What’s in the American Data Privacy and Protection Act?

Congress is considering omnibus privacy legislation, and it reportedly has bipartisan support. If passed, this would be a massive shake-up for American consumer privacy, which has been left to the states up to this point. So, how does the American Data Privacy and Protection Act (ADPPA) stack up against existing privacy legislation such as the California Consumer Privacy Act and the Virginia Consumer Data Protection Act?

The ADPPA includes a much broader definition of sensitive data than we’ve seen in state-level laws. Some notable inclusions are income level, voicemails and text messages, calendar information, data relating to a known child under the age of 17, and depictions of an individual’s “undergarment-clad” private area. These enumerated categories go much further than recent state laws, which tend to focus on health and demographic information. One asterisk though – unlike other state laws, the ADPPA only considers sexual orientation information to be sensitive when it is “inconsistent with the individual’s reasonable expectation” of disclosure. It’s unclear at this point, for example, if a member of the LGBTQ+ community who is out to friends would have a “reasonable expectation” not to be outed to their employer.

Like the European Union’s General Data Protection Regulation, the ADPPA includes a duty of data minimization on covered entities (the ADPPA borrows the term “covered entity” from HIPAA). There is a laundry list of exceptions to this rule, including one for using data collected prior to passage “to conduct internal research.” Companies used to kitchen-sink analytics practices may appreciate this savings clause as they adjust to making do with less access to consumer data.

Another innovation is a tiered applicability, in which all commercial entities are “covered entities,” but “large data holders” – those making over $250,000,000 gross revenue and that process either 5,000,000 individuals’ data or 200,000 individuals’ sensitive data – are subject to additional requirements and limitations, while “small businesses” enjoy additional exemptions. Until now, state consumer privacy laws have made applicability an all-or-nothing proposition. All covered entities, though, would be required to comply with browser opt-out signals, following a trend started by the California Privacy Protection Agency’s recent draft regulations. Additionally, individuals have a private right of action against covered entities to seek monetary and injunctive relief.

Finally, and controversially, the ADPPA explicitly preempts all state privacy laws. It makes sense – the globalized nature of the internet means that any less-stringent state law would become the exception that kills the rule. Still, companies that only recently finalized CCPA- and CPRA-compliance programs won’t appreciate being sent back to the drawing board.

Read the bill for yourself here.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

THE NEXT TCPA MEGA-TRIAL APPEARS TO BE SET: Coldwell Banker and Realogy Appear to Be Headed to the Jury On $225MM TCPA Claim

As I reported a couple months back, a Court in California certified a TCPA class action against brokerage giant Realogy related to calls made by Coldwell Banker agents, amongst others.

The classes have enough members to put at least $225MM at stake in the case (and it could be a lot more.)

Well just last Thursday the Court just denied Reaolgy’s request to seek reconsideration of the certification ruling. So Realogy appears to be stuck in a certified class action, which is barreling toward trial.

In fact, the Court just issued an order setting a pretrial conference for November 10, 2022, and trial is set for November 28, 2022!

In the meantime, the Court also just denied motions challenging the Plaintiff’s expert Anya Verkhovskaya, meaning that she’ll get to testify at trial.

TCPAWorld hasn’t seen a true mega trial–i.e. a trial of a certified class action with nine (or ten) figure exposure in some time. Will be extremely interesting to see where this goes.

And while Realogy has added new counsel recently, I don’t see any true Czar-level “monster trial lawyer” types on their side just yet. (Maybe I’m missing it.)

Definitely don’t want to walk into this unless you’re loaded for bear folks.

Anyway, I’ll keep an eye on this one. I suspect it will settle for some ridiculous number. But if not I may send Kiera down to take notes on the trial. We’ll see.

© 2022 Troutman Firm

5 Ways Legal Billing Software Increases Law Firm Revenue

In any business, keeping an eye on the bottom line is essential. For law firms, this can be a challenge, as there are many ways that money can be lost throughout a case. From inefficient time-tracking to inaccurate billing, there are many potential pitfalls. However, there is one solution that can help to increase law firm revenue: legal billing software. Choosing the right legal billing software is essential for maximizing its benefits. Consider time-tracking, billing accuracy, and customer service when evaluating different packages. Take a look at solutions built specifically for the legal industry to get the most out of your investment.

3 Common Ways Law Firms Lose Money

Time Tracking Issues

Many lawyers still rely on manual methods of tracking time by using spreadsheets or notepads. This antiquated approach to timekeeping is fraught with problems, including the potential for lost billable time and revenue, vulnerability to billing disputes, and high administrative costs.

With spreadsheet or notepad timekeeping, it is easy for lawyers to forget to record their time or lose track of their records, leading to lost billable hours and ultimately lost revenue for the firm. Manual timekeeping doubles the work since someone must manually enter all data into the system.

Manually keeping track of time leaves attorneys vulnerable to billing disputes. If a client questions a lawyer’s billing records, it can be difficult for the attorney to prove that the charges are accurate without detailed and meticulous records.

Invoicing Frequency

When it comes to law firm revenue, timely billing is everything. The longer you wait to send a bill, the longer you wait to get paid. Clients can’t pay a bill they haven’t received.

Not billing promptly sends the message to your client that prompt payment is not that important to you. Sending your invoices at the end of each month helps to avoid confusion or miscommunication and ensures that you and your clients are on the same page.

Billing Bottlenecks

Getting paid by clients is a significant problem for 61% of small law firms, according to 2019 research conducted by Thomson Reuters Legal Executive Institute. Law firms that don’t provide clients with various payment options, like online payments and accepting credit card payments, are more vulnerable to decreased law firm revenue due to not getting paid on time.

What is Legal Billing Software?

Legal billing software is downloadable or cloud-based that helps lawyers accurately track their time and invoice their clients. A robust software, like Bill4Time, will have the capability to track time, LEDES billing format, create custom invoices, accept online payments, and meet state bar regulations for billing. Law firms use dedicated legal billing software to improve their bottom line by improving invoicing processes and reducing inaccurate time management and billing bottlenecks.

What Billing Software do Law Firms Use?

Lawyers are always looking for ways to be more efficient and maximize their billable hours, so they prioritize cloud-based software solutions that have integrated time tracking, easy invoice options, and a client portal for online payments.

Law firms need industry-specific features like trust & IOLTA accounting which allows lawyers to reconcile trust accounts without a secondary application. They also look for software that provides LEDES billing, the most widely used e-billing standard for law firms invoicing corporate clients.

Why Does My Law Firm Need Legal Billing Software?

As a law firm, you know that time is money. Every minute spent on administrative tasks is a minute that could be spent on billable hours.

Automate the billing process

You, and your team, enter matter information as time-tracked once, and the software will take care of the rest, generating invoices and sending them out to clients on your behalf.

Manage your cash flow

You will always have a clear record of what has been billed and remains outstanding. You can responsibly allocate your resources to maximize your profits.

Track payments and expenses

Having this information organized and readily available can save you a great deal of time and hassle when it comes time to file taxes or apply for loans or lines of credit.

Billing automation will save you and your team considerable time each month, which can be spent growing your business.

How to Identify the Best Legal Billing Software

When choosing legal billing software, there are a few key factors to keep in mind.

Choosing a program compatible with your firm’s existing tech stack, including your law practice management software, is critical to success. Consider the cost, ease of use, and customer support options. Mobile access is also crucial for lawyers who can access their files on any device — iPhone, iPad, or Android.

And finally, security is always a top priority when it comes to sensitive legal information. Look for software that has industry-standard security protocols in place to protect your data.

By keeping these factors in mind, you’ll choose the best legal billing software for your needs.

Best Practices for Implementing a Legal Billing Software

There are many different types of legal billing software on the market, and it can be challenging to decide which one is right for your law firm.

When choosing new software for your law firm, there are a few important factors to remember:

  • You must ensure that the software is compatible with your existing legal practice management software.

  • Be sure to clearly understand your law firm’s billing policies before setting up the software to ensure everything is billed correctly.

  • The software should be easy to use, but you still need to take time to train your staff on how to use the new software.

  • You want a responsive and helpful company when you run into problems. If you run into issues, you can contact the support team.

A little upfront investment will pay off in the long run by preventing billing mistakes and increasing efficiency. Following these simple tips, you can set your law firm up for success with legal billing software.

Increase Law Firm Revenue with Legal Billing Software

Ultimately, you can improve your firm’s bottom line and the client experience by investing in legal billing software. Here are five ways a legal billing software can help you achieve success:

1 ) Accurate Time Tracking

Time entry and expense tracking are crucial for any organization looking to boost productivity and improve profitability. Yet many organizations struggle with manually tracking time and expenses, leading to inaccuracies and lost data. The software makes tracking time and expenses by the user, client, or project easy.

Move beyond the notepad, and start tracking your time with a cloud-based software solution.

Whether on the go or at the office, easy time entry makes it simple to run timers simultaneously, record multiple time entries on one screen, and automatically convert appointments into time entries. You’ll always know your organization’s productivity and financial status with daily and weekly time summaries.

2 ) Automated Billing

Automated billing and online payments can make it easier for clients to pay their invoices, resulting in quicker payment turnaround times. Clients tend to delay payment if they don’t understand the invoice. Prevent this from happening by providing detailed and informative invoices.

With legal billing software, you can set up invoice templates with custom settings such as your billing policy and payment links to pay online —  you can even perform batch invoice creation to save administrative time.

You can even extend your brand while increasing workflow efficiencies by personalizing and creating branded invoices with your logo.

3 ) Online Payments

Online payments are becoming increasingly popular, and customers expect businesses to offer this option. You may even miss out on potential customers if you don’t offer online payments.

Online payments allow firms to quickly and easily receive payments from clients. This can be done via credit card, debit card, or even PayPal. In addition, online payments are more secure than traditional methods, such as mailing a check.

4 ) Custom Reporting

Real-time data is essential for any growing business and managing cash flow. You’ll want a solution with comprehensive reporting to manage your firm’s financial performance better and identify trends to ensure success—review payment history, balance due, collections, expenses, productivity, and summary reports.

Legal billing software should be able to run user activity reports, so you can get detailed insights into how your team works, including efficiency, expense, schedule, and internal tracked time.  This data can help you identify areas of improvement so your team can work smarter, not harder.

5 ) Enhanced Client Experience

Client portals are a great way to provide your clients with more information and control over their billing. Empower your clients to log in, view their account balances, make payments, and see a detailed fee history.

Grow Your Law Firm Revenue with Legal Billing Software

The legal industry is one of the most competitive and rapidly-changing fields. To succeed, law firms must be cutting edge in all aspects of their business – including billing. With so much at stake, it’s no wonder that more and more law firms are turning to legal billing software to help them stay ahead of the competition.

This article was authored by Dan Bowman of Bill4Time.

For more business of law legal news, click here to visit the National Law Review.

©2006-2022, BILL4TIME. ALL RIGHTS RESERVED.

Biden Administration Seeks to Clarify Patient Privacy Protections Post-Dobbs, Though Questions Remain

On July 8, two weeks following the Supreme Court’s ruling in Dobbs v. Jackson that invalidated the constitutional right to abortion, President Biden signed Executive Order 14076 (E.O.). The E.O. directed federal agencies to take various actions to protect access to reproductive health care services,[1] including directing the Secretary of the U.S. Department of Health and Human Services (HHS) to “consider actions” to strengthen the protection of sensitive healthcare information, including data on reproductive healthcare services like abortion, by issuing new guidance under the Health Insurance and Accountability Act of 1996 (HIPAA).[2]

The directive bolstered efforts already underway by the Biden Administration. A week before the E.O. was signed, HHS Secretary Xavier Becerra directed the HHS Office for Civil Rights (OCR) to take steps to ensure privacy protections for patients who receive, and providers who furnish, reproductive health care services, including abortions.[3] The following day, OCR issued two guidance documents to carry out this order, which are described below.

Although the guidance issued by OCR clarifies the privacy protections as they exist under current law post-Dobbs, it does not offer patients or providers new or strengthened privacy rights. Indeed, the guidance illustrates the limitations of HIPAA regarding protection of health information of individuals related to abortion services.

A.  HHS Actions to Safeguard PHI Post-Dobbs

Following Secretary Becerra’s press announcement, OCR issued two new guidance documents outlining (1) when the HIPAA Privacy Rule may prevent the unconsented disclosure of reproductive health-related information; and (2) best practices for consumers to protect sensitive health information collected by personal cell phones, tablets, and apps.

(1) HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care

In the “Guidance to Protect Patient Privacy in Wake of Supreme Court Decision on Roe,”[4] OCR addresses three existing exceptions in the HIPAA Privacy Rule to the disclosure of PHI without an individual’s authorization and provides examples of how those exceptions may be applied post-Dobbs.

The three exceptions discussed in the OCR guidance are the exceptions for disclosures required by law,[5]  for purposes of law enforcement,[6] or to avert a serious threat to health or safety.[7]

While the OCR guidance reiterates that the Privacy Rule permits, “but does not require” disclosure of PHI in each of these exceptions,[8] this offers limited protection that relies on the choice of providers whether to disclose or not disclose the information. Although these exceptions are highlighted as “protections,” they expressly permit the disclosure of protected health information. Further, while true that the HIPAA Privacy Rule itself may not compel disclosure (but merely permits disclosure), the guidance fails to mention that in many situations in which these exceptions apply, the provider will have other legal authority (such as state law) mandating the disclosure and thus, a refusal to disclose the PHI may be unlawful based on a law other than HIPAA.

Two of the exceptions discussed in the guidance – the required by law exception and the law enforcement exception – both only apply in the first place when valid legal authority is requiring disclosure. In these situations, the fact that HIPAA does not compel disclosure is of no relevance. Certainly, when there is not valid legal authority requiring disclosure of PHI, then HIPAA prohibits disclosure, as noted as in the OCR guidance.  However, in states with restrictive abortion laws, the state legal authorities are likely to be designed to require disclosure – which HIPAA does not prevent.

For instance, if a health care provider receives a valid subpoena from a Texas court that is ordering the disclosure of PHI as part of a case against an individual suspected of aiding and abetting an abortion, in violation of Texas’ S.B. 8, then that provider could be held in contempt of court for failing to comply with the subpoena, despite the fact that HIPAA does not compel disclosure.[9] For more examples on when a covered entity may be required to disclose PHI, please see EBG’s prior blog: The Pendulum Swings Both Ways: State Responses to Protect Reproductive Health Data, Post-Roe.[10]

Notably, the OCR guidance does provide a new interpretation of the application of the exception for disclosures to avert a serious threat to health or safety. Under this exception, covered entities may disclose PHI, consistent with applicable law and standards of ethical conduct, if the covered entity, in good faith, believes the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. OCR states that it would be inconsistent with professional standards of ethical conduct to make such a disclosure of PHI to law enforcement or others regarding an individual’s interest, intent, or prior experience with reproductive health care. Thus, in the guidance, OCR takes the position that if a patient in a state where abortion is prohibited informs a health care provider of the patient’s intent to seek an abortion that would be legal in another state, this would not fall into the exception for disclosures to avert a serious threat to health or safety.  Covered entities should be aware of OCR’s position and understand that presumably OCR would view any such disclosure as a HIPAA violation.

(2) Protecting the Privacy and Security of Individuals’ Health Information When Using Personal Cell Phones or Tablets

OCR also issued guidance on how individuals can best protect their PHI on their own personal devices. HIPAA does not generally protect the privacy or security of health information when it is accessed through or stored on personal cell phones or tablets. Rather, HIPAA only applies when PHI is created, received, maintained, or transmitted by covered entities and business associates. As a result, it is not unlawful under HIPAA for information collected by devices or apps – including data pertaining to reproductive healthcare – to be disclosed without consumer’s knowledge.[11]

In an effort to clarify HIPAA’s limitation to protect such information, OCR issued guidance to protect consumer sensitive information stored in personal devices and apps.[12] This includes step-by-step guidance on how to control data collection on their location, and how to securely dispose old devices.[13]

Further, some states have taken steps to fill the legal gaps to varying degrees of success. For example, California’s Confidentiality of Medical Information Act (“CMIA”) extends to “any business that offers software or hardware to consumers, including a mobile application or other related device that is designed to maintain medical information.”[14] As applied, a direct-to-consumer period tracker app provided by a technology company, for example, would fall under the CMIA’s data privacy protections, but not under HIPAA. Regardless, gaps remain as the CMIA does not protect against a Texas prosecutor subpoenaing information from the direct-to-consumer app. Conversely, Connecticut’s new reproductive health privacy law,[15] does prevent a Connecticut covered entity from disclosing reproductive health information based on a subpoena, but Connecticut’s law does not apply to non-covered entities, such as a period tracker app. Therefore, even the U.S.’s most protective state privacy laws do not fill in all of the privacy gaps.

Alongside OCR’s guidance, the Federal Trade Commission (FTC) published a blog post warning companies with access to confidential consumer information to consider FTC’s enforcement powers under Section 5 of the FTC Act, as well as the Safeguards Rule, the Health Breach Notification Rule, and the Children’s Online Privacy Protection Rule.[16] Consistent with OCR’s guidance, the FTC’s blog post reiterates the Biden Administration’s goal of protecting reproductive health data post-Dobbs, but does not go so far as to create new privacy protections relative to current law.

B.  Despite the Biden Administration’s Guidance, Questions Remain Regarding the Future of Reproductive Health Privacy Protections Post-Dobbs

Through E.O. 14076, Secretary Becerra’s press conference, OCR’s guidance, and the FTC’s blog, the Biden Administration is signaling that it intends to use the full force of its authorities – including those vested by HIPAA – to protect patient privacy in the wake of Roe.

However, it remains unclear how this messaging will translate to affirmative executive actions, and how successful such executive actions would be. How far is the executive branch willing to push reproductive rights? Would more aggressive executive actions be upheld by a Supreme Court that just struck down decades of precedent permitting access to abortion? Will the Biden Administration’s executive actions persist if the administration changes in the next Presidential election?

Attorneys at Epstein Becker & Green are well-positioned to assist covered entities, business associates, and other companies holding sensitive reproductive health data understand how to navigate HIPAA’s exemptions and interactions with emerging guidance, regulations, and statutes at both the state and Federal levels.

Ada Peters, a 2022 Summer Associate (not admitted to the practice of law) in the firm’s Washington, DC office and Jack Ferdman, a 2022 Summer Associate (not admitted to the practice of law) in the firm’s Boston office, contributed to the preparation of this post. 



[1] 87 Fed. Reg. 42053 (Jul. 8, 2022), https://bit.ly/3b4N4rp.

[2] Id.

[3] HHS, Remarks by Secretary Xavier Becerra at the Press Conference in Response to President Biden’s Directive following Overturning of Roe v. Wade (June 28, 2022), https://bit.ly/3zzGYsf.

[4] HHS, Guidance to Protect Patient Privacy in Wake of Supreme Court Decision on Roe (June 29, 2022),  https://bit.ly/3PE2rWK.

[5] 45 CFR 164.512(a)(1)

[6] 45 CFR 164.512(f)(1)

[7] 45 CFR 164.512(j)

[8] Id.

[9] See Texas S.B. 8; e.g., Fed. R. Civ. Pro. R.37 (outlining available sanctions associated with the failure to make disclosures or to cooperate in discovery in Federal courts), https://bit.ly/3BjX4I2.

[10] EBG Health Law Advisor, The Pendulum Swings Both Ways: State Responses to Protect Reproductive Health Data, Post-Roe (June 17, 2022), https://bit.ly/3oPDegl.

[11] A 2019 Kaiser Family Foundation survey concluded that almost one third of female respondents used a smartphone app to monitor their menstrual cycles and other reproductive health data. Kaiser Family Foundation, Health Apps and Information Survey (Sept. 2019), https://bit.ly/3PC9Gyt.

[12] HHS, Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone1 or Tablet (last visited Jul. 26, 2022), https://bit.ly/3S2MNWs.

[13] Id.

[14] Cal. Civ. Code § 56.10, Effective Jan. 1, 2022, https://bit.ly/3J5iDxM.

[15] 2022 Conn. Legis. Serv. P.A. 22-19 § 2 (S.B. 5414), Effective July 1, 2022, https://bit.ly/3zwn95c.

[16] FTC, Location, Health, and Other Sensitive Information: FTC Committed To Fully Enforcing the Law Against Illegal Use and Sharing of Highly Sensitive Data (July 11, 2022), https://bit.ly/3BjrzNV.

©2022 Epstein Becker & Green, P.C. All rights reserved.

Judge Approves $92 Million TikTok Settlement

On July 28, 2022, a federal judge approved TikTok’s $92 million class action settlement of various privacy claims made under state and federal law. The agreement will resolve litigation that began in 2019 and involved claims that TikTok, owned by the Chinese company ByteDance, violated the Illinois Biometric Information Privacy Act (“BIPA”) and the federal Video Privacy Protection Act (“VPPA”) by improperly harvesting users’ personal data. U.S. District Court Judge John Lee of the Northern District of Illinois also awarded approximately $29 million in fees to class counsel.

The class action claimants alleged that TikTok violated BIPA by collecting users’ faceprints without their consent and violated the VPPA by disclosing personally identifiable information about the videos people watched. The settlement agreement also provides for several forms of injunctive relief, including:

  • Refraining from collecting and storing biometric information, collecting geolocation data and collecting information from users’ clipboards, unless this is expressly disclosed in TikTok’s privacy policy and done in accordance with all applicable laws;
  • Not transmitting or storing U.S. user data outside of the U.S., unless this is expressly disclosed in TikTok’s privacy policy and done in accordance with all applicable laws;
  • No longer pre-uploading U.S. user generated content, unless this is expressly disclosed in TikTok’s privacy policy and done in accordance with all applicable laws;
  • Deleting all pre-uploaded user generated content from users who did not save or post the content; and
  • Training all employees and contractors on compliance with data privacy laws and company procedures.
Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

Are You Ready for 2023? New Privacy Laws To Take Effect Next Year

Five new state omnibus privacy laws have been passed and will go into effect in 2023. Organizations should review their privacy practices and prepare for compliance with these new privacy laws.

What’s Happening?

While the US currently does not have a federal omnibus privacy law, states are beginning to pass privacy laws to address the processing of personal data. While California is the first state with an omnibus privacy law, it has now updated its law, and four additional states have joined in passing privacy legislation: Colorado, Connecticut, Utah, and Virginia. Read below to find out if the respective new laws will apply to your organization.

Which Organizations Must Comply?

The respective privacy laws will apply to organizations that meet particular thresholds. Notably, while most of the laws apply to for-profit businesses, we note that the Colorado Privacy Act also applies to non-profits. There are additional scope and exemptions to consider, but we provide a list of the applicable thresholds below.

The California Privacy Rights Act (CPRA) – Effective January 1, 2023

The CPRA applies to for-profit businesses that do business in California and meet any of the following:

  1. Have a gross annual revenue of over $25 million;
  2. Buy, receive, or sell the personal data of 100,000 or more California residents or households; or
  3. Derive 50% or more of their annual revenue from selling or sharing California residents’ personal data.

Virginia Consumer Data Protection Act (CDPA) – Effective January 1, 2023

The CDPA applies to businesses in Virginia, or businesses that produce products or services that are targeted to residents of Virginia, and that:

  1. During a calendar year, control or process the personal data of at least 100,000 Virginia residents, or
  2. Control or process personal data of at least 25,000 Virginia residents and derive over 50% of gross revenue from the sale of personal data.

Colorado Privacy Act (CPA) – Effective July 1, 2023

The CPA applies to organizations that conduct business in Colorado or produce or deliver commercial products or services targeted to residents of Colorado and satisfy one of the following thresholds:

  1. Control or process the personal data of 100,000 Colorado residents or more during a calendar year, or
  2. Derive revenue or receive a discount on the price of goods or services from the sale of personal data, and process or control the personal data of 25,000 Colorado residents or more.

Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTPDA) – Effective July 1, 2023

The CTPDA applies to any business that conducts business in the state, or produces a product or service targeted to residents of the state, and meets one of the following thresholds:

  1. During a calendar year, controls or processes personal data of 100,000 or more Connecticut residents, or
  2. Derives over 25% of gross revenue from the sale of personal data and controls or processes personal data of 25,000 or more Connecticut residents.

Utah Consumer Privacy Act (UCPA) – Effective December 31, 2023

The UCPA applies to any business that conducts business in the state, or produces a product or service targeted to residents of the state, has annual revenue of $25,000,000 or more, and meets one of the following thresholds:

  1. During a calendar year, controls or processes personal data of 100,000 or more Utah residents, or
  2. Derives over 50% of the gross revenue from the sale of personal data and controls or processes personal data of 25,000 or more Utah residents.

The Takeaway 

Organizations that fall under the scope of these respective new privacy laws should review and prepare their privacy programs. The list of updates may involve:

  • Making updates to privacy policies,
  • Implementing data subject request procedures,
  • How your business is handling AdTech, marketing, and cookies,
  • Reviewing and updating data processing agreements,
  • Reviewing data security standards, and
  • Providing training for employees.
© 2022 ArentFox Schiff LLP

Episode 3: How Law Firms Can Benefit From CRM Technology With Chris Fritsch of CLIENTSFirst Consulting [PODCAST]

Welcome to Season 2, Episode 3 of Legal News Reach! NLR Managing Director Jennifer Schaller speaks with Chris Fritsch, Founder of CLIENTSFirst Consulting, about how law firms can thoughtfully and successfully integrate customer relationship management systems, or CRMs, into their daily operations—boosting contact management, business development, and client service in the process.

We’ve included a transcript of the conversation below, transcribed by artificial intelligence. The transcript has been lightly edited for clarity and readability.

INTRO  00:02

Hello, and welcome to Legal News Reach, the official podcast for the National Law Review. Stay tuned for a discussion on the latest trends in legal marketing, SEO, law firm best practices, and more.

Jennifer Schaller

Thank you for tuning into the Legal News Reach podcast. My name is Jennifer Schaller, the Managing Director of the National Law Review. In this episode, I’ll be speaking with Chris Fritsch, who’s the CRM and Marketing Technology Success Consultant and Founder of CLIENTSFirst Consulting. She’s going to talk to us about CRM technology, specifically how it impacts law firms. Chris, would you like to introduce yourself?

Chris Fritsch

Happy to do so! I am Chris Fritsch, I’m actually a CRM Success Consultant. And no, that is not an oxymoron. For the last over 15 years, my team at CLIENTSFirst has helped hundreds of top firms succeed with CRM and related and integrated technology. I’m actually a little bit of a recovering attorney, which is sort of how I got into the industry. And it’s just been a great 15 years working together with top law firms.

Jennifer Schaller

What prompted you to start CLIENTSFirst Consulting?

Chris Fritsch

You know, that’s a good question. I actually worked at a CRM company years ago, and those companies are terrific at building and selling and installing and implementing software…not necessarily as great at being able to take the time to get to know each law firm to really understand the firm’s needs, the requirements, the culture in order to really help them succeed with the technology. So I saw that was a real opportunity to be able to help clients succeed. The company’s called CLIENTSFirst. And so we’re really focused on sharing information, ideas, best practices for success gained from years of experience doing this, and it has been a great 15 years of growth. And the most important part is we get to help clients.

Jennifer Schaller

So what are the main reasons that prompt law firms to implement CRM systems?

Chris Fritsch

CRM systems are about communication, coordination, and client service. And of course, business development. Law firms of all types and sizes really are focused on those areas. So I think that’s why CRM has been such an important piece of technology over the years.

Jennifer Schaller

What are the most common uses of CRMs in law firms?

Chris Fritsch

Use in most firms starts with contact management and list and event management. Those are some of the fundamental capabilities that CRM systems provide. You know, in law firms we write, we speak, we do events and webinars and seminars. That’s a really big need, and CRM fills that need very, very well. These are things that are maybe not exciting, but essential. So that’s creating a centralized repository of information that can be clean and correct and easily updated. That’s usually where firms start. Being able to have marketing build and manage the list to be able to get all the events done and managed, to be able to allow the attorneys or assistants to update lists, and just basically making sure that clients and prospects and other contacts are getting the information that the attorneys and the law firm need to put out there. You know, because as attorneys, if we can’t share information about our experience and our expertise and changes in the law and capabilities, then it makes it really challenging to develop business. And so that’s where CRMs start, but what we’re seeing more recently is a focus on more advanced business development features. Business development has taken a little bit longer in legal than in some other professional services, but I think we’re getting there. So we’re seeing a lot more emphasis on those tools right now. A lot of people right now are actually switching CRM systems because they want to get some more of these advanced business development features.

Jennifer Schaller

What are some of the features law firms should be implementing but that aren’t being utilized enough, in your opinion? Or does that kind of piggyback on business development stuff?

Chris Fritsch

Yeah, that’s a big piece of it. The big thing is activity tracking. That’s one of those things that everybody agrees, it would be incredibly valuable to know who’s taking who to lunch, who are we doing proposals with? Who are we having phone calls and meetings with? But the challenge with that is those have to be entered manually. A lot of things in CRM we’ve been able to automate, but that’s one that you really just can’t because the information lives in the attorney’s head, right? So it’s got to be done, and you can’t have computers or even assistants doing that really well. But everybody wants the information. So I think that has been a big challenge. Probably one of the biggest firm challenges is to get attorneys to sort of function that way and think like salespeople, whereas outside of legal, you know, you can mandate behavior and do reporting on activities. In a professional services, specifically, in a law firm model that’s a little more challenging, there’s sort of a hesitancy to mandate anything. So we do have challenges with that. That also sort of turns into adoption. You know, that has always been a challenge as well. In a law firm time is money, literally. And so anything that they have to do in terms of technology that takes away from serving the clients and frankly, billing time, there’s got to be a lot of value there. Any of the features that require them to do data entry are going to be challenging because we have taken a little bit longer to be focused on business development. There are really advanced pipeline features in a lot of the CRMs, outside of legal, and now in some of the ones that are vertically focused for law firms, but getting attorneys to enter data into a pipeline is probably going to be challenging, and it may not be the highest and best use of their time. And so a lot of firms that are dealing with implementing pipelines, they’re having internal business development resources actually do the data entry, and then just getting the information related to reports and pitches and things. Let them give that information to the attorneys to use when they need it.

Jennifer Schaller

These people are billing their time in six-minute increments. What are some of the built-in features of CRMs that help law firms capture the things that lawyers are reluctant to do other than…. obviously, there needs to be a culture change. But what are some of the things that make it smoother?

Chris Fritsch

So there’s actually a tool that I’m a big fan of called ERM, or enterprise relationship management. And it is a technology most of the CRMs in the legal vertical do have built in, but there are also some freestanding systems. And what they do is they create the contacts from the signature blocks of the emails. So the attorneys don’t have to deal with contact data entry and collection and updating. In the past, the systems worked with sort of an Outlook Sync process where the contacts would flow in, but lately, people don’t use Outlook like they used to. I mean they still use it for email and for calendar, but not so much address books. So the problem with address books was people were putting data in but never removing it. And so you just ended up with more and more contacts. And you know, they’re not particularly relevant anymore. These ERM systems will create good contacts, because frankly, if you just got a signature block, the information is probably good. And so you enter that data–it does it automatically. And so attorneys don’t have to do data entry, which is great. But it also creates a who-knows-who relationship, which is something we really want to be able to capture. You know, if you want to pitch some client or get a connection in a corporation, you might want to know who in the firm knows that person. The ERM uses an algorithm based on recency and frequency of communication to tell us not just who, but how well they know that person based on frequency and recency of communication. There are also some calendar capture features that are available; I think ERM is really the one that has changed the game. Also being able to have a connected email and e-marketing and event management tool that allows the data to flow seamlessly between the systems is incredibly important, because otherwise you end up with disconnected databases and double data entry, and I think e-marketing systems are also a really big deal.

Jennifer Schaller

Okay, wow, I didn’t know the depth of that. That’s really interesting. One of the things that you’ve touched on is lawyers and law firms and culture and change, so how large, or substantial or established, does a law firm need to be to benefit from a CRM?

Chris Fritsch

Pretty much any firm can benefit from CRM, because again, it is the fundamental communication coordination, client service, business development that’s important to every firm. So they’re different types of software for different sizes of firms. And I’ve worked with the largest firms in the world, and we help them find systems that meet their needs. But every once in a while, I’ll work with a solo or small firm, and they have different needs, and, of course, different budget requirements. And so they have different types of products that make sense for them. But I think pretty much anybody from the largest firm in the world to a solo can benefit from CRM.

Jennifer Schaller

Knowing that small law firms are not a homogenous group, meaning that intellectual property law firms or even a solo can have different needs than a family law practitioner, what would be some of the core features that even smaller law firms can look for in CRM systems, or should kind of have as, like, table stakes?

Chris Fritsch

Smaller firms for the longest time had challenges trying to implement CRM because they were licensed models, they require a lot of professional services to install and implement, and they required a lot of staff to manage, and that’s contrary to the small firm model. Ideally, in a perfect world, they want a less expensive option that doesn’t require as much training and ongoing sort of care and feeding. And what’s happened is most of the software providers have gone to a subscription model because it makes it easier to budget for the software over time, you don’t have a big upfront cost, and a lot of them have also moved to the cloud.

Jennifer Schaller

You’ve touched a couple different times about large law firms having multiple data stewards and dedicated CRM people, but smaller firms or firms that are not in the select 100 may not have those resources. What type of staff is required to succeed with CRM technology, or what tasks would need to be at a bare minimum assigned to somebody within their teams to get it up and running or to make it a viable option within the firm?

Chris Fritsch

The larger the firm and the more complex the system and processes required, the more staff and the more resources that are going to be needed, the more training that’s going to be needed, the more communication and planning and strategy. That’s always important. But right now we’re working with a firm that has a database with 7 million records. They’re bringing together information from databases all over the world, that’s a big undertaking. Whereas the most essential staff in bigger firms with a bigger implementation, you’re going to need perhaps a CRM manager, whereas a smaller firm with a smaller implementation that’s less complex, you’re not going to need a CRM manager, perhaps you might just need someone part time. The most important staff though, is in the area of data quality, because data degrades rapidly. And now with all the changes taking place, people are changing jobs left and right. So data is degrading faster than ever, and you’ve made this investment in the technology. But as an attorney, I can tell you, if the data is bad, then the system is bad, and I’m not going to use it. So you definitely have to focus on that data to get the return on investment from the technology. And you know, firms don’t necessarily want to hire a data steward, but it’s super important to focus on.

Jennifer Schaller

So firms are stretched, and plus, you touched upon too, everybody’s changing jobs. So it’s really tough for smaller firms to hire, any smaller organization to hire. So how does the firm stretch their existing staff to implement or, you know, make viable a useful CRM system, because as you mentioned, it’s only as good as its data?

Chris Fritsch

You know, one of the biggest trends we’re seeing is the move to outsourcing and having that really escalate. You know, firms have been outsourcing data stewards for decades, well, for at least the 10, 15 years that I’ve been around, because not every firm has the luxury of being able to hire a data steward or an experienced CRM manager who’s done a rollout before. Again, most firms don’t have the ability or even the desire to have their internal people doing data work. And so they’re turning to outsourcing to fill these positions, because the great thing about it is you can get the experience and the expertise, and just the amount of hours that you require. So especially for smaller firms, you wouldn’t want to hire a 40 hour a week data steward anyway. But with outsourcing, you can get you know, 10 hours a week, 20 hours a week, whatever you need during the rollout, and then you want to focus ongoing you might need even less, but you need to dedicate those resources, and you don’t have to do it with internal people, because data quality work is not particularly fun, and a lot of people don’t enjoy doing it. But yeah, we outsource a lot of data stewards. It’s actually our highest growth area right now because of the focus on outsourcing.

Jennifer Schaller

Okay, so a part of lawyers is–speaking lawyer to lawyer—a bit of a control freak. You might not have noticed or heard about it, but you know, anyway. So outsourcing is kind of a scary thing to them, meaning, you know, a smaller firm might be in the devil of not being able to hire somebody or being able to hire too much of somebody, as you indicated. So with outsourcing, what would they look for?

Chris Fritsch

I think number one is experience and reputation. All of our folks that do data work, you know, we try to hire the right people that have the aptitude to actually enjoy the work and then train them, train them and retrain them. We spend a lot of time really getting them to understand not just how to use the CRM tools and how to do the data quality, but also to do the research and how to also understand the law firm. There’s a lot of complex relationships in terms of financial institutions, I think that’s a really big piece of it, you know, having a lot of knowledge and experience doing it. For a lot of our clients, very, very large law firms, they have often significant privacy and security issues, so we have a team of US based people, because that helps them with challenges around GDPR. So you may want to ask, where are your people based? Can they do background checks is a really big important thing.

Jennifer Schaller

Oh, wow. That’s true, yeah, especially if they’re doing government or any type of work. You brought up some really good points there. So you mentioned training, so law firms that would consider outsourcing would be then benefiting from the training not only that they receive from a company like yours, but experience that they’ve picked up from other law firms along the way.

Chris Fritsch

The training is challenging. So you know, you have to train and retrain, you know, things are changing all the time with the software and systems. And it really is a big component, making sure that you have good experienced people. And then we also have a team that does quality checking as well, because I think in law more than any other industry even more than in other professional services, you mentioned earlier, you know, being a little bit of a control freak, we want good data. Outside of legal people are thrilled to have data quality of 70% . “We have automated data sources that’ll get you 70% correct data.” In a law firm 70% would get you fired! Right?

Jennifer Schaller

We got 70% of your lawsuit correct! That tends to not be an acceptable thing for attorneys, and I think they tend to hold anybody else that they work with or any product that they use to similar standards. It’d be really challenging. What are some of the things, not that there’s any silver bullet–and I’m sorry, legal marketers, there isn’t–to kind of overcome some of the, you know, maybe they were at another firm, or they had a friend who had a problem with it. Lawyers actually talk amongst each other and have a tendency to, well, they’ll discount it for their own clients, other people’s experiences, but if they have a lawyer friend who went through something, and it was negative, that’s, you know, good as gold. How do you overcome some lawyers’ reluctance, because of bad data quality, which seems to cause the problems to incrementally kind of chip away at that?

Chris Fritsch

You know, we used to think—and these things are tied together–so bad data is a big challenge. And adoption is a big challenge, getting attorneys to “use” the system, right? So we forever have defined adoption as attorneys would get trained, they would go through their data, they would, you know, mark the ones that they wanted to share or didn’t want to share, the assistants had to get involved and it all sort of fell down because again, we’re busy, and you know, time is money, literally. You know, I think the adoption challenge is tied to the data. Because again, if the data is bad, they don’t want to use the system. So going to these more automated ERM systems that pull in good data, I think it’s time that we really need to redefine adoption from attorneys doing data entry, which is probably not the highest and best use of someone’s time who’s billing $500, $200, $1,000 an hour, whatever it might be, let’s do more automation. And the other thing with the data is, it used to be the researchers would say 30% was degrading each year. Now it’s got to be closer to 50% with, you know, the Great Realignment and you know, staffing and people working from home and hybrid and people are moving and companies are starting and ending and getting acquired. So if you don’t focus on the data, if you don’t have good data, it’s going to hinder adoption, and it’s sort of all tied together. So we have to really sort of think through things, and that’s, again, why we are so focused on the ERM methodology. It minimizes attorney data entry, it maximizes good data, it automates the process, it really just is a very helpful tool.

Jennifer Schaller

That’s really interesting. Anything that can be used to make it simpler to get it off the ground. You mentioned data quality. And you mentioned ERM software implementations or kind of pairing it with the CRM system or having a CRM system that has that built in as a way to help with data quality. What is the part, you mentioned, that’s still gonna leave maybe 20 to 30% of the data in there? How are ways that law firms or outsourcing groups or, maybe I got the statistic wrong, cleaning up the balance of that, or is that, even within law, acceptable?

Chris Fritsch

What we’ve arrived at is a process that I have named True DQ, and it’s a multi-step process. For some firms, it might just be one step, an outsourced data steward. But for some firms, it’s multiple steps. First thing that you need to do is assess the mess. Figure out how bad is your data, if you’re getting a new system, right, you may not want to move, if you’ve had your system, 10, 15 years, you probably don’t want to move all that data, you definitely don’t want to clean all that data, it can cost more than the CRM system. So helping figure out strategically, what are the right contacts to move, key client data, top lists, getting all that data together and getting it cleaned and deduplicated  because, again, as, attorneys, we all know the same people. Some of us have good data, some is bad, and it’s got to be researched but you want to minimize the amount of data so you want to do a really strong assessment process upfront. And that’s if you’re changing systems, or if you’re just trying to clean your existing system, you want to focus your limited time and resources where you can get the most value. So then there’s an automated data quality process. So you know, as I said earlier, automated, you know, only gets you part of the way there. But when you’re doing projects, like, sometimes we’re doing projects, where there’s 7 million records. You couldn’t hire enough people or have enough money or time to clean all that data. So you can take an automated process that will get you quickly and cost effectively part of the way there. And then you know, at each step in the process, you can say that’s good enough, or I want a cleaner, I want it better. And for a lot of law firms, they want it as clean as possible. And so the final step would be to add data stewards to kind of finish off the remaining data that couldn’t be automatically matched. And also we have a quality checking process to quality check the results of the automated process as well. There’s a lot that goes on to keep good data clean and correct and complete, but it’s absolutely imperative and essential to CRM success and people are investing a lot of money in these systems. They should be getting value from them.

Jennifer Schaller

I know you can’t, us lawyers are all profound individuals, lump them all into one group–

Chris Fritsch

We’re all special snowflakes.

Jennifer Schaller

We are all special snowflakes! But if you have noticed one trend, is it if the data is better, there’s more chance of a successful adoption in use, or does that tend to be one of the biggest hurdles to overcome?

Chris Fritsch

A lot of the new systems that are ERM focused, the adoption model changes a little bit. So before with sort of the CRM systems that have been around longer, the idea was an Outlook Sync. And then everybody used Outlook. And so the contacts–you know, in a law firm, things are sort of inside out, we don’t just join the firm and get given the keys to the CRM, here are the contacts and clients. Instead, they come in with the attorney and new lateral joins, and the contacts are with them. And so we’ve had these tools to bring in Outlook data, and that required training and installations at the attorney level, and then the data would sync back. And if it was wrong, and it changed somebody’s Outlook, you’d hear about it. With the new ERM methodology, and or maybe a one-way sync, so we’re not, you know, pushing potentially incorrect or what people think might be incorrect data back into the Outlook for the attorneys to see, instead we’re gathering the data through an electronic process, we’re getting good data from the signature blocks, we’re bringing that data in. For some of us, what we do is we actually enhance the data with things like industries, because industry marketing is a big priority for a lot of firms. And nobody says they do it really well, you either have to spend a lot of money to get subscriptions, or you have an automated process, or you can do it manually. And so we try to help firms think through strategies to enhance the data when their data stewarding it with company information, size of company, industry of company, so then you don’t have to rely as much on the attorneys. Like they’ll come and say, “Hey, we want to pull an energy list. Because we’re doing an energy seminar.” Well, you can’t do that. “We want to pull a list of clients.” But without a time and billing integration, you really can’t do that. So these new tools are really helping automate that process, so suddenly, maybe I can’t pull 100% perfect energy or manufacture or whatever, pharmaceutical industry list, but I can get you at least a really good start, and then you can add individuals to it. These are tools we didn’t have years ago. And they really are taking the attorneys out of the process and taking them out of the data entry role. And instead, let’s give them the data they want. Let them be consumers of the data, let’s get them the reports that they need to do what they need to do and minimize the time required. Sometimes it’s staff that are helping to support these processes as well. So never underestimate the power of having good folks to help the attorneys get what they need. And so we’re going to define it instead of attorneys entering data into the system, it’s going to be attorneys getting value out of the system. And that’s how I think adoption needs to be redefined.

Jennifer Schaller

So once they see the value in it, they begin to adopt and of course they see another attorney getting value out of it.

Chris Fritsch

And while you might use ERM, when you implement a CRM you have to consider both a macro and a micro. So we’ve got to be able to get the contacts to do the list to do the events. That’s sort of a core component of it. And if you don’t get that data, you can’t do the other things like the fundamental who-knows-who and the business development. So a lot of firms are going to, “Okay, let’s do an ERM model and capture the context.” And most of the attorneys then don’t have to be users of the system. Instead, you can give licenses to key business developers or practice group leaders or whoever might need the information. And they have the data that they need to do what they need to do. But the day-to-day work of the attorneys is they can focus on the clients.

Jennifer Schaller

That’s interesting to hear, and good to hear actually, that it’s rolling out a lot better. You founded CLIENTSFirst Consulting 15 years ago. I’m not trying to age you, you must have founded it when you were 15 and, you know, even more of a prodigy. Name some of the ways that not only things have changed over the last 15 or so years, but some of the incremental successes I mean, it might have been a small firm, it might not resonate, but what are some of the wins that you’ve had, or some of the ways that you’ve been able to help firms succeed over the years?

Chris Fritsch

A key thing that we do, I think, that firms have found particularly valuable is called a CRM Success Assessment. And so whether you’re getting your first CRM system or you’re looking to change systems, or just improve your current implementation, we come in really getting to know the firm. So we do meetings with key stakeholders throughout the firm to really understand their different needs and requirements, and document that. The last thing you want to do is oh, we need a CRM, let’s figure out what everybody else is using, because that has proven over time to be a recipe for disaster. Instead, it’s all about your unique firm, your needs, requirements, and culture. And so we document that for the firms and then we help them go through a selection process where we take the information from the assessment and turn that into what we call a vendor demo roadmap that we can provide to the providers so that they can follow a roadmap during the demonstration. “Hey, focus on these things that the firm really cares about. Let’s compare apples to apples. Let’s put together the right proposal and get the right technology.” Because that’s the first thing is making sure you get the right system. The other thing is back many years ago, success was defined as, “We’re going to roll it out all at once and everybody’s going to use it.” Right? All the attorneys are going to log in every day. Well, I think it’s been 20 years, and it hasn’t happened yet. So again, we’re sort of redefining success doing the macro for the whole firm, but then really being able to, and this sounds a little counterintuitive at a big firm, but you really focus on the micro. Let’s get the macro right, you know, lists and events. But then let’s find the strong leader that has a problem to solve or a process to improve. And the beauty of CRM is it can do 1,000 things, the problem has been it can do 1,000 things, you should probably do three, or maybe even one. And so you get all these tools, but you only want to implement one here. And then you know, each group might want to do something a little differently, one group may actually track activities, there’s a big firm, we’ve worked with that one group is really focused on activity tracking. And so then configure the system to support that one thing, build the reports out the processes around it, the training materials around it, and you train that group on that thing, and maybe just that thing. You know, but then you might have, you know, a labor and employment group that does a lot of events, and webinars and seminars. Let’s show them how to manage the invitation process and add people to lists because they care about that. And so you focus on special snowflake scenarios, one group at a time, and you call them a pilot group. I had a smart Managing Partner say to me, you do a pilot group, and you get them success, you communicate that success, and you do another pilot group, and everybody feels like a special snowflake. Everybody gets their needs met. But it’s not quick. But it’s not designed to be quick, because CRM is not a project. It’s not an initiative, it is a fundamental improvement in how the firm manages its most important asset, its relationships. So as a result, it never really ends. And so if you do it in little pilot groups, you know, you’ve got forever to get better at it. You know, a lot of it is sort of daunting, you’re like, “Oh, our data is terrible.” Well, that’s okay you know, you don’t have to clean it up 100% right now, you want to do it in pieces and get successes, do it in increments, focus on top clients, focus on, you know, one group is doing an event, focus on their lists. There are a lot of different ways to do it to be effective, and get incremental successes, because they do they all add up.

Jennifer Schaller

Start with a coalition of the willing. Thank you, Chris, for going through some of the pilot groups at larger law firms, that sounds like a good way to find some early successes and kind of replicate it, but maybe in a customized form with different groups within a firm. But again, the majority of law firms are small. And while it’s great to learn from what the larger firms are doing, are there any initiatives, you know, to help smaller firms, either within your company or industry-wide, to work with CRMs?

Chris Fritsch

There are definitely some products out there for smaller firms. But what I have seen over the years is it’s been a little challenging because of the resource constraints and the staffing constraints. And so for years, smaller firms would come to me and say, you know, can you help us find a system? And you know, now the software is less expensive because of the subscription model. But the professional services has always been $50,000 plus dollars. And for a smaller firm, that’s without integrations. You’re looking at a lot of money to do the professional services. And so we’ve actually come up with a new piece of software we’re about to come out with that, hopefully, is going to make it easier for smaller firms to get a system to do what they need to help capture and augment the data and do lists. And so we’re pretty excited about that.

Jennifer Schaller

Okay, so if I can ask, what are some of the features in the product that CLIENTSFirst has coming out that helps small firms?

Chris Fritsch

As you can imagine, because I talk so much about it, I really think ERM is a fundamental piece of it. And we’re also going to be doing data cleaning, because obviously that’s a big focus for us as well and data augmentation with the things that we talked about, business information and industry information. And we’re going to make sure the data is clean and correct and complete. And we’re also going to have a built-in email functionality too. So it’s all integrated into a single platform to help smaller firms succeed as well. So the largest firms in the world, they need a certain type of software, and we thoroughly enjoy helping them succeed. And we just think that the smaller firms could benefit from some additional options.

Jennifer Schaller

That’s good to hear. Otherwise, a whole portion of the market is underserved. As always, thanks to Chris Fritsch from CLIENTSFirst Consulting for joining us today and for updating us on the nuances of CRM, specifically in the legal world or in the law firm environment. Law firms have such a challenging time to know where to start or what to do with what they already have. And thank you for helping us understand some of those steps or decision trees that go into law firms or especially smaller firms picking a CRM system. Thanks, Chris.

Chris Fritsch

Happy to help and thank you for the invitation to be here.

OUTRO 

Thank you for listening to the National Law Review’s Legal News Reach podcast. Be sure to follow us on Apple Podcasts, Spotify, or wherever you get your podcasts for more episodes. For the latest legal news, or if you’re interested in publishing and advertising with us, visit www.natlawreview.com. We’ll be back soon with our next episode.

Copyright ©2022 National Law Forum, LLC

Federal Bill Would Broaden FTC’s Role in Cybersecurity and Data Breach Disclosures

Last week, the House Energy and Commerce Committee advanced H.R. 4551, the “Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act” (“RANSOMWARE Act”).  H.R. 4551 was introduced by Consumer Protection and Commerce Ranking Member Gus Bilirakis (R-FL).

If it becomes law, H.R. 4551 would amend Section 14 of the U.S. SAFE WEB Act of 2006 to require not later than one year after its enactment, and every two years thereafter, the Federal Trade Commission (“FTC”) to transmit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a report (the “FTC Report”).  The FTC Report would be focused on cross-border complaints received that involve ransomware or other cyber-related attacks committed by (i) Russia, China, North Korea, or Iran; or (ii) individuals or companies that are located in or have ties (direct or indirect) to those countries (collectively, the “Specified Entities”).

Among other matters, the FTC Report would include:

  • The number and details of cross-border complaints received by the FTC (including which such complaints were acted upon and which such complaints were not acted upon) that involve ransomware or other cyber-related attacks that were committed by the Specified Entities;
  • A description of trends in the number of cross-border complaints received by the FTC that relate to incidents that were committed by the Specified Entities;
  • Identification and details of foreign agencies, including foreign law enforcement agencies, located in Russia, China, North Korea, or Iran with which the FTC has cooperated and the results of such cooperation, including any foreign agency enforcement action or lack thereof;
  • A description of FTC litigation, in relation to cross-border complaints, brought in foreign courts and the results of such litigation;
  • Any recommendations for legislation that may advance the security of the United States and United States companies against ransomware and other cyber-related attacks; and
  • Any recommendations for United States citizens and United States businesses to implement best practices on mitigating ransomware and other cyber-related attacks

Cybersecurity is an area of recent federal government focus, with other measures recently taken by President Bidenthe Securities and Exchange Commissionthe Food and Drug Administration, and other stakeholders.

Additionally, H.R. 4551 is also consistent with the FTC’s focus on data privacy and cybersecurity.  The FTC has increasingly taken enforcement action against entities that failed to timely notify consumers and other relevant parties after data breaches and warned that it would continue to apply heightened scrutiny to unfair data security practices.

In May 2022, in a blog post titled “Security Beyond Prevention: The Importance of Effective Breach Disclosures,” the FTC’s Division of Privacy and Identity Protection had cautioned that “[t]he FTC has long stressed the importance of good incident response and breach disclosure as part of a reasonable information security program, and that, “[i]n some instances, the FTC Act creates a de facto breach disclosure requirement because the failure to disclose will, for example, increase the likelihood that affected parties will suffer harm.”

As readers of CPW know, state breach notification laws and sector-specific federal breach notification laws may require disclosure of some breaches.  However, as of May 2022 it is now expressly the position of the FTC that “[r]egardless of whether a breach notification law applies, a breached entity that fails to disclose information to help parties mitigate reasonably foreseeable harm may violate Section 5 of the FTC Act.”  This is a significant development, as notwithstanding the absence of a uniform federal data breach statute, the FTC is anticipated to continue exercise its enforcement discretion under Section 5 concerning unfair and deceptive practices in the cybersecurity context.

© Copyright 2022 Squire Patton Boggs (US) LLP

Between the Legal Lines — Jessica Pfisterer [PODCAST]

With big dreams of helping people, Jessica Pfisterer began her career in public interest law, though she soon realized she wasn’t going to see the change she hoped for at the pace she wanted. Where Jessica truly found her passion was in People Operations and HR, thanks to her GC at the time. In this episode of Between the Legal Lines, Jessica shares with Andrea Bricca the story of how that pivotal role shaped the future of her career and what she has learned as a human resources leader who is also a trained lawyer.

Jessica Pfisterer is an HR leader and dancer, with a background in civil rights law and social justice work. She currently heads the People team at Lively, and dances with Duniya Dance and Drum Company. She is also on the board of TurnOut, a nonprofit that supports LGBTQ+ organizations, support for LGBTQ+ organizations, ensuring they are positioned to succeed and to continue serving the community. She is a Bay Area local and spends her free time traveling and exploring the great outdoors.

©2022 Major, Lindsey & Africa, an Allegis Group Company. All rights reserved.

Three Ways to Use LinkedIn’s Notifications Tab to Build Your Network and Business

Here’s an easy and effective way to leverage LinkedIn for business development and networking – use information and updates about your connections from the Notifications tab to build stronger relationships.

LinkedIn gives you many reasons to reach out to people in your professional network through the Notifications tab

These reasons range from new business, networking, jobs, referrals and branding opportunities.

Prompts from the LinkedIn Notifications tab about your connections’ birthdays, work anniversaries and new jobs can serve as powerful catalysts to get back in touch with your connections.

I have seen these prompts lead to new business and reignited relationships many times.

I call these notifications “low hanging fruit” because they require very little effort on your part and they’re easy to do, and can yield major benefits.

Marketing strategies don’t have to be complicated to be successful. We often overlook them when it’s so basic.

So how do you leverage them?

  1. For a work anniversary notification, you could say, “Hey Jim, I can’t believe it’s been X years since you joined your company! Time sure flies. How are you?” Then take it a step further, suggest an off-line conversation either in person, over the phone or via zoom.

  2. For a new job announcement try, “Congratulations on the new role – how is it going so far?” again offer to take the conversation off-line and have a separate conversation either in-person or virtually.  (Many people don’t send an email when they get a new job anymore – it’s up to us to do the due diligence to find out where they landed and then take the initiative to congratulate them on their job move).

  3. Wish your connections a happy birthday.  Just saying a simple “Happy birthday – I hope you’re having a great day – would love to take you for lunch or a drink to celebrate” is a great way to make someone’s day. Adding your birthday into LinkedIn works – I had about 200 LinkedIn birthday well wishes and one of them actually led to a new client.

Sometimes the basic actions that take just minutes are the most impactful.

Having reasons to reach out to your connections is powerful versus the dreaded “just checking in” email.

LinkedIn has made it even easier now to stay updated on others’ notifications by enabling us to follow certain individuals by clicking the bell on their profile.

No one knows who you are following, so use it strategically and follow your clients, referrals, VIP connections and even your competitors. You should also follow content creators whose information you find useful.

I’d love to hear how the Notifications section has worked for you.

Copyright © 2022, Stefanie M. Marrone. All Rights Reserved.