Category: Records Management and Retention

Records Management for Personal Stuff

Another great post by Patti Spencer, Esquire details which personal records you should keep permanently.  If you tend to hoard more than you should, maybe this will enable you to throw some things away without worry.  Read “What To Keep and What to Throw Away (Part Two of Two)”.

The Run For The Door

We’ve all heard stories, watched it in action, or been in the middle of what I refer to as The Run For The Door — the point at which partners determine their firm no longer has sufficient mass to cover overhead and debt, and the mass exodus begins.  Those who move too slow are left to turn off the lights, and are often left holding the proverbial bag.  It’s an ugly thing to watch.  In some cases it’s led to some undesirable career detours.  In some cases it’s led to the loss of a special culture.

Let’s be frank.  Partners with a good reputation and solid book of business always land on their feet.  In fact, just rumors that a firm may be experiencing difficulty, even if only temporary, is seen as an opportunity by other firms; often leading to a sharp increase in activity by competitors who attempt to lure away some of the best and brightest.  When some of those recruiting efforts result in departures, even if only of a few key rainmakers, it can easily trigger “The Run” as remaining partners, particularly top earners, become concerned about the impact on their future compensation.

Such is the case with Howrey.  It’s partners voted on Wednesday, March 9th, to dissolve effective March 15th.  The vote required a supermajority of 85% of partner shares to carry the vote for dissolution.  The story appeared in AmLaw Daily.

’”Once you lose a certain mass, you just can’t get it back,” one partner says. “It’s just a matter of days right now.” Adds the second partner: “I did it with a heavy heart, but if we don’t vote for formal dissolution, if you think it’s chaos now, it’s just going to turn into a disaster. You don’t want it to be a situation where the last person turns out the lights.”

According to the article, the firm has seen more than 140 partners depart since April 2010.  They were smart enough to recognize the stampede was well underway, and take the vote which would insure the least damage for those still at the firm.  Hopefully, this will not be one of those failures which leaves creditors in hot pursuit, and generates lawsuits from and between former partners.

From time to time I advise firms about to draft partnership or shareholder agreements.  There are a number of the subjects I always have to put squarely on the table for discussion, and it always makes the principals squirm.  I do it because I know it’s necessary.  What are those subjects?

  1. Termination of partners.  Exactly what can trigger involuntary termination?  Arrest?  Conviction?  Public embarrassment to the firm?  Damage to the firm’s reputation?  Lapse in fiduciary responsibility?  If termination is to be considered, how realistic is a 100% vote to get the job done?  What is more realistic?  What is a terminated partner entitled to, and should it be different from a partner who leaves voluntarily?
  2. Firm dissolution.  The obvious question regards the vote required to evoke dissolution.  But beyond that, there are a whole host of issues which should be addressed.  For example, I believe that purchase of an unlimited-duration Extended Reporting Period Endorsement (“the tail”) on the firm’s professional liability insurance policy should be required in the event of dissolution, and that all stakeholders who were part of the firm in the fiscal year of dissolution should be required to pay their prorata share of the cost.Records retention and management issues also come into play big time.  There will be enormous number of files which are closed, many of which will belong to clients no longer with the firm, and developed by lawyers long gone as well.  They cannot just be thrown in the trash. (Although there have been some pretty awesome stories from time to time about the frustrated few partners left to turn off the lights who, in frustration caused by former partners who wouldn’t help and didn’t care, actually did throw files in the trash.  Sanctions were always harsh.)   Someone has to remain the custodian of the files, oversee destruction when the proper retention period has tolled, ensure proper authorization has been received beforehand if any original or valuable client property remains in the file, and pay for storage until all files have been properly returned to clients or destroyed in accordance with ethical requirements and Rule 1.15 [Safekeeping Property].

These are but two areas of concern which can cause a great deal of  acrimony, and even disciplinary action, if not taken into consideration beforehand.  And there are many more.

My point?  No matter how large or small, any firm, except for a solo firm, can experience a “run for the door”.  Be prepared for that eventuality, as awful and remote a possibility as it may seem.  Otherwise, precisely at a time when you may be trying to start anew, your past may be holding you back by distracting you and consuming your valuable time with squabbles and lawsuits.


To return to the main page of the blog, click here.  To return to the blog  Index, click here.

Your Confidential Data and U.S. Border Crossings

This post is about an issue that wasn’t even on my radar screen until yesterday.  My colleague, Reid F. Trautz, director of the American Immigration Lawyers Association in Washington, D.C., sent a link to an article on Yahoo News entitled “NY Lawsuit Seeks to Halt Suspicionless Searches.”  The article relates that the American Civil Liberties Union, the New York Civil Liberties Union and the National Association of Criminal Defense Lawyers have filed the lawsuit on behalf of the National Press Photographers Association, criminal defense lawyers and a student: Pascal Abidor, a 26-year-old French-American citizen whose laptop computer was confiscated at the Canadian border.

The lawsuit is designed to change policies adopted by U.S. government agencies which permit the search of all electronic devices that “contain information,” including laptops, cameras, mobile phones, `smart’ phones and data storage devices.  It seems that the current policies, as written, do not require any probable cause at all before the data can be seized and searched.  Although the article provides a link which purports to take the reader to the location on the U.S. Department of Homeland Security web site which sets forth the policy, it doesn’t in fact take you anywhere useful.  I spent well over an hour searching and going through menus until I finally came across the actual web page where the relevant Directives on Border Searches of Electronic Media can be found.  They are found in two PDF documents.

The whole point is that lawyers, among others, carry a tremendous amount of confidential information on smartphones, laptops, and other devices.  You may not be aware that this information can be accessed at any U.S. border without reasonable cause, or for no cause at all.  Until the above-referenced lawsuit winds its way through the courts, you may want to rethink what you store on your media if you are crossing a U.S. border.

By the way, as I was wandering around the cyber-halls of the government site, I stumbled across a chilling document entitled “International Terrorism and Transnational Crime: Security Threats, U.S. Policy, and Considerations for Congress” which was published by the Congressional Research Service on March 10, 2010.  If you’re interested in this stuff, or just don’t want to sleep well for a few nights, give it a read.


To return to the main page of the blog, click here.  To return to the blog  Index, click here.

Only 16 Days Until the HITECH Act Goes into Effect

As promised, attorney Jennifer A. Stiller has posted her detailed blog post regarding the new “Health Information Technology for Economic and Clinical Health Act” – or “HITECH Act.”  You can read all the details here.


The new legal requirements apply to impacted firms effective February 17, 2010.  Chances are, if you represent doctors, hospitals, health insurance companies, and any other person or entity that is considered a “covered entity” under the HIPAA patient privacy rules, this applies to you.




To return to the main page of the blog, click here.  To return to the blog  Index, click here.


The Scary World of Penalties and Enforcement Under the New HIPAA-HITECH Law

This is the second guest post by health care attorney Jennifer A. Stiller.  My gratitude to Jenny for providing this additional information.  She will be posting a detailed follow-up article on this topic on her own web site.  I encourage you to read it.


On January 22, I wrote about the new HITECH Act, which as of February 17th  will make HIPAA business associates – such as law firms that represent healthcare clients – directly subject to federal penalties if they fail to meet certain obligations with regard to implementing safeguards to keep their clients’ patient information secure when stored or transmitted electronically.


And we should care because…?


In addition to expanding HIPAA obligations, the HITECH Act (known to the cognoscenti as “HIPAA on Steroids”) substantially increases enforcement penalties and activities.  Previously, there was no affirmative government enforcement of the HIPAA patient-privacy requirements – only the ability of the Department of Health & Human Services’ Office of Civil Rights (OCR) to investigate complaints. If a complaint revealed a violation, fines were limited to $100 per incident, with a maximum annual total of $25,000 for violations of the same requirement. Under HITECH –


·         Civil money penalties increased to as much as $50,000 per violation, up to $1.5 million per year.

·         Starting February 17, 2011, OCR is required to impose civil penalties if a violation is due to “willful neglect.”

·         OCR will keep the penalties, to be plowed back into enforcement activities.

·         OCR is directed to conduct periodic audits of covered entities and business associates to evaluate HIPAA compliance.


·         State attorneys general are granted authority to bring civil actions to enforce HIPAA.

·         The Government Accountability Office is directed to prepare a report by August 17, 2012 recommending a methodology by which affected individuals can share in penalties collected for HIPAA violations. Once implemented, this will increase individuals’ incentives to file privacy and security complaints, similar to the effect of the False Claims Act’s “whistle-blower” provisions.


Next week, I’ll publish a full article on my website explaining the duties the HITECH law imposes on business associates, effective February 17, 2010.  My appreciation to Ellen Freedman for providing me with an ability to use this forum to get the word out.




To return to the main page of the blog, click here.  To return to the blog  Index, click here.

New Duties to Protect Health Care Privacy Take Effect February 17, 2010

This is a guest post which was prepared by health care attorney Jennifer A. Stiller.  Thank you, Jenny, for taking the time to provide this information.  We are fortunate in that Jenny has agreed to provide another post, which will appear in another day or two.


Attorneys who represent doctors, hospitals, health insurance companies, and the like face new statutory obligations to take affirmative steps to ensure the privacy of their clients’ patient information when it is transmitted or stored electronically.  The new requirements, enacted as the “HITECH Act” portion of last year’s economic stimulus legislation, go into effect February 17, 2010.


Technically, many attorneys have already had such obligations under a “business associate” agreement with their healthcare industry clients, most of whom are “covered entities” under the HIPAA patient privacy regulations and as such, are required to enter into such an agreement with any non-employee who “provides … legal … services to or for such covered entity where the provision of the services involves disclosure of individually identifiable health information…” 45 C.F.R. § 160.103. 


But come February 17, there’s a new twist.  Whereas previously, if the law firm did not live up to its contractual obligations concerning how patient information was to be handled, the worst thing it would face would be being fired by its client and possibly a suit for breach of contract.  As of February 17, however, the law firm is directly liable to the federal government for having inadequate safeguards in place (regardless of whether private information is in fact compromised) – and the penalties for non-compliance can be stiff.




To return to the main page of the blog, click here.  To return to the blog  Index, click here.

New Ethics Opinion on File Management Issued by PBA

The latest newsletter by The Disciplinary Board of the Supreme Court of Pennsylvania advises of the issuance of a new opinion. The Committee on Legal Ethics and Professional Responsibility of the Pennsylvania Bar Association has issued Formal Opinion 2007-100 regarding “Client Files – Rights of Access, Possession, and Copying, along with Retention Considerations.”

This opinion examines the legal and ethical status of client files and records in light of Maleski v. Corporate Life Insurance Co., 163 Pa. Commw. 36, 641 A.2nd 1 (1994) and subsequent actions in other jurisdictions, along with newer considerations such as complicating factors arising from the use of email and electronic documents.

The Disciplinary Board of the Supreme Court of Pennsylvania has a brief synopsis posted to its site here. You can find the complete opinion here.

The opinion clarifies what constitutes the file, and particularly deals with the electronic information which constitutes part of the file, as well as lawyers’ notes and memoranda.


To return to the main page of the blog, click here. To return to the blog Index, click here.

Proper Destruction of Client Files

PA has long required that client files be disposed of in a manner which preserves confidentiality. That means shredding or burning. Many attorneys don’t like that answer when they contact me for guidance.

Now we can add Federal law to the mix. On June 1, 2005, the Federal Trade Commission published in the Federal Register [69 Fed. Reg.6901] the Disposal Rule under the Fair Credit Reporting Act FACTA

In an effort to protect the privacy of consumer information and reduce the risk of fraud and identity theft, this federal rule requires businesses to take appropriate measures to dispose of sensitive information held in records.

The Disposal Rule applies to:
· Consumer reporting companies
· Lenders
· Employers
· Landlords
· Government agencies
· Mortgage brokers
· Automobile dealers
· Attorneys or private investigators
· Debt collectors
· Individuals who obtain a credit report on prospective nannies, contractors, or tenants
· Entities that maintain information in consumer reports as part of their role as service providers to other organizations covered by the Rule.

What is ‘proper’ disposal?
The Disposal Rule requires disposal practices that are reasonable and appropriate to prevent the unauthorized access to – or use of – information in a consumer report. For example, reasonable measures for disposing of consumer report information could include establishing and complying with policies to:

· Burn, pulverize, or shred papers so that the information cannot be read or reconstructed;

· Destroy or erase electronic files or media containing information so that the information cannot be read or reconstructed;

· Conduct due diligence and hire a document destruction contractor to dispose of material .

Due diligence could include:

o Reviewing an independent audit of a disposal company’s operations and/or its compliance with the Rule;

o Obtaining information about the disposal company from several references;

o Requiring that the disposal company be certified by a recognized trade association;

o Reviewing and evaluating the disposal company’s information security policies or procedures.

My appreciation to J.R. Phelps, my counterpart at the Florida Bar Association, for passing along this information.


To return to the main page of the blog, click here. To return to the blog Index, click here.

E-Discovery Amendments to Federal Rules of Civil Procedure

I have been passing along articles as I find them to PA Bar Association members and private clients. I believe those of you who are loyal subscribers should also have access to the materials that cross my desk.

Most recently I’ve come across an article by Michael Gifford on the web site of Howard & Howard. Also, an article in PDF on the web site of Foley & Lardner.

You can read full details and always see the latest and greatest rules at the U.S. Courts Federal Rulemaking site. This site provides access to the national and local rules currently in effect in the federal courts, as well as background information on the federal rules and the rulemaking process.

You may want to check out the K&L Gates electronic discovery law Blog.

Finally (for now) you may want to check out an article written by Willow Grove, Montgomery County, PA attorney Howard J. Bashman entitled Commentary: What Do the Federal Appellate Procedure Rule Changes Mean for You? which appeared on


To return to the main page of the blog, click here. To return to the blog Index, click here.

The Client’s File

I am frequently contacted through the PBA Hot Line by attorneys who want to know what constitutes a client file. Specifically, this query occurs when they are asked by the client to release a file to another attorney. Issues such as retaining liens, charging liens, charging the client for duplicating, and what specifically constitutes the file are frequent topics of discussion. And I must say that attorneys rarely agree with what I have to say. I often wonder why they bother to call when all they really want is confirmation of what they want to do; they seem to always want to disregard anything which is not in total agreement with their way of thinking. Often I refer them on to the Ethics Hotline at the Bar Association, with the hope they will argue less and listen more to that source.

The simple fact is that the client owns their file. And that includes all the writings, including your work product, found in the file. Culling is not permissible before releasing the file. I had one attorney respond in dismay, “Oh my God, I have handwritten notes in there saying I thought the client was a nut case! Surely you can’t mean that can’t be removed from the file?” Well, technically, no it can’t.

What about if the client hasn’t paid the bill? Well, in PA you can indeed have a retaining lien against the file. But if retaining the file will cause serious prejudice against the client, you must release it. You also can’t hold onto any part of the client’s file which the client has paid for. So for example, if the client paid for a corporate kit, although that is considered part of the file, and in fact may be the part that provides you with some leverage in getting your bills paid, you cannot hold it despite other outstanding bills.

What if you’re absolutely sure that the client has every meaningful paper in the file already, because you have a copy of the transmittal letters sending them. Must you still turn over the file? Yes.

What if you’re relatively sure that the client is transferring the file to another attorney because of unhappiness with your representation, and further you are afraid it may result in a malpractice action; can you charge to make a duplicate copy of the file to retain to protect yourself? No.

If you have a hard copy of every single email and document in the file, must you turn over an electronic copy as well if it exists? Yes! Electronic records are considered a part of the file. Absent a consistent records management policy which compels and directs the firm to destroy electronic copies consistently for valid business reasons — with communication to the client so as to develop realistic expectations — the firm must turn over electronic records as well. See a recent New Hampshire Bar Association Ethics Opinion 2005-06/3 on the subject.

Law firms need to figure out what tools they will utilize to quickly identify client documents maintained on their computer system — emails, spreadsheets, PDFs, etc — and how they will in turn deliver them in an electronic format. And further, law firms need to be careful about what becomes part of the client’s file which might eventually be an embarrassment to the firm if seen by the client.


To return to the main page of the blog, click here. To return to the blog Index, click here.

WordPress Themes