 1:18-CV-00180-GNS-HBB (W.D. Ky. May 7, 2019). In this case Encore seeks a declaration that it is a “financial institution” within the meaning of 15 U.S.C. § 6801. Law Firm appeared for Morris. About seven years ago Law Firm represented Encore regarding enforcement of a covenant not to compete in an employment contract. Encore moved to disqualify Law Firm in this case. In this opinion the court granted the motion. The court said that in the earlier case Law Firm would have to show the nature of Encore’s business in order to establish the scope of the covenant not to compete. Thus, the matters are substantially related.”

“The Limited Engagement Letter and Legal Malpractice” —

• “One hires an attorney to handle a case and expects that the attorney will handle the entire case at a level of good practice to which a competent attorney should adhere. No? Well not necessarily, as Attallah v Milbank, Tweed, Hadley & McCloy, LLP 2019 NY Slip Op 00583 [168 AD3d 1026] January 30, 2019 Appellate Division, Second Department tell us.”
• “‘This engagement does not, however, encompass any form of litigation or, to the extent ethically prohibited in this circumstance, the threat of litigation, to resolve this matter. This engagement will end upon your re-admittance to the College or upon a determination by the attorneys working on this matter that no non-litigation mechanisms are available to assist you. The scope of the engagement may not be expanded orally or by conduct; it may only be expanded by a writing signed by our Director of Public Service.'”
• “The letter of engagement conclusively demonstrated that there was no promise to negotiate. There was only a promise to investigate and consider whether there were any options possibly available to urge the school to reconsider the plaintiff’s expulsion. Anything else, including the defendant’s failure to commence litigation against the school and the defendant’s alleged rendering of legal advice regarding the efficacy of the plaintiff’s commencing a defamation action against others, was outside the scope of the letter of engagement.”
• After various facts played out and an unhappy client sued, said the Court: “‘An attorney may not be held liable for failing to act outside the scope of a retainer (see AmBase Corp. v Davis Polk & Wardwell, 8 NY3d 428 [2007]). Therefore, since the defendant’s alleged failure to negotiate with the school, its alleged failure to commence litigation against the school, and its alleged failure to properly advise the plaintiff on the efficacy of a defamation action against nonschool parties fell outside the scope of the parties’ letter of engagement, dismissal of the cause of action alleging legal malpractice was warranted, pursuant to CPLR 3211 (a) (1), on documentary evidence grounds.'”

“Are Pre-Engagement Lawyer-Client Arbitration Agreements Enforceable?” —

• Hypothetical: “A former client brought a legal malpractice claim against Bob… After he read the state-court complaint, Bob was pleased and even felt a little vindicated because he was certain the court would send the malpractice case to arbitration. Why? Because Bob’s carefully crafted engagement letter attached a document titled ‘Engagement Terms and Policies.'”
• “That document included the following: ‘Any dispute, claim or controversy arising out of any fees, billing practices or this engagement shall be settled by binding arbitration before a single arbitrator in Philadelphia, in an arbitration that ABC Co. administers. The arbitrator’s decision shall be final and binding on the parties. Judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof.'”
• “American Bar Association Formal Ethics Opinion 02–425 likewise states that ‘mandatory arbitration provisions are proper unless the retainer agreement insulates the lawyer from liability or limits the liability to which she otherwise would be exposed under common or statutory law.'”
• “Courts that have considered whether to enforce a pre-attorney client relationship arbitration agreement, including Mackin Medical v. Lindquist & Vennum, 2018 Phila. Ct. Com. Pl. LEXIS 146 (C.P. Phila. Dec. 26, 2018), have put teeth into Explanatory Comment 14 of Rule 1.8. Not by vaguely pontificating that ‘the client be fully informed of the scope and effect of the arbitration agreement.’ But by identifying the requirements for an agreement that satisfies their concerns.”
• “The result: a detailed road map for an enforceable pre-engagement lawyer-client arbitration agreement, which will allow the prospective client to make an informed decision regarding the proposed representation.”
• That roadmap comprises 11 elements. For that detail, see the full article.

These lawyer lateral movement stories never come as a surprise: “Clifford Chance Paris trio form partnership” —

• “A trio from Clifford Chance have launched their own firm, flagging freedom from conflict of interests associated with larger firms.”
• “The new independent firm will focus on preventing and resolving business-related disputes, through litigation and arbitration, as well as alternative negotiated solutions. Grandjean Avocats aims to provide corporations and their managers value added, highly personal, creative and efficient legal services.”
• “In addition to acting as counsel, all three partners aim to develop their roles as arbitrators and mediators, particularly since they say the size of their firm will enable them to avoid certain conflicts of interest inherent to larger firms.”

And: “2 Blank Rome White-Collar Partners Move to Norton Rose Fulbright” —

• “Two white-collar defense partners from Blank Rome in New York, including the former head of its white-collar and investigations practice, have decamped to Norton Rose Fulbright.”
• “A client conflict played a role in their decision to leave Blank Rome, said the two lateral partners, Carlos Ortiz and Mayling Blanco. Still, they said, Norton Rose’s team of lawyers around the world was the key selling point in their move to the firm.”
• “Ortiz said another ‘significant’ factor in the move was an opportunity to work with a client whose name he would not divulge that would have posed a ‘huge conflict’ at Blank Rome. He said he still had a great deal of respect for his former colleagues but stressed that the opportunities afforded by Norton Rose’s international reach and reputation were the most important factor in his and Blanco’s move.”
• “Grant Palmer, Blank Rome’s managing partner and CEO, wished the departing partners well in a statement. ‘Carlos and Mayling left the firm due to a potential client conflict issue, and we parted ways on excellent terms,” he said. “They are our friends and we look forward to continuing our strong relationship with them moving forward.'”

What’s interesting, but not suprrising, is the increasing focus on lateral due diligence generally across the profession: “In the MeToo Era, Lateral Candidates Are Going Under the Microscope” —

• “When assessing a prospective lateral partner candidate, those in charge of hiring at a law firm tend to consider a few common factors—ongoing work and client relationships and whether the candidate’s personality and approach will fit within the firm’s culture. But these days, in light of the MeToo movement that has called attention to workplace sexual harassment and misconduct, there are a few more questions that hiring partners might want answered before inviting a lateral on board, according to industry experts.”
• “The issues facing law firms in the MeToo era are not just academic. In the recent past, several reports have emerged about lawyers who switched firms, only to be dogged by sexual misconduct allegations soon after.”
• “…it’s unclear how common it is for a lateral hire to leave a new firm in the wake of a harassment or misconduct allegation. According to a recent survey of 50 firms by ALM Intelligence, 8 percent of respondents said that within the past five years they have had a lateral hire leave the firm because of actions the firm thought were unethical. A larger number, 40 percent, said they had lateral hires leave because of ‘behavioral issues’ involving staff or junior lawyers at the firm.“
• “The only way you can diligence this in a lateral context is asking the person if they’ve ever been accused of harassment,” Innocenti [Recruiter] says.
• “Ninety-two percent of firms said they have had a lateral leave within the past five years because he or she failed to bring the expected book of business, while 80 percent of firms pointed to an inability to form new client relationships as an issue that drove away laterals. Seventy-four percent of surveyed firms said they have had laterals leave because of issues fitting in with other partners.”

The folks at Ames & Gough have published their annual “Lawyers Professional Liability Insurers 9th Annual Claims Survey” —

• “In it’s ninth annual survey of lawyers professional liability claims, Ames & Gough examined the trend by polling 11 of the leading lawyers’ professional liability insurance companies that on a combined basis provide insurance to approximately 80 percent of the AmLaw 200 firms.”
• “The survey found the number of claims resulting in larger multimillion dollar payouts – as well as the dollar amounts involved – has surged in the past year; 2018 became the first year ever in which the majority of insurers surveyed had a claim payout of over $150 million. Furthermore, at least two settlements exceeded $250 million.”
• “Conflicts remain the biggest malpractice error. Year after year, the insurers surveyed have singled out conflict of interest (including perceived conflicts) as the most common alleged legal malpractice error. This year, seven of the 11 insurers surveyed cited conflicts either as the first or second leading cause of legal malpractice claims.”
• “Conflicts are especially problematic as more law firms seize opportunities for growth and expansion either through mergers or by bringing in lateral hires. According to the survey, there are times when a lawyer who changed firms can contaminate the new firm with what he or she learned at the old firm.”
• “‘To get control of this risk more firms are centralizing their conflicts of interest screening and managing the client intake process,’ Ms. Garczynski noted. ‘While that’s a step in the right direction, law firms still need to do a better job of flagging potential conflicts early and training their legal professionals on this issue. Firms unsure of how to properly screen a lawyer might consider working with an attorney who specializes in professional responsibility.'”

And for those who prefer to live on the edge: “Washington State Bar Decides Against Malpractice Insurance Mandate” —

• “The Washington State Bar Association’s board recently rejected a recommendation that it require the state’s licensed lawyers to obtain malpractice insurance.”
• “Washington’s decision last week came not long after the State Bar of California’s board also decided against moving forward with a malpractice mandate.”
• “Oregon and Idaho remain the only two states with a malpractice requirement for attorneys.”
• “While some board members agreed with mandate supporters that the percentage of uninsured lawyers was a consumer-protection issue, they suggested there were other ways of addressing the matter. One proposal was to examine the “South Dakota model.” In that state, lawyers who do not carry a minimum of $100,000 in insurance must disclose that information at the formation of the attorney-client relationship.”

It appears these issue are in the air, including in Georgia, where John Watkins from Thomson Hine opines on a proposed rule: “Malpractice Insurance Proposal May Require Changes in Current Insurance” —

• “Proposed Rule 210(a) states: ‘All active members of the State Bar of Georgia engaged in the private practice of law in Georgia must be covered by a policy of professional liability insurance, in an amount no less than $100,000 per occurrence and $300,000 in the aggregate, the limits of which are not reduced by payment of attorney’s fees or claims expenses incurred by the insurer for the investigation, adjustment, defense, or appeal of a claim.'”
• “There are many views pro and con about the State Bar’s proposed rule requiring lawyers have malpractice insurance. But there is a bigger problem with the proposed rule as written—if you have malpractice insurance, it almost certainly does not comply with the proposed rule and you probably cannot buy insurance that does.”
• “Thus if a large law firm has a professional liability policy underwritten by Lloyd’s syndicates on a typical policy form with $100 million per claim/$100 million aggregate policy limits, it would not comply with the proposed rule because the limits are not “per occurrence” and defense costs erode limits. I am quite certain that this is not what the State Bar had in mind when it proposed the rule, but the law firm with the hypothetical policy (and its lawyers) would technically be in breach if the proposed language is adopted.”

A few interesting technology-related risk and compliance stories of note.

I confess I’m personally waiting for the first report of Outside Counsel Guidelines that establish rules preventing any matter discussion within earshot of a smart device (including a phone). I suspect it’s only a matter of time, though my science-fiction forecasting sometimes leans a little dark.

But I’m not the only one thinking along these lines, as stories have surfaced of “accidental” monitoring by big tech (and just the general ethics and implications of the how these are designed and used). For lawyer specific analysis, see: “Lawyers’ Digital Assistants Raise Ethics, Privacy Concerns” —

• “Is my Amazon Echo spying on me? Recent years have witnessed the growth and proliferation of voice-activated virtual assistants like the Echo, Google Home and Apple Home Pod, which have picked up where Apple’s Siri left off: streaming music, scheduling appointments, sending texts, checking weather and preparing grocery lists, all without so much as the flip of a switch.”
• “Amazon’s Alexa, once activated by voice command, digitally records the owner’s instructions, which are then stored in the cloud until erased by future use. This has raised privacy issues, prompting at least one commentator to refer to digital assistants ‘as Trojan horses in the age of digital surveillance.'”
• “But there are ethical concerns for lawyers as well. The ethics rules require lawyers to preserve and maintain the confidentiality of client information, particularly in digital format… The risks associated with transmission of client confidential information electronically include disclosure through hacking or technological inadvertence. A lawyer’s duty of technological competence may include having the requisite technological knowledge to reduce the risk of disclosure of client information through hacking or errors in technology where the practice requires the use of technology to competently represent the client.”
• Attorneys who do use digital assistants may find it prudent to unplug or disable the microphones during client meetings or phone calls, and may seek to restrict their linkage to other sensitive databases. For example, attorneys might decide not to sync up their client databases with their digital assistants. The Amazon Alexa app has privacy functions which permit users to block the transmission of recorded messages to Amazon employees.”
• “One thing is for certain: Lawyers must continue to keep abreast of new developments in professional responsibility in addition to keeping up with evolving technology and the security risks that accompany new technology.”

On another technology note, a few readers noted this development, covered nicely by Karen Rubin: “Military prosecutor sent “bugged” e-mail to defense lawyers, says motion” —

• “But first, how does ‘web-bugging’ work? It involves placing a tiny image with a unique website address on an Internet server, and dropping a link to that image into the bugged e-mail. The image might be invisible or it might be disguised as a part of the document. It works by transmitting specified information to the sending party when the recipient opens the ‘bugged’ document.”
• “Three jurisdictions (Alaska, New York and, most recently, Illinois) have issued opinions pointing to the ethics issues that can arise when lawyers use such tracking devices surreptitiously to get a leg up on an opposing party.”
• “The latest web-bug development comes not in a staid ethics opinion, but in military proceedings in which a Navy lieutenant is charged with conduct unbecoming an officer, with connections to a high-profile war crimes court-martial involving a Navy SEAL and an Islamic State prisoner. The circumstances sound straight out of a thriller.”
• “As reported in the ABA Journal, earlier this month defense lawyers for Lt. Jacob Portier filed a motion accusing a military prosecutor of sending “bugged” e-mails to thirteen lawyers and paralegals, plus a reporter with the Navy Times. According to reporting by the Navy Times, Portier is accused of holding a reenlistment ceremony for a Navy SEAL next to the corpse of an Islamic State prisoner allegedly stabbed to death by the SEAL.”
• “The SEAL has pleaded not guilty to a charge of murder in the stabbing death, which occurred in Iraq in 2017, and the military case has drawn much attention, including from President Donald Trump, said the Navy Times.”

I confess that if you’re reading this by email, and click “download images,” your client will load an image from my mailing list provider, who will generate an aggregate report telling me that folks out there are reading these. (This is recommended and encouraged, as that knowledge is what’s keeping me going here.)

Next, noting Karen’s apt “straight out of a thriller” characterization. See also: “Judge in war crimes case against Navy SEAL weighs dismissal motion” —

• “The judge in the court-martial of a Navy SEAL platoon leader accused of war crimes in Iraq is weighing defense motions to dismiss the charges or otherwise remove the lead prosecutor and possibly the judge himself from the case.”
• “The hearing comes 11 days before Special Operations Chief Edward Gallagher is due to go on trial charged with killing a helpless, wounded Islamic State fighter in his custody and of shooting two unarmed civilians, a schoolgirl and an elderly man.”
• “The defense specifically has accused Navy lawyers of conducting illegal surveillance of defense attorneys and news media by way of electronic tracking software secretly embedded in emails sent to the defense.”
• “In court, prosecutors have said the email “auditing tools” they used were designed merely to detect the flow of emails without revealing their content, and were aimed at pinpointing the source of leaks from case files sealed by the judge.”
• “Timothy Parlatore, a civilian lawyer leading Gallagher’s defense, also said the Navy’s Judge Advocate General’s Office undermined fairness of the proceedings by issuing a statement last week saying the government was acting ‘as part of a lawful, authorized and legitimate investigation.'”
• “The case, being conducted at U.S. Naval Base San Diego, has attracted the attention of President Donald Trump… Trump said he was considering pardons for two or three American servicemen charged with war crimes, but might wait until they stood trial before deciding.”

Continuing our miniseries on judicial conflicts with a hat tip to the Legal Profession Blog for noting a few recent opinions, first from the South Carolina Advisory Committee on Standards of Judicial Conduct: “Docket Clerk’s Relationship Not Imputed To Judge” —

• “A municipal court judge’s docket clerk is in a relationship with a law enforcement officer for the same municipality. The docket clerk is responsible for scheduling cases and documenting events that occur in cases while in open court. The docket clerk is also responsible for case management, including recording final dispositions in Municipal Court cases and following instructions from the municipal judge(s). The docket clerk appears in court regularly and may be present at the same time that the law enforcement officer the clerk is dating appears to prosecute traffic cases. The municipal court judge inquires as to whether he or she must disclose to all parties the relationship between the docket clerk and the law enforcement officer, or if the docket clerk should be recused from handling those cases.”
• “In this case, the judge is not actually involved in a relationship with the law enforcement officer, and there is no cause to question the judge’s impartiality. Furthermore, the docket clerk merely performs ministerial duties regarding case scheduling and management. Thus, there is no need to recuse the docket clerk from cases in which the law enforcement officer appears. Likewise, there is no need for the judge to disclose the relationship of the docket clerk and the law enforcement officer to all parties.”
• Full text of opinion.

Next from the Florida Judicial Ethics Advisory Committee: “A Judge’s (Ap)parent Conflicts” —

• 1. Whether a judge whose lawyer-parent is no longer associated with former law firm must continue recusing from the law firm’s cases. ANSWER: No.
• 2. Whether judge whose parent owns building leased to a law firm must enter automatic recusal when the firm has a case before the judge. ANSWER: Yes, unless the parent’s interest can be classified as de minimis.
• Full text of opinion.

Several interesting stories and updates touching judges and courts have caught my eye recently. Thought readers would find them interesting as well. First up something you don’t see every day: “Judge rips insurance company for ‘immoral, barbaric’ cancer denials” —

• “A federal judge blasted UnitedHealthcare last month for its ‘immoral and barbaric’ denials of treatment for cancer patients. He made the comments in recusing himself from hearing a class-action lawsuit because of his own cancer battle — and in so doing thrust himself into a heated debate in the oncology world.”
• “The case that came before US District Judge Robert N. Scola was brought by a prostate cancer survivor who alleged that UnitedHealthcare wrongfully denied him and thousands of others coverage of proton beam therapy.”
• “In his recusal, Scola cited his own battle with prostate cancer and how he consulted ‘with top medical experts around the country’ about treatment options. Scola said that he ultimately opted for surgery but that ‘all the experts opined that if I opted for radiation treatment, proton radiation was by far the wiser course of action.'”

“Calif. Cities Say Judge In Homelessness Case An ‘Advocate‘” —

• “Three cities in Orange County, California, on Friday asked a federal judge overseeing a case about their treatment of homeless residents to step aside, saying that the judge took on the role of an “advocate” in a similar case, calling his impartiality into question.”
• “[Saying] Judge David O. Carter had taken steps in resolving a lawsuit against other Orange County cities that called into question his ability to be fair in the current dispute, including touring a homeless tent city multiple times, taking ex parte meetings with city officials and generally pushing the parties towards the resolution he preferred.”
• “The motion said that the judge’s actions were not unethical in the prior case since he was acting with the blessing of the parties, but did not reflect well on his ability to be unbiased against the cities in the new suit.”
• “In addition to his repeated visits to homeless encampments in the county and his efforts to work directly with the cities in the Catholic Worker suit, the motion to disqualify said, Judge Carter had criticized the cities that had not attended a meeting he organized, including the cities filing the motion. Moreover, at a recent hearing he had acted as though an injunction in the case were a foregone conclusion, before he’d had a chance to hear any legal arguments, the motion said.”

David G. Ries, of counsel at Clark Hill reminds all: “Safeguarding Client Data: An Attorney’s Duty to Provide ‘Reasonable’ Security” —

• “Confidential data in computers and information systems, including those used by attorneys and law firms, faces greater security threats today than ever before… Attorneys have ethical and common law duties to take competent and reasonable measures to safeguard information relating to clients and also often have contractual and regulatory duties to protect confidential information.”
• “The ABA has issued two formal ethics opinions on security topics since the 2012 rules amendments. ABA Formal Opinion 477, “Securing Communication of Protected Client Information” (May 2017), while focusing on electronic communications, also explores the general duties to safeguard information relating to clients in light of current threats.”
• “In October, the ABA published Formal Opinion 483, ‘Lawyers’ Obligations After an Electronic Data Breach or Cyberattack.’ It reviews lawyers’ duties to safeguard data and concludes ‘[w]hen a data breach occurs involving, or having a substantial likelihood of involving, material client information, lawyers have a duty to notify clients of the breach and to take other reasonable steps consistent with their obligations under these model rules.'”
• “Law firms are increasingly obtaining cyberinsurance to transfer some of the risks of confidentiality, integrity and availability of data in their computers and information systems. This emerging form of insurance can cover gaps in more traditional forms of insurance, covering areas like restoration of data, incident response costs, and liability for data breaches.”

“ABA issues new guidance on lawyer obligations after a cyber breach or attack” —

• “‘How a lawyer does so in any particular circumstance is beyond the scope of this opinion. As a matter of preparation and best practices, however, lawyers should consider proactively developing an incident response plan with specific plans and procedures for responding to a data breach. The decision whether to adopt a plan, the content of any plan and actions taken to train and prepare for implementation of the plan should be made before a lawyer is swept up in an actual breach.'”
• “In addition, lawyers should recognize that in the event of a data breach involving former client information, data privacy laws, common law duties of care, or contractual arrangements with the former client relating to records retention, may mandate notice to former clients of a data breach. A prudent lawyer will consider such issues in evaluating the response to the data breach in relation to former clients.”

Ending yesterday’s update with a note about an actual breach, today we pull back to get a quite interesting big picture perspective published by the ABA: “The Anatomy of a Data Breach: An overview of the actors, roles and impacts of a cybersecurity breach” —

• “Breaches come in many variants, far too many to cover in a single article. But there is a general flow to a breach. Since we make a living investigating breaches and remediating the vulnerabilities that caused them, let us take you on an anatomical tour of the common elements of a typical breach.”
• “To make the reading more fun, we have offered up ‘quotes’ from the players typically involved in a breach. Many are taken from real life incidents.”
• “If the point of the breach is to purloin data, hackers will use their malware to move laterally across your network and ‘pwn’—hackerspeak for ‘own’—everything they can. Imagine the value of data in a mergers and acquisition law firm. The hackers could sell the data to others or use it themselves to get rich in the stock market. State-sponsored hackers can give their countries a competitive advantage against the U.S.”
• “If the law firm has an Incident Response Plan, it’s the first resource for those in charge of handling the breach. They begin by picking up the phone to call the regional office of the FBI; then their insurance company, data breach lawyer, digital forensics company and bank; and the list goes on. All 50 states have data breach notification laws, so carefully determine if a report (or reports) must be filed, and by when.”
• “Rarely, if ever, does a law firm notify clients at this early juncture. In most breaches, it isn’t immediately known what data was compromised, and there is natural reluctance to tell clients anything until the investigation is well underway. When the breach goes public, however, there’s little choice but to talk to clients.”
• “The cyber insurance world remains the Wild, Wild West… Buffett’s views are reflected in more and more cyber insurance policies, which often include requirements for security audits and include language about conforming to industry cybersecurity standards. The quintessential ‘we don’t cover stupid’ case is Columbia Casualty Co. v. Cottage Health System. There are now more cases where insurers are saying that the insured did not take the reasonable security steps required by the policy.”

With a complex threat landscape, and more of a track record to rely on, law firms are increasingly looking to shift some of the responsibility and risk for information security to their vendors in the cloud: “Lawyers And Cloud Computing: It’s Not So Complicated Anymore” —

• “Cloud computing is a concept that most lawyers are familiar with in 2019. But it wasn’t always that way.”
• “[b]eginning in 2010, cloud ethics opinions were issued quite frequently, with as many as three or four being handed down by various jurisdictions in some years. But beginning in early 2017, after the Illinois opinion listed above (Opinion No. 16-06), there was a noticeable lull, with no opinions being issued to the best of my knowledge until Texas addressed the issue a full year and a half after the Illinois opinion.”
• “I would suggest that the reason for this is simple: cloud computing is now an accepted, trusted technology. As a result lawyers are comfortable using it, and thus don’t feel the need to submit inquiries to their bar associations’ ethics committees regarding whether it’s ethical to do so. In fact, according to the latest ABA Legal Technology Survey report, the majority of lawyers (55 percent) have used cloud computing software tools for law-related tasks.”

For example, several firms have cited security as a key driver in adopting cloud based document management solutions. Here’s a recent one from Anthony Garza Sr. Director of IT at Dickinson Wright, quoted: “What really changed the game for us was NetDocuments’ commitment to security and their willingness to help the firm navigate our cloud-based security challenges.”

“Why Hidden Malware May Be Potential National Catastrophe” —

• “Another class of company being targeted aggressively by these super stealthy offerings are law firms. Speculation is–given these are mostly very large firms that do lots of M&A–that the effort is to get insider trading information. This is less of a global threat, but it would potentially be a firm killer, because the Securities and Exchange Commission typically takes a very dim view of anyone who participates in insider trading.”
• “The SEC clearly could source the compromised law firm that was the cause of an identified insider trading event. Thinking more broadly, what will the clients of that firm do if/when they find that all their confidential information on that firm’s servers was now public?”
• “This not only could kill the law firm, but it could do massive damage to the firm’s clients. Since we are talking about some of the largest law firms in the U.S., that devastation could be massive.”

Also making news recently is the malware attack on Wolters Kluwer, which provides software (and houses data) for accountants, lawyers and other professionals. Vendors matter: “A malware attack against accounting software giant Wolters Kluwer is causing a ‘quiet panic’ at accounting firms” —

• “A malware attack on Wolters Kluwer, a popular tax and accounting software platform, has left many in the accounting world unable to work this week and sparked concerns about the security of the tax return and financial information stored on the company’s cloud servers.”
• “Wolters Kluwer provides software and services to all of the top 100 accounting firms in the U.S., 90% of top global banks and 93% of Fortune 500 companies, according to its web site.”
• “A cybersecurity professional at one Big Four accounting firm said she had received reassurances from Wolters Kluwer that account information had not been accessed. But she also said her firm took additional precautions to ‘limit any possible exposure’ to the malware attack through the accounting giant’s technology connections to the software company.”