Thank you for sharing!

Your article was successfully shared with the contacts you provided.
A year after they were supposed to start complying with a federal law that protects consumers’ financial information, many lawyers have never heard of the law or are unaware it applies to them. And who can blame them? The Gramm-Leach-Bliley Act, enacted in 1999, is aimed at “financial institutions,” such as mortgage brokers, finance companies, check cashers, collection agencies, credit counselors, tax preparers and financial and investment advisers. It limits disclosure and requires annual notice to customers about information-collection and sharing practices. Initial notices were supposed to go out by July 1, 2001, meaning that annual follow-up notices for those clients were due no later than two weeks ago. In a controversial interpretation of the law, however, the Federal Trade Commission takes the position that the law applies to lawyers involved in tax preparation, real estate settlements and financial advisory services, as well as any other attorneys “significantly engaged” in “financial activities” that involve the collection of financial information about individuals. That probably also sweeps in attorneys who practice in a wide range of other areas, including trusts and estates, bankruptcy, property leasing, elder law and collections work. “We want to make very clear that this does not apply to lawyers as lawyers, only to certain covered activities,” says FTC staff lawyer Loretta Garrison. She describes a “facts and circumstances test” based on “your activity, rather than who you are.” The information must have been obtained in providing services to an individual for personal, family or household purposes. There is also no bright-line rule on what amounts to significant engagement. The criterion was added “to exclude very informal, really de minimis types of activities,” explains Garrison. She warns that does not mean that a large firm that only serves individual clients through, say, its tax group, is exempt because tax is only a small portion of the firm’s practice. Providing covered services in one instance is not enough, for example, while doing it in 100 cases clearly suffices, with the line drawn somewhere in between, explains Garrison. Using the example of the large firm’s tax department, only that department would need to send the notices and only to individual clients, she notes. She also points out that since the July 1, 2001, kick-in date, initial notice must be provided now at the start of the customer relationship, with annual follow-ups, as long as the relationship continues. Failure to send the notices can result in civil fines up to $10,000. Garrison declines to comment on whether the FTC has begun enforcing the law against lawyers or how and when it intends to do so. Her only comment is that the agency’s privacy agenda is to enforce existing laws and that enforcement has been “beefed up” across the board. “How would they know that you’re not complying?” asks Susan McCurrie, a partner with the Kearny, N.J., firm of McCurrie McCurrie & McCurrie. Would they have to come to your office and view your client files, she wonders. It was only in the spring of 2001 that the legal profession woke up to the fact that the FTC intended to hold lawyers subject to the Gramm-Leach law. “It caught a lot of people by surprise,” says immediate past New York State Bar Association President Steven Krane, a partner with New York’s Proskauer Rose. The American Bar Association urged the FTC to exempt lawyers, arguing that the law would burden them without benefiting clients, whose confidences are already well-protected by state ethics codes. The New Jersey State Bar Association also wrote to the FTC on July 13, 2001, urging reconsideration. The agency agreed to take another look at the issue, but its final decision in April denied an exemption based on doubts about its authority to do so. Three weeks later, on April 29, the New York State Bar Association sued the FTC in the District of Columbia for declaratory judgment on the question. The complaint includes allegations that applying Gramm-Leach to lawyers: � is inconsistent with lawyers’ ethical obligations; � is arbitrary and capricious and contrary to Congress’ intent; � violates the 10th Amendment by infringing on an area reserved to the states; and � diminishes client protection by potentially enabling a lawyer who complies with Gramm-Leach to raise a pre-emption defense to breach of state confidentiality rules. The ABA and other bar organizations are also pushing for an amendment to Gramm-Leach to clarify that it was not meant to apply to lawyers. “Everyone we speak to agrees that it was never their intention to have lawyers covered by these privacy provisions,” says Krane. According to Joan Arnold, a partner with Philadelphia’s Pepper Hamilton who was active in national and local bar efforts on Gramm-Leach, clarifying the law’s reach does not seem to be a priority for legislators. The response she got was, “Why would we tell the world we were trying to exempt lawyers from a privacy statute?” With court-ordered or legislative relief a long way off, lawyers are subject to the law for now. George Howell III, a partner with Hunton & Williams in Richmond, Va., and head of an ABA task force on this issue, suggests an “abundance of caution” on compliance. If an attorney drafted a will for someone 20 years ago, and the client is still alive, Howell would send notice. McCurrie says her firm has been sending out notices in real estate cases but she is belatedly realizing that the requirement probably also extends to other areas of the practice, including bankruptcy, elder law and Social Security matters as well as divorce cases. Compliance has been “an added burden” that has confused some clients who wonder whether there is some change in the confidentiality of their files, says McCurrie. “I don’t know why they would want to include us in this,” given that ethics rules already provide greater protection, she adds. A Bergen County, N.J., lawyer who does trust and estates, income tax planning and debt workouts was shocked to learn the law applies to him. The lawyer, who is with a small firm and does not want to be named, says he glanced briefly at a county bar mailing last year that mentioned Gramm-Leach but had no idea the law obliged him to send out notices to clients. “I bet nine out of 10 people don’t know anything about it and most people are not complying,” he says. Some firms, like Latham & Watkins of Los Angeles, have placed the notice on their Web sites, though mailed notice is still necessary. Large firms seem to have an easier time with Gramm-Leach because they can have systems and personnel in place to identify those clients who require notice and to send it out. Jordan Weitberg, a partner with Florham Park’s Bressler, Amery & Ross, says the firm is sending the notice to trust and estate clients along with the engagement letter, and it has not been a problem. He admits, however, that he hasn’t given thought to follow-up notices. Arnold says she raised the possibility of relying on the “significantly engaged” proviso to argue that the firm did not fall within the law. That approach, however, placed firms in “the awkward position of having to tell our estate and gift clients that their revenues were not material,” she says. Instead, the lawyers turned the notice requirement into a marketing opportunity by including it in a newsletter sent to clients. Still, “it annoyed me that we had to spend the time and the paper to send out notices to tell people that we were not going to tell people anything that we couldn’t tell them anyhow,” says Arnold. One lawyer in a midsize Middlesex, N.J., firm, who does bankruptcy and trust and estates work, says she is complying but questions the agency’s good faith in applying Gramm-Leach to lawyers. “There’s a certain regime in charge now. They don’t like lawyers,” she comments. Even those lawyers who think they have gotten the notice part down still seem generally unaware of a second round of rule-making by the FTC this spring that will impose a second wave of requirements in May 2003. The new rules will require those subject to the law to develop a comprehensive information security program by designating staff to coordinate the program, identify reasonably foreseeable internal and external risks to privacy, assess the adequacy of existing safeguards and ensure that contractors and service providers can maintain appropriate safeguards and require them by contract to do so.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.