The quarterly publication of the International Legal Technology Association
Issue link: http://read.uberflip.com/i/34686
BESTPRACTICES Risk: Breach of Ethical Obligations Lawyers have duties of loyalty and confidentiality to their clients. In today’s volatile market, lawyers are moving from firm to firm with increasing rapidity. While the 2009 changes to ABA Model Rule of Professional Conduct 1.10, Imputation of Conflicts of Interest: General Rule, makes it easier ethically for lawyers to change firms, it heightens the requirements for conflicts clearance, ethical screens, client notification and explicit client consent. All have implications for IT: ingestion of unauthorized information from laterals, ethical screens over client- matter information and tracking of client instructions. Considerations include: • Lateral transfer processes • Conflicts clearance processes to identify ethical (and business) conflicts and databases to track them • Matter screens (inclusive and exclusive) Risk: loss of access When lawyers and firm leadership lose access to firm information (i.e., system downtime or disasters), it is among the highest profile incidents for a CIO. Considerations include: • Ability to recover key business systems in less than an hour, even if certain key staff are not available • 99.98 percent uptime for core systems (equivalent to less than two hours downtime per year) • No or minimal data loss (e.g., email and document edits) when failures do occur • Recovery exercises at least twice a year (tabletop exercises — verbal rather than actual tests — are practical complements to actual recovery exercises) While this action plan only focuses on a few key issues in each area, it highlights the multidisciplinary nature of protecting information from risk. 34 www.iltanet.org Peer to Peer Risk: Regulatory Non-Compliance Law firms are relatively new to regulatory controls, so the roles, education and processes are still developing. Considerations include: • C-level knowledge of the firm’s obligations under HIPAA/HITECH, state privacy laws, EU Data Protective and ITAR, as well as regulations affecting the firm’s clients, such as the Graham-Leach-Bliley Act • Inventory of the firm’s data subject to the above obligations and the data it holds on behalf of clients, as well as an understanding of the flow of this data across geographic boundaries • Designation of a data privacy officer • Registration with non-U.S. data protection authorities • Regular communications to firm lawyers and staff on their obligations and how to react if a risk or breach occurs • Intranet site that serves as a compliance educational source for the firm’s lawyers and staff