Bressler Risk Blog

We’ve covered several updates about Zoom and general conferencing risks. New technologies always bring new potential and often new risks. Here’s more on the question of these convenient listening devices in many homes. It looks like sensitivity levels, concerns and mitigation practices are starting to rise, if the quoted firm representatives are any indication, in: “Digital Ears Everywhere: Lawyers’ Home IoT Devices Stoke Privacy Concerns” —

• “Can a confidentiality agreement or attorney-client privilege be compromised by your smart refrigerator or smart speaker? It’s a question that’s becoming all the more pertinent these days.”
• “Lawyers say internet of things (IoT) devices can pose a security and privacy threat as more legal professionals work and discuss sensitive client matters from home and hackers adjust their attacks.”
• “But Dickinson Wright member Sara H. Jodka said lawyers owe it to their clients to protect their privacy. ‘Because I don’t know and I can’t guarantee that privacy to my clients, I will not have that technology on when I am having sensitive client phone conversations,’ she said.”
• “To be sure, IoT devices have been known to listen in. Last summer, it was revealed various Facebook, Apple and Google products leverage contractors to manually review recordings directed to their software. The IoT devices are also not impenetrable. Earlier this year, Amazon.com Inc. was hit with a class action suit over hacks of its internet-connected home surveillance product Ring.”
• “Uncertainty aside, Giftos said her firm [Husch Blackwell] has internally and externally shared articles highlighting the potential cybersecurity and privacy pitfalls of IoT devices. She also noted she turns off her personal IoT electronics and Siri when making client calls.”
• “Unplugging IoT devices when making client calls isn’t irrational, but practical for mitigating risk, agreed Stroock & Stroock & Lavan chief information officer Neeraj Rajpal.”

And even more recent commentary and action: “Lawyers urged to switch off Alexa when working from home” —

• “Toni Vitale, head of data protection at JMW Solicitors, said that hackers could access sensitive details through the speakers. ‘We’ve told staff to check the default settings on the speaker and to the extent that you can, switch them off during the working day,’ Mr Vitale said.”
• “‘Obviously we advise clients and their view is going to be that if you didn’t change the setting you’re liable. You’re liable for any breach of security that happens and not just in the sense that you might by fined by the ICO but that you might be liable to those clients personally.'”
• “Mishcon de Reya, the law firm which advised Princess Diana on her divorce from Prince Charles, is understood to have also issued similar advice to staff.”

Hat tip to Max Welsh, risk consultant at InOutsource and member of the State Bar of Wisconsin’s Standing Committee on Professional Ethics for noting: “Pennsylvania Bar Issues First Opinion on Remote Work Amid Crisis” —

• “Client data confidentiality is paramount while lawyers and law office staffers work remotely during the coronavirus pandemic, the Pennsylvania Bar Association said in an opinion written to address ethical concerns voiced by lawyers ordered to close their offices.”
• “The opinion is the first of its kind to be released by a state bar, although others including Michigan and Oregon have issued ethical guidelines for attorneys.”
• “‘The COVID-19 pandemic has caused unprecedented disruption for attorneys and law firms, and has renewed the focus on what constitutes competent legal representation during a time when attorneys do not have access to their physical offices,’ the bar’s legal ethics committee said April 10.”
• “The committee pointed out that while the issue of remote work isn’t new, and past ethics opinions have addressed related topics like technological competence, many attorneys and staff weren’t prepared to work from a home office once the state’s stay-at-home order went into effect, prompting the opinion.”
• “Some ‘reasonable precautions’ for lawyers and staff to take to protect confidentiality under professional ethics rules include:
  • Requiring the encryption or use of other security to assure that information sent by electronic mail are protected from unauthorized disclosure;
  • Using firewalls, anti-virus and anti-malware software to prevent the loss or corruption of data;
  • Requiring the use of a Virtual Private Network or similar connection to access a firm’s data; and
  • Requiring the use of two-factor authentication or similar safeguards.”

On the topic of encryption and security, Max referenced several stories we’ve noted on the potential perils of Zoom conferencing. (I’ve stopped covering each update, but in the past weeks: India, Siemens, Standard Chartered Bank, Google, the German government and US Senate have joined the growing ranks of banners.)

We’re both wondering how law firms are responding… and the extent to which client OCGs may apply as well… If anyone has personal or anecdotal updates on this front to share (with or without attribution), I’m all ears…

And I note the irony that the Pennsylvania Bar appears to be using Zoom for today’s presentation: “The COVID-19 Crisis: A Conversation with the PBA President and Leadership” and the virtual social hour scheduled to follow…

“Holland & Knight Drops Miami Herald Records Suit After Call From DeSantis’ Office” —

• “Shortly after receiving a call from the counsel to Florida Gov. Ron DeSantis, Holland & Knight declined to go forward with a lawsuit on behalf of the Miami Herald that seeks to dislodge the names of elder-care facilities where people have tested positive for the novel coronavirus.”
• “After the call between DeSantis’ general counsel, Joe Jacquot, and Holland & Knight partner George Meros, the firm told partner Sanford Bohrer—who was directly representing the company—to abandon the lawsuit, according to the Herald and Bohrer. But the Am Law 100 firm says the decision was made to avoid conflicts and delays in the case.”
• “Holland & Knight said the firm ‘acted appropriately in declining the representation of the Miami Herald. After assessing the possibility of a conflict of interest, the confidentiality of client communications, and the risk of an adverse impact or delay on the Miami Herald’s records request, the firm concluded that it was best for another law firm to take over the matter. Those were the only factors the firm considered. The records request will continue unimpeded with new counsel.'”
• “University of Miami School of Law professor Jan Jacobowitz said Holland & Knight’s decision to drop the lawsuit could have happened for multiple reasons ranging from conflict rules to simple business considerations… Or, Holland & Knight may have decided that the firm should keep the state’s business rather than the Herald’s, Jacobowitz added.”
• Said publisher and executive director of the Miami Herald in a published statement: “We are disappointed that the governor’s office would go so far as to apply pressure on our legal counsel to prevent the release of public records that are critical to the health and safety of Florida’s most vulnerable citizens. We shouldn’t have had to resort to legal action in the first place. Anyone with a relative in an elder-care facility has a right to know if their loved ones are at risk so they can make an informed decision about their care.”

“Florida Officials Deny Pressuring Law Firm to Drop Coronavirus Records Case” —

• “Denying the claim, the governor’s office said by phone Monday that Jacquot’s contact with Holland & Knight was limited to a routine conversation about a presuit notice he had received from the Herald.”
  “When asked if he exerted any pressure on the firm to withdraw from the litigation, Jacquot said, ‘Not at all. My only purpose for calling was that [there was] a five-day window to see if we could figure out some resolution, which we are still working on.'”
• “Helen Ferre, a spokesperson for Republican Governor Ron DeSantis’ office, added: ‘We’re undergoing [a] global pandemic. This public records request was made March 23. We only have essential workers who are physically in the building, so it’s taking a little bit longer to fulfill all the public records requests. Two and a half weeks, especially under these circumstances, is not an unreasonable time.”'”

“Credit Suisse Loses Bid to Kick Lead Investigator Off Spy Probe” —

• “Credit Suisse Group AG lost a bid to remove the lawyer leading a Swiss regulatory probe into a spy scandal because of a potential conflict of interest, according to a person familiar with the situation.”
• “Thomas Werlen is independent despite the fact his law firm has opposed Credit Suisse in some cases, Switzerland’s Federal Administrative Court said in a ruling released late Tuesday. Werlen, a partner at Quinn Emanuel Urquhart & Sullivan, had been appointed to lead financial regulator Finma’s probe in March.”
• “The decision didn’t identify the bank or the law firm, as is typical in Switzerland, but it related to Credit Suisse and Werlen, according to the person, who asked not to be named because of the confidential nature of the ruling.”
• “Credit Suisse continues to be dogged by the scandal that erupted after it spied on star banker Iqbal Khan who was leaving for rival UBS Group AG. Before the end of 2019, the bank acknowledged that human resources chief Peter Goerke had also been monitored, and a former U.S. executive also alleged she had been followed.”

“Anti-graft agency lets Yanukovych’s ex-lawyer work at bureau investigating him” —

• “The National Agency for Preventing Corruption (NAPC) believes that Oleksandr Babikov, the former lawyer of ex-President Viktor Yanukovych, has a legal right to work at the State Investigation Bureau and currently has no conflict of interest, according to documents released by the agency. Meanwhile, the bureau is pursuing cases against Babikov’s former client Yanukovych.”
• “But the NAPC, which is legally entitled to identify conflicts of interest, concluded that Babikov, the first deputy head of the bureau, would only have a conflict of interest were he to become the acting head of the State Investigation Bureau.”
• “Babikov previously denied having represented Yanukovych. However, this claim contradicts the official court cases register. The NAPC has also refuted Babikov’s claim.”
• “Yanukovych is charged with the murder of protesters during the EuroMaidan Revolution, which ultimately drove the former president from power in February 2014, as well as with corruption during his presidency.”
• “But the bureau’s second department, which is directly subordinate to Babikov, is investigating a usurpation of power case against Yanukovych. Babikov was a defense lawyer in this case, Sergii Gorbatuk, the former top investigator for EuroMaidan cases, and Vitaly Tytych, a lawyer for the families of the EuroMaidan protesters, told the Kyiv Post. Gorbatuk argued that this constitutes a conflict of interest for Babikov.”
• “Tytych also said that Babikov is legally banned from holding his job at the State Investigation Bureau by Ukraine’s law on defense lawyers. The law states that lawyers cannot switch sides in a criminal case because that would constitute a conflict of interest. The law also says that everything possible must be done to prevent defense lawyers from violating attorney-client prvilege and revealing their clients’ secrets, which can happen when they switch sides.”

Longtime readers likely observe that I’m intrigued by the issue of reputation risk and how firms navigate those waters. The recent economic turn has surfaced many stories of firms cutting back — including salaries cut and staff furloughed. Some of the examples I’ve noted present optics that certainly raise eyebrows, particularly low level staff let go and losing benefits.

Beyond reputation questions (including curiosity of the extent to which clients are watching), there are real HR risks to consider as well when lives are potentially disrupted during these uniquely challenging times.

Acknowledging of course that the world is complicated and these situations are difficult for all, I was pleased to come across a different type of story to share:

“Paul Hastings Launches Fund to Support Staff and Lawyers Hit by Coronavirus” —

• “While a growing number of a law firms eye furloughs and layoffs in response to the COVID-19 crisis, Paul Hastings is fundraising to respond to the emergency needs of staff who’ve been harmed by directly by the virus or have suffered from its consequences.”
• “The firm, which generated almost $1.27 billion in revenue last year, has announced that it will directly match all contributions made by partners, lawyers and any other staff. Money from the resulting fund will be available to any employees who are eligible for benefits: staff and associates, along with other non-partner lawyers.”
• “Employees will be eligible to apply for funds for themselves or on behalf of dependents or immediate family members. The firm’s leadership worked with the partners who lead PH Balanced, the firm’s initiative focused on work-life balance.”
• “While the firm is still finalizing the criteria for eligibility, the list of needs covered will include medical expenses that go beyond what is included in regular benefits, as well as mental health care, including apps for remote consultations and co-pays. Also on the list are increased child care expenses, household utility costs, and added commuting expenses for those who need to work out of the house and are avoiding transportation. Funeral costs also qualify, although Ilaria hopes that won’t be necessary.”
• “‘The firm’s match is unlimited,’ said Paul Hastings chairman Seth Zachary. ‘We wanted that feeling of participation across our firm.'”

“Atty For NRA Can’t Sue Family Biz, Ad Agency Says” —

• “Ackerman McQueen asked a Texas federal court Monday to boot William A. Brewer III and his firm, Brewer Attorneys & Counselors, from a multipronged court fight that has emerged from the dissolution of the four-decade relationship between the NRA and the firm. Ackerman McQueen alleges Brewer has for months been teetering on the edge of sanctionable conduct, but crossed the line by exploiting familial connections — the CEO of Ackerman McQueen is his brother-in-law — to bring a suit for his own benefit.”
• “Not only is Brewer representing the group in a suit against his family business but he also played an instrumental role in the conspiracy to destroy the ad agency’s relationship with the NRA, according to Monday’s motion.”
• “…Linda S. Eads, professor emerita of Southern Methodist University’s Dedman School of Law, who said she reviewed the issue and determined there’s no legal basis to disqualify Brewer. ‘Factually, it appears to be supported only by assumptions and innuendo. Also it is based on allegations that have not been factually established,’ she said. ‘It is too early in the litigation process to use such unsupported claims as a basis for disqualification, which is one of the most serious actions a court can take against a litigation party — to cause the party to lose its lawyer.'”

Unrelated, it appears the NRA is suing New York for designating gun stores as non-essential as part of Covid-19 related restrictions. Interestingly, Arizona disagrees, coming down that both gun stores and golf courses are essential.

Next, back on topic, Professor Alberto Bernabe notes on his own excellent blog (linking to two more blogs for those interested in the details, for Inception-like depth, if you want to find the swimming / unicorn particularys): “Recent discipline case based on conflicts of interest” —

• “I often tell my students that disqualification is a more common consequence to conflicts issues than discipline. Yet, every now and then we see a discipline case based on conflicts. And here is a recent one that got some attention among Professional Responsibility blogs. The case, In the Matter of Foster (3/16/20) involved both concurrent and successive conflicts of interest.”
• The Legal Profession Blog has more details here; California Legal Ethics also has a story.

“Prior Work Conflicts in the Age of COVID-19” —

• “Special vigilance is warranted now, however, because the COVID-19 pandemic has created particular ways in which prior work conflicts are rearing their heads.”
• “For example, there is now a great deal of scrutiny surrounding force majeure provisions in contracts. Where your firm is representing a client in a dispute surrounding the force majeure provision in a contract that your firm previously drafted or negotiated, a prior work conflict may exist.”
• “This is particularly true where the client suggests that the firm may have made a mistake by not drafting the force majeure language more carefully. But even where the client has not made that suggestion, a conflict of interest might still exist depending upon the facts and circumstances.”
• “In light of the risks associated with prior work conflicts, law firms should encourage their lawyers to consult with their General Counsel’s office or otherwise seek legal ethics and risk management advice in situations where a client asks the firm to handle a dispute involving a matter on which the firm previously worked.”

“DQ Sought For Attys Repping Co. And Board In Derivative Suit” —

• “Stephen Vance, who is not on the board of Broce Manufacturing Co., contended Tuesday that under Kansas state law, a company’s board of directors cannot retain the same counsel to represent both themselves and the company in a shareholder suit filed on behalf of the company.”
• “Vance asserted that the firms hired to represent Broce and its board — Foulston Siefkin LLP and Lewis Brisbois Bisgaard & Smith LLP — face a further conflict of interest in that they facilitated Broce CEO Alan Vance’s final alleged self-dealing transaction of $5 million.”
• “Under the Kansas Rules of Professional Conduct, the conflict of interest is even more blatant in cases in which the corporation plays an active part in the derivative litigation, as Broce does here, and where the claims against the individual directors are particularly grave, Stephen Vance argued.”
• “Representatives for the parties did not immediately respond Wednesday to requests for comment.”

“Best Practices for Responding to Subpoenas That Conflict With Foreign Data Privacy Laws” —

• “Companies who do business in the United States and have documents located abroad must understand the potential conflicts between the broad extraterritorial discovery authorized by U.S. courts, and the major restrictions on the transferring of personal data in many foreign countries.”
• “Consider this scenario: A company receives a subpoena for documents from the U.S. government or a U.S.-based regulator, but is concerned because some of its documents are hosted on a server in a foreign country with restrictive personal data protections. How should attorneys advise this company to comply with the subpoena without violating foreign data privacy laws?”
• “This article discusses various considerations on how to respond to such subpoenas, including: (1) negotiating with the party issuing the subpoena or document request to narrow the scope of the requests; (2) determining if the same information can be obtained through means that do not implicate foreign data privacy concerns; (3) consulting with local counsel in the country where the data is located to more fully understand the obligations; (4) seeking U.S. court intervention; and (5) taking all reasonable steps to limit and protect data productions.”
• “U.S. courts typically rule in favor of the broad discovery sanctioned by the Federal Rules of Civil Procedure (FRCP), rather than the limitations on production set by foreign data privacy laws… Knowing that U.S. courts are likely to grant broad extraterritorial discovery, respondents should take certain steps throughout the process to minimize conflicts. Counsel should work with their clients to understand if the same data exists on U.S. servers or databases. Attorneys should come prepared to the initial negotiations with the requesting party with an understanding of where client documents are stored, and any potential conflicts with foreign data protections.”
• “Attorneys should consider that U.S. courts may not recognize the foreign data privacy protections, and nevertheless compel the production of documents. Steps should be taken to limit and protect such data productions, including entering into a robust confidentiality and protective order.”

With thanks to Anthony Davis at Clyde & Co for the gracious invitation, I’m looking forward to this ABA webinar on April 20th (at 2pm eastern): “Are Outside Counsel Guidelines a Threat to the Practice?” —

• Have outside counsel guidelines gone a step too far? Are they being used to inappropriately restrict lawyers? Join our terrific ABA members and ethics lawyers Anthony Davis, Bruce Green, and Eric Hirschhorn as they grapple with the issues and discuss whether the ABA Model Rules of Professional Conduct should be amended to address these and similar concerns or whenever these should be left to bargaining between clients and their outside counsel.
• The ABA Model Rules of Professional Conduct strike a balance between allowing clients and lawyers to contract with one another as they see fit and protecting essential elements of the practice of law (including access to legal services, the definition of what constitutes a conflict of interest, confidentiality of client information, loyalty to clients, and the independence of lawyers)
• Some argue that this balance is being upset by a growing profusion of outside counsel guidelines (collectively, “OCGs”) that are generated by institutional clients.
• What’s a lawyer to do when OCGs:
  • Expand the definition of “client” far beyond the organization that will actually receive legal services;
  • Restrict a lawyer from providing services to competitors of the client;
  • Require disclosure of confidential information relating to other clients;
  • Expand the definitions of positional conflicts so as to restrict law firms’ availability to serve other clients; and
  • Restrict the lawyer’s future use of expertise garnered during the course of representing a client?

The event is free for ABA members with a registration fee for non-members. But I’ll aim to take a few notes on anything interest I hear…

ILTA’s upcoming IG webinar caught my eye as relevant on several fronts: “Teams and Other Collaboration Platforms With IG Considerations: An Open Mic Discussion” (if that link doesn’t work, see their general events page) —

• Apr 15, 2020 from 3:00 PM to 4:00 PM (ET)
• This virtual roundtable will be an open forum where members can learn and contribute to the topic of Microsoft Teams and other collaboration platforms with an IG (Information governance) structure. We will have several experts to help give some good suggestions for people to improve communications, and collaboration while proactively taking security into consideration. Other topics to be discussed:
  • Security of data while working remotely
  • Is now a good time to get your IG in order?
  • Time for spring cleaning?
  • Time to introduce and reinforce the culture and process changes needed to effectuate smart use of collaboration tools

Please join us to listen and share your thoughts and experiences in this topsy-turvy time.

Panel

• Rachael Heade – Sr. Program Manager Information Management Policy and Compliance, Microsoft
• Leigh Isaacs – Director, Information Governance & Records Management, Proskauer Rose LLP
• Rick Krzyminski – Client Solutions Officer, Baker Donelson Bearman Caldwell & Berkowitz
• Beau Mersereau – Chief Legal Technology Solutions Officer, Fish & Richardson PC
• Darrell Mervau – President, FileTrail