Ethical Walls (formerly known as the Chinese Wall…) Today’s View.
Cost-Effective Ethical Walls for Smaller and Mid-Sized...
Transcript of Cost-Effective Ethical Walls for Smaller and Mid-Sized...
1
Cost-Effective Ethical Walls for
Smaller and Mid-Sized Firms
#ECMPG3
Ann Johnson, Keating Muething & Klekamp PLLKeith Lipman, Prosperoware
Steven Marks, Sills Cummis & Gross
Session Agenda
1. Terms and definitions
2. Case studies
3. Trends
4. Q&A
What are Information Barriers:Terms and Definitions
Keith Lipman, President
Prosperoware
2
One Idea Multiple Terms
• Ethical wall
• Chinese wall
• Information barrier
• Ethical screens
Type of Barriers
Exclusive
Inclusive
Rules Based
Contractor walls
One matter may have multiple different walls
Exclusionary Barrier
• Person(s) are denied access to information about the matter
• Why do these occur:
– Lateral hires (a true ethical wall)
– Secondment (lawyer loaned out to a client)
3
Inclusive Barrier
• Means matter is confidential
• Why does these occur:
– Representing multiple parties in the same matter
• UK, Hong Kong, Canada more acceptable than US
– Client demand for confidentiality
– Concern about insider trading
– Privacy
Rules Based
• A type of exclusionary barrier
• Works automatically based on user activity– Bill time or create documents
• Why do these occur:– Competitive representations
• If you work on Coke you are not allowed to work on Pepsi
– Representing the multiple parties for one matter
Contractor
• Contract lawyers only have access to the matters they work on
• Why do these occur:
– Ethical opinion that if contractors do have access to other matter information
• Not considered a lateral hire
4
Acknowledgement and Notice
Walls are not secrets
Users should be aware of the wall
Need to a acknowledge the wall
Case Study: Sills Cummis & Gross
Steven A. Marks
Chief Information Officer
5
6
7
8
Ethical Walls as Template
Ethical Walls Profile Screen
Selecting Screened Users
9
Audit as History of Screen
Security as SQL Job
Case Study: Keating Muething & Klekamp
Ann Johnson
System Applications Manager
10
About Keating Muething & Klekamp
• Cincinnati based, full service firm• Founded in 1954• 103 Attorneys• 23 Paralegals / Practice Group Assistants / Examiners
• 90 Support Staff
Key Technologies
• Windows 7/Office 2007
• Autonomy WorkSite 8.5• Server 8.5 IDOL Indexer with 4,000,000 Document
Repository
• FileSite
• WorkSite Web
• WorkSite Communication Server (EMM on hold)
• Rippe & Kingston LMS Accounting System
• Litigation Support Tools include Ringtail and Summation
• InterAction CRM
My Role at the Firm
• WorkSite DMS/Content Management
• Records Management Technology
• Firm Intranet and Client Extranets
• Matter Centric Collaboration Design
• Ethical Walls and Information Security
11
Where does our information reside?
Physical Files and RM Apps
Personal and Loaner Laptops
Business and Personal Desktops
iManage Worksite DMS
Litigation Support
Accounting Systems
Network File Shares
Universal Search Engines/TotalSearch
InterAction CRM
BEC
How do we protect it?
• Established a security team and assigned specific responsibilities• Executive Director• Firm General Counsel• CIO• Records Manager• System Applications Manager
• Developed and published detailed content retention and security policies
• Created matter centric structure tied to accounting and records management applications
Ethical Wall Request Process
Initial Request
Executive Director
General Counsel
Records Manager
IT DMS Manager
Responsible Attorneys and
Staff
Other IT Staff
12
Ethical Wall Technology
• Solutions evolved based on technologies available at the time
• Early adopters of DocAuto security technologies
• Rely on a mix of manual and automatic methods
– Third party security applications
– Built-in DMS security features
– SQL reports
– Excel spreadsheets
Technology: DMS WorkSpace Creation
• DocAuto’s WorkSpace Manager utilized for workspace creation and modification
• Standardized matter centric workspace structure public by default
• Firm administrative workspaces are private by default with rights granted using group membership policies
• Flexibility to accommodate partner and employee turnover, practice group modifications
• Provisioning functionality allows movement of content, updating security and metadata automatically
Technology: Ethical Walls
• DocAuto’s iMPrivate utilized for automated maintenance of document security on a day-to-day basis
• Identifies documents based on any combination of search criteria including full text values
• Adds, removes or modifies security
• Batch process that runs every few hours
13
Technology: Monitor User Activity
• DocAuto’s Watchdog Server provides automated day-to-day monitoring of WorkSite user activity to prevent content theft and unauthorized use of intellectual property
• Monitors, reports on, and takes action on all actions including Check In, Check Out, View, Export, Print, Delete and E-Mail
• Notifies specific users if activity exceeds preset thresholds, for example, exports >X number of documents in a 24 hour period
Ethical wall report created with high tech Excel!
Ethical Wall Name
Client.Matter
Number Client.Matter Name Wall Type Default Security ACL Rights
User/Group
Names Conflict
Date
Created
Bruemmer, Michael NE4900.RE0816 Newman Norwood
Purchase
Exclusionary No Change,
Public
No Access Bruemmerm Lateral hire Mar 3 2011
Morales, Jill FL2000 FlightTech Exclusionary No Change,
Public
No Access Moralesj Lateral
District Court
Feb 27 2011
CN3000 CNC Investments Exclusionary No Change,
Public
No Access Moralesj Lateral
District Court
Feb 27 2011
DA7130 Dayton Engineering Exclusionary No Change,
Public
No Access Moralesj Lateral
District Court
Feb 27 2011
FI2290 First Security Exclusionary No Change,
Public
No Access Moralesj Lateral
District Court
Feb 27 2011
Country Day CO2300.LA0001 Country Day Smith Inclusionary Private Full Access Burkes,Creech
m, Hoepfsm,
Meerl,
Ramseyb,
Trauth
conflict
Feb 15 2011
Ethical Wall Challenges
• Once content is exported from DMS into universal search engine it is difficult to remove
• Users not adhering to Matter Centric policies, full text search results must be analyzed to avoid blocking unrelated content
• Status and disposition• Optimistic versus pessimistic security models• Structured versus unstructured data• Outlook/Exchange content• Where do we go from here?
14
Confidentiality a Changing Tide
Classic View: Security and Privacy
Intense Spotlight on Privacy
15
FOR
INSIDER TRADING
FOR
INSIDER TRADING
Jeffrey Temple
IT Manager
Arthur CutilloMatt KlugerAssociate
Black Hats Brought Privacy Issues Home to Law Firms
Lawmakers Got Serious
HIPPA/HITECH Act -- $50,000 per violation for medical records breaches
UK Information Commission - fines of up to £500,000.
Massachusetts fines up to $100 per person and $5000 per violation
Clients and Law Firms Got Nervous
Clients Risk Committees
16
Nothing is Easy: Email Confidentiality Search Conundrum
Vice President
at Client
Lawyer in firm
Email about firing employee
Shared Email
Repository
Someone at firm
whose spouse
works at client
Email filed correct
location
Search on company name
Solution to these Problems
• Hybrid security
– Certain folders are secured
• Medical records, Client documents, etc.
• Entire matter confidential
• Approach satisfies privacy and confidentiality
• Security is driven through a matter team
– A group
What is a Matter Team
• Working lawyer • Partner-in-charge
Defined in matter opening (e.g. matter owner)Defined in matter opening (e.g. matter owner)
• Lawyer, paralegal, secretary
Who is working on the matterWho is working on the matter
• Manually • Matter owner or designee• Centrally
• Automatically
MaintenanceMaintenance
17
Questions?