Lawyers Seek Pass From Privacy Law

“Enough!”

That's what lawyer groups argued earlier this year when they appeared before a District of Columbia federal appeals court to challenge yet another layer of regulation aimed at them.

The American Bar Association and the New York State Bar Association, along with state bars nationwide that support the two groups, asked the U.S. Court of Appeals for the D.C. Circuit to rule once and for all that the Federal Trade Commission (FTC) has no right to hold lawyers to certain privacy provisions in the 1999 Gramm-Leach-Bliley Act.

After all, the lawyer groups argue, the act was specifically designed for institutions that sell financial services, requiring them to notify clients that they won't market or sell private data about them to other companies. Nowhere in the act are lawyers mentioned, the bar associations point out. And, they add, by forcing law firms to adhere to the privacy provisions, the FTC may actually hurt clients rather than bolster their rights.

Some Points of View

With few exceptions, lawyers are licensed and regulated by state bar associations. The bar groups challenging the FTC's application of the privacy provisions to lawyers argue that existing state laws governing confidentiality go further to protect clients than do the federal provisions contained in Gramm-Leach-Bliley.

“It creates uncertainty for clients as to whether the ground rules had changed,” says Steven Krane, a partner at Proskauer Rose in New York whose practice includes legal-ethics counseling and who was president of the New York Bar Association when the suit was filed in 2001.

Krane represented the New York Bar in the argument in May before the D.C. Circuit; Steptoe & Johnson partner David Roll was lead counsel, representing the ABA before the court.

“There is a significant federalism issue here,” Krane says of the suit. “That's not to say, though, that Congress cannot ever regulate lawyers, but I definitely do think this goes to something broader.”

Adds Edward Correia, a partner in the corporate group in Latham & Watkins' Washington, DC, office who drafted his firm's disclosure letter to clients about the rules: “This was a fairly major paperwork burden that was not really accomplishing anything for our clients.”

Regulations and Consequences

And as so often happens with regulations, there have been unintended consequences, lawyer groups say. For instance, in light of the FTC's ruling on the applicability of the privacy provisions to lawyers, attorneys found themselves having to reassure clients that confidentiality still applied to all matters, not just those relating to financial issues.

To the FTC, the matter seems clear-cut: If lawyers give advice on matters like tax and real estate, they have to comply with Gramm-Leach-Bliley.

The law, says the FTC, clearly covers anyone who is engaged in “financial activities.” That language hands the agency a broad mission, says John Daly, deputy general counsel for litigation at the FTC.

“The policy decision is one that Congress made,” Daly says. “We read the statute and think it unmistakably covers lawyers. In our view, if we're going to make an exception to something Congress has done, that's a very difficult thing to do. Almost any law that covers all persons can cover lawyers.”

Daly also notes that attorney-client privilege doesn't always provide better safeguards than the act. Attorney-client rules can vary from state to state, making the uniformity of the Gramm-Leach-Bliley requirements necessary, he says.

Within Reach

The litigation over the Gramm-Leach-Bliley provisions represents both a classic Washington dispute over how federal regulators interpret and enforce a congressional mandate and, say some legal-ethics experts, another example of lawyers' fervent belief that state laws should hold the strongest sway over their professional conduct.

“When the federal government threatens to impinge on the way lawyers do business, there is always going to be resistance,” Michael Frisch, legal-ethics counsel at Georgetown University Law Center, says.

In the summer of 2001, right around the time Congress passed the Sarbanes-Oxley Act — the hallmark corporate-governance legislation that placed specific duties on lawyers – the New York State Bar Association and the ABA started asking the FTC for an exemption from the privacy provisions of Gramm-Leach-Bliley.

The answer: A resounding no, with the FTC telling lawyers to turn to Congress if they wanted such an exemption. Legislation introduced in 2003 by Reps. Judy Biggert (R-IL) and Carolyn Maloney (D-NY) that would shield attorneys from the privacy rules has never made it out of committee.

The two bar associations filed suit separately in 2002 after the FTC denied requests for an exemption for lawyers. The suits were consolidated in the U.S. District Court for the District of Columbia, and the bar associations won an important victory last April when Judge Reggie Walton concluded that “the FTC failed to articulate any explanation, let alone a satisfactory one, for its interpretation” to include lawyers under the Gramm-Leach-Bliley strictures.

Walton also ruled that because the FTC did not publish or seek public comment on its conclusion about lawyers and the privacy provisions – the most typical path for rule-making – it wasn't entitled to deference under the so-called Chevron doctrine, a 1984 D.C. Circuit decision that, essentially, calls for agencies to be given the benefit of the doubt when its regulations are reviewed.

Walton found that the FTC violated the Administrative Procedure Act — the law that governs the process that agencies must follow when promulgating rules and regulations — by failing to publish its findings or seek public comment on its application of the privacy provisions to lawyers.

Some Appeal Details

In appeals-court filings, government lawyers contend that they weren't required to explicitly mention lawyers. They argue that the FTC's published definition of “financial institutions” covered by the law includes any firm or individual who is “significantly engaged” in providing various financial services. Lawyers who sell advice on issues like taxes should have understood that they would be covered by the act, according to the FTC.

Steptoe's Roll says, however, that “lawyers would not necessarily think that a banking law would apply to them. It's counterintuitive since they are already subject to a whole regime of state privacy laws.”

Shortly before appealing Walton's decision, the agency agreed not to enforce the provisions against lawyers during the litigation. The decision of the D.C. federal appeals court could change that, when it decides.

“Enough!”

That's what lawyer groups argued earlier this year when they appeared before a District of Columbia federal appeals court to challenge yet another layer of regulation aimed at them.

The American Bar Association and the New York State Bar Association, along with state bars nationwide that support the two groups, asked the U.S. Court of Appeals for the D.C. Circuit to rule once and for all that the Federal Trade Commission (FTC) has no right to hold lawyers to certain privacy provisions in the 1999 Gramm-Leach-Bliley Act.

After all, the lawyer groups argue, the act was specifically designed for institutions that sell financial services, requiring them to notify clients that they won't market or sell private data about them to other companies. Nowhere in the act are lawyers mentioned, the bar associations point out. And, they add, by forcing law firms to adhere to the privacy provisions, the FTC may actually hurt clients rather than bolster their rights.

Some Points of View

With few exceptions, lawyers are licensed and regulated by state bar associations. The bar groups challenging the FTC's application of the privacy provisions to lawyers argue that existing state laws governing confidentiality go further to protect clients than do the federal provisions contained in Gramm-Leach-Bliley.

“It creates uncertainty for clients as to whether the ground rules had changed,” says Steven Krane, a partner at Proskauer Rose in New York whose practice includes legal-ethics counseling and who was president of the New York Bar Association when the suit was filed in 2001.

Krane represented the New York Bar in the argument in May before the D.C. Circuit; Steptoe & Johnson partner David Roll was lead counsel, representing the ABA before the court.

“There is a significant federalism issue here,” Krane says of the suit. “That's not to say, though, that Congress cannot ever regulate lawyers, but I definitely do think this goes to something broader.”

Adds Edward Correia, a partner in the corporate group in Latham & Watkins' Washington, DC, office who drafted his firm's disclosure letter to clients about the rules: “This was a fairly major paperwork burden that was not really accomplishing anything for our clients.”

Regulations and Consequences

And as so often happens with regulations, there have been unintended consequences, lawyer groups say. For instance, in light of the FTC's ruling on the applicability of the privacy provisions to lawyers, attorneys found themselves having to reassure clients that confidentiality still applied to all matters, not just those relating to financial issues.

To the FTC, the matter seems clear-cut: If lawyers give advice on matters like tax and real estate, they have to comply with Gramm-Leach-Bliley.

The law, says the FTC, clearly covers anyone who is engaged in “financial activities.” That language hands the agency a broad mission, says John Daly, deputy general counsel for litigation at the FTC.

“The policy decision is one that Congress made,” Daly says. “We read the statute and think it unmistakably covers lawyers. In our view, if we're going to make an exception to something Congress has done, that's a very difficult thing to do. Almost any law that covers all persons can cover lawyers.”

Daly also notes that attorney-client privilege doesn't always provide better safeguards than the act. Attorney-client rules can vary from state to state, making the uniformity of the Gramm-Leach-Bliley requirements necessary, he says.

Within Reach

The litigation over the Gramm-Leach-Bliley provisions represents both a classic Washington dispute over how federal regulators interpret and enforce a congressional mandate and, say some legal-ethics experts, another example of lawyers' fervent belief that state laws should hold the strongest sway over their professional conduct.

“When the federal government threatens to impinge on the way lawyers do business, there is always going to be resistance,” Michael Frisch, legal-ethics counsel at Georgetown University Law Center, says.

In the summer of 2001, right around the time Congress passed the Sarbanes-Oxley Act — the hallmark corporate-governance legislation that placed specific duties on lawyers – the New York State Bar Association and the ABA started asking the FTC for an exemption from the privacy provisions of Gramm-Leach-Bliley.

The answer: A resounding no, with the FTC telling lawyers to turn to Congress if they wanted such an exemption. Legislation introduced in 2003 by Reps. Judy Biggert (R-IL) and Carolyn Maloney (D-NY) that would shield attorneys from the privacy rules has never made it out of committee.

The two bar associations filed suit separately in 2002 after the FTC denied requests for an exemption for lawyers. The suits were consolidated in the U.S. District Court for the District of Columbia, and the bar associations won an important victory last April when Judge Reggie Walton concluded that “the FTC failed to articulate any explanation, let alone a satisfactory one, for its interpretation” to include lawyers under the Gramm-Leach-Bliley strictures.

Walton also ruled that because the FTC did not publish or seek public comment on its conclusion about lawyers and the privacy provisions – the most typical path for rule-making – it wasn't entitled to deference under the so-called Chevron doctrine, a 1984 D.C. Circuit decision that, essentially, calls for agencies to be given the benefit of the doubt when its regulations are reviewed.

Walton found that the FTC violated the Administrative Procedure Act — the law that governs the process that agencies must follow when promulgating rules and regulations — by failing to publish its findings or seek public comment on its application of the privacy provisions to lawyers.

Some Appeal Details

In appeals-court filings, government lawyers contend that they weren't required to explicitly mention lawyers. They argue that the FTC's published definition of “financial institutions” covered by the law includes any firm or individual who is “significantly engaged” in providing various financial services. Lawyers who sell advice on issues like taxes should have understood that they would be covered by the act, according to the FTC.

Steptoe's Roll says, however, that “lawyers would not necessarily think that a banking law would apply to them. It's counterintuitive since they are already subject to a whole regime of state privacy laws.”

Shortly before appealing Walton's decision, the agency agreed not to enforce the provisions against lawyers during the litigation. The decision of the D.C. federal appeals court could change that, when it decides.