Risk Update

Attorney-Client Privilege ⁠Edition — Mergers, In-House Counsel, Sanctions & Information Security

This caught my eye, thinking about the applicability to firm-to-firm mergers: “How To Protect Atty-Client Communications After A Merger” —

  • “When negotiating deals for clients, lawyers should heed an often-overlooked 2013 ruling on the issue of who will own privileges over attorney-client communications because a failure to do so can result in legal trouble down the line, experts say.”
    “But one area that some lawyers miss was addressed in a 2013 Delaware Court of Chancery ruling — the question of which party will own privileges over attorney-client communications once the deal is done, especially if the target is transferring its computer systems and email servers as part of the agreement.”
  • “In the fall of 2012, private equity firm Great Hill Partners sued e-commerce company Plimus Inc., which it had brought the previous year. According to the lawsuit, Plimus fraudulently induced Great Hill into the transaction, allegations the PE shop made based in part on correspondence between Plimus and its attorneys that had been archived on company computers and passed on to Great Hill in the deal.” [Was curious and discovered it looks like GHP lost last year.]
  • “Plimus argued the communications were still protected post-sale under attorney-client privilege, but Chancellor Leo Strine ultimately found that under Delaware law, that privilege itself — along with the information it covered — traded hands in the deal. Chancellor Strine also noted in the ruling that the sellers could have protected themselves by negotiating provisions that excluded attorney-client communication from the assets handed over.”
  • “Kendall said he often tries to include language that allows a client to erase communications or take certain emails off a server before providing the buyer with those assets. This is important because sometimes one side will push back on how much freedom the other side should have to go in and get rid of emails or other communications. The more detailed the original protection provision is, the better chance of getting a strong clause into the final merger agreement, he said.”

New Insights On Privilege, Ethics Duties For In-House Attys” —

  • “In Fischman v. Mitsubishi Chemical Holdings America Inc., Judge Jesse M. Furman of the U.S. District Court for the Southern District of New York ruled on July 11, that Jennifer Fischman, former acting general counsel and chief compliance officer of Mitsubishi Chemical Holdings, did not rely on privileged and/or confidential client information in asserting claims of sex discrimination and retaliation against her former employer. Judge Furman also found that, even if Fischman had relied on privileged and/or confidential information, dismissal of her complaint at the prediscovery stage of litigation would not be the proper remedy.”
  • “Although it is commonly assumed that in-house legal advisers are prohibited from using any information whatsoever about their employers in pursuing discrimination claims against them, this opinion dispels that notion.”
    “Specifically, Mitsubishi claimed that Fischman had violated the attorney-client privilege and/or breached her ethical obligation not to disclose client confidences by disclosing in her complaint: the company’s annual revenue; the fact that she managed “a number of high exposure lawsuits” during her tenure; the fact of the company’s relationship to its subsidiaries; her job duties and accomplishments; her male colleagues’ compensation; Mitsubishi employees’ comments about sexism at the company; the performance of internal investigations at the company; and unethical conduct by her own colleagues.”
  • “In denying the motion, Judge Furman expressly held that none of the information identified by Mitsubishi was protected by the attorney-client privilege or by Fischman’s ethical obligation to protect client confidences. The court explained that the only circumstances in which a client may invoke the attorney-client privilege are to protect ‘a communication between client and counsel’ that was (1) ‘intended to be and was in fact kept confidential’ and (2) ‘made for the purpose of obtaining or providing legal advice.'”
  • “Since most of the information identified by Mitsubishi ‘involve[s] narratives of events, rather than communications,’ it is not subject to the attorney-client privilege. Specifically, the court indicated that allegations about matters such as the company’s revenue, Fischman’s job duties and accomplishments, the performance of internal investigations, and unethical conduct by her colleagues, did not involve communications. As to the information that derived from communications, Judge Furman held that it is not privileged because it ‘recount[s] informal conversations between employees about sexism in the company,’ not comments made for the purpose of obtaining or providing legal advice.”

Bilzin Sumberg Sanctioned For Claims Against Opponents” —

  • “A Florida state judge has sanctioned Bilzin Sumberg Baena Price & Axelrod PA and partner Jose M. Ferrer, finding they improperly handled attorney-client privileged communications that formed the basis for a bad-faith motion to strike their opponent’s defenses ahead of a damages trial in a dispute between former business partners.”
  • “In a scathing 51-page order issued Sept. 16, Miami-Dade Circuit Judge Beatrice Butchko found that it should have been obvious to Ferrer that the secretly made recordings he received from a member of defendant Vicken Bedoyan’s legal team in Bolivia were privileged materials and that the attorney acted in bad faith by making scandalous and baseless allegations that Bedoyan’s counsel participated in a scheme to bring trumped-up criminal child pornography charges in Bolivia against his client, gold dealer Harout Samra, to gain an advantage in their litigation in Miami.”
  • “Based on the evidence presented, the judge said she rejected Ferrer’s claim that he did not believe the materials he received from Inchausti were privileged and added that at minimum, the highly suspicious circumstances surrounding them ‘should have alerted Mr. Ferrer not to use them.’ She faulted Ferrer for not bringing the recordings to the defense’s or the court’s attention and said his fashioning of Samra’s motion to strike as an emergency motion was in bad faith because they had possession of the materials for weeks beforehand.”

And a general reminder of the importance of information security, with a focus on the technical details: “Law Firms Need to Prioritize Privilege to Protect Client Information” —

  • “When it comes to securing confidential data, law firms are often not held to the same standards as other service providers…
    When an organization invites outside counsel into its network or provides access to confidential information, it introduces third-party risk. Most organizations don’t do enough to secure third-party vendor access and outsourced legal counsel is often overlooked by InfoSec teams, which significantly increases the security risk.”
  • A large law firm with more than 4,000 attorneys who service some of the largest organizations around the world fell victim to the NotPetya attack a few years ago, disrupting services and costing them millions. Better endpoint protection is needed as ransomware continues to be a threat to law firms both large and small. When it comes to access rights, Law firms need to be treated the same as any other remote third-party vendor.”
  • “One of the most common strategies used by malicious insiders and external attackers is to attempt to gain privileged access in order to execute a successful attack. Privileged accounts are everywhere – in every networked device, database, application and server on-premises and in cloud and hybrid environments. Nearly all advanced attacks involve the compromise of privileged credentials. These credentials provide anyone who gains possession of them the ability to control an organization’s resources, disable security systems and grease the tracks for providing fast access to vast amounts of client information and other sensitive data. In the wrong hands, access to this data can cause significant business disruption.”