Picture this:   You’re travelling across U.S. borders, heading home from a client meeting abroad.  However, unlike other trips, this time a Customs and Border Protection agent requests that you unlock and hand over for inspection your computer and cell phone — full of client confidential information.  You’ve been concerned about this issue, and so you’ve had your IT department encrypt all of the sensitive data on your devices.  Will that protect you client’s information from disclosure?

Ethics duties at the border

We wrote here last year about the ethics issues with border searches of e-devices, including the New York City Bar Association’s July 2017 opinion on how to deal with the duty of confidentiality in that scenario.

The NYCBA ethics committee advised that you may of course ethically comply with lawful government orders, but also that you should not comply “unless and until” you “undertake reasonable efforts to dissuade border agents from reviewing clients’ confidential information or to persuade them to limit the extent of their review.”

The concern about this issue was heightened by a sharp uptick in border searches of e-devices.  Customs officers searched an estimated 30,200 cellphones, computers and other electronic devices of people entering and leaving the U.S. last year — an almost 60 percent increase from 2016, according to Homeland Security Department data.

Most recently, in January 2018, the CBP revised Directive No. 3340-049, which includes procedures for searching information subject to attorney-client privilege.  Section 5.2 calls for segregating privileged material to ensure that it is “handled appropriately.”

Encryption – it’s no panacea

What about encrypting the client information on your e-device to make sure it stays confidential and won’t be revealed during a potential border search? That approach may be of limited use.

Section 5.3.3 of the revised CBP directive provides that if border officers can’t inspect your device “because it is protected by a passcode or encryption,” they may detain it and convey it (or a copy of its contents) to third parties who can supply “technical assistance.”

This is an indirect reference to the various U.S. intelligence agencies that are authorized pursuant to Section 2.6 of Executive Order 12333 to provide technical support and assistance to the CBP.  This aid may be derived from the National Security Agency, which leads the federal government in cryptology, or from the National Media Exploitation Center which consists of representatives from multiple intelligence agencies that are  responsible for decrypting, translating and analyzing documents and electronic devices in the federal government’s possession.

If CBP officers seek to decrypt and access the confidential information on your device, they likely have the authority and the technical resources, through federal intelligence agencies, to do so.

The magnitude of the risk, and what to do

Even though the 5,000 devices searched in February last year sounds like a lot, it’s only a tiny percentage according to CBP’s Office of Public Affairs. The agency says that in FY 2017, only about .007 percent of arriving international travelers screened and processed by CBP officers were required to submit to an e-device search.  That possibly points to a low risk for any one lawyer who might be returning from international travel.

But given the breadth of your ethics duty, and the limits on the ability of encryption to protect confidential client information on your devices, it would be a best practice to heed the advice that the NYCBA gave last year:

  • Depending on the circumstances, including the sensitivity of the information, you should consider not carrying any client confidential information across the border.
  • Rather than exposing your client’s information to disclosure in a search, you should securely back up client information and cross the border only with a blank “burner” phone or laptop.
  • And before coming back across the border, you should also turn off syncing of cloud services, sign out of web-based services, and/or uninstall applications providing local or remote access to confidential information.

Lawyers and their firms should consider incorporating these measures into their data security policies and practices. It’s what the times, and your ethics duties, would seem to call for.

Confession:  I’m a lawyer who’s married to a lawyer.  If that’s your situation too, then you know some of the challenges — how life at home falls apart when you both have trials scheduled; the strain on the budget in those early days when you’re paying off two sets of law school loans; playing rock-paper-scissors to decide who takes the sick kid to the office with them.

More than pillow talk

Now, from my home state of Ohio’s Board of Professional Conduct, comes a reminder about another challenge:  keeping your client’s confidential information confidential when you’re in a two-lawyer household.  There is always the temptation to talk shop, to discuss at the dinner table details of exciting work you’re doing, or even to give your spouse a leg up by sharing some work product you’ve created for your client.

It’s that last one that got two lawyers in trouble, according to the complaint filed by the Buckeye State’s Office of Disciplinary Counsel.  Two lawyers, both of whom practiced in the same area of law, first met at a trade association conference.  One had been admitted in 2001, and the other in 2010.  They dated (or “began a personal relationship,” as the complaint says), moved in together, and became engaged to be married.  They continued to practice at separate firms.

As the complaint alleges, after the lawyers moved in together, they began exchanging information relating to their clients, but without authority to do so.  More than a dozen times, said the complaint, one lawyer would forward to the other an e-mail from her client that requested a legal document — a contract, a waiver, or an opinion.  The other lawyer would respond by forwarding an e-mail with his client that attached that type of document.  The lawyers apparently didn’t scrub or redact the e-mails or the documents — rather, the exchanges revealed the identity of the clients and confidential communications that they had with their respective lawyers.

The complaint suggests that the lawyers were simply sharing the information and documents to help each other out at work.  “More often than not,” alleged the complaint, one of the lawyers “ultimately completed” the other lawyer’s work “relative to her particular client.”

The lawyer’s disclosures, over the course of nearly two years, were discovered by their respective law firms.

Discipline by consent

The result of the disciplinary complaint:  the lawyers each consented to discipline, acknowledging violations of Ohio’s version of Model Rule 1.6(a) (lawyer shall not reveal information relating to the representation of a client) and Ohio’s unique catch-all Rule 8.4(h) (lawyer shall not engage in “other conduct” that adversely reflects on lawyer’s fitness to practice law).

The lawyers also each agreed to a six-month suspension — but fully stayed on condition of no further misconduct.  The relatively light penalty is partly based on the finding that no clients were harmed.

The Board adopted the disciplinary panel’s recommendation in June — but the case is not over yet.  The Board’s recommendation now goes to the state supreme court, which can accept, or reject and modify it.

Avoiding temptation

It’s human nature to want to give professional help to your nearest and dearest when you can.  But there’s no question that sharing unredacted client documents and communications without consent can violate the duty of confidentiality — which is very broad, and extends to all information relating to the representation.  It’s hard to see how or why a client would ever consent to the kind of sharing that went on here.

My friend Brian Faughnan has an interesting take on this case, over at his blog — namely that lawyers who overshare believe the risk of getting found out is quite low because of the marital privilege.  He cautions, however, that in this digital age, things have a way of coming to light even without a spouse voluntarily providing information.

Bottom line:  Even the kind of casual sharing that falls into the category of shop talk between co-habiting lawyers can be ethically improper.  It’s hard to avoid that kind of temptation, but the necessity of doing so comes with the territory when your spouse or partner is not only a bed-fellow but a fellow member of the bar.

 

What are your ethics obligations when your client gives you documents that the client may not be entitled to have?  Model Rule 4.4(b), adopted in some form by most jurisdictions, provides some guidance.  Applying it, together with other principles, a New Jersey appeals court, in an unpublished ruling, recently disqualified a firm from representing the plaintiff in a  wrongful termination case.

“Burn files”

The disqualified firm’s client, Sanchez, was the former chief compliance officer at a pharmaceutical company.  After receiving a disciplinary warning as a result of complaints about his “deportment” involving employees who reported to him, Sanchez told management that he had personal copies of confidential files of his employer, which he called his “burn files.”  He said that he would use these “‘burn files’ to ‘f–k'” the employer “when they try to get [him].'”

Sanchez was fired two months later, and sued his employer for wrongful termination in New Jersey state court under the Garden State’s whistleblower law.

Sanchez gave the documents to his lawyers.  In discovery, the employer asked for any confidential documents that Sanchez had taken.  By the time Sanchez’s lawyers responded and acknowledged the “burn files,” nine months had passed.  Asserting that the documents had been improperly taken, contained trade secrets and were privileged, the employer moved to preclude their use and to disqualify Sanchez’s lawyers.

The trial court granted the motion, leading to the appeal.

Careful company policies

Several policies of the employer helped the court conclude that Sanchez wrongfully took the “burn files.”

  • Employees in general were required to protect the company’s confidential information and barred from “improperly possessing or using” it.
  • Another policy prohibited employees from accessing confidential or secret information outside the scope of their work responsibilities, and misusing or disclosing it.
  • As a high-level manager, Sanchez had also signed a contract agreeing to return documents and work-related data after leaving the company.

Interplay of discovery rules, ethics principles, other law

The court of appeals upheld the trial court’s orders, including disqualifying Sanchez’s lawyers.  New Jersey’s version of Model Rule 4.4, said the court, “impose[s] an ethical obligation on attorneys to safeguard confidential information of third persons.”  It provides that “a lawyer who receives a document … and has reasonable cause to believe that the document … was inadvertently sent shall not read the document … [and] shall (1) promptly notify the sender [and] (2) return the document to the sender…”

This rule, the court held, is coupled with the state’s discovery rules, which provide that a party who is notified that information produced in discovery is subject to a claim of privilege must promptly return, sequester or destroy it, and not use it until the privilege claim is resolved.  (New Jersey’s rule is like those in many other jurisdictions, and Rule 26(b)(5)(B) of the federal civil rules.)

The court also analyzed the state supreme court’s 2010 multi-factor test in Quinlan v. Curtiss-Wright Corp., holding that in some circumstances employees can  take and use employer confidential documents to prove claims under the state’s anti-discrimination statute.  Here, though, the court of appeals agreed that Sanchez was required to return the “burn files” that he removed “through self-help, pre-litigation measures.”

This case underscores that you must consider different sources of law in working through the issues presented when your client gives you documents that the client may not be entitled to have.  Both the discovery rules and ethics rules potentially apply, plus the rules on attorney-client privilege and relevant case law.

“Chaotic self-help battle”

The appeals court concluded there was reasonable cause here to believe that the documents Sanchez improperly took were privileged, and said that the judiciary must “prevent the discovery process from degenerating into a chaotic self-help battle.”

As for disqualification, the court said that having an opponent’s privileged documents weighs in favor of disqualification, because less-severe remedies “fail to adequately address both the [Rule 4.4(b)] violation and the attendant harm of access and exposure to privileged documents.”

The key to the ethics violation here, said the court of appeals, was the nine-month delay during which Sanchez’s lawyers failed to notify opposing counsel that they had the “burn files.”  That was an “unreasonable delay” that “rendered futile” any attempt to mitigate the harm caused by disclosing the documents.

Don’t get burned

Rule 4.4(b) and the obligation to notify the sender extends to documents that are “inadvertently sent.”  The question implicitly raised by this case is whether documents that the lawyer obtains as a result of being improperly taken by a party should be treated the same as those that are “inadvertently sent.”  The court here seems to conclude that the answer is “yes,” but without any explicit analysis that would provide guidance.  Nonetheless, the lawyer’s mere exposure to the opposing party’s privileged documents would apparently have been enough, in this court’s view, to mandate the remedy of disqualification.

Bottom line:  be sure you consider all the sources of law that might apply, including ethics rules, when your client drops “burn files” in your lap — otherwise, you might end up getting burned with a DQ order.

We’ve written before about what you can and cannot say when withdrawing from representation.  Now a Texas bar ethics opinion adds a twist:  what can you tell an insurance company that retains you to represent its insured, when the client won’t cooperate?

Lonely in the Lone Star state

A Texas lawyer had a quandary.  An insurer had assigned Lawyer to defend its insured in a state court personal injury action arising out of a car accident.  For a while, the client cooperated.  Then — radio silence.  Lawyer tried contacting the client by various means, including having an investigator track the client down to ask him to contact Lawyer.

The client’s non-cooperation made it difficult or impossible to defend the suit, and exposed Lawyer to sanctions for not answering discovery requests.  Lawyer also realized that the client’s failure to communicate might violate the cooperation provision of the insurance policy, and result in the insurer withdrawing coverage.

Lawyer’s investigator finally delivered a letter to the client, warning that Lawyer would move to withdraw if the client didn’t contact Lawyer.  Receiving no response, Lawyer prepared to withdraw, and asked for guidance on what he could disclose to the insurance company  about the reasons for withdrawing.

Silence is golden

You can’t say much, answered the state bar ethics committee.  “At a minimum,” the committee said, the client’s “failure to communicate with Lawyer is unprivileged client information.”  Under the state’s version of Model Rule 1.6, that meant that it was confidential information that Lawyer could not disclose to third parties or use to the disadvantage of the client, including in the context of withdrawing from the representation.

No exception to the general confidentiality rule applied here, noted the committee.  For instance, like the Model Rule, the Texas rule allows lawyers to disclose confidential client information in order to carry out the representation.  It’s sensible to regard that kind of disclosure as always being impliedly authorized, because otherwise, we could not negotiate with opposing counsel, for instance.  But the disclosure here would not be for the purpose of representing the client, the committee said — rather, it would be for the purpose of ending the representation.

Therefore, in withdrawing, the Lawyer was advised not to reveal the client’s failure to communicate in order to explain either to the insurance company or the court the reason for Lawyer’s withdrawal.

The committee cited the  ABA Ethics Committee’s 2016 Opinion 476, which considered what you can say to the court when withdrawing for non-payment, and which, like the Texas opinion, advises that the information is within the scope of your confidentiality duty to the client.

Take home lessons

  • Bear in mind that even the most difficult client is still your client; the Texas opinion points out that there’s no free ethics pass even when the client stops communicating with you.
  • And in the insurance defense context, the insured is a client for ethics purposes, despite the fact that the insurance company has assigned the case to you and is paying your fees.

We’ve written before about the breadth of the duty of confidentiality we owe to our clients, and how it even extends to matters that you think are safe to discuss because they are of “public record.”   (See here and here.)  Now comes the ABA’s latest on the subject of lawyer “public commentary” — Formal Opinion 480 (Mar. 6, 2018).  And it prompts us to be wary of a couple pitfalls when it comes to what we say about clients in online articles, on twitter, at webinars, in podcasts and through traditional print publications — all of which the opinion refers to as “public commentary.”

Duty “extends generally”

All such public commentary, the ABA reminds us, whether on-line or not, must comply with the relevant jurisdiction’s version of Model Rule 1.6.  The rule requires us to maintain the confidentiality of all information relating to the representation of a client, unless that client has given informed consent to the disclosure, the disclosure is impliedly authorized to carry out the representation, or the disclosure is permitted by a specific exception in Rule 1.6(b).

The confidentiality rule, as is frequently said, is much broader than the attorney-client privilege, and includes all information relating to the representation, whatever its source.  Even the identity of the client is usually deemed to be confidential information, the ABA ethics committee notes in this newest, foot-note-heavy opinion.  And, adds the committee, it’s highly unlikely that a disclosure exception (except for consent) would apply when a lawyer engages in this sort of public commentary.

Don’t hype the hypo

That brings us to “hypotheticals.”  We all use them — from law profs in class, to lawyers seeking informal practical advice from colleagues at other firms, to gurus of various stripes who use real-life examples at legal CLE seminars.  But, says the ABA committee, beware:  “A violation of Rule 1.6(a) is not avoided by describing public commentary as a ‘hypothetical,’ if there is a reasonable likelihood that a third party may ascertain the identity or situation of the client from the facts.”

For example, in a widely-reported case mentioned in the ABA opinion, an Illinois lawyer got a 60-day suspension in her home jurisdiction for violating  Rule 1.6, when she blogged about her criminal defense clients using either their first names, a derivation of their first names, or their jail ID number.  Reciprocal discipline was imposed in Wisconsin.

In light of the ABA opinion, you’re going to want to make sure that any real-life client situations you describe in  public commentary is so thoroughly disguised that no one can tell that it’s real.  If you’re using social media to educate and engage, there’s arguable benefit in discussing actual situations in a hypothetical way, while being sure to scrub the real facts out.  But as we’ve said before, if you’re just making cocktail party chit-chat, why even go there?  It’s not worth the risk of divulging confidential client information.

Trial publicity statements

The ABA opinion also briefly notes the constraints that Model Rule 3.5 puts on using public commentary to influence the court of public opinion.  The rule prohibits a lawyer from seeking to influence a judge, juror, prospective juror, or other official by means prohibited by law, and cites the case of a Louisiana lawyer disbarred for, among other things, using an internet petition campaign to contest the rulings of a judge presiding over a custody dispute involving her client.  That kind of conduct can also obviously lead to trouble.

All in all, the new opinion is a straightforward application of Rule 1.6 to this age of public commentary; but it is a good wake-up call for those who need one.

Holiday parties are great times to socialize and network with colleagues.  But the casual atmosphere and the sometimes-plentiful adult beverages can also tempt you to tell war stories that reveal too much about your past clients, potentially violating your continuing duty of confidentiality under Model Rule 1.9.  But what’s “too much”?  If something about a previous case or transaction you were involved in is in the news, or is contained in court pleadings, can you discuss it?

The simple answer is “Not really.”  Model Rule 1.9(c)(2) says that you have the same duty not to reveal information relating to the representation of your former client as you do to a current client.  That’s a very broad duty:  it extends to all information “relating to the representation” (i.e., much broader than the attorney-client evidentiary privilege).  That effectively rules out war stories that would be detailed enough to let your audience figure out who you are talking about.

When is former-client info “generally known”?

Outside of the cocktail party context, how about using information adverse to a former client?  For instance, you might be in a position to use information you have acquired about the workings of a former client’s business without actually revealing it.  Rule 1.9(c)(1) says that such use is prohibited, subject to an interesting exception — it can be used “when the information has become generally known.”  That seems like a common-sense exception that strikes an appropriate balance between the former client’s valid interest in continuing confidentiality and the fact that you are no longer counsel to that client.

However, the definition of “generally known” can seem pretty narrow.  Last year, we wrote about a disqualification case holding that even information that’s “of record” in a court file may not be “generally known” for purposes of meeting the exception.  Now comes the ABA Ethics Committee’s take on that issue, published last week.

In Opinion 479, the committee agreed that information is “not generally known merely because it is publicly available or …[is] a matter of public record,” and noted numerous authorities that have reached that conclusion.  So when is former-client information “generally known”?

Citing New York rules commentator Roy Simon and a 2013 New York state ethics opinion, the ABA committee said that for Rule 1.9 purposes, information is generally known under two circumstances:

  • it’s widely recognized by the public in the relevant locale; or
  • it’s widely recognized in the former client’s industry, profession or trade.

“Workable definition”

This “workable definition,” said the ABA committee, encompasses publicity through traditional media sources, the internet and through social media — channels that can lead to public notoriety.  And publicity in leading sources in a particular field can meet the “generally known” test if members of the industry, trade or profession would widely recognize those sources.  “Information may be widely recognized within a former client’s industry, profession, or trade without being widely recognized by the public,” said the ABA committee.

But the committee reiterated that unless information has become widely recognized by the pubic, or within the former client’s industry, the fact that the information may have been discussed in open court, or may be available in court records does not necessarily signal that it is “generally known.”

Party safely and ethically

When you’re at a holiday gathering with your brother- and sister-members of the bar, have fun — but at the same time, watch what you imbibe (and designate a driver) and watch what you say.  Being judicious in both regards is the best way to enjoy the season without regret.

You’ve probably read about the New York Times reporter who says that he overheard lawyers for President Donald Trump discuss the ongoing Russia investigation at a Washington, D.C. restaurant, and then reported on the talk — which revealed details of a strategy debate, the alleged existence of documents “locked in a safe,” and other purported insight on the internal workings of the President’s legal team.

(If you somehow missed the story — maybe you just stopped paying attention — check out the Times reporting, the backstory on how the reporter overheard the conversation, and the ABA Journal’s report.)

Every reporter’s dream

The NYT reporter, Kenneth P. Vogel, wrote that he overheard the conversation when he happened to be seated at a steakhouse at the next table over from Ty Cobb and John Dowd.  Cobb was brought over from Hogan Lovells in July to run point on the Russia investigation; Dowd, another member of the White House legal team, retired from Akin Gump Strauss Hauer & Feld in 2015.

Vogel later wrote, “I have always thought of overhearing conversations as an underappreciated journalistic tool.”  The Washington Post commented, “It is every Washington reporter’s dream to sit down at a restaurant, overhear secret stuff, and get a scoop.”

Don’t let this happen to you!

Our take on this cautionary tale, of course, centers on Model Rule 1.6 — client confidentiality.  We often have occasion to warn you to consider particular wrinkles in the rules that affect your particular jurisdiction.  But not this time.  In every U.S. jurisdiction, lawyers have an obligation not to disclose confidential information relating to the representation of a client without the client’s consent.

That duty covers a wide swath of information learned through the representation.  It’s much broader than information that is protected by the evidentiary attorney client privilege.

And so many ordinary things you might do without thinking twice can jeopardize your client’s confidential information — as Cobb and Dowd have perhaps discovered.  (Some have suggested that the incident was so blatant that it must have been intentional.  But intentional or not, disclosure still requires client consent.  The Times reported that, according to its sources, the disclosure prompted White House counsel Donald F. McGahn II to “sharply reprimand[] Mr. Cobb for his indiscretion.”)

The list could go on ad infinitum, but here are just a few examples of every-day things that can breach your duty of confidentiality:

  • schmoozing about work while standing in line at Starbucks;
  • doing client pitches;
  • sharing war stories with friends over cocktails;
  • talking on a cell phone in a public place;
  • reading client documents on a laptop while sitting next to someone on a train or plane;
  • forgetting documents on a restaurant table or in a cab;
  • forwarding client-related emails to people outside your firm;
  • sharing documents or forms created for a client with friends or other clients.

You must remember this…

Remember, confidential information also includes “disclosures by a lawyer that do not in themselves reveal protected information but could reasonably lead to the discovery of such information by a third person.”  (Model Rule 1.6 cmt. 4.)  In other words, just leaving out names doesn’t help, if someone can figure out who you are talking about.

And, as the President’s lawyers perhaps learned, when your client realizes that you have disclosed confidential information, “oops” may not be a complete excuse.

Bottom line:  You might never work at the White House, but make it your default mode not to discuss client business outside of your office, and you won’t go wrong.

The ACLU and the Electronic Frontier Foundation have sued the Department of Homeland Security to block U.S. Customs and Border Protection personnel from searching travelers’ electronic devices without warrants.  This has implications for lawyers who cross in and out of the U.S. with phones and laptops  containing confidential client information.  The CBP’s policy, which the ABA also has questioned, currently authorizes such searches even without a suspicion of wrongdoing.

We first wrote about the issue last month, when the New York City Bar Association published an ethics opinion raising the client confidentiality issues and advising that in some circumstances lawyers should consider using “burner” phones, and avoid taking client confidential information across borders.

The ACLU and EFF’s lawsuit, in Massachusetts district court, alleges violations of the First and Fourth Amendments on behalf of 11 plaintiffs whose electronic devices were searched as they reentered the U.S.  None were subsequently accused of any wrongdoing.

The plaintiffs include journalists, students, an artist, a NASA engineer and a business owner — but no lawyers.  Despite the absence of lawyers from the roster of plaintiffs, the client confidentiality issues are obvious, and have received a lot of notice.  See here for the New York Times story on the lawsuit, and here and here for commentary on the N.Y. City bar ethics opinion.

I’d be interested in hearing whether lawyers have personal experience with border searches of their electronic devices.

Stay tuned for additional developments on this issue.

Travelling abroad for work?  What should you do if a Customs and Border Patrol agent, claiming lawful authority, demands that you unlock your computer or thumb drive or cell phone — full of client confidential information — and hand it over to be searched as you cross the U.S. border?

New York City bar association ethics opinion issued on July 25 offers some practical tips, and spotlights the ethical duties of confidentiality and client communication involved in this increasingly-common scenario.

Cause for concern

The confidentiality concern is more than hypothetical.  According to the Department of Homeland Security, in February 2017 alone, CBP agents searched more than 5,000 cell phones, laptops and other devices.  That’s as many searches as in all of 2015.  CBP policy apparently permits U.S. customs agents to review any information that physically resides on travelers’ electronic devices, with or without any reason for suspicion, and to seize the devices pending inspection.

The ABA voiced concern in May, requesting that the Department of Homeland Security revise CBP’s procedures in order to better protect client confidential information from search or seizure at border crossings.

Evasive tactics necessary?

Under every state version of Model Rule 1.6, you have an ethical duty to safeguard the confidentiality of client information in your possession, and “few principles are more important to our legal system,” the opinion notes.

The thoroughly-reasoned and detailed New York opinion concludes that Rule 1.6, coupled with Rule 1.1 (Competence), raises obligations before a lawyer approaches the U.S. border; at the border when an agent seeks access to a device; and after an agent has reviewed clients’ confidential information.

  • Before crossing the border, Rule 1.6(c) and its comments, which require “reasonable efforts to prevent … unauthorized access to” client confidential information, means that you must take reasonable precautions in advance to avoid disclosing such information unless authorized by the client (which is unlikely).  Depending on the circumstances, including the sensitivity of the information, these efforts may include not carrying any client confidential information across the border.  If so, the opinion suggests:  securely backing up client information and then crossing the border with a blank “burner” phone or laptop; turning off syncing of cloud services; signing out of web-based services; and/or uninstalling applications providing local or remote access to confidential information.
  • At the border, Rule 1.6(b)(6) and its comments come into play.  It permits lawyers to disclose confidential information to the extent reasonably believed to be necessary when required “to comply with other law or court order,” including “a governmental entity claiming authority pursuant to … law.”  But, the opinion cautions, disclosure is not “reasonably necessary” to comply with law if there are reasonable lawful alternatives to disclosure.  The opinion concludes that “it would be an unreasonable burden” to require a lawyer to forgo entering the U.S. or to allow herself to be taken into custody or litigate the lawfulness of a border search. But the opinion also says that lawyers have a duty not to comply “unless and until” the lawyer “undertakes reasonable efforts to dissuade border agents from reviewing clients’ confidential information or to persuade them to limit the extent of their review.”  To facilitate that challenge, you should carry ID confirming that you are a lawyer, notify agents that your device has client confidential information on it, request that the agents limit their review, and ask to speak to a superior officer, says the opinion.
  • After a search or seizure of client confidential information, Rule 1.4 (Communication) requires that you notify affected clients about what occurred and the extent to which their confidential information may have been reviewed or seized.  That communication will let the client decide on possible responses, including a potential legal challenge.

Globe-trotting implications

Tennessee ethics lawyer Brian Faughan shared his comments on this opinion under the headline “Practicing law like it’s espionage.”  The ways to carry out the potential duty to avoid taking confidential information across U.S. borders, as well as the other recommendations in the New York opinion, indeed make me think of spy craft, and to wonder if we are entering the world of novelist John LeCarre.  That’s an uncomfortable thought — but under the reasoning of this opinion, such considerations are necessary as a matter of ethics.

Whistle BlowerA whistle-blowing general counsel won an $8 million federal jury verdict earlier this month, in a case that might encourage other GC’s to call out corporate wrongdoing.

Compensatory and punitive damages

After deliberating only three hours, the jury in Wadler v. Bio-Rad found that the GC had a reasonable basis for reporting his suspicions about the company’s Chinese sales operations to the organization’s audit team.

The GC’s allegations prompted an internal investigation by outside counsel, which concluded that the sales team had not violated the Foreign Corrupt Practices Act.

But the jury found that the company had retaliated against the GC by firing him after the report, in violation of the Sarbanes-Oxley Act, and that absent the report, he would not have been terminated for legitimate reasons.

The award to the GC included $5 million in punitive damages.  Speaking to Law360 (subs. req.), the GC’s lawyer attributed the punitive damages to the company  CEO’s creation of a back-dated negative performance review; computer metadata proved that the review hadn’t been created until after the GC had been fired.

Does SOX protection trump company’s privilege?

Judgment on the jury verdict was entered on February 10.  It will almost certainly be the subject of post-trial motions and possibly an appeal.

But the verdict stands out as a rare trial win for a GC in a whistle-blower case based on retaliatory firing.  Such suits have often been foreclosed before trial because of restrictions on a company lawyer’s ability to use confidential information of the employer in proving the GC’s case.

For example, in 2013, the Second Circuit affirmed dismissal of a GC’s whistle-blower suit brought under the federal False Claims Act, holding that the allegations relied on privileged information that could not be disclosed, and that the FCA did not preempt New York state ethics rules on confidentiality.

In the Bio-Rad case, however, the federal magistrate judge found at the end of 2016 that the whistle-blower protections of SOX trumped the company’s attorney-client privilege, and turned back the company’s motion to preclude use of privileged information at trial.

The GC’s ability to use this information as evidence arguably spelled the difference here.

Key factors in the magistrate judge’s ruling:

  • as a federal claim asserted under SOX,  the federal common law of privilege applied; that took the case outside the scope of the California Supreme Court’s 1994 ruling in General Dynamics Corp. v. Superior Court, which had limited retaliatory discharge claims to those that could be established without breaching the attorney-client privilege;
  • the text and structure of SOX doesn’t indicate that in-house lawyers aren’t protected from retaliation, and SOX § 1514(A)(b) and particularly the SEC’s final rule (17 C.F.R. § 205) preempts the California state ethics rule on client confidentiality;
  • Model Rule 1.6 is the guiding standard, which — unlike the California state rule — permits a lawyer to reveal information relating to the representation of a client to the extent the lawyer reasonably believes necessary to establish the lawyer’s claim in a controversy between the lawyer and the client; and
  • Bio-Rad made so many disclosures to the SEC, the DOJ and the DOL during the course of previous investigations and administrative proceedings, and to the court in the pre-trial phase of the case, that the company waived the privilege as to many communications.

The SEC had filed an amicus brief during the briefing on the company’s motion to exclude, supporting the position that the magistrate judge took — that SOX trumps state legal ethics rules regarding client confidentiality.

Trend or outlier?

Whether the Bio-Rad case will be upheld, and whether it is a trend or an outlier, remain to be seen.  But in the short run, it may encourage other GC’s to blow the whistle.