Category Archives: Privilege

Tapes and onions

Today, with surveillance cameras everywhere, it’s good to remember that everything you say may be recorded.  Even by someone you trust.  And those recordings turn up.

“Cohen Recorded Talk With Trump,” The Wall Street Journal, July 21, 2018 A1.  Trump’s then-personal lawyer recorded a conversation with then-private-citizen Trump about a story about a Playboy model.

Several different layers of onion involving this tape its creation, its collection by the FBI under a warrant, its production after a court-ordered review, its release to the press, and its impact.  And who owns it, at each stage of the process?  Did Trump know he was being taped?  Was this privileged?  Was the privilege waived?  How and by whom?

I just ask the questions.


Leave a comment

Filed under Access, Controls, Discovery, Duty, Government, Internal controls, Lawyers, Legal, Ownership, Privacy, Privilege, Third parties

The Day that Information Governance Died, the Sequel

Last July, after the July 5 new conference, I wrote about the consequences of James Comey’s decision not to prosecute,  I view that as The Day Information Governance Died.

This week, we had the sequel.

If you create a document in the normal course of your duties for your employer, about a conversation held in the course of your employer’s business, using the employer’s computer, then that document is the property of your employer.  It’s “proprietary.”  You can’t take that document with you when you’re fired and then give it to others.  Even if it doesn’t contain privileged information.  Or your purported recollections of a conversation in your official capacity with the President, subject to executive privilege.

But Mr. Comey seems to be above (or maybe beside) the Law, generally.  And he is (until the ethics people get a hold of this) a lawyer.

“The ‘Close Friend’ Behind Memo Leak,” The Wall Street Journal, June 9, 2017 A4.   Comey leaks a memo he wrote while a government employee to a friend, in order to leak it to the press.

And we wonder why we have a hard time getting traction on information governance.

1 Comment

Filed under Controls, Duty, Employees, Information, Internal controls, Lawyers, Ownership, Privilege, Third parties


Normally, I tie to an article in The Wall Street Journal, but couldn’t find this news items there.  Today’s post is based on an article yesterday from Corporate Counsel.

The former General Counsel of Bio-Rad Laboratories in California got fired in 2013, soon after he reported to the company’s audit committee on possible FCPA violations.  He claimed whistleblower protections under Sarbanes Oxley.

Jury finds for plaintiff; $5.8 million in back pay and $5 million punitive damages.  Company had already paid $55 million to settle FCPA allegations.

Interesting implications for compliance, audit committees, whistleblowing, and attorney-client privilege.

Leave a comment

Filed under Board, Compliance, Compliance, Corporation, Duty, Employees, Governance, Lawyers, Legal, Privilege, To report

A Higher Duty

A lawyer for a company has a duty under company law to protect the company’s confidential information.  As a lawyer, he or she has a professional ethical obligation to preserve the confidentiality of materials submitted to the lawyer in order to secure or provide legal advice.

But what happens if the lawyer learns information that indicates the client has broken or is breaking US criminal law?  Is there a duty to blow the whistle outside the company?  To whom is that duty owed?  Which controls, state legal ethics rules or federal law?

“Trial to Focus on In-House Lawyers,” The Wall Street Journal, January 17, 2017 B2.  A company’s general counsel is fired.  The company says he was fired because he messed up security filings and failed to detect bribery that led to $55 million in fines.  He says he was fired because he blew the whistle on the company’s “possible” bribery in China.  The judge ruled in December that the lawyer can use privileged information to support his claim.

Will this case eviscerate attorney-client privilege or force attorneys to become unwilling participants in criminal activity?

Leave a comment

Filed under Access, Business Case, Compliance, Controls, Duty, Employees, Governance, Internal controls, Legal, New Implications, Privilege, Risk, Third parties, To report


Is there a new standard being established for the conduct of internal investigations?

“VW Seeks Whistleblowers,” The Wall Street Journal, November 13, 2015 B3.  VW offers unionized employees limited amnesty to get people to self-report information related to emissions irregularities.  Jones Day is conducting the investigation.

I assume, but have not asked, that all these reports by the employees are not subject to the attorney/client privilege.

Will other companies be encouraged to follow VW’s example and offer internal immunity in investigations? What if they don’t?   Verry interesting. (Apologies to Arte Johnson).

Leave a comment

Filed under Board, Business Case, Collect, Compliance, Compliance, Compliance, Compliance Verification, Directors, Discovery, Duty, Governance, Legal, Management, Privilege, Risk

The people people become data nerds

HR now has an app to generate even more metrics.  It provides “people analytics.”

You Aren’t a Human, You’re a Data Point,”Wall Street Journal, February 17, 2015 B1. This “treats the humans in an organization just like any other asset …; as something that can be monitored, analyzed and reconfigured.” Another way to quantify the “otherwise nebulous concept of corporate culture.” “In a modern corporation, data is a kind of currency.” “The more of it you have, the more power and influence you wield.”

Interesting, that people are being treated as collections of information, and that that information needs to be, and can be, managed.

Also: The Journal changes the name of its Marketplace section to Business & Technology.  Today’s section had a heavy focus on information, with stories on

  • the Apple smartwatch,
  • algorithms at UPS to help with route planning,
  • the costs and benefits of cloud computing, and
  • attorney-client privilege in the international realm.


Leave a comment

Filed under Analytics, Business Case, Collect, Culture, Definition, Governance, HR, Information, Legal, Management, New Implications, Oversight, Privilege, Use, Value

and then … and then

The Sony hack just keeps on giving.

Initially, we heard about internal emails and employee information, like salaries and 47,000 social security numbers. And upcoming movie scripts.  And of course all the juicy gossip and unfortunate statements about Angelina and Barack.  Several law suits followed.  The good news is The Interview did well.

“Sony Emails Show China Ties,” Wall Street Journal, January 10-11, 2015 B1. Emails demonstrate on ongoing internal investigation, complete with law firm opinions, about potential bribes in connection with business in China.

Some lessons:

  1. Protect the perimeter
  2. Protect the stuff inside the perimeter (i.e., encrypt it)
  3. Don’t write stupid stuff; how would it look above the fold on the Wall Street Journal or Variety?
  4. To maintain privilege, watch where and how you communicate with your lawyers.
  5. The breach is just the beginning.


Leave a comment

Filed under Board, Business Case, Controls, Duty of Care, Interconnections, Internal controls, IT, Legal, Oversight, Oversight, Privacy, Privilege, Protect, Protect assets, Protect information assets, Risk, Security, Third parties

Who’s asking?

Normally, I think of information governance issues as being one of three types: compliance, protection, or use. Does it matter who’s asking the question?

“Prosecutors’ Bulk Requests for Email Irk Judges,” Wall Street Journal, April 5, 2014 A4

Federal prosecutors in criminal investigations make blanket requests for all of a person’s email with an email provider, rather than limiting their requests to those emails relevant to something. Then they (the government) sort through. Some judges have become less amenable to signing such warrants, as there are Fourth Amendment issues.

Is this information governance? Or just a privacy or discovery point? Looked at from the defendant-to-be’s point of view, it’s privacy or constitutional. From Yahoo’s or Google’s point of view, it’s information governance of the compliance or protection variety. From the government’s point of view it’s just searching for evidence, I guess. How does the defendant-to-be know when to interpose an objection? Who’s information is it?

Who owns “information governance” in this context? The courts? The Department of Justice? The email provider? If not one of them, then who?

Leave a comment

Filed under Controls, Discovery, Information, Legal, Ownership, Privacy, Privilege, Third parties

“Emmett accuses attorney of leaking pre-K opinion”

Houston Judge says he does not trust the county attorney general’s office after the leak to news media of a legal opinion.  County attorney’s office says breach was not deliberate. Houston Chronicle, August 22, 2013 B2.  Waiver doesn’t require a deliberate breach, does it?

Leave a comment

Filed under Privilege, Risk