Traps for the Unwary – Employer email systems

I like to think I am “warier” than the average attorney.  But a recent attorney-client privilege opinion out of New York was a good reminder that being “wary” can be much like being “woke.”  Even if you think you are, you probably aren’t as much as you think you are, and you can always be a bit more.

I’ve spoken and written in the past about the risk for lawyers’ clients to using an email system provided by an employer to communicate with them but my focus in doing so has largely involved assumptions about ways in which the nature of the representation could be one in which the client wouldn’t actually want to the employer to be able to access the communications.  For example, where the client and the employer would actually have contrary interests.

That type of scenario was the focus of the kind of warning ABA Formal Ethics Opinion 11-459 provided to lawyers who handle employment law matters:

This opinion addresses this question in the following hypothetical situation.
An employee has a computer assigned for her exclusive use in the course of her employment. The company’s written internal policy provides that the company has a right of access to all employees’ computers and e-mail files, including those relating to employees’ personal matters. Notwithstanding this policy, employees sometimes make personal use of their computers, including for the purpose of sending personal e-mail messages from their personal or office e-mail accounts. Recently, the employee retained a lawyer to give advice about a potential claim against her employer. When the lawyer knows or reasonably should know that the employee may use a workplace device or system to communicate with the lawyer, does the lawyer have an ethical duty to warn the employee about the risks this practice entails?

[snip]

The situation in the above hypothetical is a clear example of where failing to warn the client about the risks of e-mailing communications on the employer’s device can harm the client, because the employment dispute would give the employer a significant incentive to access the employee’s workplace e-mail and the employer’s internal policy would provide a justification for doing so. The obligation arises once the lawyer has reason to believe that there is a significant risk that the client will conduct e-mail communications with the lawyer using a workplace computer or other business device or via the employer’s e-mail account. This possibility ordinarily would be known, or reasonably should be known, at the outset of the representation. Given the nature of the representation–an employment dispute–the lawyer is on notice that the employer may search the client’s electronic correspondence. Therefore, the lawyer must ascertain, unless the answer is already obvious, whether there is a significant risk that the client will use a business e-mail address for personal communications or whether the employee’s position entails using an employer’s device.

With hindsight it certainly seems an obvious extension of the same point to be worried that the privilege is in jeopardy even when the underlying matter is not one in which client and the employer are adverse, yet I’ll admit that I was initially surprised to hear about through this (as always) quite good write up in the ABA/BNA Lawyers’ Manual on Professional Conduct and then dig in and read the Peerenboom v. Marvel Entertainment opinion itself (which is remarkable for its brevity) which found that Marvel’s CEO’s emails to his personal attorney on Marvel’s email system could not be shielded from discovery by a third party pursuing litigation against Marvel based on attorney-client privilege.  (Simultaneously also saying that no marital privilege existed either.)

The New York court explained that Marvel’s email policy provided that it “‘owned’ all emails on its system, and that the emails were ‘subject to all Company rules, policies, and conduct statements.’ Marvel ‘reserve[d] the right to audit networks and systems on a periodic basis to ensure [employees’] compliance’ with its email policies. It also ‘reserve[d] the right to access, review, copy and delete any messages or content,’ and ‘to disclose such messages to any party (inside or outside the Company).'”  Based on that, the court considered it easy to conclude that the CEO had no reasonable expectation of privacy in email communications to others using his Marvel email address.

Interestingly, but not surprisingly, the opinion does not reference or discuss in any fashion whether the CEO’s lawyer would still be obligated to treat all of the communications as confidential under the relevant ethics rules in New York(spoiler alert: he would).

Since I’ve got your webcam turned on remotely, show of hands if you’ve 100% of the time been making sure your clients’ email communications with you are only happening on a platform provided by someone other than their employer – like gmail, Yahoo, Bellsouth, or Comcast, or some other personal source of email access.

Yeah, me neither.

It certainly feels like a harsh result — particularly when you stop and think about how much email traffic takes place on email platforms that are company provided to all involved — but it can be a difficult outcome to argue against given the traditional strict construction of the privilege and how readily it can be waived as a result of exposure to anyone who is a stranger to the relationship.

The Peerenboom opinion also serves, however, as a good reminder of just how different the attorney-client privilege and the attorney work-product doctrine are and how differently they are waived.

Given the lack of evidence that Marvel viewed any of Perlmutter’s personal emails, and the lack of evidence of any other actual disclosure to a third party, Perlmutter’s use of Marvel’s email for personal purposes does not, standing alone, constitute a waiver of attorney work product protections (see People v Kozlowski . . .898 N.E.2d 891 . . . .

That point is one I’ve always found easiest to explain to lawyers with reference to another New York case (albeit one in federal court) involving a different very famous brand, Martha Stewart, United States v. Stewart, 287 F. Supp. 2d 461 (S.D.N.Y. 2003).  That was the case in which a New York federal court explained the different ramifications as to privilege waiver versus work product waiver flowing from Martha Stewart sharing her lawyer’s communications with her daughter.  While, because she was a stranger to the attorney-client relationship Stewart had with her lawyer and thus eviscerated the attorney-client privilege, as to work product:

By forwarding the e-mail to a family member, Stewart did not substantially increase the risk that the Government would gain access to materials prepared in anticipation of litigation. Martha Stewart stated in her affidavit that “Alexis is the closest person in the world to me. She is a valued confidante and counselor to me. In sharing the e-mail with her, I knew that she would keep its content strictly confidential.” Martha Stewart Aff. ¶ 6. Alexis Stewart stated that while she did not recall receiving the June 24 e-mail, she “never would have disclosed its contents.” Alexis Stewart Aff. ¶ 2. The disclosure affected neither side’s interests in this litigation: it did not evince an intent on Stewart’s part to relinquish work product immunity for the document, and it did not prejudice the Government by offering Stewart some litigation-based advantage. Accordingly, I hold that Stewart did not waive work product protection over the June 23 and 24 e-mails.

And, it seems fair to say that the more robust ability of the work-product doctrine to withstand waiver in a world in which people use their work email for a lot of things, allow me to echo Ms. Stewart to say.

That’s a good thing.

Last post of 2016 – Why lawyers need lawyers.

2016 was a year marked with quite a number of unexpected (at least to me) developments.  2017 likely will have its share of unexpected events as well.

To wrap up the year, I wanted to use what little platform I have to pursue something that is both driven by blatant self-interest and is in the interests of the overall “good.”  That something is to muse in hopefully a relatively pithy fashion on my general philosophy about why even lawyers need other lawyers.

I truly cannot remember if the way I tend to state this is in such a fashion that it is cribbed from one or more other lawyers or if it has something of an nearly-original genesis but whether it should be footnoted to avoid plagiarism or written freely without worry of attribution, I think it is compellingly accurate as a philosophy:

Lawyers need lawyers because lawyers are great at solving other people’s problems, but horrible at solving their own problems.

I’ve encountered quite a few excellent lawyers who, in aid of their own personal situations, have done and said things they would never do or say if they were acting on behalf of a client other than themselves and who, if you could stop them and pose to them what they were doing as a hypothetical act of a client of theirs, would not merely counsel a client other than themselves against such behavior but would likely woodshed any of their clients who were foolhardy enough to so act.

I suspect you can think of an example or two you have come across as well.

And, if the philosophical concept is true, and even excellent lawyers — lawyers who are great at solving other people’s problems — need lawyers., then the need for lawyers is even greater when the lawyer in question is not so great even at solving other people’s problems.

There are any number of ways that these thoughts could have been prompted today.  For the record, they were prompted by this story.

(And, I am not the only one to have written such a piece in the past and you can find lots of such articles online and in paper format, but I have written in the past about the fact that lawyers can be surprised to find that they have coverage to be reimbursed for hiring attorneys to handle things other than malpractice cases under their malpractice policies.  My piece in that oeuvre can be found here.)

Pre-holidays Friday installment of “I beg to differ.”

So, it seems like I am begging to differ all over the place during the last week or so, but here comes another instance.

About a month ago, the Tennessee Supreme Court granted permission to appeal in a legal malpractice case, Story v. Bunstein, in which the plaintiff(s) suit against their lawyer was dismissed based on expiration of the one-year statute of limitations.  In Tennessee, our case law has long established – unlike some other jurisdictions – that the statute is not tolled for continuous representation.

There’s a law firm in Nashville – primarily focused on criminal defense matters – that operates a blog called the “Hot List” that weighs in with thoughts and predictions about what the Court will do on cases granted.  Here’s a link on what they have to say about this particular legal malpractice suit.

If you look at the link, you’ll see that they’ve offered this prediction on this case:

Ben thinks the Supreme Court will reverse. It would be bad policy to require clients to have to sue their lawyers while the underlying case is ongoing.

From the way that prediction is worded, it is unclear to me whether Ben has managed to read the Tennessee Supreme Court’s opinion in Carvell v. Bottoms.  Carvell dates back to 1995 and was cited in the Bunstein decision.  Via Carvell our state’s highest court already established its public policy decision that it is not bad policy to require clients to do exactly that.  Instead, the Court explained that the correct answer is to file the suit and then seek to have it stayed until the underlying matter is resolved.  In the words of former Chief Justice Drowota:

 Although we conclude that the rule [judicial estoppel] is not technically applicable, we nevertheless realize that having to maintain inconsistent positions in different lawsuits is somewhat anomalous. Therefore, we agree with the New Jersey Supreme Court that clients can avoid the “discomfort of maintaining inconsistent positions,” see Grunwald v. Bronkesh, 131 N.J. 483, 621 A.2d 459, 467 (1993), by filing a malpractice action against the attorney and requesting that the trial court stay that action until the underlying proceedings are concluded. See e.g., Grunwald, 621 A.2d at 466-67; Knight v. Furlow, 553 A.2d 1232, 1236 (D.C.App.1989). In this manner clients can, without conflict, continue to assert their interests in the underlying lawsuit, while preserving any malpractice action they may have against their attorneys.

Admittedly, being a lawyer who defends other lawyers in legal malpractice cases and I have successfully used Carvell to get cases dismissed for my clients on the basis of expiration of the statute of limitations, I have some bias on how this should play out.  In light of this well-established policy for more than two decades, I have to beg to differ on this one.  In addition to the ability to follow the procedure laid out in Carvell, clients also can negotiate tolling agreements if the lawyer doesn’t want the suit to be filed, stayed, and hanging over her head.  So, I don’t see the need to change policy at this point and while I’m not in the court predictions game would hope that the Court does not overturn Carvell.

And, as a completely unsolicited writing tip, if my assumption is incorrect and Ben has read Carvell then it would be advisable to say something more like “Ben thinks the Supreme Court will reverse.  Ben thinks the Court will decide to change its view on the existing policy requiring filing suit and then having the litigation stayed and will instead announce a belief that clients shouldn’t have to sue their lawyers while the underlying case is ongoing.”

Even if Ben had written it that way, I’d still beg to differ on the outcome, but at least if written in that fashion the prediction would read like the author knew exactly what they were weighing in on in rather than running the risk of sounding like they didn’t realize the scope of existing precedent.

(N.B.  This will be my last post before the holidays so, whatever you celebrate, I hope it brings you great joy!)

A very Tennessee-specific discussion for this Friday.

Later today I will have the honor of speaking as part of a panel at the TBA Health Law Forum.  The other panelists are Sheree Wright, the Senior Associate General Counsel with Vanderbilt University and Bill Hannah a lawyer in Chattanooga with the Chambliss Bahner firm.  I’m fortunate enough to have both Sheree and Bill as members of the TBA Ethics Committee I chair and am very excited to spend a couple of hours talking with them and the crowd about ethics issues near and dear to Health Care lawyers.  We’ll be talking about “The Ethics of the Distracted Lawyer.”  If you happen to be in the Franklin/Cool Springs part of Tennessee, you probably still might be able to work your way into the venue to register and attend.

As indicated in the title of the post, the only other thing I’m going to discuss today also is a topic that really is relevant only to Tennessee lawyers (but to a larger segment of that group, then the people that might actually contemplate a last minute visit to the above-highlighted seminar.)

I’ve now gotten enough inquiries over the last several weeks about the revised state-of-play in Tennessee state court litigation when it comes to attorney’s conferring with deponents during breaks in a deposition that it likely makes sense to write about it to have another handy link to send to folks that ask for a recollection refresher.

Whether such arrangements are kosher or not is subject to significant variance in various jurisdictions.  Perhaps the original case staking out the notion that an attorney’s communication with a client/deponent  during a deposition was not a privileged communication is Hall v. Clifton Precision,150 F.R.D. 525 (E.D. Pa. 1993).  I’ve done quite  few CLEs over the years where I used one hypothetical or another to tease out the situation and to lead the audience into a discussion about whether the lawyer taking the deposition can successfully force disclosure of what was said to the witness by another lawyer during a break.  The general principle from which courts have concluded that no privilege applies and that the contents of such discussions can be explored is that depositions are supposed to take place in the same manner as if they were trial testimony.  Karen Rubin back in 2015 delved pretty thoroughly into the state of the law on this issue at her firm’s blog here.

Tennessee has, assuming the vehicle chosen actually does the trick, created a very clear answer to this question now for cases pending in our state courts. The answer, in effect as of July 1, 2016, makes communications with a deponent during a break in the deposition perfectly appropriate, as long as: (1) there is not a question pending; and (2) the lawyer’s communication with the deponent during the break does not cross any lines so as to amount to a violation of RPC 3.3 or 3.4.

The vehicle chosen for doing this is a 2016 Advisory Commission Comment to our rule of civil procedure addressed at depositions, Tenn. R. Civ. P. 30.03  The comment provides as follows:

Rule 30.03 provides that “[e]xamination and cross-examination of witnesses may proceed as permitted at the trial under the Tennessee Rules of Evidence.” This language does not imply that Tenn. R. Evid. 615 is applicable to depositions. Unless otherwise ordered by the court, a lawyer may communicate with a deponent about deposition procedure or the substance of deposition testimony before, during (unless a question is pending) or after the deposition; however, such communications are subject to the Rules of Professional Conduct including, but not limited to, Tenn. Sup. Ct. R. 8, RPC 3.3 and RPC 3.4.

Now I don’t know exactly where an Advisory Commission Comment to a rule of procedure ranks in terms of authority and precedent as a technical matter, but there is no question that this is the latest word on this matter – words that our Court has bought into or they would have not approved the release – and, thus, a lawyer who wants to talk to their client during a deposition in our state court system no longer has to be worried about the client being forced to divulge the discussion on a claim that privilege does not apply.  At least as long as there wasn’t a pending question at the time of the break and the conversation.

What lawyers will still need to be concerned about – whether the deponent is their client or not — is communications that could be construed as amounting to violations of RPC 3.3 because they involve assisting a fraud on the tribunal or that could be construed as violating RPC 3.4.

The two most obvious pieces of RPC 3.4 that a lawyer could run afoul of through coaching a deponent during a break would be:

(a)       unlawfully obstruct another party’s access to evidence or unlawfully alter, destroy, or conceal a document or other material having potential evidentiary value.  A lawyer shall not counsel or assist another person to do any such act; or

(b)       falsify evidence, counsel or assist a witness to offer false or misleading testimony

So, still a topic that can be explored through interesting hypos at future seminars even in Tennessee.

A former lawyer of Donald Trump speaks … but shouldn’t have

A long while ago I wrote about a lawyer’s public interview that should never have happened.  Here is a lawyer’s op-ed piece that should never happened, you can read the op-ed if you haven’t already at  this link at The Huffington Post.  Now, because such a disclaimer seems to be in order and beneficial to some extent, I say this as someone who contributed to Senator Sanders campaign during the primary and who has contributed to Secretary of State Clinton’s campaign more recently, but here is a lawyer publicly saying everything people who think Trump’s candidacy represents an existential threat to democracy  should want to hear injected into our current political discourse — but the introductory portions of it, the things that the author attempts to use to give it credence and relevance as someone with real insight into the person being criticized, demonstrate that, at least in this version, the piece should never have been written at all.

Taken at face value, the writer is a former lawyer of Trump’s and he appears to be licensed in a jurisdiction, New Jersey, that (like most jurisdictions) provides for a continuing obligation of confidentiality owed to former clients.  New Jersey’s RPC 1.9(c) provides:

(c) A lawyer who has formerly represented a client in a matter or whose present or former firm has formerly represented a client in a matter shall not thereafter: (1) use information relating to the representation to the disadvantage of the former client except as these Rules would permit or require with respect to a client, or when the information has become generally known; or (2) reveal information relating to the representation except as these Rules would permit or require with respect to a client.

Thus, the first few paragraphs of the piece set this lawyer up for trouble in terms of allegations that what he is doing — and to some extent what he clearly does (the limo conversation and one or two other conversations) — is breaching his duty of confidentiality to a former client.  The statements about things his former client said to him are certain being used to the former client’s disadvantage and certainly are not generally known pieces of information.

This lawyer needed both a good editor and a good legal adviser who could have told him that with some massaging and editing at the outset he could have still written the lengthy 4,000 words or so about the 20 problems with a lead in that acknowledged that he was obligated by ethics rules not to disclose anything he learned during the representation and that everything he is writing about is information he worked hard to track down through publicly-available sources but ….

Actually, once you remove that piece of it – there is no more need for this gentleman’s voice in the public discourse (other than the stakes involved in the electoral process).  It particularly seems unwise for this lawyer to have taken on this risk, particularly given the well-known litigious nature of the target of the column — who actually, for example, had a lawyer send a letter to Trump’s co-author of The Art of the Deal demanding a return of all royalties now that the co-author is speaking out negatively about Trump despite the fact that book came out almost 30 years ago.

California (where this gentleman is not licensed) just put out a formal ethics opinion driving home the point that its confidentiality requirements adhere even to information that has been publicly disclosed.  Worth noting is even under that opinion, California would appear to signal that the rest of this piece, the just-one-more-voice detailing criticisms from publicly-available sources would not be a violation of duties to the former client, as the California opinion explains about the lawyer’s perhaps unnecessary and unwise but not unethical disclosures about a former client’s arrest for DUI at a time after the representation had ceased.  The New Jersey Supreme Court, earlier this month, refrained from disciplining a NJ lawyer over the disclosure of confidential facts of a current client representation that were already public, so maybe this guy will get a pass?

Three short technology stories for a Tuesday

Throwback Thursday is definitely a thing all over the World Wide Web it seems, but maybe Tech Tuesday ought to be a thing?  Though, I guess, for lawyers focusing on technology has to be an every day affair.

Like multitudes of others, I wrote a little bit recently about the Panama Papers and the Mossack Fonseca data breach fiasco.  Fortune now has an article online about a Wired U.K. story that casts a harsh light on the electronic security measures that the Panamanian firm had in place.  Blurbs like these

Mosseck Fonseca’s client portal, according to Wired, runs on a version of Drupal last updated in 2013, and vulnerable to an array of attacks, including one that would allow attackers to execute commands on the site. Another weakness allows access to the site’s back end just by guessing the right web address.

Just as bad is the firm’s webmail portal, which runs Microsoft Outlook Web Access, and hasn’t been updated since 2009. The firm also did not encrypt its emails. As one expert speaking to Wired put it, “They seem to have been caught in a time warp.”

sound very bad when you are talking about a firm that trafficked almost exclusively in “highly sensitive financial information.”  I suspect though that there are lots of other lawyers out there that are hopeful that their technology arrangements will never be subjected to even half as much scrutiny.

One lawyer who is in the middle of a highly public examination of their choices in technology is the lawyer at the heart of this story yesterday.  The lawyer has been sued by her former clients over a theft from them of $1.9 million resulting from hacking of the lawyer’s email account.  The couple had hired the attorney to represent them in the purchase of a nearly $20 million co-op apartment.  Luckily, it appears that the clients figured out what was going on even before the lawyer did and were able to recover almost all of the $1.9 million that was to be the down payment but was wired to the fraudsters.  The lawyer — and you ought to brace yourself here (though I admittedly know lawyers who still use this service) — was using an AOL email account for her real estate law practice.

The lawsuit contends that AOL accounts are particularly vulnerable to hacking and that the hacking was what let the cybercriminals know when certain transactions were going to take place, but as the article makes clear there were other opportunities for the lawyer to realize something was amiss:

It accuses Doran of forwarding bogus emails from the hackers — who were impersonating the seller of the apartment’s attorney — about payments from the Millards without confirming their authenticity last December. The name of the seller’s attorney was misspelled in the email which should have been a tip off that something was amiss.

Finally, the usually on-point Karen Rubin has a well-done post over at The Law For Lawyers Today about a relatively fortunate Oklahoma lawyer who managed to avoid full reciprocal discipline over his inability to figure out how to e-file in bankruptcy court.

The Oklahoma lawyer was permanently suspended by the Western District of Oklahoma bankruptcy court from ever practicing before it again, but the Oklahoma Supreme Court hit him only with a public censure.  Given the current rhetoric surrounding the practice of law and the demands everyone appears to assume lawyers absolutely must satisfy when it comes to using technology, it is pretty startling to read a state supreme court, in that case Oklahoma’s, issue an opinion in a lawyer discipline case that can be read to seem to minimize the obligation to be technologically competent.  But, in fairness, unless the Oklahoma Supreme Court was going to be willing to disbar the lawyer in question — which would seem supremely harsh — then any discipline imposed through reciprocal channels was going to be less than that meted out by the federal bankruptcy court and a public censure sounds about right to me.

 

Panama Papers – a worst case scenario for the development of cyber liability law for law firms?

It’s an old adage that bad facts make bad law.

In the last few weeks, a good number of pieces were written focusing heightened attention on an issue that many lawyers were already stewing about . . . technological vulnerabilities arising from how lawyers and law firms use (and don’t use) technology.  Most of these stories, like this one and this one, used the news of hackers targeting particular large law firms as the jumping off point for the discussion.

I happen to think that the question of how law firms should address the topic of cyber security is actually a fairly complex one.  Given the vast amount of sensitive information that law firms handle and store, there are obvious strong arguments to make that law firms should have to have the highest level of cyber security in measures in place in all respects.  Yet, I think there are also legitimate arguments that certain aspects of data privacy and data breach laws should not apply in the same fashion to law firms as they do to other businesses.  In the event of a breach of a law firm’s electronic records, the mere act of publicly communicating about it to more than those whose information was known to be compromised, for example, could actually result in certain circumstances in additional harm to clients in the form of breaches of attorney-client confidentiality or privilege.

The last thing lawyers and law firms needed as something that might drive the needle in one direction or another was for the absolute wrong kind of high-profile situation involving a law firm hack to be the focus of attention and in the forefront of any discussion about what the standard of care ought to require of lawyers and law firms in terms of cyber security.  Yet, the last thing lawyers needed arrived: the Mossack Fonseca data breach in Panama, now known as the Panama Papers.

This obscure but remarkably large and incredibly well-connected (or shady depending on your perspective) law firm founded in Panama has been victimized by a hack of some sort resulting in  some 2.6 terabytes of documents to have been improperly accessed and then leaked to the International Consortium of Investigative Journalists.  The vast amount of otherwise confidential information (if you want to visualize how much 2.6 terabytes, imagine you had 1 terabyte sitting on your desk … now think what that would look like if you had another one and then like 60% of another one.  😉 ) that has come out has led to a deluge of news stories about the maneuverings of the global rich to hide their money offshore to avoid taxes or scrutiny or both.

The latest story I’ve seen is this one in The Guardian that focuses a good bit on the firm itself.  It also offers a nice snapshot of the nature of the documents and information leaked after the breach:

The company’s leaked internal database gives some idea of the massive scale of these international operations, many of them perfectly legal. The 11.5m documents include shareholder registers, bank statements, emails from lawyers and accountants, passport scans and contracts. Much of it legal, if hidden.

Most of the media attention to this story has focused on the clients and the policy questions regarding the legality/illegality of what the clients were doing.  Most of the legal media attention paid to the story has, so far, focused on the questionable nature of the lawyering involved — in a way it seems a bit like the 60 Minutes story we covered here a while back but if all of the examples were real in a fashion and one firm was undertaking to represent all of the endeavors.  As Bill Freivogel elegantly put it in an online piece I saw “A U.S. lawyer skating on the edge of what Mossack Fonseca has been doing could easily slip into a federal wire fraud or other criminal prosecution.”

Inevitably, this story will ramp up the rhetoric and discussion about what lawyers and law firms “absolutely” must be doing on the technological side of their business.  For example, we now have this piece from the assistant director of the Center of Practice Management of the North Carolina Bar Association essentially insisting that lawyers must encrypt all of their data, when in use, when in transit, and when it’s in storage and insisting on restrictions on access and downloads, etc.

In an utopia where price and practicality were no option for all lawyers, the North Carolina advice would be commonsense, but many lawyers do not practice in such utopian settings.  And, importantly, the ethics rules nowhere in the United States presently insist that all lawyers adhere to such requirements.  Not in North Carolina, and not even under the post Ethics 20/20 ABA Model Rules, which North Carolina has adopted.  What they require is in Rule 1.6(c):  ” A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

And jurisdictions like North Carolina that have adopted the Ethics 20/20 version elaborate on what this means in two paragraphs of the Comment accompanying Rule 1.6:

[18] Paragraph (c) requires a lawyer to act competently to safeguard information acquired during the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision. See Rules 1.1, 5.1, and 5.3. The unauthorized access to, or the inadvertent or unauthorized disclosure of, information acquired during the professional relationship with a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule, or may give informed consent to forgo security measures that would otherwise be required by this Rule. Whether a lawyer may be required to take additional steps to safeguard a client’s information to comply with other law—such as state and federal laws that govern data privacy, or that impose notification requirements upon the loss of, or unauthorized access to, electronic information—is beyond the scope of these Rules. For a lawyer’s duties when sharing information with nonlawyers outside the lawyer’s own firm, see Rule 5.3, Comments [3]-[4].

[19] When transmitting a communication that includes information acquired during the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the client’s expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this Rule. Whether a lawyer may be required to take additional steps to comply with other law, such as state and federal laws that govern data privacy, is beyond the scope of these Rules.

(all emphasis has been added by me)

But bad facts make bad law.  All of the ramifications of the loss of confidentiality of the data possessed by this particular law firm are going to continue to play out in the most public of ways.  There is no question that this particular firm — given its size, including the number and location of offices, and the fact that it’s core business turned completely on the promise of secrecy — over and above even the level of secrecy people normally think of when they think of hiring a lawyer — needed to have incredibly stringent measures in place to secure its electronic data.  We’re talking about clients, as The Guardian article explains, who were paying thousands of dollars extra just to be able to correspond only through fake email accounts the firm helped create under names like Harry Potter and Isaac Asimov for goodness sake.

If the end result of this story is going to be a call for mandatory encryption, that is not going to be great for the profession at all.  And, frankly, could create a stratification between haves and have nots that could ironically look a lot like the one that already exists between the truly, extraordinarily rich who were hiring a firm like Mossack Fonseca and the rest of the world.  Such a result will only further drive up the cost of legal services and make it even harder for those engaged in the traditional delivery of legal services to compete in a marketplace increasingly under pressure from alternative providers of legal services.

(Edited to fix a few errors caught by a loyal reader.)

The Department of Labor’s Final “Persuader” Rule – Part 2 of 2

So, yesterday, I started writing about the potential ramifications for lawyers of the adoption by the Department of Labor of its final “persuader” rule which will become effective on April 25, 2016, but will only be applicable to agreements entered into on and after July 1, 2016.  You can catch up on part 1 here.

I promised that I’d lay out my thoughts based on a full dive into the actual final rule itself to try to address whether, despite the DOL’s rhetoric, the rule really will require disclosure of information that ought to be protected by the attorney-client privilege  — so, here I go.

Having read through all (or least almost all) of the final “Persuader” rule, my “executive summary” takeaway is that the DOL sure seems to be willing to go to the wall on the idea that trying to help an employer make a more persuasive argument against the formation of an union is not “legal services.”  I happen to think that’s wrong but, I guess for the most part, that’s a policy call to be made by people who win elections.  I also think it is a position that is fundamentally in contrast to lots of other areas where conclusions are drawn that when a lawyer does certain things that aren’t the practice of law when done by nonlawyers, the lawyer is still engaged in the practice of law when doing those things.  I also think, though, as wrong as it may be, it seems to be a manageable situation and that lawyers and law firms can protect against the adverse consequences through building better (or at least more redactable agreements).  What seems to be a much worse possible outcome is the issue the DOL dodges by saying it isn’t at issue in the present rulemaking — the kinds of information that would now have to be reported on Form LM-21 that the ABA warned about a a good bit in its 2011 public comment.

There are many places in the Final Rule itself (page references below are to the Federal Register Vol 81. No. 57) that leave little room for a conclusion other than that the Department adamantly contends that “persuader activities” simply aren’t legal services and, as a result, communications about “persuader activities” aren’t entitled to be treated as advice or as privileged communications.  Stated another way, it seems the Department’s view that the only thing that a lawyer exists to do in this aspect of the labor law arena is provide advice to ensure the legality of her clients’ conduct.

In fact, the Department appears to be make this interpretative position abundantly clear in multiple places:

Agreements under which a consultant exclusively provides legal services or representation in court or in collective bargaining negotiations are not to be reported.  “Advice” does not include persuader activities, i.e. actions, conduct, or communications by a consultant on behalf of an employer that are undertaken with an object, directly or indirectly, to persuade employees concerning their rights to organize or bargain collectively.  If the consultant engages in both advice and persuader activities, however, the entire agreement or arrangement must be reported. (p. 15937)

While a lawyer who exclusively counsel an employer-client may provide examples or descriptions of statements found by the National Labor Relations Board (NLRB) to be lawful, this differs from the attorney or other consultant affirmatively drafting or otherwise providing to the employer a communication tailored to the employer’s employees and intended for distribution to them.  The latter is reportable, the former is not. (p. 15938)

A lawyer or other consultant who exclusively counsels employer representatives on what they may lawfully say to employees, ensures a client’s compliance with the law, offers guidance on employer personnel policies and best practices, or provides guidance on NLRB or National Mediation Board (NMB) practice or precedent is providing “advice.” (p. 15939)

Indeed, this rule exempts from reporting agreements involving exclusively the following activities: . . . legal services (as distinct from persuader activities undertaken by a lawyer). (p. 15952)

The reporting requirements in Form LM-20 . . . are designed to identify the specific persuader activities undertaken, not the legal advice provided.  In other words, if an employer retains a law firm with the purpose to persuade, directly or indirectly, its employees not to unionize, that retention is not privileged because it is not done with a purpose of obtaining a legal opinion, legal services, or assistance in a legal proceeding. (p. 15996)

Now, at just a common sense level, it seems implausible for anyone at all familiar with what lawyers do to say that anything other than advice isn’t legal services.   If an attorney communicating to a client about how to use more persuasive language to advance its legal rights isn’t the provision of legal services, why?  It certainly seems like legal services to me.  The conversation also presents for me another reminder about the fact that RPC 2.1 is almost never discussed when it ought to be with respect to the role lawyers play, and are supposed to play, in going beyond just giving legal advice.

I will admit that, at first blush, it was difficult for me to figure out how the Department, in requiring this Section 203(c) reporting, could just disregard the fact that Section 204 indicates that “attorney-client communications” are exempt from reporting where such communications are defined as “information which was lawfully communicated to [an] attorney by any of his clients in the course of a legitimate attorney-client relationship.”  But, having digested the whole rule, I understand that there is some mixture of interpretive history and judicial decisions lurking behind the scenes on which the Department of Labor rests its positions:

[T]he Department notes that — consistent with the interpretation that section 204 has received from the courts — it always has construed section 204 as roughly equivalent to the limited attorney-client privilege under the common law.  The Department has never embraced the view that section 204 creates a broad, separate exemption for attorneys that supplants 203(c). p. 15953

The Department’s interpretation in that respect does find support in a Sixth Circuit case, Humphreys, Hutcheson and Moseley v. Donovan, 755 F.2d 1211 (6th Cir. 1985).  Humphreys determined that Section 204 was intended to provide the same scope of protection against disclosure of information as is provided for under federal common law attorney-client privilege.  That case, and another even older case from the Fourth Circuit (Douglas v. Wirtz, 353 F.2d 30 (4th Cir. 1965)), are things the Department points to for their claim that “Congress recognized that the ordinary practice of labor law does not encompass persuader activities.” (p. 15996)

What I’m also very troubled by, and not just intellectually, but practically, is the DOL’s position that language in an attorney-client engagement agreement about the scope and nature of services provided is not protected by the attorney-client privilege.  The Department uses this position to brush aside concerns expressed in a variety of the comments it received during the public comment period about requiring the law firm’s engagement agreement with the employer client to be made public and to have to provide information through checking boxes about what activities were performed.   The Department maintains that the same Humphreys decision out of my circuit, the Sixth Circuit, supports that conclusion as well.  I’m not entirely certain that the Department isn’t stretching the language of Humphreys too far especially when it also is willing to contend, with respect to an engagement agreement that: “information that may reveal client motives regarding exclusively legal advice or representation sought would generally be redactable, but information concerning client motives related to the persuasion of employees is not privileged and would remain reportable.”  (p. 15995)

The one aspect of attorney-client confidential communications that the DOL does seem to get right is the non-absolute nature of confidentiality protection under the ethics rules where states have adopted rules similar to ABA Model Rule 1.6.  So, if the “persuader” rule adopted by the DOL ends up being treated as within its powers so as to be recognized as “other law,” then nothing about RPC 1.6 will serve to prevent reporting of the required items.  The privilege dilemma, however, will remain.

Thus, the practical takeaway for law firms worried about this issue — i.e. practicing in this sphere — would seem to be to get accustomed to either entering into two separate engagement agreements with their clients, one that would be bare-bones to cover anything that would be done that might stray into “persuader activities,” so that one is the only one that has to be attached to the Form LM-20 or (2) get very accustomed to crafting engagement letters that can be readily redacted to protect privileged communications within the text.  The final “persuader” rule, for its flaws, at least does acknowledge the ability of lawyers and law firms to redact the agreements it submits; though even on that front, there is troubling language in the rule that would appear to set up points of skirmish over the details of when that is done as well.

Given the effective dates of this, there is certainly time between now and July 1 to figure out how to do so.

Of course,  given the fact that it would appear litigation to challenge the rule is in the offing, who knows if it will ever come to pass.

“Other law” is always changing – the DOL’s new Final “Persuader” Rule – Part 1 of 2

The scope of confidentiality lawyers owe to their clients has long been a subject that I find fascinating.  Over the last few years, I’ve mulled how its broad scope will continue to play out with current and future generations of both lawyers and clients who routinely, almost even instinctively, share seemingly every detail of their lives on one online platform or another.  That general topic though of what confidentiality under the ethics rules might look like in 10 years is a discussion for another day, if ever.  The fact remains, though, that in jurisdictions pattered after the ABA Model Rules, there exists a version of Model Rule 1.6 — like Tennessee’s RPC 1.6 — that establishes an obligation of confidential treatment as to all information related to representation of a client.

The rule contemplates that anything can be disclosed provided you have the client’s express consent to do so or, alternatively, if disclosure is impliedly authorized to carry out the representation.  Beyond that, jurisdictions that hew to the ABA approach, then offer a list of circumstances in which a lawyer has discretion to make a disclosure, but isn’t obligated to do so.  Among those circumstances are instances where the lawyer reasonably believes the disclosure is necessary “to comply with other law.”  Model Rule 1.6(b)(6).

In Tennessee, we have carved out a further category of topics where a lawyer is obligated to disclose information, despite it otherwise being confidential.  For Tennessee lawyers, the comply with “other law,” exception to the duty of confidentiality is housed in that provision and, thus, is a mandatory duty of disclosure.  RPC 1.6(c)(3).

Keeping up with the vast array of ways that “other law” might appear to require lawyers to disclose information about their representation of clients can be a difficult enough task when your reason for interest is only about the exercise of a discretionary right of disclosure.  It can get significantly more stressful to keep up with developments in other law if the stakes are ratcheted up by a mandatory ethical obligation.

The “other law” aspect of the duty of confidentiality is why, for example, a client’s payment of your fee with $10,500 in cash is a development that would require a lawyer to fill out the appropriate paperwork to report that transaction to the IRS on Form 8300 because of federal law.  The fact that the fee was paid in cash on a particular date and in that amount is certainly information related to representation and, thus, confidential under RPC 1.6, but because other law requires the disclosure — the duty of confidentiality falls.  There are other existing examples, but I’ve already taken the scenic route to the actual point of today’s entry so one example will have to suffice.

Earlier this month, the U.S. Department of Labor published the final version of a long-discussed new “persuader” rule.  This issue was only on my radar screen because, at the end of an ethics seminar a few months ago, a lawyer approached me to ask if I was keeping up with the looming development and if I understood its potential for infringing on privilege and confidentiality for lawyers and law firms.  I wasn’t, and didn’t, at the time.  I am, but still not sure I do, now.

Admittedly, labor relations is not my native tongue, so a reader may lose a little something in my translation of the background leading to the adoption of the final persuader rule.  If you speak labor relations more fluently, or are interested in learning, you can read as much or as little as you’d like of the whole final rule in the Federal Register itself here.  You can also read the full versions of each of the other items I mention below if I have properly managed to include the links for each.

So, federal law, through the Labor Management Reporting and Disclosure Act of 1959 (LMRDA) has long required two sets of parallel reports that are supposed to be made in order to disclose expenditures that are made in connection, for example, with labor-organizing activities.  One report is required of labor organizations such as unions.  Another report has been required from employers when they hire a labor relations consultant to help it persuade employees about issues relating to bargaining and whether/how to organize.  Existing law provides that both direct persuader activities and indirect persuader activities are supposed to trigger such reports, but the law exempts employers from having to file a report when the purpose of hiring the consultant is just to get advice.  That exemption is set forth in Section 203 of the LMRDA.  Existing law also exempts from reporting attorney-client communications.  That exemption is set forth in Section 204 of the LMRDA.

According to the current U.S. Department of Labor, as explained in its Overview/Summary document, the Department has long been interpreting the law incorrectly to define “advice” in a fashion that extends to conduct that should be treated as “indirect persuasion,” and, thus, no reports are ever filed on the employer side other than for the hiring of consultants who have direct contact with employees.  The new persuader rule is clearly articulated by the Department of Labor as being about changing the interpretation of “advice” to limit its protective scope and cause reports to be filed regarding consultants that are helping employers craft messaging and other efforts at persuasion.

If you are following along still at this point, you will see the looming issue for lawyers and law firms retained by employers in situations involving labor organization issues.

Now, the Department of Labor, at least rhetorically, is going to great lengths to insist that the new rule it has enacted will not invade attorney-client privilege (confidentiality under the ethics rules isn’t really mentioned in the documents discussed below) and that reports won’t be required when an employer hires a lawyer or law firm just for the purpose of getting advice on complying with legal obligations.

The Department of Labor’s Overview/Summary states the Final Rule “exempts any agreement that involves only the provision of legal services” and also states that:

The Final Rule does not affect attorney-client privilege.  It only requires the disclosure of the identity of the client, the fee arrangement, and scope and nature of the persuader agreement in cases where the consultant has agreed to provide services other than legal services — specifically, to take action with intent to persuade employees regarding union representation or collective bargaining.

In the OLMS Fact Sheet regarding Employer-Consultant Agreements, discussing examples of exempt agreements, the Department explains:

As a general principle, no reporting is required for an agreement or arrangement to exclusively provide legal services.  For example, no report is required if a lawyer or other consultant revises persuasive materials, communications, or policies created by the employer in order to ensure their legality rather than enhancing persuasive effect.

In the Q&A materials put out by the Department of Labor, this point about not invading privilege is repeated:

Q.  Does this rule require disclosure of information protected by the principles of attorney-client privilege?

A.  No.  None of the information required to be reported (e.g., the identity of the parties, terms and conditions of the agreement, and specific persuader activities undertaken) is covered by the attorney-client privilege.  Privileged information is excluded from the reporting requirement by statute.

Yet, there seem to be a number of thorny interpretative questions lurking.  And, a dive into what the actual final rule says in the Federal Register leaves me pretty convinced that the DOL’s effort has blurred the issues of Section 203 and the issue of Section 204 and that its strong rhetoric about what it isn’t doing rings hollow.

I will do my best to describe my thoughts on that more fully in part 2.  So, stay tuned.

 

 

 

 

 

 

Fixing a bad ethics opinion – Kudos to the TN BPR!

Late in 2015, the Tennessee Board of Professional Responsibility issued Formal Ethics Opinion 2015-F-160 addressing issues regarding retention of client files.  I wrote here about a significant problem with the part of the opinion that indicated that our RPC 1.15(b) required retention of all client files for a five-year period.  The problem, to me, was of such significance that I couldn’t leave the criticism to a forum like this one where, if I’m lucky, it is read by a couple of hundred lawyers.  So, I also submitted a longer column about the problematic ethics opinion to the ABA/BNA Lawyers’ Manual on Professional Conduct, which was kind enough to accept it and publish it.

I am extremely pleased to report that the BPR has done the right thing and amended 2015-F-160.  You can go read 2015-F-160(a) in its entirety at the BPR”s website here.  But, the important takeaway can be summed up as: (1) only records of the funds (i.e. the kinds of financial records spelled out in more detail in Tenn. Sup. Ct. R. 9, Section 35.1(a)(2)) must be retained for five years; (2) the BPR does recommend as a guideline that lawyers retain all client files for 5 years from the end of the representation; and (3) lawyers and clients certainly can establish their own arrangement regarding a time period for retention.

As indicated in the title, the BPR deserves kudos for acting to amend this ethics opinion.

(P.S. While we’re fixing things, how about fixing the way Formal Ethics Opinions display on the BPR website?  Horizontal scrolling is a bad look – plus printing is a bit of a nightmare.)