Law Practice Management

Some firms are still sending privacy notices to clients yearly, and including privacy notices in Engagement Agreements. Many do not remember why they are doing so, or know if they are even still required to do so.

The origin of the privacy notices was found in the passage of the Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act of 1999. It required financial institutions to provide a clear disclosure to all their clients concerning their privacy policies, and to explain how they individually share information with affiliates and third parties. The act defines a financial institution as any institution the business of which is engaging in financial activities within the meaning of the Bank Holding Company Act of 1956. The FTC insisted that lawyers were to be included in the scope of the Act. The FTC argued that lawyers engaged in such practice areas as tax planning and transactions, estate planning, real estate closings and personal bankruptcy should be subject to GLBA.

Bar Associations tried to fight the application of the GLBA to their firms. When there was no relenting on the part of the FTC as of its effective date, law firms hastily included privacy notices in their engagement agreements, and mailed them out on the cut-off date to existing clients.

Subsequently, the New York State Bar Association filed suit in April, 2001, asserting that the FTC acted arbitrarily and capriciously in refusing to exempt lawyers from the regulation. The NYSBA was victorious in the suit against the FTC over enforcement of GLBA as applied to lawyers. U.S. District Judge for the District of Columbia, Reggie B. Walton, agreed with NYSBA’s assertion that Congress never intended the privacy provisions to apply to lawyers. As a result, in August, 2003, the U.S. Department of Justice agreed not to take action against lawyers who failed to take steps to notify clients of their privacy and information sharing policies.

Many law firms failed to note that the privacy notices on engagement agreements were no longer required. Now that being said, I don’t think it’s necessarily a bad idea to inform clients as to the firm’s privacy policy, and what steps it will take to safeguard sensitive information. We all know that law firms must maintain strict confidentiality of client records, in accordance with the R.P.C. But many of your clients may not be aware of these ethical requirements, and it will be reassuring to them to know. In particular, a privacy policy on the firm’s web site is always a good thing to have, as it clarifies what the firm will do with information which may be provided voluntarily where an attorney/client relationship may not exist.

==========

To return to the main page of the blog, click here. To return to the blog Index, click here.

This entry was posted on Tuesday, February 28th, 2006 at 4:59 pm and is filed under General Management. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.