More on compliance programs for corporate-lawyer risks

Recently, we ran a post on the possible need for law firms to have compliance programs to prevent/detect  bill padding.  In today’s post we examine a different area of lawyer misconduct  – misuse of the attorney-client privilege, and  a different segment of the profession – members of law departments rather than of firms, with an eye toward suggesting a compliance program remedy in the post that will immediately follow this one.

The attorney-client privilege can, of course, be an invaluable tool for supporting a C&E program mission, as the confidentiality it promises helps companies uncover and address wrongdoing – and thereby comply with legal requirements –  without fear that their efforts will be used against them.  For instance, last week the Wall Street Journal reported  that a company that had suffered a security breach hired a law firm to investigate the breach because the law firm “could offer something a forensic firm couldn’t: attorney-client privilege and the secrecy it confers.”

But unlike the case with law firms, when the privilege is asserted by in-house lawyers a question often arises as to whether  the matter at issue in fact entailed the lawyer providing legal advice or instead was her merely dealing with an administrative or business matter.  For instance, in a case decided last year in a different (i.e., non-C&E)  context,   a federal district court in Pennsylvania court held that emails on which  an in-house counsel was copied were nonetheless not privileged because they principally concerned the latter type of work.

Of course, many aspects of C&E programs – although having their origins in legal mandates – can be seen as principally administrative/business-related. Indeed, this possibility could actually increase as C&E-related expectations become settled.

Moreover, raising the privilege without sufficient basis is itself not without risks beyond the loss of confidentiality for the communications in question. Courts have warned lawyers against misuse of the privilege.  For instance, in United States v. Davis, (131 F.R.D. 391, 401 (S.D.N.Y. 1990)) the court cautioned that an in-house attorney’s degree and office should not be used to create a “privileged sanctuary” for corporate records. Indeed, in the high-profile tobacco industry criminal investigation in 1990’s, some company lawyers were investigated by the Justice Department under fraud/obstruction theory for what was seen as a possible bad faith use of the privilege to hide sensitive information. Although no charges were brought, one can imagine a set of circumstances where the outcome could be different.

So, this is not an issue to be taken lightly. Part two of this post will explore how companies can develop a strong approach to privilege – while not going over the above-referenced line – through a compliance program framework.