Dorsey Firm Sanctioned as Part of Judge’s Manifesto on Civility in Legal Profession

A Manhattan federal judge has delivered a lengthy manifesto against declining civility in the legal profession in the course of sanctioning law firm Dorsey & Whitney and two of its partners.Southern District of New York Judge Harold Baer opened his 129-page decision with a discussion of how “naked competition and singular economic focus of the marketplace have begun to infiltrate the practice of law, subordinating the high standards of service, collegiality and professionalism as a result.”

He ended it with his observation that “partners are at times made and retained for their rainmaking skills and not for their legal skill, that the number of billable hours is not only the alpha and omega of bonuses but that these hours — or at least the ones that count — often exclude pro bono hours, or that who gets credit for originating a piece of business can throw a firm into turmoil and prompt internecine struggles, or that the bottom line has eclipsed most everything else for which the practice of law stands or stood to the extent that the practice of law is now frequently described as a business rather than a profession.”

For more see


Chevron to Pay $30 Million to Settle Charges For Improper Payments to Iraq Under U.N. Oil For Food Program

The Securities and Exchange Commission has charged Chevron Corporation for its role in illegal kickback payments that were made to Iraq in 2001 and 2002 in connection with the company’s purchases of crude oil under the U.N. Oil for Food Program.

Chevron, based in San Ramon, Calif., agreed to pay $30 million to settle the charges brought under the Foreign Corrupt Practices Act (FCPA) without admitting or denying the SEC’s allegations.

The U.N. Oil for Food Program was intended to provide humanitarian relief to the Iraqi people while Iraq was subject to international trade sanctions. According to the Commission’s complaint, third parties under contract with Chevron made approximately $20 million in illicit payments that bypassed the Oil for Food escrow account and were paid directly to Iraqi-controlled bank accounts in Jordan and Lebanon. The SEC alleged that Chevron knew, or should have known, that third parties were using portions of the premiums they received from Chevron’s oil purchases to pay illegal surcharges to Iraq. The SEC also alleged that Chevron failed to devise and maintain a system of internal accounting controls to detect and prevent such illicit payments, and Chevron’s accounting for its Oil for Food transactions failed to properly record the true nature of the company’s payments to third parties.

“This is the Commission’s fifth action against a company for participating in the Oil for Food kickback scheme and demonstrates our continuing commitment to combating violations of the Foreign Corrupt Practices Act,” said Linda Chatman Thomsen, Director of the SEC’s Division of Enforcement.

For more see the SEC Complaint filed in the U.S. District Court for the Southern District of New York.

Database admin to plead guilty in theft of 8.5M consumer records

November 27, 2007 (Computerworld) — A senior database administrator at a subsidiary of Fidelity National Information Services Inc. (FIS) who was accused of stealing about 8.5 million customer records and selling them to data brokers is expected to plead guilty tomorrow to felony fraud charges in U.S. District Court in Tampa, according to court documents.William G. Sullivan has also agreed to pay court-ordered restitution to victims, cooperate with ongoing investigations and forfeit the more than $105,000 he still has remaining from selling the stolen data. In exchange, according to a plea agreement also filed with the court, federal prosecutors are expected to recommend a reduction from the maximum five-year sentence that Sullivan could have gotten.

For more see

Protecting Against Risk of Loss — The Wisdom of Records and Information Management Protocols for Offsite Storage Vendors

There has been much news about offsite storage vendors losing critical backup tapes, data or documents while transferring information from one place to another.  The records management industry has started discussing the possibility of developing protocols governing the steps a vendor should take in the handling of information.

The development of protocols make sense to a limited degree. The obligation of a vendor to facilitate ensure the secure transfer of information is governed by common law theories of contract or tort.  However, contracts with offsite storage vendors usually have contractual limitations of liability and lack adequate indemnities to protect the customer’s interests. Hence, there is no incentive to perform in a manner that protects the information transferred, even if such protocols were endorsed and in place across the industry.  The risk of loss is borne principally by the customer. 

In negotiations, customers need to push back on contractual limitations of liability.  The presence of protocols would be a great point of reference in negotiations.  If you are able to negotiate more effectively and shift the risk of loss, a vendor would be more inclined to use care and diligence in the transfer and handling of one’s information. 

What Comes First — The RFP or the Consultant? Some Helpful Tips for Corporate Lawyers not Accustomed to Formulating or Responding to a Request for Proposal

There is no one-size-fits-all template for a professional services RFP, and certainly not with regards to implementing a global records and information management program.  If you decide to use a template from your friends in procurement or one you find online, certain attributes should be included in an RFP when undertaking a project of importance.   These are the basic steps I would take in phase one.  I am happy to confer with others on the wisdom or even shortcomings of this approach, on or offline.

  • Identify an advisor or consultant to assist with conducting a high-level gaps analysis on a fix-rate basis. The fixed rate is important because you need predictability of cost at the outset before getting approval to undertake a more broad, global project. There is, admittedly, somewhat of a “what comes first, the chicken or the egg” dilemma, but you need to define your scope and needs up front. A good gaps analysis should include a review of documents, processes, policies and procedures, and governance relative to records management compliance on the paper and electronic side of the equation.

  • A gaps analysis would produce a project definition document (“PDD”) that includes, among other things, (i) RFP template based on gaps/findings, (ii) proposed budget and financial model, (iii) analysis of reasonable alternatives (e.g., buy versus build), (iv) resource allocation, and (v) presentation with executive summary for management consideration and ultimate approval. With budget approval and a PDD in hand, you will be in a position to tailor your RFP to your specific need and efficiently entertain bids for work in this area.

  • The gaps analysis and PDD phase of a moderate to complex sized project should take no more than 2 to 4 weeks to complete, based on availability of company personnel (for limited interviews and kick off meetings) and documentation for due diligence.

  • When going through the RFP exercise, vendors should be subject to an agreed statement of work, and compensated based on achievement of milestones defined at the outset of the project. The statement of work also should be subject to a detailed project plan, with change management protocols incorporated to avoid “project creep” and performance outside budget.

Following this approach will not guarantee success, but will go a long way toward producing measurable results that are on time and in budget.

New UK data protection law ‘urgently needed’

Security experts called for an urgent review of the law following the loss of the personal information of 25 million Britons by HM Revenue & Customs.

Most damning, they said, was the apparent revelation that the data lost was not encrypted but merely password protected.

“A criminal could break into these files in a matter of minutes,” Simon Davies, a senior visiting fellow at the London School of Economics who specialises in data security, said.

One senior executive at a high street bank called the breach a “fiasco”. He said: “You would never see a bank send data in the slapdash way HMRC did. To say we are disappointed is an understatement”.  Mr Davies called the incident “the final straw and the latest in a long line of fundamental errors at HMRC”.

He called for new legislation that would require bodies that lose information to inform members of the public who are placed at risk.

The Data Protection Act currently does not require companies to notify either the Information Commissioner’s Office or those affected by the loss of data.

In September, a House of Lords committee repeated calls for a data-breach notification law following a report that detailed the findings of an enquiry into internet security.

Figures at the Metropolitan Police and the Information Commissioner’s Office, in part responsible for upholding the DPA, have cautiously supported new measures though they have voiced concerns over who would police them.

Models for legislation would be likely to include California, where organisations are required to inform individuals immediately once they are aware of a loss of data.

Dr Gus Hosein of Privacy International, a non-government body that advocates for data protection laws, said that the UK is “the bad boy in the western world when it comes to data protection. It is the furthest behind”.

He said the UK trails far behind companies such as Germany and Canada on the issue while 34 of America’s 50 states have legislation in place.

 For more see Financial Times Online.

The Email Abyss — Most IT Managers View Email Archiving as an Important Initiative for 2008

In a recent study by Network World, technology managers, systems administrators and others ranked investment in anti-spyware, business continuity and disaster recovery systems as most critical for 2008.  Most of the respondents also ranked as critical or important the need to deploy or improve e-mail archiving capabilities for e-discovery purposes.  Remarkably, the study did not ask about information life-cycle management,  The report suggests, therefore, that legal, compliance and records management professionals, who are (or should be) focused on reducing the overall retention of information, are at odds with technology professionals, who apparently would just as soon archive email then deal with its final disposition.

For more see Network World.