Category: Legal Technology

A Simple Guide to Exactech Hip, Knee and Ankle Replacement Lawsuits and Settlements

How Do I Know If I Have a Exactech Claim?

STEP 1: Obtain Medical Records

We have written extensively about the different types of defects in certain Exactech products, and the various causes of those defects, particularly to the polyethylene (plastic) liners of those products. Regardless of whether you are dealing with a hip, knee or ankle replacement, the first step in figuring out whether you have a potential claim is to confirm which type of Exactech product (and the components of that product) that you had implanted.

There is a simple way to do that. Whenever doctors use a medical implant or device, like a hip, knee or ankle implant, it comes in its own shiny new box (as you can imagine, a lot of marketing goes into the packaging of these extremely expensive products).

The box has stickers on it that specifically identify everything about the product (manufacturer, model, lot number, etc.). The surgeon takes the sticker off of the box and attaches it to the Operative Report. Consisting of only a few pages, the Operative Report is a basic summary of your joint replacement operation. The stickers are usually attached to the last page of the Operative Report. You can go to your medical provider and ask for your Operative Report (this should only take a couple of days to receive), or you can retain an attorney to formally request your operative report (this will take a few weeks).

Helpful hint: medical providers are only responsible for keeping records for a certain amount of time. If your operation happened a relatively long time ago (longer than seven years), it will be much more difficult to get the records.

STEP 2: Identify the Exactech Implant

Now that you have a copy of your Operative Report with the identifying stickers, you need to compare your Exactech implant to a list of Exactech products that are recalled, alleged to be defective or are otherwise part of the pending nationwide litigations.

Again, some of the recalled product liners are subject to premature deterioration and failure because the packaging exposed them to oxygen, and some of the (hip) liners just did not last as long as they should have. As these products have been used in tens of thousands of procedures over many years, this obviously caused, and continues to cause, serious problems in patients – including osteolysis, or bone loss.

Exactech has a website that allows you to search your implant in its recalled products list. The website also contains the recall and warning letters that should have been sent to your doctors. Finally, the Exactech website encourages patients to submit claims for defective implants through a company hired by Exactech, named Broadspire.

STEP 3: Is Revision Necessary?

Now that you have identified your Exactech implant as one of the products that are alleged to be defective and are part of the pending nationwide litigations, you have to be able to show you suffered damages that require a revision of the implant. In this case, “revision” basically means that a doctor has found it necessary to go in and try to fix or replace part or all of your defective Exactech implant.

Unfortunately, every surgical procedure has a risk of complications. Just experiencing an injury, such as an infection at the surgical site, is not uncommon and does not always mean that your injuries are attributable to a defective Exactech product. So, you will also have to be able to show that the failure of your implant was caused by the premature breakdown and failure of the plastic liner of the implant.

STEP 4: Contact an Attorney

Now that you have determined that you have a defective Exactech implant that required (or will require) revision, you will want to get some legal advice. Two things to keep in mind: 1) make sure to talk to a law firm that specializes in Exactech hip, knee and ankle litigation; and 2) do not wait – there are different deadlines and statutes of limitations that apply to your claim. Do your homework and research the firm you will be working with – there is a good chance it will not be the same lawyer that handled your last speeding ticket, or one of the 800 numbers that flash across your television screen late at night. Put this on the top of your pile of things to do. Only bad things can happen if you wait too long to pursue a claim.

COPYRIGHT © 2022, STARK & STARK
For more about personal injury cases, visit the NLR Litigation section.

10 Law Firm Newsletter Ideas to Attract Clients

How to Start and Grow a Newsletter for a Law Firm

Email marketing often gets a bad rap. After all, we all know the annoyance of getting spam and promotional emails. Much of this content just ends up deep in our inbox. The same can happen to newsletters… especially boring ones.

Don’t let your law firm email newsletter fall to this fate. In this guide, I’ll talk about how to start a successful newsletter and use it to attract clients.

Plus, you’ll get 10 content ideas for creating an engaging newsletter.

Why start a newsletter?

A study conducted by Law Technology Today found that 86% of law firms fail to collect an email address when they acquire a new lead. Starting an email newsletter is one way to prioritize growing your email list and taking down information to nurture users into potential clients.

With this in mind, an email newsletter is about more than just sending a generic email every month; instead, it can be an effective tool for drumming up new business for your law firm. It also gives you a medium through which you can share firm news, build trust with your subscribers, and establish your law firm’s brand.

Benefits of starting a law firm newsletter

Email newsletter marketing offers many benefits to your law firm. Beyond simply sending updates to your email list, an email newsletter can bring the following perks:

  • Connection – A law firm newsletter builds connection with your new and potential clients by telling them more about your firm and offering a way for subscribers to respond directly to your email.
  • Traffic – An effective newsletter can work to drive more users to your website and social media pages.
  • Sales – Newsletters offer a convenient way for subscribers to reach out to your firm, increasing the likelihood that they will turn into new clients.
  • Community – Sending a consistent newsletter can help drive users to your social media accounts, therefore growing your community and visibility on social.
  • Reputation Management – Email provides an avenue for you to build rapport with your audience, get ahead of bad PR, and ultimately build trust in your firm.

How to write a law firm email newsletter

Before you sit down and start typing away at your newsletter, you’ll want to understand the fundamentals of what it takes to write and market a great newsletter. Here’s how to get started.

Define your target audience

Generalism is the killer of many marketing campaigns. If you don’t define your target audience – that is, the interests and persona of the people you are trying to reach – you risk offering the wrong type of content to the wrong audience. And disjointed messaging won’t bring the client-generating results that you want.

Instead, you’ll want to brainstorm a few factors to ensure you are writing for your ideal audience. These factors include:

  • What types of legal services your audience is interested in
  • What legal issues they are struggling with most
  • What questions they’re likely to have about the legal process
  • What their goals are when it comes to hiring a lawyer
  • What interests they have in understanding law, the legal system, etc.

If you’ve been in your field for a while, you’ll likely have an idea of how to answer these questions. If you’re more green, you can always ask your network, social media followers, and existing clients some of these questions to better understand their interests.

Grow your email list

Of course, before you can see results from an email newsletter you’ll need an audience to send it to! Now, building an email list organically takes time, but it’s worth it to build a list of subscribers who are actually interested in your content.

Never buy email subscribers, as these will likely be dead accounts or otherwise users who will never work with you. Instead, invest in blogging and website marketing in order to grow your community organically.

Here are some tips for growing your law firm email list:

  1. Embed a signup form on your website in order to capture users’ contact information (at the very least, their email address and name)
  2. Publish helpful blog content to drive organic search engine traffic and traffic from social media
  3. Offer downloadable content – like PDFs, infographics, guides, etc. – behind a sign-up wall to encourage users to subscribe
  4. Use email marketing software like Mailchimp to add email list signup forms to various pages or articles on your website
  5. Offer value with impactful content. If you’re able to demonstrate that you are an authority in your industry, people will be excited to subscribe for future updates

Plan your content

With your target audience in mind, you can begin to plan your newsletter content. I highly recommend choosing a “theme” and then building out a newsletter based on that theme.

For example, one month you may decide to talk about common mistakes people make in hiring a lawyer. So, you write four newsletters over the course of the month – each one addressing a different ‘mistake’ people make and how to avoid it.

You can use a notebook, Google Doc, or spreadsheet to plan your content and keep organized. Try to plan at least a month in advance so you are prepared with content ideas ahead of time. You can even write your content and schedule the delivery weeks or months out.

Write your newsletter

Whether you consider yourself a good writer or not, drafting a great email newsletter is relatively simple. There are just a few tips to keep in mind to help you produce engaging content every time:

  • Write an eye-catching subject line. Rather than simply say “newsletter”, you can include the actual subject of your email (e.g. ‘Don’t make this mistake…) to entice subscribers to click
  • Make it “scannable”. Instead of typing a long wall of text, break your email content into shorter paragraphs, sentences, or bulleted lists. This makes it easier for readers to ‘scan’ your content and find the content they are interested in.
  • ‘Close the loop’. This is a concept I got from an email copywriter. Open your email with a ‘hook’ – could be a tip, a question, or an intro to a story – and then resolve the hook at the end of your email. For example, you could open with “Many clients make a huge mistake in hiring a lawyer…” and then at the end of the email you say “Don’t want to make that mistake? Here’s how to avoid it…”. This keeps readers interested from start to finish.
  • Add a link. Include links to related blog posts, social media posts, videos, etc. to drive traffic to your other channels.
  • Include a call to action. Either encourage readers to respond to a question (e.g. “What do you think about…?”), contact you directly (e.g. “Respond now to schedule a consultation”), or visit your other platforms (e.g. “Visit our website to learn more about…”).

Use an email platform

Email marketing software like Mailchimp and ConvertKit makes it easy to write, format, schedule, and deliver your newsletter content. There’s no need to create a long CC chain to your subscribers and send your email manually. These tools allow you to send your newsletter to an entire list, schedule the delivery date, add media, and more.

Preview and test your newsletter

It’s always a good idea to preview your newsletter to check if you made any mistakes. Further, send yourself a test email to make sure there are no delivery issues. You can then also see how your newsletter looks on different devices and decide if you need to change up your content.

Send it out

Once your email template is complete, give it a final once-over for any selling issues or mistakes. When you’ve double-checked your content, you’re ready to send it to your email list.

Track results

Most email marketing tools will also provide analytics regarding your email open rate, subscriber growth, or unsubscribe rate. These metrics will help you determine the success of your newsletter and make adjustments over time. For example, if you see that your open rate is low, that may mean you need more engaging subject lines. Or, if there have been a lot of unsubscribes, this may mean users aren’t enjoying your content.

Try these creative law firm newsletter ideas

Now, the funnest part of publishing an email newsletter is the amount of creativity there is in thinking up content ideas. I strongly encourage you to be adventurous with your newsletter and not be afraid of veering from the same old script.

Here are some creative law firm newsletter ideas for you to consider:

1. Topic series

Produce a series of newsletters that cover a primary topic. For example, you can commit the month of November to talk about “DUI FYIs”, in which you reveal helpful tips in addressing a DUI over a series of emails. This approach gets subscribers looking forward to your upcoming emails and makes it easier for you to plan your content.

2. Q&A

The legal process can be super confusing for clients and the general public. With this idea, you can address a single question and answer via email over the course of the campaign. Again, this can encourage users to look forward to your upcoming Q&A sessions.

3. Interviews

Know an industry expert who has a perspective to share? Highlight this individual and provide value to your audience by including an interview in your newsletter. You can do this several times in your email marketing strategy. And, it can get subscribers to ask questions to your email campaign, which is great for deliverability and engagement.

4. Email course

Some topics warrant a deeper explanation. For subscribers wanting to learn more about the legal process or a particular topic, you can offer a multi-step email course. They will have to open each email to get new nuggets of information and to complete the course.

5. Videos

It’s no secret that today’s users love video content. Including videos in your emails is a good way to improve open rates and direct users to your video (typically, your YouTube channel or website). Be sure to include “Video:” in your email subject line to encourage subscribers to one your email.

6. Templates

Many email marketing platforms offer professional-looking email templates you can use so you don’t have to design your newsletter from scratch. A great-looking email could encourage users to engage with your content. Typically, these templates include social media icons as well, which can direct more traffic to these platforms. You can update colors, fonts, logos, images, and more.

7. ‘Get to know me’

When new subscribers join your newsletter, they may not know much about you. A “Get to know me” email can help introduce them to you, your interests, and your approach to law. Keep it fun by sharing interesting facts about yourself, likes and dislikes, hobbies, or whatever you think will be exciting to your audience.

8. Meet the team

Similarly, you can run a “Meet the team” series to introduce your entire staff to your list. This is a great way to build trust and provide that added human connection. If you have a large staff, consider breaking this out into several emails for even more content.

9. Storytime

Email subscribers love a good story. Now, while you don’t want to share any confidential information about your cases, you could share lessons learned from the industry, funny office stories, or a personal life story. You can even slowly tell the story over a course of emails to keep readers interested.

10. In the news

We’ve all come across hot news stories where celebrities land themselves in legal trouble or a large company is going under. Turn trending topics into legal lessons, offer your own unique spin, and make the legal process more relatable to your readers. We are all talking about these pop culture stories anyway, might as well use it for great email content!

Email newsletters build connection with your audience

An email newsletter is one of the best ways to build trust and connection with potential and existing clients. Remember, subscribers care less about “marketing content” and more about the value your firm can provide, the stories you tell, and how you can help them navigate their legal woes.

So, keep things fun and interesting with creative email content. Try different media, switch up topics, and, above all, stay consistent so you nurture a strong, engaged audience.

Copyright 2022 © Hennessey Digital

Article By Jason Hennessey with Hennessey Digital.

For more articles about law firm management, please visit the NLR Business of Law section.

A Lawyer’s Guide to Integrated Marketing

Like many lawyers, I did not learn about marketing in law school. I knew nothing about communications or media relations before law school, either. When I graduated and began practicing at a boutique matrimonial law firm, there was no internal or external marketing resource, and no direct conversations or plans about public relations or branding. One founding partner talked about the importance of reputation for connecting with potential clients and how his connections in the legal community resulted in many referrals, but he never mentioned marketing.

Yet, as I tagged along to bar association meetings, drafted articles that the partner published in a legal journal, and received encouragement to network at Inns of Court sessions, I saw this side of legal practice come to light. We didn’t call it marketing, or PR, and it was well before social media, but I understood that the partner was intentionally marketing the practice and generating awareness of the firm’s experience — an effort that resulted in new client engagements.

When I decided to leave law after a few years, I enrolled in a New York University course about marketing for professional services. As luck would have it, the instructor was Deborah Brightman Farone, an extraordinary legal marketer then and now — she was inducted into the Legal Marketing Association’s Hall of Fame at the organization’s 2022 annual conference. Deborah introduced me to the field of law firm marketing, and since then, I have worked with hundreds of lawyers and professional marketers on business development and integrated marketing plans, and have helped them make marketing part of their daily practice.

Most lawyers need to understand what this marketing thing is all about. I see firsthand their appreciation for the importance of building client relationships, cross-selling expertise within the firm, and networking. However, I don’t see an understanding of the terms and tactics of legal marketing as often. I think that with so much to learn in law school, there just isn’t time to learn the business side of law. Once a lawyer is practicing law, there may be little direction about how to reach prospects and referral sources, stand apart from other lawyers doing similar work, and find time to “market oneself.”

I frequently read articles where lawyers describe their routes to becoming partner or managing a practice or office. The words “PR” or “marketing” may not appear in their answers, but as someone who has advised lawyers about practice growth for more than 20 years, I know that positioning themselves as knowledge leaders played a role in the success of their relationship-building and practice development. And that, of course, is marketing.

This article will take you through five steps I always examine with lawyers who are just getting started with marketing, or participating in a firmwide marketing program.

  1. Acknowledge the Need for Education

Earning a JD and passing the bar exam prepare a lawyer for the practice of law, but not the business of law. My colleague Vivian Hood recently wrote, “Law schools focus on teaching the art of law, and not so much on the art of connections.” Courses about marketing, public relations, or social media are not part of the law school curriculum. Rather, law school teaches students to read cases and apply precedent, analyze facts and frame arguments, and spot the real issues and see the red herrings. Likewise, legal writing courses, moot court competitions, internships, and other hands-on work prepare them for practicing law. Their understanding of marketing may extend to billboards they see on their way to work, law firm ads in legal journals, or networking events with bar associations.

Lawyers know how to practice law, but do not know what marketing is or how it supports business development and revenue. Education is the first step to heightening awareness. On many occasions, I have explained how PR works so lawyers understand the events that result in being quoted in a trade publication, or the behind-the-scenes steps that go into earning a speaking engagement at an industry event.

  1. Discuss Perceptions of Marketing

The only way to know how an attorney perceives marketing is to ask, and then provide guidance about worthwhile and suitable marketing efforts.

Lawyers often shy away from marketing because they associate it with sales. My colleague Glennie Green explains, “Most attorneys envision some sort of sales when the idea of marketing and business development comes up. They see car salespeople, or aggressive pitches for timeshares. But that is the wrong mindset. Business development is not sales. Business development is cultivating and nurturing relationships.”

Relationships can be built in many ways. A common misconception is that marketing success is based on the ability to be a natural rainmaker who can walk into any room and instantly make connections for the firm. That belief can create unrealistic expectations and undue stress, because rainmakers are few and far between. Relationships can be built and nurtured without that unique rainmaker quality. Everyone adapts to situations differently ­— some of us are introverts, others extroverts, or a combination of traits.

  1. Assess the Impact of Previous Experiences

Lawyers may base their perceptions of marketing on prior experiences. Lawyers have told me, “I wrote many articles in the past, and they never amounted to any new business.”

“I traveled to speak at a conference, and not a single attendee turned out to be a new client.”

“I did an interview with a reporter who misquoted me.”

“I have a LinkedIn profile, but I’m not interested in doing anything with it; it’s just like Facebook.”

Many people fear failure, and many transactional lawyers and litigators are driven by winning. It is no surprise, then, that lawyers question the value of something that has not been a winner in the past. Understanding and acknowledging these hesitations can lead to productive discussions about marketing and, more specifically, about techniques that may be better suited for the lawyer.

  1. Discuss the Time Commitment

The billable-hour model of legal practice can affect a lawyer’s availability to market their practice. Too many business-driving commitments will inevitably frustrate a lawyer and diminish the success of marketing. It’s better to work with a distinct set of action items that can take only a few minutes a day rather than many hours each week.

Glennie Green has helped lawyers identify their advocates — assistants, paralegals, the firm’s librarians; people they can partner with to achieve their action items. One managing partner with a busy practice serves as an example of this effort. “He has made a commitment to conduct a certain number of meetings a month with current and potential referral sources,” she says. “He enlists a paralegal in the office to help schedule those meetings, as well as maintain his ‘marketing’ calendar. This allows him to keep his focus on his practice and manage the firm. He regularly checks his calendar for new appointments, and he says he looks forward to seeing whom he will meet with next. Once he realized that he didn’t have to do it all and enlisted some help, his plan and marketing goals became not only manageable but systematic.”

  1. Find the Comfort Zone

Marketing efforts must be tailored to a lawyer’s personality and interests. Everyone has a different comfort level. Some lawyers love to speak at conferences, and others would rather research a case and write an analysis for a journal. One lawyer may already enjoy engaging on social media, and another may feel crushed for time but would be amenable to doing a 30-minute interview with a reporter. Perhaps a lawyer may enjoy participating in an association’s events or committees. Green explains, “Knowing a lawyer’s areas of confidence, and recognizing what causes any discomfort, is crucial to establish the right marketing plan with the flexibility to change direction as needed.”

The avenues for marketing include website content and branding, social media posts and engagement, media relations, published quotes and articles, rankings submissions and awards, conferences and speaking opportunities, networking, events, and more. The questions and conversations I’ve provided lead to more precise choices of marketing tactics, as well as more informed expectations of results. An integrated marketing and business development program offers lawyers a selection of tactics, with deliberate matching to their preferences and the flexibility to change as needed.

Article By Liz Bard Lindley of Jaffe

For more business of law legal news, click here to visit the National Law Review.

© Copyright 2008-2022, Jaffe Associates

How Businesses Can Use LinkedIn Company Newsletters in Their Marketing Efforts

LinkedIn has added what I think is the most helpful tool in a long time for businesses to engage with and bring value to their followers – the ability for LinkedIn Company Pages to publish email newsletters right through LinkedIn.

This underscores the importance of having a company page and how it can be used as a content hub for marketing and recruiting your business.

Linked Company Page newsletters are available to businesses with more than 150 followers that actively maintain their LinkedIn presences.

You can create a LinkedIn Company Page newsletter in three simple steps:

  1. Create: Start writing an article on and select “Create a Newsletter.” Give it a title, add a header image (it prompts you with the dimensions) and cut and paste your text. You can add hyperlinks and images for each article too.
  2. Publish: When you publish your newsletter it will post to your feed and LinkedIn will notify your followers. They can opt in to receive email and in-platform notifications when you publish new content.
  3. Review performance: View the analytics of each newsletter sent out and see the number of subscribers. The number increases pretty quickly which is awesome. And it’s opt in so you don’t have to worry about GDPR rules.

There’s a lot of opportunity here because it is a new feature (for companies – it’s been available to individuals for a short time) and most companies don’t know about it yet (and certainly aren’t using it yet), so being an early adopter is to your benefit.

Even if you send out an email newsletter, you should still utilize the LinkedIn platform to send out a newsletter because you will reach a different audience and cast a wider net for your content.

In addition, people are opting into this newsletter, so it’s not building an audience from scratch, and if you haven’t ever sent out an email newsletter, this is a great way to start. If email marketing programs and CRM management tools overwhelm you, this is a great way to test out the waters.

It’s also really easy to repurpose content you already have. I would include hyperlinks to your website or blog with the full text (in order to keep the newsletter short and to drive traffic to your site).

You can embed links from YouTube into the newsletter to play. Check out my LinkedIn newsletter to see how it looks.

Here are some content ideas for what you can include in your LinkedIn Company Page Newsletter:

  • Article snippets with links to your latest blog posts or client alerts
  • Links to past webinars (provide a synopsis too)
  • Links to recent podcasts and videos (with shownotes)
  • Recent case studies
  • Q&As with your employees
  • Highlights of your community service/pro bono work
  • Announcements of your recent hires
  • Recent press coverage (this would be the only place where I would recommend including self-promotional items in the newsletter – the rest of it should be client-focused)
  • Upcoming events/webinars – this is a great way to promote them
  • Open jobs – why not promote them through this newsletter? It’s a competitive job market
  • News about your diversity and women’s initiatives programs – clients care a lot about this

Check out this new feature and let me know what you think of it. With nearly 800 million people on LinkedIn and the fact that your competitors are very likely not using it yet, it’s at least worth trying out.

Article By Stefanie M. Marrone of Stefanie Marrone Consulting

For more business of law thought leadership, click here to visit the National Law Review.

Copyright © 2022, Stefanie M. Marrone. All Rights Reserved.

EDPB on Dark Patterns: Lessons for Marketing Teams

“Dark patterns” are becoming the target of EU data protection authorities, and the new guidelines of the European Data Protection Board (EDPB) on “dark patterns in social media platform interfaces” confirm their focus on such practices. While they are built around examples from social media platforms (real or fictitious), these guidelines contain lessons for all websites and applications. The bad news for marketers: the EDPB doesn’t like it when dry legal texts and interfaces are made catchier or more enticing.

To illustrate, in a section of the guidelines regarding the selection of an account profile photo, the EDPB considers the example of a “help/information” prompt saying “No need to go to the hairdresser’s first. Just pick a photo that says ‘this is me.’” According to the EDPB, such a practice “can impact the final decision made by users who initially decided not to share a picture for their account” and thus makes consent invalid under the General Data Protection Regulation (GDPR). Similarly, the EDPB criticises an extreme example of a cookie banner with a humourous link to a bakery cookies recipe that incidentally says, “we also use cookies”, stating that “users might think they just dismiss a funny message about cookies as a baked snack and not consider the technical meaning of the term “cookies.”” The EDPB even suggests that the data minimisation principle, and not security concerns, should ultimately guide an organisation’s choice of which two-factor authentication method to use.

Do these new guidelines reflect privacy paranoia or common sense? The answer should lie somewhere in between, but the whole document (64 pages long) in our view suggests an overly strict approach, one that we hope will move closer to commonsense as a result of a newly started public consultation process.

Let us take a closer look at what useful lessons – or warnings – can be drawn from these new guidelines.

What are “dark patterns” and when are they unlawful?

According to the EDPB, dark patterns are “interfaces and user experiences […] that lead users into making unintended, unwilling and potentially harmful decisions regarding the processing of their personal data” (p. 2). They “aim to influence users’ behaviour and can hinder their ability to effectively protect their personal data and make conscious choices.” The risk associated with dark patterns is higher for websites or applications meant for children, as “dark patterns raise additional concerns regarding potential impact on children” (p. 8).

While the EDPB takes a strongly negative view of dark patterns in general, it recognises that dark patterns do not automatically lead to an infringement of the GDPR. The EDPB acknowledges that “[d]ata protection authorities are responsible for sanctioning the use of dark patterns if these breach GDPR requirements” (emphasis ours; p. 2). Nevertheless, the EDPB guidance strongly links the concept of dark patterns with the data protection by design and by default principles of Art. 25 GDPR, suggesting that disregard for those principles could lead to a presumption that the language or a practice in fact creates a “dark pattern” (p. 11).

The EDPB refers here to its Guidelines 4/2019 on Article 25 Data Protection by Design and by Default and in particular to the following key principles:

  • “Autonomy – Data subjects should be granted the highest degree of autonomy possible to determine the use made of their personal data, as well as autonomy over the scope and conditions of that use or processing.
  • Interaction – Data subjects must be able to communicate and exercise their rights in respect of the personal data processed by the controller.
  • Expectation – Processing should correspond with data subjects’ reasonable expectations.
  • Consumer choice – The controllers should not “lock in” their users in an unfair manner. Whenever a service processing personal data is proprietary, it may create a lock-in to the service, which may not be fair, if it impairs the data subjects’ possibility to exercise their right of data portability in accordance with Article 20 GDPR.
  • Power balance – Power balance should be a key objective of the controller-data subject relationship. Power imbalances should be avoided. When this is not possible, they should be recognised and accounted for with suitable countermeasures.
  • No deception – Data processing information and options should be provided in an objective and neutral way, avoiding any deceptive or manipulative language or design.
  • Truthful – the controllers must make available information about how they process personal data, should act as they declare they will and not mislead data subjects.”

Is data minimisation compatible with the use of SMS two-factor authentication?

One of the EDPB’s positions, while grounded in the principle of data minimisation, undercuts a security practice that has grown significantly over the past few years. In effect, the EDPB seems to question the validity under the GDPR of requests for phone numbers for two-factor authentication where e-mail tokens would theoretically be possible:

“30. To observe the principle of data minimisation, [organisations] are required not to ask for additional data such as the phone number, when the data users already provided during the sign- up process are sufficient. For example, to ensure account security, enhanced authentication is possible without the phone number by simply sending a code to users’ email accounts or by several other means.
31. Social network providers should therefore rely on means for security that are easier for users to re[1]initiate. For example, the [organisation] can send users an authentication number via an additional communication channel, such as a security app, which users previously installed on their mobile phone, but without requiring the users’ mobile phone number. User authentication via email addresses is also less intrusive than via phone number because users could simply create a new email address specifically for the sign-up process and utilise that email address mainly in connection with the Social Network. A phone number, however, is not that easily interchangeable, given that it is highly unlikely that users would buy a new SIM card or conclude a new phone contract only for the reason of authentication.” (emphasis ours; p. 15)

The EDPB also appears to be highly critical of phone-based verification in the context of registration “because the email address constitutes the regular contact point with users during the registration process” (p. 15).

This position is unfortunate, as it suggests that data minimisation may preclude controllers from even assessing which method of two-factor authentication – in this case, e-mail versus SMS one-time passwords – better suits its requirements, taking into consideration the different security benefits and drawbacks of the two methods. The EDPB’s reasoning could even be used to exclude any form of stronger two-factor authentication, as additional forms inevitably require separate processing (e.g., phone number or third-party account linking for some app-based authentication methods).

For these reasons, organisations should view this aspect of the new EDPB guidelines with a healthy dose of skepticism. It likewise will be important for interested stakeholders to participate in the consultation to explain the security benefits of using phone numbers to keep the “two” in two-factor authentication.

Consent withdrawal: same number of clicks?

Recent decisions by EU regulators (notably two decisions by the French authority, the CNIL have led to speculation about whether EU rules effectively require website operators to make it possible for data subjects to withdraw consent to all cookies with one single click, just as most websites make it possible to give consent through a single click. The authorities themselves have not stated that this is unequivocally required, although privacy activists notably filed complaints against hundreds of websites, many of them for not including a “reject all” button on their cookie banner.

The EDPB now appears to side with the privacy activists in this respect, stating that “consent cannot be considered valid under the GDPR when consent is obtained through only one mouse-click, swipe or keystroke, but the withdrawal takes more steps, is more difficult to achieve or takes more time” (p. 14).

Operationally, however, it seems impossible to comply with a “one-click withdrawal” standard in absolute terms. Just pulling up settings after registration or after the first visit to a website will always require an extra click, purely to open those settings. We expect this issue to be examined by the courts eventually.

Is creative wording indicative of a “dark pattern”?

The EDPB’s guidelines contain several examples of wording that is intended to convince the user to take a specific action.

The photo example mentioned in the introduction above is an illustration, but other (likely fictitious) examples include the following:

  • For sharing geolocation data: “Hey, a lone wolf, are you? But sharing and connecting with others help make the world a better place! Share your geolocation! Let the places and people around you inspire you!” (p.17)
  • To prompt a user to provide a self-description: “Tell us about your amazing self! We can’t wait, so come on right now and let us know!” (p. 17)

The EDPB criticises the language used, stating that it is “emotional steering”:

“[S]uch techniques do not cultivate users’ free will to provide their data, since the prescriptive language used can make users feel obliged to provide a self-description because they have already put time into the registration and wish to complete it. When users are in the process of registering to an account, they are less likely to take time to consider the description they give or even if they would like to give one at all. This is particularly the case when the language used delivers a sense of urgency or sounds like an imperative. If users feel this obligation, even when in reality providing the data is not mandatory, this can have an impact on their “free will”” (pp. 17-18).

Similarly, in a section about account deletion and deactivation, the EDPB criticises interfaces that highlight “only the negative, discouraging consequences of deleting their accounts,” e.g., “you’ll lose everything forever,” or “you won’t be able to reactivate your account” (p. 55). The EDPB even criticises interfaces that preselect deactivation or pause options over delete options, considering that “[t]he default selection of the pause option is likely to nudge users to select it instead of deleting their account as initially intended. Therefore, the practice described in this example can be considered as a breach of Article 12 (2) GDPR since it does not, in this case, facilitate the exercise of the right to erasure, and even tries to nudge users away from exercising it” (p. 56). This, combined with the EDPB’s aversion to confirmation requests (see section 5 below), suggests that the EDPB is ignoring the risk that a data subject might opt for deletion without fully recognizing the consequences, i.e., loss of access to the deleted data.

The EDPB’s approach suggests that any effort to woo users into giving more data or leaving data with the organisation will be viewed as harmful by data protection authorities. Yet data protection rules are there to prevent abuse and protect data subjects, not to render all marketing techniques illegal.

In this context, the guidelines should in our opinion be viewed as an invitation to re-examine marketing techniques to ensure that they are not too pushy – in the sense that users would in effect truly be pushed into a decision regarding personal data that they would not otherwise have made. Marketing techniques are not per se unlawful under the GDPR but may run afoul of GDPR requirements in situations where data subjects are misled or robbed of their choice.

Other key lessons for marketers and user interface designers

  • Avoid continuous prompting: One of the issues regularly highlighted by the EDPB is “continuous prompting”, i.e., prompts that appear again and again during a user’s experience on a platform. The EDPB suggests that this creates fatigue, leading the user to “give in,” i.e., by “accepting to provide more data or to consent to another processing, as they are wearied from having to express a choice each time they use the platform” (p. 14). Examples given by the EDPB include the SMS two-factor authentication popup mentioned above, as well as “import your contacts” functionality. Outside of social media platforms, the main example for most organisations is their cookie policy (so this position by the EDPB reinforces the need to manage cookie banners properly). In addition, newsletter popups and popups about “how to get our new report for free by filling out this form” are frequent on many digital properties. While popups can be effective ways to get more subscribers or more data, the EDPB guidance suggests that regulators will consider such practices questionable from a data protection perspective.
  • Ensure consistency or a justification for confirmation steps: The EDPB highlights the “longer than necessary” dark pattern at several places in its guidelines (in particular pp. 18, 52, & 57), with illustrations of confirmation pop-ups that appear before a user is allowed to select a more privacy-friendly option (and while no such confirmation is requested for more privacy-intrusive options). Such practices are unlawful according to the EDPB. This does not mean that confirmation pop-ups are always unlawful – just that you need to have a good justification for using them where you do.
  • Have a good reason for preselecting less privacy-friendly options: Because the GDPR requires not only data protection by design but also data protection by default, make sure that you are able to justify an interface in which a more privacy-intrusive option is selected by default – or better yet, don’t make any preselection. The EDPB calls preselection of privacy-intrusive options “deceptive snugness” (“Because of the default effect which nudges individuals to keep a pre-selected option, users are unlikely to change these even if given the possibility” p. 19).
  • Make all privacy settings available in all platforms: If a user is asked to make a choice during registration or upon his/her first visit (e.g., for cookies, newsletters, sharing preferences, etc.), ensure that those settings can all be found easily later on, from a central privacy settings page if possible, and alongside all data protection tools (such as tools for exercising a data subject’s right to access his/her data, to modify data, to delete an account, etc.). Also make sure that all such functionality is available not only on a desktop interface but also for mobile devices and across all applications. The EDPB illustrates this point by criticising the case where an organisation has a messaging app that does not include the same privacy statement and data subject request tools as the main app (p. 27).
  • Be clearer in using general language such as “Your data might be used to improve our services”: It is common in most privacy statements to include a statement that personal data (e.g., customer feedback) “can” or “may be used” to improve an organisation’s products and services. According to the EDPB, the word “services” is likely to be “too general” to be viewed as “clear,” and it is “unclear how data will be processed for the improvement of services.” The use of the conditional tense in the example (“might”) also “leaves users unsure whether their data will be used for the processing or not” (p. 25). Given that the EDPB’s stance in this respect is a confirmation of a position taken by EU regulators in previous guidance on transparency, and serves as a reminder to tell data subjects how data will be used.
  • Ensure linguistic consistency: If your website or app is available in more than one language, ensure that all data protection notices and tools are available in those languages as well and that the language choice made on the main interface is automatically taken into account on the data-related pages (pp. 25-26).

Best practices according to the EDPB

Finally, the EDPB highlights some other “best practices” throughout its guidelines. We have combined them below for easier review:

  • Structure and ease of access:
    • Shortcuts: Links to information, actions, or settings that can be of practical help to users to manage their data and data protection settings should be available wherever they relate to information or experience (e.g., links redirecting to the relevant parts of the privacy policy; in the case of a data breach communication to users, to provide users with a link to reset their password).
    • Data protection directory: For easy navigation through the different section of the menu, provide users with an easily accessible page from where all data protection-related actions and information are accessible. This page could be found in the organisation’s main navigation menu, the user account, through the privacy policy, etc.
    • Privacy Policy Overview: At the start/top of the privacy policy, include a collapsible table of contents with headings and sub-headings that shows the different passages the privacy notice contains. Clearly identified sections allow users to quickly identify and jump to the section they are looking for.
    • Sticky navigation: While consulting a page related to data protection, the table of contents could be constantly displayed on the screen allowing users to quickly navigate to relevant content thanks to anchor links.
  • Transparency:
    • Organisation contact information: The organisation’s contact address for addressing data protection requests should be clearly stated in the privacy policy. It should be present in a section where users can expect to find it, such as a section on the identity of the data controller, a rights related section, or a contact section.
    • Reaching the supervisory authority: Stating the specific identity of the EU supervisory authority and including a link to its website or the specific website page for lodging a complaint is another EDPB recommendation. This information should be present in a section where users can expect to find it, such as a rights-related section.
    • Change spotting and comparison: When changes are made to the privacy notice, make previous versions accessible with the date of release and highlight any changes.
  • Terminology & explanations:
    • Coherent wording: Across the website, the same wording and definition is used for the same data protection concepts. The wording used in the privacy policy should match that used on the rest of the platform.
    • Providing definitions: When using unfamiliar or technical words or jargon, providing a definition in plain language will help users understand the information provided to them. The definition can be given directly in the text when users hover over the word and/or be made available in a glossary.
    • Explaining consequences: When users want to activate or deactivate a data protection control, or give or withdraw their consent, inform them in a neutral way of the consequences of such action.
    • Use of examples: In addition to providing mandatory information that clearly and precisely states the purpose of processing, offering specific data processing examples can make the processing more tangible for users
  • Contrasting Data Protection Elements: Making data protection-related elements or actions visually striking in an interface that is not directly dedicated to the matter helps readability. For example, when posting a public message on the platform, controls for geolocation should be directly available and clearly visible.
  • Data Protection Onboarding: Just after the creation of an account, include data protection points within the onboarding experience for users to discover and set their preferences seamlessly. This can be done by, for example, inviting them to set their data protection preferences after adding their first friend or sharing their first post.
  • Notifications (including data breach notifications): Notifications can be used to raise awareness of users of aspects, changes, or risks related to personal data processing (e.g., when a data breach occurs). These notifications can be implemented in several ways, such as through inbox messages, pop-in windows, fixed banners at the top of the webpage, etc.

Next steps and international perspectives

These guidelines (available online) are subject to public consultation until 2 May 2022, so it is possible they will be modified as a result of the consultation and, we hope, improved to reflect a more pragmatic view of data protection that balances data subjects’ rights, security, and operational business needs. If you wish to contribute to the public consultation, note that the EDPB publishes feedback it receives (as a result, we have occasionally submitted feedback on behalf of clients wishing to remain anonymous).

Irrespective of the outcome of the public consultation, the guidelines are guaranteed to have an influence on the approach of EU data protection authorities in their investigations. From this perspective, it is better to be forewarned – and to have legal arguments at your disposal if you wish to adopt an approach that deviates from the EDPB’s position.

Moreover, these guidelines come at a time when the United States Federal Trade Commission (FTC) is also concerned with dark patterns. The FTC recently published an enforcement policy statement on the matter in October 2021. Dark patterns are also being discussed at the Organisation for Economic Cooperation and Development (OECD). International dialogue can be helpful if conversations about desired policy also consider practical solutions that can be implemented by businesses and reflect a desirable user experience for data subjects.

Organisations should consider evaluating their own techniques to encourage users to go one way or another and document the justification for their approach.

Article By Peter Craddock, Sheila A. Millar, and Tracy P. Marshall of Keller and Heckman LLP

For more cybersecurity legal news, click here to visit the National Law Review.

© 2022 Keller and Heckman LLP

Google to Launch Google Analytics 4 in an Attempt to Address EU Privacy Concerns

On March 16, 2022, Google announced the launch of its new analytics solution, “Google Analytics 4.” Google Analytics 4 aims, among other things, to address recent developments in the EU regarding the use of analytics cookies and data transfers resulting from such use.

Background

On August 17, 2020, the non-governmental organization None of Your Business (“NOYB”) filed 101 identical complaints with 30 European Economic Area data protection authorities (“DPAs”) regarding the use of Google Analytics by various companies. The complaints focused on whether the transfer of EU personal data to Google in the U.S. through the use of cookies is permitted under the EU General Data Protection Regulation (“GDPR”), following the Schrems II judgment of the Court of Justice of the European Union. Following these complaints, the French and Austrian DPAs ruled that the transfer of EU personal data from the EU to the U.S. through the use of the Google Analytics cookie is unlawful.

Google’s New Solution

According to Google’s press release, Google Analytics 4 “is designed with privacy at its core to provide a better experience for both our customers and their users. It helps businesses meet evolving needs and user expectations, with more comprehensive and granular controls for data collection and usage.”

The most impactful change from an EU privacy standpoint is that Google Analytics 4 will no longer store IP address, thereby limiting the data transfers resulting from the use of Google Analytics that were under scrutiny in the EU following the Schrems II ruling. It remains to be seen whether this change will ease EU DPAs’ concerns about Google Analytics’ compliance with the GDPR.

Google’s previous analytics solution, Universal Analytics, will no longer be available beginning July 2023. In the meantime, companies are encouraged to transition to Google Analytics 4.

Read Google’s press release.

Article By Privacy and Cybersecurity Practice Group at Hunton Andrews Kurth

For more cybersecurity legal news, click here to visit the National Law Review. 

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

13 Types of Law Firm Content Marketing That Really Work

If you are unsure about where to focus your law firm’s content marketing efforts, realize that there is more to this marketing strategy than just writing articles. Great content talks to the people that will consume your legal services and also to the search engines to support SEO.  But content has many shapes and sizes so lawyers often wonder what options are appropriate for them.  This article covers 13 types of content that any lawyer or law firm regardless of their practice area can add to their law firm’s marketing strategy.

Law Firm Blog Posts

Blog posts are one of the easiest ways to start creating content and getting your law firm’s name out there. You truly just need to sit down, write about what you know and what you are passionate about, and publish it. Of course, you want to make sure your content is attractive to your target audience, so use your market research to craft posts that are easily understood by and interesting to your audience. Marketing savvy law firm owners develop a theme to their blogs so after one year of producing content, they can stitch the material together in e-book or white paper format.

Infographics

Infographics are a powerful tool for lawyers and law firms to reach their target audience. Research indicates that people remember 65% of the information they see in a visual format, compared to just 10% of what they hear. Some attorneys shy away from creating infographics, but there are many online design tools to make it quick and easy to produce this type of original content for your law firm. Infographics can live on your website and even be repurposed in your firm’s social media presence or collateral materials. They are a great way of explaining steps in the legal process or even the interpretation of complicated laws.

Podcasts

This type of content requires lots of planning and time, but it can pay off in spades. Creating your own podcast that answers legal questions or explains complex legal concepts in fun, easy-to-digest ways allow you to reach a massive audience of potential clients with interest in your area of practice. Podcasts are a great idea for attorneys that have clients with similar issues. For a family law attorney this might include child custody issues or post-decree matters.  A business attorney might have clients facing issues related to corporate formation or the hiring of vendors. Having a practice area-centered podcast with episodes that focus on issues that potential clients commonly struggle with will help you attract a greater audience of listeners.

Video Marketing

Videos showcase your personality, highlight what unique traits you bring to the table, and create a connection with potential clients. Integrate search terms into your video headline and description to bring in even more traffic to your website. YouTube is the “second largest search engine behind Google,” making it a great platform for uploading and sharing your law firm’s videos. These videos can be focused on the same frequently asked questions that you would answer in written format on your website. They can also be a case study or even a client testimonial.

Guest Posts

Publishing your content on other websites expands your network, strengthens your own website’s search engine optimization, and helps build your law firm’s brand—you have a lot to gain from just one post. You can publish on other legal blogs, magazines, and local publications. Guest posting is an easy way to credential your practice through bylines and repurposable written content.

Newsletters

Whether you publish monthly or quarterly, do not give up on your law firm’s newsletter. While some people have eschewed their newsletters for more modern forms of content, you leave out a significant part of your client base when you do so. For maximum effect, stick to a strict publication schedule that allows you to share valuable, relevant information—do not just send out a newsletter for the sake of it. Depending on your needs, you could do an e-mail newsletter, a print newsletter, or both. The biggest challenge for law firms and newsletters is staying on schedule and determining in advance what to say. Marketing savvy law firms develop an editorial calendar for their newsletters one year in advance, so they are never scrambling to publish the newsletter.

White Papers

Driven by data and statistics, white papers look at a specific issue within your practice area and dig deep into the information surrounding it. The information provided in a white paper also provides a path forward for solving the proposed issue. Law firms can successfully produce their own white paper content and keep it on their website to connect with potential clients. But be sure to use the help of a graphic designer if you intend to create a white paper for your law firm. Their creative eye will help make your content stand out to readers.

Curated Content

Sharing resources with website visitors and clients shows that you genuinely care about their wellbeing, not just getting them to become paying clients. You might create listicles that link out to useful resources and guides. These work great for consumer-facing practices that serve populations that might need guidance outside of their legal matter. For instance, a plaintiff personal injury attorney could publish ideas on mental health and wellbeing after being treated for a serious car accident. Your goal in using curated content is to be a central hub for the information your audience could need to know about your practice area and how it affects their lives.

Testimonials

Satisfied clients are often the best form of advertising. If potential clients see that you have successfully solved the problem they now face, they have substantial motivation to reach out to you. Testimonials and reviews can be collected and curated to be their own page on your law firm website. However, ensure that you are working within the laws and ethics that regulate law firm and lawyer advertising as this can be a sticky area of law firm marketing.

E-Books

Compared to print books, e-books require almost no financial output and are incredibly easy to share. Some attorneys use electronic books as a vehicle to provide in-depth guides for clients interested in their legal services, while others repurpose blog content into an e-book for easy reading. You can also write an e-book and use it as a lead magnet—for example, a construction defect attorney might give a copy of “7 Things You Need to Know Before Buying a Newly Built Home” to those who sign up for their e-mail list.

LinkedIn Articles

One type of content that is often underutilized is LinkedIn content. When you write an info-rich LinkedIn article and share it with your network, they can share it with their network. Your reach can multiply quickly with just one piece of well-written content. This is an excellent strategy for expanding your professional network, increasing the likelihood of client referrals and brand recognition.

Tutorials

Guides and tutorials offer detailed step-by-step instructions on specific tasks, which is content that consumers can use right away. The topics you cover depend on your audience and area of practice, so you could start by finding out what struggles your target market has and what legal issues you can immediately alleviate. For example, a family law attorney might write a how-to guide on gathering financial documents and other paperwork for easy analysis of assets during a divorce. A business law attorney could do a screencast of how to register a business in their state and set up tax filing.

Lectures and Speaking Engagements

When you establish yourself as a leader among your peers, you are in an excellent position to gain acceptance as an expert among potential clients. You can host CLE events and dig deep into a topic relevant to your area of practice, serve as a speaker at legal conferences, and share your expertise at other industry events. Be sure to share any video content of your speaking engagements on your website. If your speech is later transcribed, it becomes another content source that could bring in clients and contacts.

For modern law firms, content is a key component in their marketing and business development strategy. Everything on this list of content types will funnel traffic back to your law firm’s website. By integrating different types of content into your marketing plans and on your website, you can reach clients from all walks of life while establishing your position within your practice area.

© 2022 Denver Legal Marketing LLC
For more articles about law firm management, visit the NLR Business of Law section.

February 2022 Legal News Roundup: Women in Law, Promotions & More

Happy belated Valentine’s Day from the National Law Review team. Please read on for new legal industry hires, promotions and awards.

Firm Recognition & Awards

Much is included on the 2022 Top Workplaces USA list, which recognizes organizations with a people-centered culture.

“At Much, our culture centers on people: our employees, our clients, and our community partners,” said Managing Partner Mitchell Roth. “We work each day to support a collaborative, kind, and service-oriented environment, so to be recognized for our culture on a national level is a tremendous honor.”

The rankings are based on employee feedback from a survey administered by Energage, an employee engagement technology partner. The survey gauged various aspects of workplace culture, including  alignment, execution, connection, and more.

Womble Bond Dickinson is one of the Best Places to Work for lesbian, gay, bisexual, transgender and queer (LGBTQ+) workplace equality, earning a perfect score of 100 percent on the 2022 Corporate Equality Index (CEI).

The survey is administered by the Human Rights Campaign, and acts as a benchmarking tool to track how businesses are adopting equitable workplace policies, practices and benefits for LGBTQ+ employees. Womble Bond Dickinson earned perfect scores every year since 2015.

“We are honored to be named one of the HRC’s Best Places to Work for LGBTQ+ Employees once again,” said Betty Temple, Chair & CEO of Womble Bond Dickinson (US) LLP. “We at Womble Bond Dickinson have worked hard to promote diversity and inclusion. These efforts include earning Mansfield Rule 4.0 Certification. The goal of the Mansfield Rule is to boost the representation of historically underrepresented lawyers—including LGBTQ+ attorneys—in law firm leadership, partner promotions and lateral hires by broadening the pool of candidates considered for these opportunities. We have much more work to do, but we are proud to be recognized for the progress we have made.”

Lawdragon recognized Foley & Lardner partners Daniel Kaplan, John (Jack) Lord, Jr., and Rachel Powitzky Steely on its 2022 edition of 500 Leading U.S. Corporate Employment Lawyers, an annual recognition of the nation’s top advisors on workforce issues. Lawdragon selected the honorees based on submissions, editorial vetting and journalistic research.

Lawdragon said that this year’s honorees “specialize in defending corporations in everything from wage and overtime claims to trade secret disputes, while helping companies maintain global workforces throughout a pandemic.”

Law firm Hiring & Additions

Varnum LLP expanded its intellectual property practice with the addition of Timothy D. Kroninger. Joining the firm’s Detroit office as an associate, Mr. Kroninger focuses his practice on copyright law, trade secret law, patent and trademark prosecution and more. He also has experience in drafting design patent applications, as well as participating in United States Patent and Trademark Office (USPTO) trademark opposition proceedings.

Beyond his practice at Varnum, Mr. Kroninger works as a supervising attorney in the Trademark and Entrepreneur Clinic at University of Detroit Mercy College of Law. There, he instructs law students on copyright registration, drafting corporate documents, and protection of trademarks.

Beveridge & Diamond PC elected four new principals: Eric Christensen, located in SeattleAllyn Stern, located in Seattle; Michael Vitris, located in Austin; and Gus Winkes, located in Seattle. Mr. Christensen practices in energy law, assisting companies and consumers in navigating the legal and regulatory landscape. Ms. Stern, former U.S. EPA regional counsel, helps clients develop environmental compliance strategies. Mr. Winkles practices in a variety of fields, providing solutions-oriented legal representation in the areas of enforcement defense, regulatory compliance, and contaminated site cleanup. Mr. Vitris, former litigation attorney with the Texas Commission on Environmental Quality, defends companies in class actions and environmental mass torts.

“Each of these Principals’ talents, skills, and expertise deepen and enhance B&D’s dynamic regulatory compliance and litigation practice as environmental and energy law continue to evolve,” said firmwide managing principal Kathy Szmuszkovicz. “They’ve proven their ability to deliver top-notch service to clients and to serve as thought-leaders at a particularly exciting time in our practice. We look forward to their continued success and contributions in their new roles.”

Barnes & Thornburg LLP added five new attorneys and legal professionals across various offices. Associate William Choi  joined the firm’s Los Angeles office, and associate Albert D. Farr joined the New York office. Mr. Choi focuses his practice on product liability and complex civil litigation, and he is well-versed in all aspects of pretrial case management. Likewise, Mr. Farr practices in transactional tax law, counseling multinational strategic and private equity clients on transaction tax structuring, tax diligence and more.

Furthermore, legal professionals Amit DattaAl Maloof, and Soyoung Yang joined Barnes & Thornburg’s ChicagoIndianapolis, and Washington D.C. offices, respectively. Dr. Datta, a business transaction advisor, provides targeted legal advice and strategic insight for European clients conducting business in the U.S. Mr. Maloof, a client relationship specialist, provides strategic consultation among the firm’s government services, compliance and regulatory attorneys. Ms. Yang, a legal fellow, aids attorneys and clients on matters related to international trade, customs and the supply chain.

William L. Nimick  joined the Construction Litigation and Counsel practice group at Goldberg Segalla LLP. An experienced litigator, Mr. Nimick is located in the firm’s Raleigh office, where he counsels insurers, contractors, subcontractors and corporate entities in liability claims including but not limited to property damage, personal injury and construction defects.

Previously, Mr. Nimick worked as a civil litigator across North Carolina, representing clients in areas such as wrongful death, workers’ compensation, and subrogation. Specifically he  handled subrogation claims such as motor vehicle accidents, product liability lawsuits and large fire losses.

Women in the Legal Industry

Angela Bowlin of Frilot LLC law firm has accepted a position serving on the International Association of Defense Council (IADC), an organization for attorneys who represent corporate and insurance matters. Ms. Bowlin focuses her practice on mass torts and class actions, with experience in asbestos and other toxic tort cases.

“I am honored to have been selected as a member of IADC and look forward to working on the many important committees related to the law and its many facets,” said Ms. Bowlin.

Nicole Archibald joined Foley Hoag LLP as their Director of Legal Recruiting. Ms. Archibald will work alongside the Foley Hoag team to attract and promote a diverse group of attorneys to help the firm achieve its diversity and inclusion goals.

“We’re very pleased to welcome Nicole to Foley Hoag, and are confident that she will be a great asset to the firm and its culture. Her considerable prior experience as a director of recruiting, legal search consultant and practicing litigator will prove a valuable asset as we look to 2022 and beyond. Our executive committee, practice leaders, hiring committee and I are excited to begin working with Nicole to attract new talent and strengthen our market-leading practices,” said Foley Hoag Co-Managing Partner Kenneth Leonetti.

“I look forward to collaborating with Foley Hoag’s management, department chairs and practice leaders, and hiring committee to develop, implement and execute proactive recruiting initiatives to further the firm’s hiring goals and strategic growth plan,” said Ms. Archibald.

Norton Rose Fulbright appointed New York partner Robin Adelstein as the Co-Head of Commercial Litigation, joining Houston partner Andrew Price. Ms. Adelstein brings extensive experience in litigating complex commercial disputes and advises companies with respect to antitrust issues regarding mergers, joint ventures and more.

“Robin has long been respected as a leader within the firm as our Global and US Head of Antitrust and Competition, and she is a highly-recognized practitioner in her field. I look forward to seeing the great work that our commercial litigation group will do under Robin’s and Andrew’s leadership,” said Jeff Cody, Norton Rose Fulbright’s US Managing Partner.

“Our firm has a longstanding reputation for advising clients on their most complex and significant matters. It is an honor to head Norton Rose Fulbright’s commercial litigation group along with Andrew; I am proud to be leading such a talented group of lawyers,” said Ms. Adelstein.

Article By Rachel Popa, Hanna Taylor, and Chandler Ford of The National Law Review / The National Law Forum LLC

For more on the business of law and legal news, click here to visit the National Law Review.

Copyright ©2022 National Law Forum, LLC

Patch Up – Log4j and How to Avoid a Cybercrime Christmas

A vulnerability so dangerous that Cybersecurity and Infrastructure (CISA) Director Jen Easterly called it “one of the most serious [she’s] seen in [her] entire career, if not the most serious” arrived just in time for the holidays. On December 10, 2021, CISA and the director of cybersecurity at the National Security Agency (NSA) began alerting the public of a critical vulnerability within the Apache Log4j Java logging framework. Civilian government agencies have been instructed to mitigate against the vulnerability by Christmas Eve, and companies should follow suit.

The Log4j vulnerability allows threat actors to remotely execute code both on-premises and within cloud-based application servers, thereby obtaining control of the impacted servers. CISA expects the vulnerability to affect hundreds of millions of devices. This is a widespread critical vulnerability and companies should quickly assess whether, and to what extent, they or their service providers are using Log4j.

Immediate Recommendations

  • Immediately upgrade all versions of Apache Log4j to 2.15.0.
  • Ask your service providers whether their products or environment use Log4j, and if so, whether they have patched to the latest version. Helpfully, CISA sponsors a community-sourced GitHub repository with a list of software related to the vulnerability as a reference guide.
  • Confirm your security operations are monitoring internet-facing systems for indicators of compromise.
  • Review your incident response plan and ensure all response team information is up to date.
  • If your company is involved in an acquisition, discuss the security steps taken within the target company to address the Log4j vulnerability.

The versatility of this vulnerability has already attracted the attention of malicious nation-state actors. For example, government-affiliated cybercriminals in Iran and China have a “wish list” (no holiday pun intended) of entities that they are aggressively targeting with the Log4j vulnerability. Due to this malicious nation-state activity, if your company experiences a ransomware attack related to the Log4j vulnerability, it is particularly important to pay attention to potential sanctions-related issues.

Companies with additional questions about the Log4j vulnerability and its potential impact on technical threats and potential regulatory scrutiny or commercial liability are encouraged to contact counsel.

Article By Philip J. Bezanson, Brittney E. Justice, Claire E. Cahoon, and Seth D. DuCharme of Bracewell LLP

For more cybersecurity legal news, click here to visit the National Law Review.

© 2021 Bracewell LLP

Privacy Tip #309 – Women Poised to Fill Gap of Cybersecurity Talent

I have been advocating for gender equality in Cybersecurity for years [related podcast and post].

The statistics on the participation of women in the field of cybersecurity continue to be bleak, despite significant outreach efforts, including “Girls Who Code” and programs to encourage girls to explore STEM (Science, Technology, Engineering and Mathematics) subjects.

Women are just now rising to positions from which they can help other women break into the field, land high-paying jobs, and combat the dearth of talent in technology. Judy Dinn, the new Chief Information Officer of TD Bank NA, is doing just that. One of her priorities is to encourage women to pursue tech careers. She recently told the Wall Street Journal that she “really, really always wants to make sure that female representation—whether they’re in grade school, high school, universities—that that funnel is always full.”

The Wall Street Journal article states that a study by AnitaB.org found that “women made up about 29% of the U.S. tech workforce in 2020.”  It is well known that companies are fighting for tech and cybersecurity talent and that there are many more open positions than talent to fill them. The tech and cybersecurity fields are growing with unlimited possibilities.

This is where women should step in. With increased support, and prioritized recruiting efforts that encourage women to enter fields focused on technology, we can tap more talent and begin to fill the gap of cybersecurity talent in the U.S.

Article By Linn F. Freedman of Robinson & Cole LLP

For more privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.