20 keys to understanding and establishing communications protocols for risk assessments
The time spent preparing this "protocol" can be a valuable investment, as structure will be in place to protect the organization during the risk assessment.
March 31, 2014 at 04:00 AM
13 minute read
The original version of this story was published on Law.com
Proactive risk assessment can be a powerful tool for an organization seeking to avoid a litigation or regulatory “event.” Failure of the organization to accurately anticipate risk can have serious consequences, including a damaged brand, excessive legal fees and a transformed organizational focus away from generating revenue to responding to discovery or regulatory inquiries.
There are a number of concerns that are often raised as organizations consider conducting a risk assessment. The question for management, in most instances, is whether a risk assessment uncovers information or facts that, once discovered, could potentially be discoverable and damaging — and very costly to address.
Unfortunately, this fear paralyzes many organizations and creates an environment where immediate action is delayed as a result of an unwillingness to address or accept the consequences of the status quo.
The concern for the general counsel is how to properly advise his or her organization in response to the findings of the risk assessment without creating a record that could be discoverable in litigation or that inadvertently compromises the privilege in circumstances where immediate identification and remediation is necessary because of high risk findings. General counsel should consider whether the retention of outside counsel is necessary in light of the severity of risks likely to be identified and retain outside counsel to advise on the risks identified as part of the risk assessment. They should also be prepared at the outset of the risk assessment with the assistance of outside counsel to clearly document the establishment of a communications protocol that can effectively protect and carefully manage the attorney-client privilege, and explain to all parties the rules for communication with respect to the risk assessment.
The time spent preparing this “protocol” can be a valuable investment, as structure will be in place to protect the organization during the risk assessment. The process also encourages proactive remediation of potentially damaging risk through the solicitation of legal advice before, during and after the initiation of the assessment.
(The suggested protocols that follow do not address the Attorney Work Product Doctrine, nor do they discuss concerns related to litigation holds. Rather, this communication protocol assumes the parties have engaged in a proactive assessment where there is no reasonable anticipation of litigation when the risk assessment is initiated.)
Here are 20 guidelines for general counsel to communicate within the organization when establishing a communications protocol for proactive risk assessments.
- With respect to communications with internal or external counsel, written or oral, the attorney-client privilege will attach only if the communications are intended to be confidential and for the purpose of obtaining legal advice. Any other communication is potentially discoverable, even if an attorney is included as part of the communication.
- Communication via telephone conference call between the parties should be the preferred method of communication.
- Email communications regarding substantive matters should be limited to the exchange of records and documents, and the coordination of meetings and telephone communications.
- Existing records or documents collected during the risk assessment may not be subject to the attorney-client privilege, which only protects communications between attorney and the client. For example, an attachment of an existing document as part of an email to the general counsel or outside counsel for legal advice may not be protected. The subsequent advice regarding the attachment and the communication soliciting the advice will be subject to the privilege.
- Newly created records or documents may be privileged if created for the purposes of obtaining or communicating legal advice, and are intended to remain confidential.
- Records or documents created or gathered during the course of the risk assessment by any third party should be stored in a specially designated data room with limited access by either the general counsel or outside counsel.
- Items that are not records or documents should not be retained as part of the risk assessment.
- An explanation of how the attorney-client privilege attaches and the manner in which it might be inadvertently waived should be communicated to all involved in the risk assessment at the earliest possible opportunity.
- One example of the communication could be as follows: communications from management with general counsel or outside counsel are privileged when for the express purposes of obtaining legal advice and when intended to be confidential. All other communications with counsel are not privileged. The organization is the holder of the privilege and can waive it at any time.
- Communication between individual employees and counsel may be privileged but no attorney-client relationship exists between counsel and client employees.
- All documents created or generated for the purpose of seeking legal advice during the course of the risk assessment should be clearly marked as “privileged.” “Attorney-Client Privileged Communication” is also an acceptable way to mark documents.
- In order for communication to be subject to attorney-client privilege, the communication must be with counsel for purposes of obtaining legal advice and intended to be confidential. Just marking “privilege” will not protect the communication. These communications should be made in confidence and not involve anyone that does not explicitly need to know their contents.
- Third parties engaged for the purposes of the risk assessment should work at the direction of the general counsel or outside law firm and report directly to the general counsel or outside law firm. General counsel or outside counsel should be copied on all communications between client and any third party.
- Carefully handle all records and documents that are created as part of the risk assessment that may be privileged. Access to records and documents to individuals and third parties not covered by the privilege must be restricted.
- Determine in advance whether the results of the risk assessment are to be shared with employees other than the general counsel. If shared, consider formally designating the individuals to demonstrate the intended recipients of the legal advice. Specify that no other individuals require access to records and documents generated by the risk assessment.
- Corporate oversight for the risk assessment should be the responsibility of the audit committee of the board of directors or similar governing/oversight committee.
- The general counsel should be present to preserve the privilege, when possible, and he or she should be required to be present if sensitive information is likely to be disclosed or reduced to writing where legal advice has been requested or provided regarding the disclosed items or writings.
- Documents or notes created during the meetings with employees are part of the risk assessment should, upon conclusion of the meeting, be gathered by the general counsel and stored in a separate file marked “confidential” and “privileged.” Failure to mark such documents does not negate the privilege. Notes regarding these meetings should not be retained by individual employees unless they are intended to be discoverable or do not contain information that the organization wishes to retain under the attorney-client privilege.
- General counsel should consistently and carefully evaluate all questions related to the assertion of the privilege and catalogue records or documents marked as privileged.
- The general counsel should train senior executives and members of management on the importance of the attorney-client privilege so that all employees of the organization understand how the privilege can attach or be waived.
Proactive risk assessment can be a powerful tool for an organization seeking to avoid a litigation or regulatory “event.” Failure of the organization to accurately anticipate risk can have serious consequences, including a damaged brand, excessive legal fees and a transformed organizational focus away from generating revenue to responding to discovery or regulatory inquiries.
There are a number of concerns that are often raised as organizations consider conducting a risk assessment. The question for management, in most instances, is whether a risk assessment uncovers information or facts that, once discovered, could potentially be discoverable and damaging — and very costly to address.
Unfortunately, this fear paralyzes many organizations and creates an environment where immediate action is delayed as a result of an unwillingness to address or accept the consequences of the status quo.
The concern for the general counsel is how to properly advise his or her organization in response to the findings of the risk assessment without creating a record that could be discoverable in litigation or that inadvertently compromises the privilege in circumstances where immediate identification and remediation is necessary because of high risk findings. General counsel should consider whether the retention of outside counsel is necessary in light of the severity of risks likely to be identified and retain outside counsel to advise on the risks identified as part of the risk assessment. They should also be prepared at the outset of the risk assessment with the assistance of outside counsel to clearly document the establishment of a communications protocol that can effectively protect and carefully manage the attorney-client privilege, and explain to all parties the rules for communication with respect to the risk assessment.
The time spent preparing this “protocol” can be a valuable investment, as structure will be in place to protect the organization during the risk assessment. The process also encourages proactive remediation of potentially damaging risk through the solicitation of legal advice before, during and after the initiation of the assessment.
(The suggested protocols that follow do not address the Attorney Work Product Doctrine, nor do they discuss concerns related to litigation holds. Rather, this communication protocol assumes the parties have engaged in a proactive assessment where there is no reasonable anticipation of litigation when the risk assessment is initiated.)
Here are 20 guidelines for general counsel to communicate within the organization when establishing a communications protocol for proactive risk assessments.
- With respect to communications with internal or external counsel, written or oral, the attorney-client privilege will attach only if the communications are intended to be confidential and for the purpose of obtaining legal advice. Any other communication is potentially discoverable, even if an attorney is included as part of the communication.
- Communication via telephone conference call between the parties should be the preferred method of communication.
- Email communications regarding substantive matters should be limited to the exchange of records and documents, and the coordination of meetings and telephone communications.
- Existing records or documents collected during the risk assessment may not be subject to the attorney-client privilege, which only protects communications between attorney and the client. For example, an attachment of an existing document as part of an email to the general counsel or outside counsel for legal advice may not be protected. The subsequent advice regarding the attachment and the communication soliciting the advice will be subject to the privilege.
- Newly created records or documents may be privileged if created for the purposes of obtaining or communicating legal advice, and are intended to remain confidential.
- Records or documents created or gathered during the course of the risk assessment by any third party should be stored in a specially designated data room with limited access by either the general counsel or outside counsel.
- Items that are not records or documents should not be retained as part of the risk assessment.
- An explanation of how the attorney-client privilege attaches and the manner in which it might be inadvertently waived should be communicated to all involved in the risk assessment at the earliest possible opportunity.
- One example of the communication could be as follows: communications from management with general counsel or outside counsel are privileged when for the express purposes of obtaining legal advice and when intended to be confidential. All other communications with counsel are not privileged. The organization is the holder of the privilege and can waive it at any time.
- Communication between individual employees and counsel may be privileged but no attorney-client relationship exists between counsel and client employees.
- All documents created or generated for the purpose of seeking legal advice during the course of the risk assessment should be clearly marked as “privileged.” “Attorney-Client Privileged Communication” is also an acceptable way to mark documents.
- In order for communication to be subject to attorney-client privilege, the communication must be with counsel for purposes of obtaining legal advice and intended to be confidential. Just marking “privilege” will not protect the communication. These communications should be made in confidence and not involve anyone that does not explicitly need to know their contents.
- Third parties engaged for the purposes of the risk assessment should work at the direction of the general counsel or outside law firm and report directly to the general counsel or outside law firm. General counsel or outside counsel should be copied on all communications between client and any third party.
- Carefully handle all records and documents that are created as part of the risk assessment that may be privileged. Access to records and documents to individuals and third parties not covered by the privilege must be restricted.
- Determine in advance whether the results of the risk assessment are to be shared with employees other than the general counsel. If shared, consider formally designating the individuals to demonstrate the intended recipients of the legal advice. Specify that no other individuals require access to records and documents generated by the risk assessment.
- Corporate oversight for the risk assessment should be the responsibility of the audit committee of the board of directors or similar governing/oversight committee.
- The general counsel should be present to preserve the privilege, when possible, and he or she should be required to be present if sensitive information is likely to be disclosed or reduced to writing where legal advice has been requested or provided regarding the disclosed items or writings.
- Documents or notes created during the meetings with employees are part of the risk assessment should, upon conclusion of the meeting, be gathered by the general counsel and stored in a separate file marked “confidential” and “privileged.” Failure to mark such documents does not negate the privilege. Notes regarding these meetings should not be retained by individual employees unless they are intended to be discoverable or do not contain information that the organization wishes to retain under the attorney-client privilege.
- General counsel should consistently and carefully evaluate all questions related to the assertion of the privilege and catalogue records or documents marked as privileged.
- The general counsel should train senior executives and members of management on the importance of the attorney-client privilege so that all employees of the organization understand how the privilege can attach or be waived.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllLawyers Drowning in Cases Are Embracing AI Fastest—and Say It's Yielding Better Outcomes for Clients
GC Conference Takeaways: Picking AI Vendors 'a Bit of a Crap Shoot,' Beware of Internal Investigation 'Scope Creep'
8 minute readWhy ACLU's New Legal Director Says It's a 'Good Time to Take the Reins'
Trending Stories
- 1Recent Decisions Regarding the Telephone Consumer Protection Act
- 2The Tech Built by Law Firms in 2024
- 3Distressed M&A: Mass Torts, Bankruptcy and Furthering the Search for Consensus: Another Purdue Decision
- 4For Safer Traffic Stops, Replace Paper Documents With ‘Contactless’ Tech
- 5As Second Trump Administration Approaches, Businesses Brace for Sweeping Changes to Immigration Policy
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250