Close
Enter your
text here

Privacy

It Was Only a Matter of Time Before The Sedona Conference Weighed in on Privacy and Security: eDiscovery Best Practices

When we started this blog over five years ago, privacy and security wasn’t the big topic it is today.  Now, there seems to be a story about a data breach practically every day and privacy is a big issue, especially internationally.  Thankfully, The Sedona Conference® has created a guide to help with this growing issue.

The Sedona Conference Working Group on Electronic Document Retention and Production (WG1) has just rolled out the final release of its new Commentary on Privacy and Information Security: Principles and Guidelines for Lawyers, Law Firms, and Other Legal Service Providers.  As the name implies, it’s a guide for all of us!  I say “final release” because they already rolled out the public comment version back in July and this new guide reflects changes resulting from comments received.  The original public comment version of the Commentary was published in July after more than two years of dialogue, review, and revision, including discussion at several working group meetings.

The Commentary is divided into several sections, including:

  • Section I: A brief Introduction and statement of Principles;
  • Section II: Identifies some of the major sources of a provider’s duty to protect private and confidential information;
  • Section III: Describes a process by which legal service providers may conduct thorough security risk assessments, taking into account the information they possess, the vulnerability of that information to unauthorized disclosures, breaches, loss, or theft, and the way in which each provider may mitigate those threats by adopting a structured or layered approach to protect private and confidential information; and
  • Section IV: Delves into various policies and practices that can address privacy and information security, setting forth processes that can be scaled to the needs and circumstances of an individual legal service provider.

The guide also includes appendices that discuss privacy and security in the Health Care and Financial Services industries.

Of course, the heart of any Sedona Conference guide is its principles – here are the seven principles stated in this guide:

  • Principle 1: Legal service providers should develop and maintain appropriate knowledge of applicable legal authority including statutes, regulations, rules, and contractual obligations in order to identify, protect, and secure private and confidential information.
  • Principle 2: Legal service providers should periodically conduct a risk assessment of information within their possession, custody, or control that considers its sensitivity, vulnerability, and the harm that would result from its loss or disclosure.
  • Principle 3: After completing a risk assessment, legal service providers should develop and implement reasonable and appropriate policies and practices to mitigate the risks identified in the risk assessment.
  • Principle 4: Legal service providers’ policies and practices should address privacy and security in reasonably foreseeable circumstances, and reasonably anticipate the possibility of an unauthorized disclosure, breach, loss, or theft of private or confidential information.
  • Principle 5: Legal service providers’ privacy and information security policies and practices should apply to, and include, regular training for their officers, managers, employees, and relevant contractors.
  • Principle 6: Legal service providers should monitor their practices for compliance with privacy and security policies.
  • Principle 7: Legal service providers should periodically reassess risks and update their privacy and information security policies and practices to address changing circumstances.

Hopefully, these principles will influence providers of legal services to improve their own privacy and security practices.  The PDF guide can be downloaded here and, as always, it’s free!

So, what do you think?  Do you plan to adopt these principles and guidelines for managing security and privacy within your organization?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

“Stealing Signs” in Baseball Takes on New Meaning in the Information Age: eDiscovery Trends

According to an article in the New York Times, one Major League Baseball team has defined a new way of playing “hardball” with the competition – hacking into the network of another team to capture closely guarded information about players.

Front-office personnel for the St. Louis Cardinals, one of the most successful teams in baseball over the past two decades, are under investigation by the F.B.I. and Justice Department prosecutors, accused of hacking into an internal network of my hometown team, the Houston Astros, to steal internal discussions about trades, proprietary statistics and scouting reports, among other competitive information.

According to law enforcement officials, investigators have uncovered evidence that Cardinals employees broke into a network of the Astros that housed special databases the team had built. The investigation is being led by the F.B.I.’s Houston field office and has progressed to the point that subpoenas have been served on the Cardinals and Major League Baseball for electronic correspondence.

In June 2014, the Astros claimed to have been victims of hackers who accessed their servers and published months of internal trade talks on the Internet. It was then that the team began working with the FBI and Major League Baseball security in an effort to identify who was responsible for the breach.

Law enforcement officials believe the hacking was executed by vengeful front-office employees for the Cardinals hoping to wreak havoc on the work of Jeff Luhnow, the Astros’ general manager, who had been a successful and polarizing executive with the Cardinals until 2011, credited with building baseball’s best minor league system, and with drafting several players who would become linchpins of the 2011 world champion Cardinals team.

Investigators believe that Cardinals personnel, concerned that Luhnow had taken their idea and proprietary baseball information to the Astros, examined a master list of passwords used by Luhnow and the other officials when they worked for the Cardinals. The Cardinals employees are believed to have used those passwords to gain access to the Astros’ network, law enforcement officials said.

Doesn’t Luhnow know that an insufficient password will leave you exposed? Or that almost thirty percent of data security incidents are due to human error?

That tactic is often used by cybercriminals, who sell passwords from one breach on the underground market, where others buy them and test them on other websites, including banking and brokerage services. The breach on the Astros would be one of the first known instances of a corporate competitor using the tactic against a rival. It is also, security experts say, just one more reason people are advised not to use the same passwords across different sites and services. It would not be a stretch (7th inning or otherwise) to see attacks like this happen among competitors in other industries. Or even between adverse parties in litigation.

Ironically, the Cardinals are accused of stealing the data last year, when the (dis)Astros were coming off three of the worst seasons in major league history. This year, they’re one of the best teams in baseball, at least for now. Hopefully (at least for Astros fans like me), they’ve improved their off-the-field cybersecurity protocols as well as they have improved on the field.

So, what do you think? Do you expect to see more breaches like this between competitors in various industries? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Defendant Compelled to Produce Employees’ Personal Data in EEOC Dispute: eDiscovery Case Law
 

In EEOC v. DolgenCorp LLC d/b/a Dollar General, No. 13-cv-04307 (N.D. Ill. May 5, 2015), Illinois District Judge Andrea R. Wood granted the plaintiff’s motion to compel the defendant to produce electronically-stored information (“ESI”) containing personal information of the defendant’s conditional hires and complete versions of documents that the defendant previously produced with portions redacted due to purported lack of relevance. She also ordered the plaintiff to produce documents previously withheld due to privilege for an in camera review.

Case Background

In this employment discrimination case, the plaintiff filed a motion to compel the defendant to produce ESI regarding conditional hires, including electronic data with names, social security numbers, addresses, and telephone numbers. The EEOC also asked the court to reproduce certain ESI that Defendant redacted due to purported lack of relevance, contending that it needed the ESI to prove its allegations that criminal background checks for African-American applicants had a disparate impact and violated federal law. While admitting that the information was relevant to the litigation, the defendant argued that producing this information would infringe on the privacy rights of the applicants. With regard to the redacted documents, the defendant argued that the redactions should stay because the information was proprietary and not relevant to the litigation.

In turn, the defendant filed a motion to compel the plaintiff to produce certain statistical analyses during the plaintiff’s investigation to determine whether to issue a reasonable cause determination of discrimination – these documents were not produced as they were deemed deliberative process and attorney work product privileged.

Judge’s Ruling

With regard to the personal information requested by the plaintiff, Judge Wood stated that the plaintiff “has established that the personal information it seeks is relevant to this litigation. The requested data fields are unquestionably calculated to lead to the discovery of admissible evidence by permitting the EEOC and its experts more effectively to analyze the statistical impact of Dollar General’s use of criminal background checks. As explained above, the information sought will be used to link several large databases together, allowing the EEOC to perform its disparate impact analysis. It will also permit the EEOC’s experts to analyze whether non-racial demographic factors may have caused a statistical impact.”

As for the defendant’s motion to compel, Judge Wood stated that the “Court is unable to determine the legitimacy of the EEOC’s deliberative process and attorney work product assertions without reviewing the documents in question. Accordingly, the Court orders the EEOC to deliver copies of the withheld documents to the magistrate judge (who is now responsible for supervising discovery) for in camera review. Upon reviewing the documents along with the EEOC’s privilege log, the magistrate judge will determine the applicability of the asserted privileges in light of the governing legal principles.”

So, what do you think? Was the court correct in ordering production of the personal information, or should the privacy rights of the individuals have taken precedent? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Law Departments and Law Firms Getting Smarter About Data Privacy and Security, According to Huron Legal: eDiscovery Trends

How are recent trends related to data privacy and security affecting the legal industry? Though one recent report was critical of law firms for failing to disclose data breaches, according to a new Q&A from Huron Legal, law departments, and law firms are getting smarter about addressing data privacy and security issues.

The new Q&A with Huron Legal director David Ray is titled Data Privacy and Security in the Legal Industry and discusses the efforts law departments, law firms, and other service providers are making to protect sensitive and confidential data.

“By nature, the legal industry deals with a large amount of potentially sensitive information, and as a result, data privacy is becoming increasingly more important,” said Ray, a data privacy and security expert. “Traditionally, legal professionals have seen themselves as somewhat immune to these issues. However, the increased overall focus on privacy and recent data breaches is affecting the legal sector just like any other. Law departments, law firms, and legal vendors are recognizing this growing pressure and have started to make changes accordingly.”

According to Ray, the five biggest trends in data privacy in the legal industry are in the following areas:

  • Law Departments are Getting Wiser: Law departments are becoming increasingly more involved with privacy issues as well as data breach responses and, accordingly, becoming wiser consumers of external legal services. Unsurprisingly, they are placing the information governance practices of their suppliers under much greater scrutiny than ever before.
  • Vendor Information Governance Scorecards: In fact, law departments are more often using metrics and scorecards to evaluate law firms and legal service vendors with the expectation they can meet or exceed the same privacy and security practices expected from non-legal service providers elsewhere within the organization. Scorecards allow organizations to know that the information that goes outside their walls is secure and protected by the appropriate practices.
  • Law Firms See Opportunity Rather than a Threat: One might expect to see pushback from law firms on newer stringent data security requirements. However, law firms seem to be responding to these heightened client demands and seeing them as a differentiator when competing for business. Demonstrating an ability to deal with sensitive and often high-value matters from an information perspective makes sense.
  • Legal Vendors are Playing Catch-up: Legal vendors are largely playing catch-up in data privacy issues. For a long time, the tools they provided for legal services were narrow. But now legal vendors need to rise to the same challenge. Additionally, these vendors need to design both the software and processes with privacy in mind, consulting the “privacy by design” principles before they become hindrances to the sale of services.
  • Data Privacy is Fast Moving: The most important consideration when dealing with privacy and security is understanding that it is an evolving field. The definitions and laws are changing, both within the U.S. and abroad. Everyone in the legal industry needs to be prepared for change and to be flexible. The laws today may be different in two years, so planning with that in mind is critical.

The full Q&A can be found here, with a podcast of the Q&A available here.

So, what do you think? Do you think the legal industry has made significant strides in dealing with data security and privacy? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Ralph Losey of Jackson Lewis, LLP: eDiscovery Trends

This is the seventh of the 2015 LegalTech New York (LTNY) Thought Leader Interview series. eDiscovery Daily interviewed several thought leaders at LTNY this year and generally asked each of them the following questions:

  1. What are your general observations about LTNY this year and how it fits into emerging trends? Do you think American Lawyer Media (ALM) should consider moving LTNY to a different time of year to minimize travel disruptions due to weather?
  2. After our discussion last year regarding the new amendments to discovery provisions of the Federal Rules of Civil Procedure, additional changes were made to Rule 37(e). Do you see those changes as being positive and do you see the new amendments passing through Congress this year?
  3. Last year, most thought leaders agreed that, despite numerous resources in the industry, most attorneys still don’t know a lot about eDiscovery. Do you think anything has been done in the past year to improve the situation?
  4. What are you working on that you’d like our readers to know about?

Today’s thought leader is Ralph Losey. Ralph is an attorney in private practice with the law firm of Jackson Lewis, LLP, where he is a Shareholder and the firm’s National e-Discovery Counsel. Ralph is also a prolific author of eDiscovery books and articles, the principal author and publisher of the popular e-Discovery Team® Blog, founder and owner of an online training program, e-Discovery Team Training, with attorney and technical students all over the world, founder of the new Electronic Discovery Best Practices (EDBP) lawyer-centric work flow model. Ralph is also the publisher of LegalSearchScience.com and PreSuit.com on predictive coding methods and applications.

What are your general observations about LTNY this year and how it fits into emerging trends? Do you think American Lawyer Media (ALM) should consider moving LTNY to a different time of year to minimize travel disruptions due to weather?

It seems to me that attendance is up. I got here a little late, but I was only delayed two hours – I know that some were delayed as much as two days. Despite that, I think it was a good turnout. When I was walking the floor, there seemed to be crowds of people, so I think it was pretty well attended this year.

The programming this year had a slightly different orientation. I had a presentation on predictive coding (which I’ve presented on predictive coding topics for the last four years or so) and, in past years, it seemed that my presentation would be one of a dozen or more at the show whereas this year, it seemed like there were only three or four presentations on predictive coding. So, maybe the “fad” part of predictive coding is over and more people are into the topic in depth. The presentation that we gave was more on an advanced level – we didn’t discuss whether or not you should use it or review the basics; instead, we went into a deeper level. And that was fun for me to do.

Instead, I think the hot item this year was information governance, which is somewhat of a general “catch-all”. Then, the other two things that I saw in the presentations and in the “buzz” on the floor when talking to people were two things that I’m very concerned about as well: security (cybersecurity is the word I prefer to use) and privacy. I think those are two long-term issues that have been brewing and are now coming to the forefront where lawyers are realizing that these are important issues that are coming out of technology.

As for whether they should consider moving the show, well, I’m from Florida and I love to see snow every now and then – it’s a real rarity where I live. I left a 72 degree paradise to arrive here and it was 18 degrees. In spite of that, I think the show should remain in New York at this time of year and I fully believe that this is the event of the year. If anything, I think it’s growing in importance. For me, the older I get, the more I try to limit my travel and appearances and this would be one that I would not take off my list of must attend events, if for no other reason than because everyone is here. I love walking around and running into judges and old friends, so that is one of the reasons that I think it is the premier event of the year.

After our discussion last year regarding the new amendments to discovery provisions of the Federal Rules of Civil Procedure, additional changes were made to Rule 37(e). Do you see those changes as being positive and do you see the new amendments passing through Congress this year?

I don’t think there will be any issues passing the rules amendments through Congress, I think they will sail through and be part of our rules soon enough. I don’t really feel that the rules changes will make that much difference. I just recently litigated the existing Rule 37(e) and in my memos, I quoted the new Rule 37(e). At the end of the day, it didn’t really make any difference in the court’s adjudication whether it was the old rule or the new rule. So, I still continue to think that the changes are a positive move, but I don’t think they will be a savior or “cure-all” that people might hope. In that sense, I may be a little pessimistic about it. I’ve seen rules changes before, such as ’06.

This leads to a slightly different topic, but I ultimately feel that all these (as I call them) cosmetic rules changes will fail. I think that, in maybe ten years, there is going to be a major overhaul. I think the rules committee and the federal judges will realize that you can’t just do these periodic slight “tweak” of the rules. I think they will eventually consider and, possibly enact, a complete overhaul or our rules and procedures – focused on discovery. I don’t think discovery is working and I don’t think the discovery rules are really working and I don’t think that they can be patched up. They’ve been trying to patch up discovery for 35 years now with various rules changes and they’ve never worked. I have no reason to believe that 2015 will be any different than 1989 or before that. I think that they’re going to be forced to take drastic measures. That’s my prediction – we’ll see.

Last year, most thought leaders agreed that, despite numerous resources in the industry, most attorneys still don’t know a lot about eDiscovery. Do you think anything has been done in the past year to improve the situation?

In my world (which is a fairly large world, but it’s all in employment law), I see employment law cases all over the country of an asymmetric type: small plaintiff against the big corporation. The change that I see is mainly on the corporation defendant level – they are getting their acts together much better on the preservation front. In fact, all across the whole spectrum, the corporations are slowly but surely getting there. There is still a long way to go, but I do see improvement. I see improvement in the defense bar in general and, of course, with my own attorneys, which for five years I have put through intensive training. We have 800 lawyers and I would say that 600 of them are litigators, so, after five years, there are certain things that have penetrated and they have developed a core level of competence, particularly on preservation. Preservation is in every case, so that’s the most important thing to get down pat and I have seen definite improvement in that.

Now, on the plaintiff side, it’s still amazingly slow. The plaintiffs’ bar is slow to catch up, they are still untrained and, for the most part, unknowledgeable. And, some of the ones that are active in eDiscovery are using it as a tool to be a “pain in the ass” really. They’re not doing it for true discovery; instead, they’re doing it more as a harassment tactic. And, they don’t really know what they’re doing. So, we have to deal with that. On the other hand, we are seeing more and more sincere plaintiff’s counsel too, so it’s not all bad. Just not as many as we would like, since cooperation really is the best way to go.

But, we are also seeing situations where we’re making requests and wanting to see the Facebook pages and wanting to see the plaintiff’s email. Although it is still asymmetric, there essentially isn’t a plaintiff in the world that doesn’t have an email account. We still need discovery from them. The impact is what I call the “boomerang effect” – be careful what you throw out there, it can come back right at you. When the tables are turned and we ask the plaintiff’s counsel “what are you doing about preservation”, we get big blank stares. In a way, the fact that the plaintiffs have their own ESI has leveled the playing field a bit.

What are you working on that you’d like our readers to know about?

I’d like the readers to check out what I’m working on to create a best practices and standards for the legal practice of electronic discovery, and I call that Electronic Discovery Best Practices (EDBP). It’s not EDRM, it’s about what lawyers do. That’s what I’ve been doing for the past eight years, helping lawyers do electronic discovery. That continues to evolve.

The thing that’s new that I’ve been working on is cybersecurity. So, one of my websites is eDiscoverySecurity.com where I talk about the need for lawyers and companies when they’re doing eDiscovery to be concerned about keeping it secure. We’re often assembling very sensitive documents, which are a target for hackers, including foreign governments. The Chinese are famous for this and law firms are being hacked. The final thing that I would point out is that I’ve got HackerLaw.org, which is another new web site that I’ve created associated with my interest in cybersecurity. I consider myself a “hacker” in the positive sense of someone who is hands on, working with computers – that’s what “hacker” really means. But, there’s also the “dark hat” hackers that are my enemies and there’s a whole war going on out there. This site pertains to that and also talks about the positive side of being a hacker (for example, Steve Jobs and Steve Wozniak were proud to call themselves “hackers”). Believe it or not, the term “hacker” started out in model railroading – the famous computer lab at MIT grew out of the model railroad club at MIT. They were hands on building railroad tracks and, out of that grew the whole computer culture – little known historical point.

As for the e-Discovery Team® Blog, the three part series that I just finished on ei-Recall was the hardest blog post series that I have ever written. I put a lot of time into it as a public service because I worried about what is the best way to confirm and verify your results when you’re doing a review. I call it “Quality Assurance” and there are so many ways to do it that I came up with this approach for recall and consulted a number of scientists during the process. I didn’t do it because I’m trying to sell anything. But, I hope it will become the de-facto standard and I wrote it, at length, so that anybody with a little study can do it on their own. People have started to tell me that they have studied the blog and are starting to do it, so that’s encouraging. The whole point of “I’ve attained 80% recall” – that’s wrong, you can never know exact recall, it has to be a range. I’ve had some scientists after the fact tell me that’s what they’ve been doing all along, they just didn’t call it “ei-Recall”. You only calculate it at the end of a project, but that’s when you need to do it. So, I think it has been one of my major accomplishments and I hope everyone will check it out.

Thanks, Ralph, for participating in the interview!

And to the readers, as always, please share any comments you might have or if you’d like to know more about a particular topic!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

If You Have a Flashlight App on Your Phone, You Need to Read This – Mobile eDiscovery

Yesterday, we discussed a case where a company faced a recommended severe default judgment sanction, in part because of the company’s failure to preserve data on “bring your own device” (BYOD) personal smart phones used by employees for work purposes.  This is merely one challenge associated with BYOD policies in organizations.  Another is the greater potential for spyware to capture data through installed apps.  Here is one reported example.

If you have a smartphone or tablet, you probably like to install various apps for everything from tracking your fantasy football team to playing games to keeping up with friends on Facebook or Twitter.  You can even use your smartphone as a flashlight, I do.  Apparently, doing so may introduce spyware onto that smartphone, especially on Android phones and tablets, if you believe one company’s new report.

At the beginning of the month, SnoopWall issued a threat assessment report entitled Summarized Privacy and Risk Analysis of Top 10 Android Flashlight Apps, where they stated that they tested and installed the Top 10 Android Flashlight Apps on various smartphones and tablets and found that all of the applications that they tested appear to obtain access and information way beyond the needs of a Flashlight. According to SnoopWall, some appear specifically designed to collect and expose your personal information to cybercriminals or other nation states, taking permissions to do everything from modifying or deleting USB storage contents, modifying system settings, control vibration, disable your screen lock and capture GPS and network location.  At least one of them has been sued by the FTC for doing so.

If you believe the report and you’re using your smartphone for work purposes, that potentially puts company data at risk as well.  If you’re using one of those flashlight apps, SnoopWall’s strong recommendation is to uninstall it immediately.  They also note that you might need to reset your phone completely after the uninstall or even go to FACTORY RESET or a WIPE.

They also provide a list of what we think are best practices for increasing privacy and security on your device without spending any money, but they vary in practicality (#5 is to “either put masking tape over your webcam and microphone when not in use or pull the battery out of your smartphone when you are not using it” – not exactly practical).

As for the Apple iPhone and iPad or Microsoft WindowsPhone flashlight apps, SnoopWall states that the “flashlight app pre-installed on the Apple iPhone appears to be safe”, but notes that in both the iTunes store and on the Windows Phone app store, third party flashlight apps access various hardware ports including Webcam, Location Services and GPS.  So, there are stated risks on those platforms if you are using those apps.

Conveniently (hmmm), SnoopWall has developed their own free flashlight app, touted to install no ads, spyware or “bloatware”.  They also offer privacy apps that they state are designed to find apps that are spying on you, protect you when conducting financial transactions on your mobile device, etc.

Is it true?  Or is it just a very clever marketing campaign?  The myth debunking site Snopes states that these apps are pre-screened for malware, while acknowledging that one specific flashlight app was cited by the FTC for selling data to advertisers (that case was settled last December).

So, what do you think?  Do you have a third party flashlight app on your smartphone or tablet?  If so, how seriously do you take the report from SnoopWall?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.