1

Cost-Effective Ethical Walls for

Smaller and Mid-Sized Firms

#ECMPG3

Ann Johnson, Keating Muething & Klekamp PLLKeith Lipman, Prosperoware

Steven Marks, Sills Cummis & Gross

Session Agenda

1. Terms and definitions

2. Case studies

3. Trends

4. Q&A

What are Information Barriers:Terms and Definitions

Keith Lipman, President

Prosperoware

2

One Idea Multiple Terms

• Ethical wall

• Chinese wall

• Information barrier

• Ethical screens

Type of Barriers

Exclusive

Inclusive

Rules Based

Contractor walls

One matter may have multiple different walls

Exclusionary Barrier

• Person(s) are denied access to information about the matter

• Why do these occur:

– Lateral hires (a true ethical wall)

– Secondment (lawyer loaned out to a client)

3

Inclusive Barrier

• Means matter is confidential

• Why does these occur:

– Representing multiple parties in the same matter

• UK, Hong Kong, Canada more acceptable than US

– Client demand for confidentiality

– Concern about insider trading

– Privacy

Rules Based

• A type of exclusionary barrier

• Works automatically based on user activity– Bill time or create documents

• Why do these occur:– Competitive representations

• If you work on Coke you are not allowed to work on Pepsi

– Representing the multiple parties for one matter

Contractor

• Contract lawyers only have access to the matters they work on

• Why do these occur:

– Ethical opinion that if contractors do have access to other matter information

• Not considered a lateral hire

4

Acknowledgement and Notice

Walls are not secrets

Users should be aware of the wall

Need to a acknowledge the wall

Case Study: Sills Cummis & Gross

Steven A. Marks

Chief Information Officer

5

6

7

8

Ethical Walls as Template

Ethical Walls Profile Screen

Selecting Screened Users

9

Audit as History of Screen

Security as SQL Job

Case Study: Keating Muething & Klekamp

Ann Johnson

System Applications Manager

10

About Keating Muething & Klekamp

• Cincinnati based, full service firm• Founded in 1954• 103 Attorneys• 23 Paralegals / Practice Group Assistants / Examiners

• 90 Support Staff

Key Technologies

• Windows 7/Office 2007

• Autonomy WorkSite 8.5• Server 8.5 IDOL Indexer with 4,000,000 Document

Repository

• FileSite

• WorkSite Web

• WorkSite Communication Server (EMM on hold)

• Rippe & Kingston LMS Accounting System

• Litigation Support Tools include Ringtail and Summation

• InterAction CRM

My Role at the Firm

• WorkSite DMS/Content Management

• Records Management Technology

• Firm Intranet and Client Extranets

• Matter Centric Collaboration Design

• Ethical Walls and Information Security

11

Where does our information reside?

Physical Files and RM Apps

Personal and Loaner Laptops

Business and Personal Desktops

iManage Worksite DMS

Litigation Support

Accounting Systems

Network File Shares

Universal Search Engines/TotalSearch

InterAction CRM

E-Mail

BEC

How do we protect it?

• Established a security team and assigned specific responsibilities• Executive Director• Firm General Counsel• CIO• Records Manager• System Applications Manager

• Developed and published detailed content retention and security policies

• Created matter centric structure tied to accounting and records management applications

Ethical Wall Request Process

Initial Request

Executive Director

General Counsel

Records Manager

IT DMS Manager

Responsible Attorneys and

Staff

Other IT Staff

12

Ethical Wall Technology

• Solutions evolved based on technologies available at the time

• Early adopters of DocAuto security technologies

• Rely on a mix of manual and automatic methods

– Third party security applications

– Built-in DMS security features

– SQL reports

– Excel spreadsheets

Technology: DMS WorkSpace Creation

• DocAuto’s WorkSpace Manager utilized for workspace creation and modification

• Standardized matter centric workspace structure public by default

• Firm administrative workspaces are private by default with rights granted using group membership policies

• Flexibility to accommodate partner and employee turnover, practice group modifications

• Provisioning functionality allows movement of content, updating security and metadata automatically

Technology: Ethical Walls

• DocAuto’s iMPrivate utilized for automated maintenance of document security on a day-to-day basis

• Identifies documents based on any combination of search criteria including full text values

• Adds, removes or modifies security

• Batch process that runs every few hours

13

Technology: Monitor User Activity

• DocAuto’s Watchdog Server provides automated day-to-day monitoring of WorkSite user activity to prevent content theft and unauthorized use of intellectual property

• Monitors, reports on, and takes action on all actions including Check In, Check Out, View, Export, Print, Delete and E-Mail

• Notifies specific users if activity exceeds preset thresholds, for example, exports >X number of documents in a 24 hour period

Ethical wall report created with high tech Excel!

Ethical Wall Name

Client.Matter

Number Client.Matter Name Wall Type Default Security ACL Rights

User/Group

Names Conflict

Date

Created

Bruemmer, Michael NE4900.RE0816 Newman Norwood

Purchase

Exclusionary No Change,

Public

No Access Bruemmerm Lateral hire Mar 3 2011

Morales, Jill FL2000 FlightTech Exclusionary No Change,

Public

No Access Moralesj Lateral

District Court

Feb 27 2011

CN3000 CNC Investments Exclusionary No Change,

Public

No Access Moralesj Lateral

District Court

Feb 27 2011

DA7130 Dayton Engineering Exclusionary No Change,

Public

No Access Moralesj Lateral

District Court

Feb 27 2011

FI2290 First Security Exclusionary No Change,

Public

No Access Moralesj Lateral

District Court

Feb 27 2011

Country Day CO2300.LA0001 Country Day Smith Inclusionary Private Full Access Burkes,Creech

m, Hoepfsm,

Meerl,

Ramseyb,

Trauth

conflict

Feb 15 2011

Ethical Wall Challenges

• Once content is exported from DMS into universal search engine it is difficult to remove

• Users not adhering to Matter Centric policies, full text search results must be analyzed to avoid blocking unrelated content

• Status and disposition• Optimistic versus pessimistic security models• Structured versus unstructured data• Outlook/Exchange content• Where do we go from here?

14

Confidentiality a Changing Tide

Classic View: Security and Privacy

Intense Spotlight on Privacy

15

FOR

INSIDER TRADING

FOR

INSIDER TRADING

Jeffrey Temple

IT Manager

Arthur CutilloMatt KlugerAssociate

Black Hats Brought Privacy Issues Home to Law Firms

Lawmakers Got Serious

HIPPA/HITECH Act -- $50,000 per violation for medical records breaches

UK Information Commission - fines of up to £500,000.

Massachusetts fines up to $100 per person and $5000 per violation

Clients and Law Firms Got Nervous

Clients Risk Committees

16

Nothing is Easy: Email Confidentiality Search Conundrum

Vice President

at Client

Lawyer in firm

Email about firing employee

Shared Email

Repository

Someone at firm

whose spouse

works at client

Email filed correct

location

Search on company name

Solution to these Problems

• Hybrid security

– Certain folders are secured

• Medical records, Client documents, etc.

• Entire matter confidential

• Approach satisfies privacy and confidentiality

• Security is driven through a matter team

– A group

What is a Matter Team

• Working lawyer • Partner-in-charge

Defined in matter opening (e.g. matter owner)Defined in matter opening (e.g. matter owner)

• Lawyer, paralegal, secretary

Who is working on the matterWho is working on the matter

• Manually • Matter owner or designee• Centrally

• Automatically

MaintenanceMaintenance

17

Questions?