Category Archives: Law Firm

Financial Reporting, Law Firm, Litigation Management, Middle Market Business, Risk Management

NJ Appellate Division Rules Shareholders Can Inspect Board Minutes

An August 17, 2010 New Jersey decision may be negative for businesses in New Jersey despite what on the surface is  a win for a large corporation.   In Cain v. Merck & Co., Inc., the New Jersey Appellate Division addressed whether the New Jersey Business Corporation Act entitles shareholders to inspect the minutes of the board of directors and the minutes of executive committees, and if so, the breadth of that right of inspection.  According to the court, resolution of these questions:  centers on the proper construction of N.J.S.A. 14A:5-28(4) of the Act. In pertinent part, that statute allows shareholders, upon proof of a “proper purpose,” to examine “the books and records of account, minutes, and record of shareholders of a corporation.” N.J.S.A. 14A:5-28(4).

In what appears to be a case of first impression in New Jersey, the Appellate Division concluded that the qualified right of inspection under the statute extends to the minutes of the board of directors and the executive committee – and not just to the minutes of the shareholder meeting.   The court, however, limited this right of inspection to only those portions of the board minutes that address their “proper purpose.”  In other words, shareholders are “not entitled to examine the minutes in order to explore unsubstantiated allegations of general mismanagement.”

It is not clear whether Merck will appeal given that it, in effect, won its alternative argument, namely that the review should be limited to discussions related to a study conducted by Merck rather than a broader review that on its face does not have such a  “proper purpose.”  According to a Merck spokesman, “we’re evaluating our next steps.” 

If left as binding authority, this decision may have huge ramifications for large and public businesses in New Jersey.   As it stands, the decision extends the reach of the statute – which appears on its face to be limited to shareholder meetings – to the much more deliberative board meetings of a corporation.  It gives litigants a new tool and may cause directors to be more restrained when providing advice given their decision-making process may now be opened up to a much greater extent.  Moreover, this obviously potentially increases the liability of directors and officers so there may be a potential increase in claims – with a resulting increase in D&O insurance premiums.   Although the lower court did recognize that the minutes should be redacted for privileged material, now that the door is open, future judges will have free reign to decide what is deemed “a proper purpose” or privileged material.   In other words, there is no guarantee a future judge won’t allow the fishing expedition rejected by the Appellate Division in this case.

Law Firm, Middle Market Business, Network Security, Privacy, Risk Management

iPad Exploit Exposes Email Addresses of 114,000 Users

According to a Gawker exclusive, a simple online request made on the AT&T network allowed access to user account information.  The information exposed in the breach “included subscribers’ email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T’s network, known as the ICC-ID.”   One security consultant offered that “recent holes discovered in the GSM cell phone standard mean that it might be possible to spoof a device on the network or even intercept traffic using the ICC ID.”  It is unclear whether that is the case but there is no denying that some heavy hitting iPad users now have exposed email addresses and ICC IDs.

The article points out that one impacted iPad user is William Eldredge, who “commands the largest operational B-1 [strategic bomber] group in the U.S. Air Force.”  Here is a listing of some others:

Apple's Worst Security Breach: 114,000 iPad Owners Exposed

In the media and entertainment industries, “affected accounts belonged to top executives at the New York Times Company, Dow Jones, Condé Nast, Viacom, Time Warner, News Corporation, HBO and Hearst.”

Apple's Worst Security Breach: 114,000 iPad Owners Exposed

The lesson here is that AT&T did not anticipate a hack that was apparently pretty obvious while Apple did no wrong — other than align its fortunes to AT&T.

Law Firm, Network Security, Privacy, Risk Management, Small Business

Here We Go Again — FTC Extends Red Flags Enforcement Deadline

It what has come to be a now common event, the FTC has decided to extend again the enforcement of its Red Flags Regulations.  Succumbing to Congressional pressure, the FTC has decided to extend the prior deadline – which was last slated for June 1, 2010 – until December 31, 2010.   Most privacy professionals have probably lost track by now as to how many times the enforcement of these regulations has been pushed back.   The original date was November 1, 2008!  According to the FTC press release, “If Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the Commission will begin enforcement as of that effective date.”

Given that Congress will now “clarify” who is subject to these regulations, it is highly likely that those companies who have not yet complied will wait until such clarification comes down the pike.  Who can blame them?  Certainly not the FTC.

Accounting Firm, Financial Reporting, Law Firm, Middle Market Business, Risk Management

Lehman, D&O Liability and Mark-to-Market Reporting

The Devil’s Casino, Vicky Ward’s first book, is the latest account of the fall of Lehman Brothers.  Released in April, this Lehman tome applies  a gossipy approach to storytelling.  Although we learn much about the shopping habits of some Lehman wives, repo transactions are nowhere to be found.   The book, however, becomes noteworthy when Ward details a September 9, 2008 meeting between JPMorgan’s Jamie Dimon and the Fed’s head Ben Bernake (on page 200) that purportedly directly led to JPMorgan’s request that Lehman provide $5 billion more in collateral. Less than a week later, Lehman filed its bankruptcy petition (the largest in US history) ostensibly given its lack of liquidity brought on by the collateral call of its clearing bank, JPMorgan. 

In a Report by Lehman’s bankruptcy examiner, dated March 11, 2010, the issue of JPMorgan’s collateral demand was analyzed and determined to be barely actionable.  The Report states: 

the Examiner concludes that the evidence may support the existence of a colorable claim – but not a strong claim – that JPMorgan breached the implied covenant of good faith and fair dealing by making excessive collateral requests to Lehman in September 2008.  A trier of fact would have to consider evidence that the collateral requests were reasonable and that Lehman waived any claims by complying with the requests.  

(Report of Anton R. Valukas, Examiner at page 1073)

On the heels of this Report and the Ward book, on May 27, 2010, the Lehman estate sued JPMorgan.  The suit takes a different position regarding the relationship between JPMorgan and Lehman by alleging that JPMorgan’s breach of duty was actionable. 

Unlike JPMorgan, Lehman’s board and officers were essentially given a free pass by Lehman’s bankruptcy estate as well as all regulators.  The Lehman Examiner’s Report actually spends much ink analyzing Delaware fiduciary law yet concludes numerous potential fiduciary lapses were not colorable claims.   On the other hand, a bank that potentially obtains crucial information from a third party (a governmental third party with a near real-time raw account of Lehman’s financial status) and merely seeks to protect its own interests, is forced to defend itself in a costly legal battle.   To many, it makes little sense that Lehman’s directors and officers were exonerated by regulators and Lehman’s bankruptcy Examiner.  Although the existing shareholder suits and claims made by those who sustained direct harm may eventually hit their mark, it is just not the same as potential jail time or a large personal SEC fine.  Not even close.  It is easy to argue that some Lehman folks should have paid with more than the inconvenience of a deposition.

If FASB had acted a bit more aggressively two years ago, maybe none of this would have even happened.  It would have been interesting to have seen FASB actually go through with its Exposure Draft of two years ago regarding FASB Statement 5 (loss contingency accounting) and FASB Statement 133 (hedging strategy accounting).  The vast opposition to the drafts caused FASB to abandon its plans.   Much of the opposition was typified in the McDermott Will & Emery letter that opined if the suggested changes to FASB Statement 5 were made, the opposing side to a filing entity would be able to learn litigation strategy.  If the proposed changes had matured (FASB Statement 5 has not changed since 1975) some of the decisions made by Lehman may have been altered or some of the actions may have been more cleanly delineated as wrongful.  Either way, there would have been more clarity regarding the propriety of their actions. 

As it stands, the Lehman saga provides some guidance to directors and officers looking to see how insulated they are from their financial accounting decisions.  They are pretty insulated given current standards. 

FASB may now be ready to change that dynamic.  It will revive the FASB Statement 5 Exposure Draft in the second quarter of 2010 – now with only a 30-day comment period.  And, FASB issued on May 26, 2010 an Exposure Draft that provides guidance regarding the financial reporting of derivative instruments and hedging strategies.  The overall approach taken moves towards a “mark-to-market” approach for derivative instruments that will have a “seismic effect” on how banks value loan portfolios beginning in 2013 (for large banks) and 2017 (for regional and community banks).  It remains to be seen what FASB will ultimately do given the negative comments it is certain to receive prior to the September 30, 2010 comment deadline.   The takeaway is that FASB  is finally taking a serious look at how companies report on loss contingencies and asset valuations.

All reporting companies – not just financial institutions – should obviously monitor how this and other related financial reporting initiatives evolve.   To a large degree, these accounting standards dictate the extent to which firms such as Lehman can push the envelope.  Although a widening of the reporting net may bring with it a separate set of problems, the change will certainly cause executives to think twice before being coy about a lack of liquidity.  As seasoned investors themselves, reporting officers should probably apply a “Would I want to know this information?” test the next time they are on the fence about the materiality of an item.  True mark-to-market reporting (not Lehman’s “mark-to-make believe” strategy) may bring on headaches for companies with many assets  having big value swings.  Nevertheless, it certainly seems to be part of the reporting standard of the future so you might as well get used to it.

Accounting Firm, Law Firm, Middle Market Business, Network Security, Privacy, Risk Management, Small Business

Small Professional Service Firms Put Implementation of FTC Red Flags Regs on Hold

According to a recent article in Lawyers USA, small and middle market business owners are so jaded by the number of times the FTC has delayed enforcement of its Red Flags Regulations, they have pushed compliance to the back burner.  Tanya Forsheit, of InformationLawGroup, is quoted in the article as saying, “I suspect a lot of small businesses were hoping this ultimately wouldn’t happen.”   As it stands, all businesses that bill for goods and services and accept payment on a deferred basis are covered by these regulations.  Unfortunately, most such firms do not have any sort of written procedure or policy specifically dealing with identity theft — a main requirement of these regulations.   Moreover, as recognized in the article, “[s]mall businesses without extensive in-house resources have found it challenging to comply with the specifics of the rules, such as the recommendations for data encryption, regular review and annual updates of the policy, procedures for responding to red flags, training of staff, and approval of the policy by the company’s board of directors.” 

Professional service firms have been fighting hard to avoid compliance.  Lawyers successfully challenged the applicability of the regulations to law firms with an appeal currently pending.  Accountants filed suit last year and are still waiting for a decision.   Doctors and dentists have sought a legislative answer by seeking a statutory exemption.    Come the date of enforcement – June 1st- only law firms currently have a free pass.

It is recommended that all professional or consulting businesses who defer payment should immediately consult with their professional advisers to see how a cost effective compliance solution can be implemented.

Law Firm, Risk Management

Law Firms Need to be Diligent on Delinquent Accounts

Times remain tough for law firms.  The legal sector lost another 1,100 positions in April  — making it the second month in a row of four-digit losses.  Since April 2009, the legal sector has lost a total of roughly 28,000 jobs.   It is no surprise some firms are choosing to sue clients for non-payment rather than work things out.  Unfortunately, as Squire Sanders & Dempsey recently found out, such suits usually lead to a malpractice claim.  Squire Sanders waited until the unpaid tab reached $1.2 million before suing. 

In an article published by the Daily Business Review, Steve Zelkowitz, managing partner of GrayRobinson’s Miami office, said “the trend of clients suing law firms, which are considered deep pockets, is growing, particularly when a firm loses a case.”  According to Zelkowitz, “[o]nce clients lose, they will do anything to try not to pay.”   Zelkowitz also said disputes over unpaid bills are “definitely becoming more prevalent, and law firms need to be more vigilant.  No one should get more than 90 days behind with clients.”  All words of wisdom. 

Thankfully, there exist risk management solutions that immediately address “slow pay” or “no pay” law firm clients.

Law Firm, Network Security, Privacy, Risk Management, Small Business

Law Firms Feel the Data Breach Heat and Start Buying Insurance

Here are just a few of the many network security and privacy (NSAP) headline incidents that have hit law firms over the years:

  • “Employee at a Palo Alto law firm steals 90 laptops and 120 desktop computers and sells them”
  • “Eighteen laptops stolen from the Orlando office of a major law firm”
  • “Paralegal at a New York law firm downloads a 400 page trial plan in a major case and offers to sell it to the adverse party.”
  • “Employee of a vendor at the Los Angeles office of a major law firm steals a client’s highly confidential encryption data and posts it on hacker websites.”
  • “Thief remains in the offices of a Phoenix law firm after it closes and steals 3 laptops.”
  • “Laptop is stolen from a Cincinnati law firm and is found on eBay.”

Although some insurers are now offering network security and privacy coverage endorsements on their Lawyers Professional Liability (LPL) policies, the vast majority of law firms are generally without any coverage for data loss or theft.   For many years, the old guard broker heaviest in LPL told its clients that coverage for data breach events would be covered under the traditional LPL coverage grant given any breach of confidentiality – including one involving a data breach – would trigger coverage as the provision of legal services.   Fast forward to today and the tune has changed.  It is pretty much standard now for law firms to at least evaluate NSAP options.   Here are just a few of the reasons why NSAP options make sense for law firms: 

  • There is no other available coverage for post-breach expenses such as forensics.
  • Coverage for data and other non-physical perils is routinely excluded under Property policies.
  • The “intentional acts” exclusion found in the standard LPL policy might eliminate coverage if the breach was caused by an insider.
  • Coverage may be unavailable for acts that are outside the provision of professional services.
  • Liability arising out of the destruction of electronic data is not typically covered under the standard General Liability or Property policies.
  • Direct losses caused by vendors may not be covered under crime policies.
  • Crime policies generally only cover theft of money, securities or other tangible property – not information theft or the destruction of electronic data.

For a more “in depth” look at the relevant digital coverage gaps for law firms, read this now timely article written over six years ago.

Law Firm, Middle Market Business, Small Business

The $60 Email

By now most have heard of the lady who fumed when a courtesy eight word e-mail response (“I hope everything is O.K.  Take your time.”) was billed by her attorney at $60 (.2 hours x $300 hourly rate).   Her experience left her asking one question:  “How does anyone treat people like this and still manage to stay in business?”  That is the problem in a nutshell.  Lawyers are trained to be lawyers and not profit-focused business people.   In other words, they are not focused on staying in business.

Ignoring for a second the fact that taking twelve minutes to compose such a response may not have been very efficient use of time, the associate who wrote it was just thinking like a lawyer when it came to billing his or her time.   The time was spent so it should be billed.  Whereas a profit-focused law firm would have likely collected such non-substantive email, tallied the time, put all such time on the bill — and then assign a zero charge to this “non-billable time”, more often than not such over-the-top charges fall through the cracks and end up actually going out to clients.  A profit-focused law firm would never have let such a bill leave its doors given such a business realizes just how damaging it would be to its bottom line to charge for eight word emails that involve no true billable time.

Law Firm, Litigation Management, Middle Market Business, Risk Management

CLT: Law Firms Resort to Suing Their Clients to Collect Fees

According to an article in the Connecticut Law Tribune, during the past several years there has been an uptick in the instances of law firms suing to recover their fees.  O’Connell, Flaherty & Attmore based in Hartford, Connecticcut, has been suing clients since 2008, and the firm “has 29 pending cases seeking about $523,000 in unpaid fees.”   The Hartford office of Bingham McCutchen, “is seeking $764,000 in fees from former client Richard D. Cohen of Capital Properties.”   And, Pepe & Hazard, now part of McElroy, Deutsch, Mulvaney & Carpenter, filed three collections lawsuits in the past two years –  which is one more than it filed in the past ten years.    

As recognized in the article, some of the largest law firms nationwide have been filing collection actions during the past few months, including Debevoise & Plimpton, McDermott Will & Emery, and Williams & Connolly. And, earlier this year, a jury awarded Drinker Biddle & Reath $1.8 million in a fee dispute case.

This agressive collection strategy has been criticized by some.  According to Bill Jawitz, a law firm consultant in Milford, Connecticut, more law firms are asking Jawitz about the strategy of filing lawsuits against clients.  He is quoted in the article as saying he “strongly” advises against it given such suits can lead to bad publicity for a firm and often invites malpractice counterclaims.  As well, he says, “It sucks up time and money to fight these battles.  It’s a sign of bad financial management.” 

Although it is true that law firms have traditionally been hesitant to file a claim against clients for fear of being hit with a counterclaim sounding in malpractice, the article’s author points out that a check of Connecticut court records “revealed no pending malpractice claims filed by clients sued over past-due bills.”   More than likely at least a few such counterclaims exist and the author merely missed them.  On the other hand, plaintiff’s burden in proving a malpractice claim is not slight.   A plaintiff often needs to prove “a case within a case” in order to recover. 

And, getting plaintiff’s counsel to take on a malpractice counterclaim may not be as easy as it once was given the costs involved in battling  a law firm hungry for its fees and seeking to protect its reputation.   In other words, maybe the counterclaims are really not as frequent as they once were.  In any event, professional liability insurers should be pursuaded not to penalize those law firms who fight to recover fees.

It is clear that malpractice insurers currently take notice of fee disputes.  Indeed, a common question found in most any professional liability application is:  “How many suits for collection of fees have been filed by the Applicant Firm during the past 2 years?”  The obvious assumption being that such suits bring with them malpractice claims.  And, whether frivolous or not, such suits must be defended. 

There are strategies that exist which completely obviate the need to file suit against a client.  These strategies apply risk management techniques usually undertaken by manufacturers and not professional service firms.   Moreover, not only would they help on the collection backend, they would help on the front-end when a decision is made to take on the client in the first instance.   As a final added benefit, these strategies will also serve to lower professional liability insurance rates.

Accounting Firm, Law Firm, Litigation Management, Middle Market Business, Network Security, Privacy, Risk Management, Small Business

NJ Supreme Court Sides with Employee on Email Privacy Case

On March 30, 2010, the New Jersey Supreme Court issued its opinion in Stengart v. LovingCare Agency, Inc., 2010 WL 1189458 (N.J. March 30, 2010).  This hotly anticipated ruling was a clear win for employee privacy rights.  It was also clearly the right decision given the facts.  

In its decision, the Court affirmed the Appellate Court’s ruling that an employer was precluded from accessing  attorney-client privileged email.  The email was deemed protected by way of the attorney-client privilege even though the employee accessed the email during work hours using an employer’s laptop.  The key factor in creating a reasonable expectation of  privacy was the plaintiff’s use of her personal Yahoo! webmail service to send and receive the email.   In other words, although the laptop computer used was employer property, the information remained “employee property” given it was password protected via the Yahoo! website.   Moreover, she never stored the password on the company laptop.   The Appellate Divison and Supreme Court were likely also swayed by the fact the attorney-client privileged email in question were used by the employer’s counsel in a pending litigation involving plaintiff.

The Court went into detail regarding how the employer’s Electronic Communications Policy (which was part of its employee handbook) did not provide notice regarding any lack of privacy in a webmail service.  Specifically, the Court ruled:

It is not clear from that language whether the use of personal, password-protected, web-based e-mail accounts via company equipment is covered. The Policy uses general language to refer to its “media systems and services” but does not define those terms. Elsewhere, the Policy prohibits certain uses of “the e-mail system,” which appears to be a reference to company e-mail accounts. The Policy does not address personal accounts at all. In other words, employees do not have express notice that messages sent or received on a personal, web-based e-mail account are subject to monitoring if company equipment is used to access the account.

 The Policy also does not warn employees that the contents of such e-mails are stored on a hard drive and can be forensically retrieved and read by Loving Care.

 The Policy goes on to declare that e-mails “are not to be considered private or personal to any individual employee.” In the very next point, the Policy acknowledges that “[o]ccasional personal use [of e-mail] is permitted.” As written, the Policy creates ambiguity about whether personal e-mail use is company or private property.

Id. at 13 – 14.

A more carefully crafted employee manual would have not likely led to a different result.  It appears as if the Court  provides a roadmap for employers but one in which attorney client communications would always remain sacrosanct.   For example, although many employee manuals already outright preclude employees from accessing webmail via company computers, such a blanket prohibition would likely not be enough going forward given this ruling.  See Id. at 28 – 29 (“[E]mployers have no need or basis to read the specific contents of personal, privileged, attorney-client communications in order to enforce corporate policy.  Because of the important public policy concerns underlying the attorney – client privilege, even a more clearly written company manual  – that is, a policy that banned all personal computer use and provided unambiguous notice that an employer could retrieve and read an employee’s attorney client communications, if accessed on a personal, password protected e-mail account using the company’s computer system – would not be enforceable.”).

It appears as if the correct approach for employers looking to access certain employee email exchanged via a webmail service is to  provide even more specific guidance regarding what may or may not be done by the employee.   For example, it may help to provide an explicit warning that all email exchanged via a webmail service is subject to the general email policy of the firm.  Banning pornography and “hate speech” email would clearly not be a problem under this ruling.  When it comes to attorney-client material, a warning regarding the insecure nature of such  communication may be warranted as well as a reminder that non-business communications are deemed inappropriate and can possibly lead to termination.  Nothing in the ruling would preclude using non-business activity against an employee.  As well, transmitting proprietary company material with insecure, un-archived, and non-sanctioned forms of communication such as webmail services would likely still be considered against corporate policy under this ruling.  Finally, when drafting a policy, it should be made clear that the company cannot and will not guarantee the confidentiality of any communications made using a webmail service. 

Given many employees blur personal and company time, it is often the case that employees are checking their personal email on company time.  Indeed, the advent of webmail services from Yahoo!, Google, Microsoft and others makes it an almost a trivial task to check personal email on company PCs, laptops, and smart phones.  Given the Stengart decision, New Jersey employers should evaluate their current procedures regarding use of webmail services with an understanding that attorney-client email may be strictly off limits to corporate eyes.