April 2018


Capital Connection is published monthly for members of the Capital Chapter of the Association of Legal Administrators to provide information for the education and benefit of legal administrators, law office managers, managing partners of law firms, and other law related associations. Capital Connection is not engaged in rendering legal, financial, or tax counseling or advice through this publication.  The contents of all articles, letters, and advertisements published in Capital Connection should not be considered endorsements by the Capital Chapter of ALA nor the opinion expressed therein of any products advertised.   Contributing authors are requested and expected to disclose financial an/or professional interests and affiliations that may influence their writing position. Articles and materials accepted for publication are subject to editing by the editorial team and become property of the Capital Chapter of the Association of Legal Administrators. Links to Capital Connection may not be shared without permission from the Chapter. 
Editor: Cindy Conover
Associate Editors: Paula Serratore
Contributing Editors: Jenna Carter; Total Document Solutions; Erin Connors; Hilltop Consultants; Eileen Garczynski; Howie Schaffer 
Newsletter Designed By: Jessica Davis


In this issue:

President's Message

Picture
Welcome to the Capital Chapter of the Association of Legal Administrators - A place where everyone knows your name! This is your connection to knowledge, resources and networking for legal professionals in the Washington D.C. area.

Our Chapter has a great history that spans over 45 years.  During that time, we have grown to almost 400 members. Membership is represented in all areas of legal management: law firms, legal departments and legal-related organizations of all sizes.

We provide engaging educational and networking opportunities each month.  Additionally, we have a robust Business Partner Program of vendors that support our industry.

With such a robust Chapter, members (especially new ones) can sometimes find it hard to figure out where they fit in.   In an effort to address this issue and to keep our Chapter strong and vibrant, the Executive Board and Section Committee Chairs and Co-Chairs will focus much of our time over the next year, on taking our Chapter to the next level of member engagement. 

As a result of our efforts, it will empower members to be strong in their vision and leadership. By working together, we can achieve the goals of engagement, education and empowerment.

I welcome your feedback on any ideas or topics that will help us meet everyone’s expectations. Please do not hesitate to reach out to me at [email protected] if you have any suggestions, questions or comments.
Jenna Carter

New and Returning ALA Capital Chapter Members

John Beattie
Bradley
Office Administrator
1615 L St., NW
Suite 1350
Washington, DC 20036
[email protected]
 
Celeste Holmes
Womble Bond Dickinson
IP Operations Administrator
1200 19th St., NW
Suite 500
Washington, DC 20036
[email protected]
Angela Tyson
Hogan Lovells
Manager, Attorney Assistants
555 13th St., NW
Washington, DC 20004
[email protected]
 
Gina DeVittorio
Shulman Rogers
Recruiting Manager
12505 Park Potomac Ave.
Potomac, MD 20854
[email protected]

Members on the Move

Please join us in wishing the following members well in their new positions:
Blythe Peelor
Michael Best & Friedrich LLP
Administration & Operations Manager
601 Pennsylvania Ave., NW
Suite 700 South
Washington, DC 20004
[email protected]
Kenneth Mitchell
Quinn Emanuel Urquhart & Sullivan, LLP
Regional IT Director, US East Coast and Midwest
1300 I St., NW
Suite 900
Washington, DC 20005
[email protected]

Solving Today’s Top 5 Records Challenges

Total Document Solutions

Where paper and electronic information both exist, there are challenges.
We’ve put together the top 5 records challenges in today’s hybrid workplace and the records management solutions you can use to overcome them:
 
Challenge 1: Record Identification
So how do you identify your records in the hybrid environment of paper and electronic? Many organizations make the mistake of using records format as criteria, but it is simply not accurate to say, “all of our AP records are paper, but our HR records are electronic.”
 
Solution: Avoid the “Either/Or” Approach
The key to accurate records identification is to avoid this “either/or” approach. Instead, recognize that just as a given paper file might be spread across multiple file folders, sometimes in different offices, so too can a hybrid file occupy multiple physical and electronic locations. It is not the location that delineates the scope of a file, but rather a particular business process, subject, company, individual or case. As always, a record is a record is a record – regardless of the format it is in. So, in the hybrid world today, every file may exist in both paper and electronic formats. Recognizing this multi-format reality and incorporating it into your identification process is the first step to properly managing all types of records in the hybrid environment.
 
Challenge 2: Controlling the Records Lifecycle
In our multi-format reality, your records still need to be managed through a clearly defined lifecycle. And much like the challenge of file identification, there is a tendency for firms and organizations to manage the lifecycle through the creation of multiple systems and policies based on format. Even more common, companies have an established policy for one over the other—and more typically it’s paper.
 
The challenge with these solutions is that they ignore the reality for a records collection to be really useful as business information, it needs to be looked at as a whole, not as separate entities.
 
Solution: Use a Total Approach to Records Management
The key is to establish universal controls over the entire lifecycle of a record, regardless of format. These controls include:
 
• A Records Classification scheme
• A Records Retention Schedule (RRS)
• Indexing structures
• Centralized storage (including both physical storage and electronic)
 
A total solutions approach to records management, using universal controls, makes it possible to get the most out of your files by repositioning records of either format into the bigger picture of business functions and their associated requirements for information and evidence.
 
Challenge 3: Identifying the “Official” Record
In the hybrid environment, you should expect that multiple copies of a document might be circulating in multiple formats at any given time. For most organizations, this can really complicate the perennial records management question: What is the “official record?”
 
Solution: Establish a Clearly Defined Policy
It is critical that your records management program describes which document, in which format, will count as the official record.  For example, if you use the definition of records as documentary evidence of business transactions, the official or original record is the one created or received in the same media format in which the actual transactional exchange occurred. Was the information or other content exchanged across an electronic transmission system, or was it characterized by creation of a paper document? Your policy should set a clear definition and help users answer questions like the above, establishing the official record at the individual document level.
 
Challenge 4: Handling Records Volume 
The reality of the hybrid environment is that paper document volumes are on the rise, even as organizations continue to make the move to electronic formats. With space at a premium and budgets getting ever smaller, simply increasing your storage footprint is not an option for many firms.
 
Solution: Regular Purges of Non-Record Material
The answer is to get rid of the “non-records.” It is important to know which documents constitute as the official record and it is essential to take regular steps to purge “convenience copies”, duplicates, records which have passed their retention period and any other unneeded documents that accumulate in the normal course of business. This best practice will successfully reduce your overall document volumes.
 
Challenge 5: Getting End User Buy-In
There isn’t much point to developing systems and policies for managing the hybrid records environment if no one in the organization adheres to them. The challenge here is that most users are stuck in that “either/or” mentality derived from years of working in a “paper-only” environment.
 
Solution: Education, Training and Change Management
Helping everyone in your firm understand that policies and procedures apply to all records, regardless of type or format, is critical for getting user buy-in.  Simply ensuring everyone has copies of relevant policies or emailing memos with instructions for compliance usually doesn’t create a positive change. Instead, try engaging end users with presentations at a lunch and learn, schedule informal group sessions, and incentivized learning workshops. Create a pilot program once there is buy-in to gain even more momentum.​​

April 2018 Diversity Observances

April is Celebrate Diversity Month, started in 2004 to recognize and honor the diversity surrounding us all. By celebrating differences and similarities during this month, organizers hope that people will get a deeper understanding of each other.

​April is Autism Awareness Month, established to raise awareness about the developmental disorder that affects children’s normal development of social and communication skills.

Click here for the full calendar of April 2018 Observances

HITT Contracting Spotlight: ​ 
The Future of Law: How Artificial Intelligence is Transforming the Legal Landscape

Picture
Erin Connors
HITT Contracting Inc.

The legal sector, which has traditionally been one of the least aggressive industries when it comes to implementing new technology, now finds itself at somewhat of an evolutionary crossroads with the potential to completely revolutionize the entire legal profession. In recent years, the law sector has been under increasing pressure to invest resources into “disrupting” its traditional industry model to meet the ever-changing expectations of its clients. Increasing demands for lower costs, higher efficiency and transparency and easier access to justice have led the industry to begin pursuing more innovative approaches to practicing law.
 
One of the clearest trends to emerge from this disruption is the introduction of Artificial Intelligence (AI) to the field of law. As the legal landscape is transformed, more and more firms are turning to technology companies to help them understand the potential value AI can bring to their business, as well as to help guide them through the process of implementing AI to best suit their needs.
 
Using AI to automate some of the more mundane, tedious aspects of the law, such as legal research, due diligence, and contract generation and review, allows law firms to save their clients both time and money by optimizing processes to increase efficiency while simultaneously freeing up resources for more valuable, higher-level work.
 
What is AI?
To understand the potential implications of AI within the legal industry and beyond, one must first understand what AI is to begin with. Oftentimes, AI immediately brings to mind Hollywood cliches of “the rise of the machines,” where robots rebel against humans in a quest to take over the world, but that’s not exactly the kind of AI we’re talking about here.
 
As applied to AI in the legal field, the term “artificial intelligence” is a bit misleading, which is why “cognitive computing” has become an increasingly popular term. It refers to the process of teaching computers how to learn, reason, communicate and make decisions, thereby enabling them to complete tasks previously reserved for humans, such as recognizing patterns, testing data and drawing conclusions.
 
This is important for several reasons, not least of which the sheer amount of data that exists today. According to IBM, 2.5 quintillion (2,500,000,000,000,000,000) new bytes of data are generated every day. That’s a staggering figure, especially considering that roughly 90% of that data was only created within the past two years. It would be impossible for any human to even begin to comprehend that amount of data, and that’s exactly where AI comes into play.
 
For example, AI is extremely effective at making sense of large amounts of data and is able to organize information faster, more efficiently and for a lesser cost than human analysis. However, it’s limited when it comes to many of the deeper, more complex functions that humans are capable of. Therefore, rather than replacing human intelligence, AI augments it, allowing people to use data more efficiently to make better decisions.
 
How does AI fit into the legal landscape?
The presence of artificial intelligence is becoming nearly impossible to ignore. The rate at which AI is being developed makes it difficult to imagine a world in which AI is anything other than an eventual inevitability. In fact, AI is on such an upward trajectory that market research firm IDC projects worldwide revenues for the AI industry will reach a whopping $47 billion by 2020, up from $8 billion in 2016 – That’s an incredible increase of almost 600% over the course of just four years.
 
So what exactly does all of this mean for the future of law? Well, the good news is that due to its limitations, AI is unlikely to replace human attorneys any time soon. The bad news, however, are those attorneys will need to change their approach to law if they want to remain competitive in the new legal landscape.
 
As AI becomes more widespread within the legal sector, it will be critical for attorneys to possess qualities such as empathy, creativity, flexibility and trustworthiness. In much the same way that email revolutionized how we conduct our business, AI will become ubiquitous, making its way into every corner of our lives from the office to the home. Eventually, we’ll all be faced with an increasingly familiar decision: Either get with the times, or get left behind.

2018 Change of Gavel

On March 29th, the Capital Chapter traveled to the Watergate Hotel to celebrate the 2018 Change of Gavel. Chapter members and Business Partners gathered to thank the outgoing Executive Committee and Leadership Team for their service over the past year, welcome the incoming officers, and honor this year's President's Award recipient.  

In his remarks, outgoing Chapter President Richard Gibson thanked his 2017-2018 Executive Committee and Leadership Team for their work throughout the past year and reflected upon a few of the highlights of the past Chapter year: the formation of a new section focused on the next generation of leaders, the revitalization of the annual retreat, and the DC Central Kitchen community service event (particularly the signature hairnets and plastic aprons sported by the volunteers).  

At the conclusion of his speech, Richard presented incoming Chapter President Jenna Carter with the Capital Chapter's ceremonial gavel. Jenna in turn awarded Richard a personalized gavel and crystal award to commemorate his term and acknowledge his status as a lifetime member of the Chapter. 

The Chapter presented a donation of $5,000 to the Capital Chapter Foundation in honor of Richard Gibson. The donation was accepted by Foundation President Donna Williams. The donation will help to fund the 2018 Toni K. Allen Scholarship.

In her first address as Chapter President, Jenna Carter recalled a piece of advice given to her by Richard at the end of his presidency: set aside "an hour a day for ALA." She promised to take the catchy rhyme to heart as she embarks upon her term as President, and to put in the time necessary to serve the Chapter. She then expressed her vision for the Chapter in the 2018-2019 year: "A Place Where Everyone Knows Your Name." As the chorus of the "Cheers" theme played through the ballroom, Jenna explained that she hopes that the coming year will see the Chapter evolve into a community in which "members are actively engaging in meaningful conversation, willing to educate and freely share knowledge with one another, and empowering other members to be strong in their vision and leadership." To kick off this initiative, each attendee took home a business card holder included in their table's centerpiece, which contained the business cards of 6 Chapter Officers and Business Partners. 

Congratulations to Cindy Schuler, our 2018 President's Award recipient! As the 2017-2018 Chair of the Diversity & Inclusion Committee, Cindy ignited renewed interest in the topic among our membership. Recognizing that the notion of workplace diversity has become both ingrained and more challenging of late, her work focused on innovative new approaches to help members move beyond the basics of workplace diversity and begin to address the nuances necessary to create a truly inclusive environment. Her leadership in building committee membership, developing a direction, and delivering excellent educational programs has been an invaluable addition to the Chapter. Through the curation of a breadth of digital resources, the planning and execution of robust educational programs, and (perhaps most impressively) the start-to-finish management of a weeks-long practicum project to evaluate the effectiveness of the committee and develop a strategy for continued success, Cindy worked tirelessly to provide members with the information and resources necessary to make a difference in their firms and in the legal community as a whole. While there remains a tremendous amount to do before we have all the tools at our disposal to be certain that our firms achieve a diverse and inclusive environment with ease, thanks to Cindy's efforts, our Chapter’s Committee is now very well placed to guide and support us in that endeavor.

Thank you 2017-2018 Officers!
Executive Committee
Richard Gibson, President
Emily Christianson, Treasurer
Carmen Barboza, Secretary
John Quinn, Vice President Business Partner Advisory
Claudia Baragano, Vice President Community Service
Jenna Carter, President-Elect
Julie Tomey, Treasurer-Elect
Carmen Barboza, Secretary-Elect
Colleen Brown, Vice President-Elect  Business Partner Advisory
Qeyana Hart, Vice President-Elect Community Service
Leadership Team
Diversity & Inclusion Committee
Cindy Schuler, Chair
Monique Terrell, Co-Chair

Salary Survey Committee
Emily Christianson, Chair
Julie Tomey, Co-Chair

Branch Office Administrators Section
Danita Ellis, Chair
Jackie Thomas, Co-Chair

Human Resources Section 
Jasmine Stribling, Chair

Office Operations Management Section
Kevin O'Hare, Chair
Greg Fudge, Co-Chair

Finance Section 
Andy George, Chair
Evan Kettig, Co-Chair
Member Experience Committee
Cheryl Flynn, Chair
Sarahi Estrella, Co-Chair

Communication & Media Relations Committee
Jaci Moline, Chair
Paula Serratore, Co-Chair

IP Administrators Section
​Kimberly Potter, Chair
Astrid Emond, Co-Chair

Small Firm Administrators Section
Wilmara Guido-Chizhik, Chair
Dot Mooney, Co-Chair

Technology Section
Frank Schipani, Chair
Welcome 2018-2019 Officers!
Executive Committee
Jenna Carter, President
Julie Tomey, Treasurer
Carmen Barboza, Secretary
Colleen Brown, Vice President ​Business Partner Advisory
Qeyana Hart, Vice President Community Service
Frank Schipani, President-Elect
Sheri Shifflett, Treasurer-Elect
Melody Watson, Secretary-Elect
Monique Terrell, Vice President-Elect 
​Business Partner Advisory
Pamela Christian-Wilson, Vice President-Elect Community Service
Leadership Team
Diversity & Inclusion Committee
Ellen Clinton, Chair
Cameron Gowan, Co-Chair

Salary Survey Committee
Julie Tomey, Chair
Sheri Shifflett, Co-Chair

Branch Office Administrators Section
Jackie Thomas, Chair
Anjanette Milladge, Co-Chair

Human Resources Section 
Jasmine Stribling, Chair
Tiffany Montgomery, Co-Chair

Office Operations Management Section
Linda Padron, Chair
Janice Byrum-Jackson, Co-Chair

Next Generation Leaders Section 
Danielle Smith, Chair
Tania Jose, Co-Chair
Member Experience Committee
Sarahi Estrella, Chair
Dot Mooney, Co-Chair

Communication & Media Relations Committee
Cindy Conover, Chair
Paula Serratore, Co-Chair

IP Administrators Section
Astrid Emond, Chair
Matthew Cichocki, Co-Chair

Small Firm Administrators Section
Wilmara Guido-Chizhik, Chair
Jo Jo Ruby, Co-Chair

Technology Section
Kenny Mitchell, Chair

Hilltop Consultants Spotlight: GDPR Preparation and Compliance

If you are a European Union (EU) based firm or have business interests in the EU, you should be aware of the General Data Privacy Regulation (GDPR) that was approved two years ago.

How do you protect your interests and ensure compliance?
At Hilltop Consultants we support many firms that need to be GDPR compliant. Here are some frequently asked questions, tips and solutions related to GDPR.

General Data Privacy Regulation:
What is it? An EU regulation with the primary objective of strengthening security and privacy protection for individuals. It applies to all personal data that originated in the EU regardless of where it is processed, stored or transmitted. Any organization that has the personal data that originated in the EU in its systems will have to comply with the GDPR.

Who does it pertain to? Those who offer goods or services to EU citizens residing in the EU or monitor the behavior of EU citizens residing in the EU. GDPR places obligation onto (1) data controllers, the entity which determines the purposes and means of processing personal data and (2) data processors who processes the data on behalf of the data controllers.

What is the definition of Personal Data? Personal data is categorized as any identifiable information. There are several ways that an individual can be considered “identifiable” such as individual’s physical characteristics or name, physical address, photo, personal or work email address, bank information, medical information, posts on social media, biometric or IP address.
Keep in mind that all organizations having access to individual data that originated from the EU must maintain a plan to detect breaches, regularly evaluate security practices and document evidence of compliance. This is a major component of the GDPR regulation.

We recommend the following steps toward better protection:
  • Limit the amount of personal data collected or processed
  • Limit the amount of time that personal data is held
  • Encrypt all data transmission and storage of data
  • Implement Multi-Factor Authentication
  • Hide user information
  • Do not display or record user’s IP addresses
  • Increase your ability to prevent and remediate threats to personal data
  • Implement a “need-to-know” basis pertaining to access to personal data
Also critical is designing a solid plan and taking the needed steps to ensure ongoing compliance.

Hilltop Consultants helps firms implement practices toward GDPR Compliance by:
  • Implementing a SIEM tool with log management capabilities that adhere to compliance requirements
  • Creating an inventory of all critical assets that store or process sensitive data to allow for more stringent controls to be applied
  • Performing routine vulnerability scans to identity weaknesses that could be exploited
  • Conducting risk assessments and applying threat models relevant to your business
  • Regularly testing that the security controls are working as designed
  • Ensuring that threat detection controls are in place to identify when a breach has occurred in a timely manner
  • Monitoring network and user behavior to identify and investigate security incidents quickly
  • Executing a documented and practiced incident response plan
  • Implementing a communication plan to notify relevant parties

There are ways of reducing the risks by taking the steps and actions mentioned above. Although the burden is substantial, mitigation is possible. For more information on how this applies to your firm call or email us!

Click on the links below regarding GDPR specifics and solutions aimed at GDPR compliance:

Ways in which Law Firms Should Look to Manage Potential Exposures as Internet and Cyber-Liability Threats Expand

Eileen Garczynski
Senior Vice President and Partner, Ames & Gough
 
If there was any doubt among law firms about their potential vulnerability to cyber-attacks, recent reports of the so called “Panama Papers” serve as a sobering reminder that the threat is not only real – but widespread and substantial.

In this case, a law firm was victimized by a series of hacking incidents by a single perpetrator. The hacks occurred without its knowledge, over several years, and involved more than 11 million documents and confidential details of more than 200,000 offshore facilities the firm established on behalf of its clients.

More recently, and closer to home, a specialty law firm in the U.S. Midwest is bringing suit against another Midwest firm alleging it failed to maintain a solid security system and safeguard client data. It’s feared that this action will trigger a wave of similar cases.
As individual hackers and organized criminals look for new ways to steal funds and access confidential corporate and personal financial information, professional services firms have become soft targets for their actions. Indeed, law firms have stores of personal and confidential financial data on employees and clients; they maintain sensitive information about client strategies, trade secrets, and pending business transactions. Firms may also have significant employee and client health data and information protected under the Health Insurance Portability and Accountability Act (HIPAA).

A privacy or security incident can cause a firm a great deal of unwanted press and involve substantial costs. If the firm’s system goes down for any amount of time, significant billable time may be lost. Then there’s the cost of any forensic investigation, potential federal and state regulatory fines and notification costs. Not to mention issues with third parties; flurry of lawsuits, negative publicity, reputational damage and disgruntled clients.

Network security lapses could also give rise to ethical complaints, as inadequate data security or protection of privacy can constitute a failure to abide by the duty of confidentiality. Under Rule 1.6 of the ABA Model Rules of Professional Conduct, “a lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent.” Lawyers must “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

Managing Cyber-Risk
Unfortunately, law firms generally have lagged behind other industries when it comes to data protection. To make sure your firm gets up to speed, the following are some suggested best practices for firms to follow to anticipate, prevent, and respond to a data breach, including the purchase of a cyber-liability insurance policy: 

Anticipate. Catalog all confidential data owned or maintained by the firm and ensure that proper security procedures are in place for keeping it safe. Conduct ongoing risk assessments, invest in state-of-the-art security measures, and consider hiring “ethical hackers” to test data security. It is important to understand that most firms are targeted for intrusion because of exploitable security weaknesses, not because of their high profiles or the value of their confidential information. Testing the integrity of the system on a regular basis is a wise investment.

Train. Inform employees and vendors of proper security procedures and periodically review and update data security policies.

Prevent. Simple steps law firms can take to prevent a breach include:
  • Use strong passwords of at least 12 characters, and change them regularly.
  • Laptops should be protected with whole-disk encryption without exception.
  • Backup media are also a huge source of data leaks, so they too should be encrypted.
  • Thumb drives, which are easy to lose, should be encrypted, and consider logging activity on USB ports.
  • Consider a standardized desktop with firm-issued-only software.
  • Keep servers in a locked rack in a locked closet or room.
  • Solos and small firms should use a single integrated product to deal with spam and viruses.
  • Make sure all critical patches are applied.
  • When terminating an employee, make sure to cut all possible access (including remote access) to the network immediately and cancel the employee's ID.
  • Use wireless hotspots with great care.
  • For remote access, use a virtual private network (VPN) or other encrypted connection.

Organize. Create a response team to implement a plan of action when a breach occurs. The team should be multi-disciplinary and include procedures for promptly identifying and repairing the breach, investigating the cause of a breach, analyzing the implications of the breach, and notifying the necessary parties.

Insure. In the wake of so many cyber-breaches, cyber-liability insurance should be considered a critical component of every law firm’s risk management portfolio along with a comprehensive breach response plan. Keep in mind, however, that all cyber-insurance policies are not identical.
In choosing a cyber-liability insurance policy, carefully consider the scope of coverage and exclusions under a data breach policy, including whether the policy covers costs related to lawsuits, regulatory investigations, internal investigations, notifications to affected consumers, public relations management, credit monitoring, and/or statutory penalties.

Stand-alone cyber-liability insurance policies, addressing both first- and third-party perils, offer a full range of cover that is key to mitigating risk. The policies typically provide coverage through numerous insuring clauses that afford coverage for losses arising out of data or privacy breaches. These include expenses related to the management of an incident, such as forensic investigation, remediation, notification and credit checking. They also provide coverage for business interruption losses, extortion network damage, and regulatory investigation costs arising out of a cyber-event.
 
Understanding potential coverage restrictions 
Law firms purchasing stand-alone cyber-liability insurance policies should thoroughly understand exactly what their insurance covers, the extent of coverage provided, as well as any coverage exclusions or restrictions.

In comparing various cyber-liability policies offered by different insurance companies, be aware that many insurers will attempt to add exclusions either through the policy wording itself or by endorsement.

While it is not always possible to remove these exclusions, law firms should understand their potential impact and attempt to have them modified or removed. There are more than a dozen specific types of coverage exclusions or restrictions that might appear in many or some cyber-liability insurance policies for law firms. Here are a few key examples:
  • Definition of confidential information. Some policies define confidential information as only Personal Identifiable Information (or PII, such as date of birth, Social Security number, driver’s license ID, etc.). However, a good cyber insurance policy will define confidential information as anything protected under the attorney-client privilege.
  • Encryption exclusions for mobile devices. Some policies exclude coverage if the firm’s mobile devices are not encrypted. Encrypting these devices is sound risk management and should be standard practice. Ideally, however, coverage is not contingent on this being done.
  • Retroactive date. Some policies exclude coverage for claims the firm could have reasonably foreseen. For this reason, firms should try to limit their knowledge of claims to key individuals at firm, such as the head of IT or the firm’s managing partner. Furthermore, coverage under a good cyber insurance policy is triggered by the “discovery of the network security event” and not the occurrence of the incident. This negates the need for full prior acts or a retroactive date prior to the inception of the policy.  However, if you don’t have date of discovery language, you will need a full prior acts policy or one with a retroactive date prior to the inception of the policy.
  • Definition of damages/loss. Certain risks covered by cyber-policies may have unique remedies and involve related costs. For example, privacy violations can result in a duty to notify affected individuals and to provide credit monitoring for defined periods of time following the violation. Law firms should be sure the “loss” as defined and covered by the policy addresses the types of relief they may be required to provide.
  • Data outside an insured’s network or premises. This wording affects cloud providers or other outsourced vendors and should be reviewed carefully. Most cyber-insurance policies define a “computer system” to include third-party networks with which you have contracted to support your firm. Thus, in the event of a breach, the policy will respond regardless of where data were stored when the breach occurred. In other words, the coverage should follow the data, no matter where they are stored.
  • Voluntary notification. During the past several years, most states and various countries have enacted breach notification laws. Generally, they require firms that lose sensitive personal data to provide written notification to all individuals potentially affected. Even without a legal obligation to do so, the trend is toward voluntary notification to protect your brand and reputation. In any event, clients expect such notification. Not all cyber-policies cover costs of providing a breach notice, so be sure to check whether and how your policy will respond to these circumstances.
  • Limitations on the cost to investigate, defend, and settle issues surrounding civil penalties and fines. While most cyber-liability policies cover civil fines or penalties imposed by a governmental agency, as well as the costs incurred in connection with a governmental investigation, some permit coverage only to the extent they are insurable by law in that jurisdiction. This coverage limitation raises questions of law not directly specified in policy terms; policyholders may wish to consult knowledgeable personnel in their corporate risk and legal departments, along with their other professional and legal advisors.
  • Breaches caused by rogue employees. All policies have a specific “conduct exclusion”; however, it should be strictly limited to dishonest, fraudulent, or criminal acts committed by the firm and/or its senior management. While most data and security breaches result from negligent acts, such as failure to properly configure software or firewalls, many breaches are caused by malicious acts, perpetrated or assisted by insiders. Thus, law firms should seek an exception to the conduct exclusion for “rogue” or disgruntled employees to guarantee coverage for malicious conduct by an insider.
 
With respect to the last point, the conduct exclusion for fraudulent or criminal acts of senior management should be worded to apply only after final adjudication, or determination, that the excluded conduct did, in fact, occur.

Many policies don’t cover theft of hardware from your premises and limit protection for breaches to those involving only U.S. privacy statutes or regulations. There are also inadequate sub-limits for forensics and crisis management expenses, which can leave law firms without sufficient funds to investigate where their systems were infiltrated or to address the costs of effectively managing a related crisis event.

In addition, there are likely to be restrictions for restoration of intellectual property or proprietary business information. And when related coverage is provided, it typically is limited to the amortized value.

Another area to check involves the policy’s requirements regarding use of vendors to address data breaches and related issues. Many insurers require policyholders to use the insurance company’s preferred vendors; to have this language changed to allow a law firm to choose its own vendors may require additional premium.
 
Policy waiting periods
Cyber-liability insurance policies offer an aggregate limit of liability (e.g. the total limit of liability for all claims) as well as sub-limits for each first-party coverage and the fines and penalties aspect of the third-party coverage.

The sub-limits have generally increased in recent years so that law firms can typically get up to 50 percent of the total limit to apply to first-party costs. A dollar deductible also applies to each coverage part that varies, depending on the size of the policy and the firm insured. In addition to a dollar deductible, most policies include a “time element” or waiting period deductible to trigger the first-party business interruption coverage.

For example, a cyber-policy might require that your network be impaired for more than 12 – 24 hours before the business interruption coverage would apply or be triggered. Law firms should be aware of these policy features and requirements for reporting incidents and related business loss.
 
Determining how much coverage you need 
While there’s no simple formula for determining how much cyber-liability insurance any law firm should purchase, there are three key considerations when choosing insurance policy limits and deductibles:
  1. What is the most likely total dollar amount of any particular risk? Firms maintaining a significant amount of personal identifiable information, intellectual property, or highly confidential information either for clients or staff, may need higher limits.

    When evaluating appropriate limits, typical first-party costs incurred when a cyber-breach occurs include lost billing time, forensic Investigation, legal fees to determine regulatory or notification obligations, notification, communication, and public relations costs, credit monitoring, and regulatory fines and penalties.

    Third-party costs may include settlement/damages to third parties, legal fees to respond to a third-party loss, damages to network security of a trading partner or vendor, intellectual property infringement, and regulatory proceedings.
  2. How much of these costs can your firm afford to retain, either by not purchasing insurance or through a deductible or retention? Even if your firm has multiple safeguards to prevent a cyberattack, the risk exists and recovery cost can be substantial. In determining insurance needs, many firms consider the worst-case scenario. 
  3. What are your firm’s contractual obligations? Firms serving institutional clients may be contractually required to purchase certain minimum limits of cyber-liability insurance. Increasing numbers of law firm clients, particularly financial institutions and health groups, for example, are requiring their counsel to carry this insurance.

​As internet and cyber-related risks become increasingly widespread and complex, law firms and other professional services firms have become targets of a growing number of attacks. Managing these exposures requires a comprehensive approach that includes sound risk management practices and a careful evaluation of available insurance. Although insurance coverage and pricing has been improving, law firms need to evaluate their coverage options carefully, note potential coverage restrictions and work with insurance companies to address them. 

Diversity Corner: Inclusion is Forged in Unlearning

Howie Schaffer
Chief Inclusion Officer, Bonanza Communications
 
Strangers might be dangerous. Fat people are lazy. Older people are less capable. Women are more caring then men. Men are more confrontational than women. Our heads are full of generalizations, beliefs and ideas planted in our brains, and reinforced by others. Our minds are populated with lessons we have learned from our families, our schools, our friends, our workplaces, our religions or cultures, and yes, from society and the media.
 
Some of these lessons with have inherited uncritically from others without examining them deeply. Who can we trust? Who can we feel safe with? Who is helpful? Who won’t be offended by feedback? Who will work hardest? These are evaluations we are making all the time in our lives. And these decisions are often unconscious and without our control or clear intention. To be effective in the workplace, every day we need to fight some aspect of our socialization that has taught us a lesson or belief that doesn’t serve us well.
 
To learn something new we have to forget or ignore something we have previously learned. The patterns of our thinking are so deeply ingrained that we may never lose our snap judgments or the reactive voice inside our head that speaks before examining the evidence. Almost every decision we make daily in business settings requires us to make intentional efforts to challenge our prior knowledge. Unlearning is like stripping the existing paint of a wall so that new paint sticks. If you’ve ever done this work, you know that paint removal is 70% of the job and repainting is 30%.
 
What do you need to unlearn? How will you do about it? Your career trajectory might depend in part upon the answers you provide.
 
3 Unlearning Tips
  1. Embrace the Unfamilar: Get uncomfortable. Be the student not the expert. Examine thinking patterns that no longer serve your life & career.
  2. Pursue Your Opposite: Avoid like-minded people. Engage people who challenge you and sharpen your thinking. Invite feedback from all sides.
  3. Acknowledge Your Fears: Embrace your failures. Ask for help. Mistakes are not catastrophes. They are fuel for transformation.

Administrative Committees

Communications and Media Relations
As members of the Newsletter and Media Relations Committee, Chapter members participate in producing the award-winning Capital Connection. Members gather to brainstorm new ideas for editorial themes for upcoming editions. The newsletter reports Chapter business activities such as Section and Committee news and provides information about upcoming educational and other events. It also includes articles of interest to members and other legal management personnel, collected, authored and/or edited by members of the committee. This committee also works with other legal associations and the media to ensure that ALA and the Capital Chapter are represented in the legal industry. The Newsletter Committee welcomes new members.

Contact: Cindy Conover, [email protected]; Paula Serratore, [email protected]

Diversity & Inclusion
The Capital Chapter of the Association of Legal Administrators is a professional organization comprised of administrative managers from private, corporate and government legal organizations in the Washington DC, Northern Virginia and suburban Maryland areas.  ALACC embraces and encourages diversity within the legal profession. We value diversity and those initiatives that promote it and look to partner with affiliated professional legal organizations to advance diversity. We not only strive to raise awareness, but to increase our sensitivity in the area of diversity and more closely reflect the diversity of our community at large. Having a more inclusive and diverse legal community will improve the quality of our organizations workforce and respond to our client’s requirements for diversity. As a committee we are very interested in your thoughts, comments, and suggestions about achieving greater diversity in our Chapter, our profession, and in our firms. 

Contact: Ellen Clinton (Chair), [email protected] Cameron Gowan (Co-Chair), [email protected]
Salary Survey
The Salary Survey Committee is responsible for maintaining, updating and running the local survey each year. They review the positions listed, the job descriptions, and the benefits questions to ensure that the survey remains relevant to the end users. The members of the committee also promote the survey within the Chapter to stimulate participation. 

Contact: Julie Tomey (Chair), [email protected]; Sheri Shifflett (Co-Chair), [email protected] 






Member Experience
The Member Experience Committee will establish a welcoming environment for new members to be integrated into the Chapter through a formal Ambassador Program. Ambassadors will provide support and guidance to new members through their first 12 months of membership, ensuring new members realize benefits of membership and become ambassadors of the Chapter. 

Contact: Sarahi Estrella (Chair), [email protected] ; Dot Mooney (Co-Chair), [email protected]


Educational Sections

Branch Office Administrators
The Branch Office Adminsitrators Section focuses on a broad range of topics of interest to local adminisraotrs who must coordinate with other officees of their firms. The Section's monthly luncheon meetings, held on the second Tuesday of the month, provide a venue for members to discuss issues of common interest, share ideas, and network. Members are encouraged to raise topics and to recommend speakers.

Contact: Jackie Thomas (Chair), [email protected]; Anjanette Milladge (Co-Chair), [email protected] 
Listserv: [email protected]



Office Operations Management
The members of the Office Operations Management Section represent a cross section of legal expertise from functional administrators to branch office managers. The Office Operations Management Section (OOMS) meets on the fourth Wednesday of every month to discuss operations related hot topics. We welcome all members to join the section, especially if you are an administrator in a small law office and you have to wear multiple hats. We can provide you with many best practices to run your operation smoothly.

Contact:  Linda Padron (Chair), [email protected]; Janice Byrum-Jackson (Co-Chair),  [email protected]
Listserv: [email protected]
Intellectual Property (IP)
The Intellectual Property (IP) Section focuses on all aspects of legal management as it pertains to the IP Administrator. The group discusses the complexity of the ever-changing IP environment and how to effectively create and apply IP specific, non-legal procedures in both boutique and general practice firms. 

Contact: Astrid Emond (Chair), [email protected]; Matthew Cichocki (Co-Chair), [email protected]
Listserv: [email protected]




Small Firm Administrators
The purpose of the Small Firm Administrators Section is to provide Administrators of law firms with 35 or fewer attorneys educational opportunities through vendor presentations, idea sharing and open forums specifically designed for those who work in smaller firms. The Small Firm Management Section meets the fourth Tuesday of the month at host law firms.

Contact: Wilmara Guido-Chizhik (Chair), [email protected]; Jo Jo Ruby (Co-Chair), [email protected]
Listserv: [email protected]


Next Generation Leaders
The mission of the Next Generation Leaders section is to support our next generation of leaders and close the gap faced by our association and the legal industry as a whole by providing a community for Millennial legal managers and new managers in the legal field with a focus on mentoring, education, and networking. To accomplish this goal, the section hosts monthly section meetings, pop-up events, and educational sessions, and provides 2-way mentoring opportunities. 

Contact: Danielle Smith (Chair), [email protected]; Tania Jose (Co-Chair), [email protected]
Listserv: [email protected]
Human Resources
The Human Resources Section operates as a venue for educational information on global human resources issues.  While the Section is mostly comprised of HR professionals, any member is invited to participate in the meetings which typically take place on the second or third Wednesday of each month.  The meetings feature industry speakers or roundtable discussions on topics such as recruiting, benefits, strategic planning, performance management, career pathing, retention and other matters of interest.

Contact: Jasmine Stribling (Chair), [email protected]; Tiffany Montgomery (Co-Chair), [email protected]
Listserv: [email protected]

Technology
The Technology Section is looking for members to join the group for lively discussions about practical situations we all face daily in the information technology world. With ever-changing IT needs and issues, we will look at our firms' policies and procedures and help develop best practices and speak of the many concerns we all have. Even if you are not in the IT field,  your experiences and opinions will help us in bringing all departments of a law firm together and working on the same page.

Contact: Kenny Mitchell (Chair), [email protected]
Listserv: [email protected]