Earlier this week, the U.S. Attorney for the Southern District of New York announced charges in four separate insider trading cases involving nine targets.

Relevant here is the case against Seth Markin (pdf), who is accused of looking through his then-girlfriend’s confidential work documents. The girlfriend, who is not named in the indictment, was an associate at a Washington DC law firm. The couple did not live together, but Markin spent significant time at her one-bedroom apartment, sometimes alone.

Due to covid-19 restrictions, the girlfriend worked from home. According to the indictment, she kept work documents in plain sight and sometimes took work calls on speakerphone. Markin “abused his relationship of trust and confidence with his girlfriend” and misappropriated information concerning a pharmaceutical company acquisition. He tipped off a friend (who was also charged), and the two purchased significant amounts of stock of the company to be acquired.

I’ll leave the insider trading analysis to my white collar prosecution/defense colleagues, but there are some lessons to be learned here.

The duty of confidentiality is a 24/7 rule and applies regardless of whether you’re working in an office or at home, or anywhere else. I’ve long advised lawyers who work from home to have a separate space (preferably with a door that closes and reasonable sound privacy) and to keep their family and roommates away from papers and electronic devices. When you live alone and clean up before guests come over, you may have a little more freedom to leave your documents on your dining room table. But, here, that’s not what happened.

I’ve mentioned this before, but there is no spousal exception, and certainly no romantic partner exception, to 1.6. Unless they work for your firm or your client has provided informed consent, your work stuff is your work stuff and needs to be off limits.

Still, Rule 1.6 requires lawyer to take reasonable measures to prevent unauthorized access to client information, and tangentially, Comment 8 to Rule 1.1 requires lawyers to stay aware of risks and benefits of, and changes to technology. What does this mean for working from your own home around people you trust? More will likely come out about Seth Markin and the girlfriend, but based on the indictment, he was probably very charming and she, pretty naïve, leading to a perfect storm.

I don’t think it’s wrong, generally, to trust your spouse or partner not to actively snoop in your office, computer, or file cabinet when you have taken steps to protect the information (the fact the girlfriend allowed Markin to be in her apartment without her is, well, something people do in relationships); if they defeat your passwords and locks and breach your trust, that’s on them. Still, those passwords and locks should be there, just as they are in your office. Leaving sensitive documents where you know someone else can access them without any effort is another thing altogether.

Finally, news like this may spook some law firm risk managers into rethinking their remote work policies. An indictment for insider trading based on these facts is an outlier, of course, and newsworthy in part because it’s so egregious. Remote work still works for many lawyers and law firms, and strict in-person rules may hamper recruitment and retention effort. Before dialing back work-from-home policies, look at training. Even those of us not dealing with hundred-billion-dollar mergers could use a refresher.