Category: Internet

Throwing Out the Privacy Policy is a Bad Idea

The public internet has been around for about thirty years and consumers’ browser-based graphic-heavy experience has existed for about twenty-five years. In the early days, commercial websites operated without privacy policies.

Eventually, people started to realize that they were leaving trails of information online, and in the early ‘aughts the methods for business capturing and profiting from these trails became clear, although the actual uses of the data on individual sites was not clear. People asked for greater transparency from the sites they visited online, and in response received the privacy policy.

A deeply-flawed instrument, the website privacy policy purports to explain how information is gathered and used by a website owner, but most such policies are strangely both imprecise and too long, losing the average reader in a fog of legalese language and marginally relevant facts. Some privacy policies are intentionally obtuse because it doesn’t profit the website operator to make its methods obvious. Many are overly general, in part because the website company doesn’t want to change its policy every time it shifts business practices or vendor alliances. Many are just messy and poorly written.

Part of the reason that privacy policies are confusing is that data privacy is not a precise concept. The definition of data is context dependent. Data can mean the information about a transaction, information gathered from your browser visit (include where you were before and after the visit), information about you or your equipment, or even information derived by analysis of the other information. And we know that de-identified data can be re-identified in many cases, and that even a collection a generic data can lead to one of many ways to identify a person.

The definition of data is context dependent.

The definition of privacy is also untidy. An ecommerce company must capture certain information to fulfill an online order. In this era of connected objects, the company may continue to take information from the item while the consumer is using it. This is true for equipment from televisions to dishwashers to sex toys. The company likely uses this information internally to develop its products. It may use the data to market more goods or services to the consumer. It may transfer the information to other companies so they can market their products more effectively. The company may provide the information to the government. This week’s New Yorker devotes several pages to how the word “privacy” conflates major concepts in US law, including secrecy and autonomy,1 and is thus confusing to courts and public alike.

All of this is difficult to reflect in a privacy policy, even if the company has incentive to provide useful information to its customers.

Last month the Washington Post ran an article by Geoffrey Fowler that was subtitled “Let’s abolish reading privacy policies.” The article notes a 2019 Pew survey claiming that only 9 percent of Americans say they always read privacy policies. I would suggest that more than half of those Americans are lying. Almost no one always reads privacy policies upon first entering a website or downloading an app. That’s not even really what privacy policies are for.

Fowler shows why people do not read these policies. He writes, “As an experiment, I tallied up all of the privacy policies just for the apps on my phone. It totaled nearly 1 million words. “War and Peace” is about half as long. And that’s just my phone. Back in 2008, Lorrie Cranor, a professor of engineering and public policy at Carnegie Mellon University, and a colleague estimated that reading and consenting to all the privacy policies on websites Americans visit would take 244 hours per year.”

The length, complexity and opacity of online privacy policies are concerning. The best alleviation for this concern would not be to eliminate privacy policies, but to make them less instrumental in the most important decisions about descriptive data.

Limit companies’ use of data and we won’t need to fight through their privacy options.

Website owners should not be expected to write out privacy policies that are both sufficiently detailed and succinctly readable so that consumers can make meaningful choices about use of the data that describes them. This type of system forces a person to be responsible for her own data protection and takes the onus off of the company to limit its use of the data. It is like our current system of waste recycling – both ineffective and supported by polluters, because rather than forcing manufacturers to use more environmentally friendly packaging, it pushes consumers to deal with the problem at home, shifting the burden from industry to us.  Similarly, if the legislatures provided a set of simple rules for website operators – here is what you are allowed to do with personal data, and here is what you are not allowed to do with it – then no one would read privacy policies to make sure data about our transactions was spared the worst treatment. The worst treatment would be illegal.

State laws are moving in this direction, providing simpler rules restricting certain uses and transfers of personal data and sensitive data. We are early in the process, but if the trend continues regarding omnibus state privacy laws in the same manner that all states eventually passed data breach disclosure laws, then we can be optimistic and expect full coverage of online privacy rules for all Americans within a decade or so. But we shouldn’t need to wait for all states to comply.

Unlike the data breach disclosure laws which encourage companies to comply only with the laws relevant to their particular loss of data, omnibus privacy laws affect the way companies conduct the normal course of everyday business, so it will only take requirements in a few states before big companies start building their privacy rights recognition functions around the lowest common denominator. It will simply make economic sense for businesses to give every US customer the same rights as most protective state provides its residents. Why build 50 sets of rules when you don’t need to do so? The cost savings of maintaining only one privacy rights-recognition system will offset the cost of providing privacy rights to people in states who haven’t passed omnibus laws yet.

This won’t make privacy policies any easier to read, but it will become less important to read them. Then privacy policies can return to their core function, providing a record of how a company treats data. In other words, a reference document, rather than a set of choices inset into a pillow of legal terms.

We shouldn’t eliminate the privacy policy. We should reduce the importance of such polices, and limit their functions, reducing customer frustration with the privacy policy’s role in our current process. Limit companies’ use of data and we won’t need to fight through their privacy options.

ENDNOTES

1 Privacy law also conflates these meanings with obscurity in a crowd or in public.

Article By Theodore F. Claypoole of Womble Bond Dickinson (US) LLP

For more privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022 Womble Bond Dickinson (US) LLP All Rights Reserved.

You Have Mail (Better Read It): District Court Finds EEOC 90-Day Deadline Starts When Email Received

If a letter from the EEOC is in your virtual mailbox but you never open it, have you received it? Most of us are familiar with the requirement that a claimant who files an EEOC charge has 90 days to file a lawsuit after receiving what is usually required a “right-to-sue” letter from the agency. This is one of the deadlines that both plaintiff and defense counsel track on their calendars. But when is that notice officially “received” by the claimant — especially in these days of electronic correspondence? In Paniconi v. Abington Hospital-Jefferson Health, one Pennsylvania federal court decided to draw a hard line on when that date actually occurs.

A Cautionary Tale

Denise Paniconi worked for a hospital in Pennsylvania and filed a charge of discrimination with the EEOC alleging race and religious discrimination. The EEOC investigated and issued a right-to-sue letter dated September 8, 2021, which gave her 90 days to file her complaint. She filed her complaint 91 days after the EEOC issued the letter. The employer moved to dismiss the complaint for failing to comply with the 90-day deadline.

What ordinarily would just be a day counting exercise took a twist because of how the EEOC issued the notice. The EEOC sent both the plaintiff and her lawyer an email stating that there was an “important document” now available on the EEOC portal. Neither the plaintiff nor her lawyer opened the email or accessed the portal until sometime later. They argued that the 90-day filing deadline should run from the date that the claimant actually accesses the document, not from the date the EEOC notified them it was available.

The court dismissed the complaint for failing to meet the deadline. The opinion noted that although the 90-day period is not a “jurisdictional predicate,” it cannot be extended, even by one day, without some sort of recognized equitable consideration. Paniconi’s lawyer argued that the court should apply the old rule for snail mail  ̶  without proof otherwise, it should be assumed that the notice is received within three days after the issuance date. The court disagreed and pointed out that no one disputed the date that the email was sent  ̶   it was simply not opened and read by either Paniconi or her lawyer. The court said that there was no reason that those individuals did not open the email and meet the 90-day deadline.

Deadlines Are Important

This is another example of how electronic communication can complicate the legal world. The EEOC has leaned into its use of the portal, and the rest of the world needs to get used to it. The minute you receive an email or notice from the portal, you need to calendar that deadline. Some courts (at least this one) believe that electronic communication is immediate, and you may not get grace for not logging on and finding out what is happening with your charge. Yet another reason to stay on top of your emails.

Article By J. William Manuel and Anne R. Yuengert of Bradley Arant Boult Cummings LLP

For more labor and employment legal news, click here to visit the National Law Review.

© 2022 Bradley Arant Boult Cummings LLP

Heated Debate Surrounds Proposed Federal Privacy Legislation

As we previously reported on the CPW blog, the leadership of the House Energy and Commerce Committee and the Ranking Member of the Senate Commerce Committee released a discussion draft of proposed federal privacy legislation, the American Data Privacy and Protection Act (“ADPPA”), on June 3, 2022. Signaling potential differences amongst key members of the Senate Committee on Commerce, Science, and Transportation, Chair Maria Cantwell (D-WA) withheld her support. Staking out her own position, Cantwell is reportedly floating an updated version of the Consumer Online Privacy Rights Act (“COPRA”), originally proposed in 2019.

Early Stakeholder Disagreement

As soon as a discussion draft of the ADPPA was published, privacy rights organizations, civil liberty groups, and businesses entered the fray, drawing up sides for and against the bill. The ACLU came out as an early critic of the legislation. In an open letter to Congress sent June 10, the group urged caution, arguing that both the ADPPA and COPRA contain “very problematic provisions.” According to the group, more time is required to develop truly meaningful privacy legislation, as evidenced by “ACLU state affiliates who have been unable to stop harmful or effectively useless state privacy bills from being pushed quickly to enactment with enormous lobbying and advertising support of sectors of the technology industry that resist changing a business model that depends on consumers not having protections against privacy invasions and discrimination.” To avoid this fate, the ACLU urges Congress to “bolster enforcement provisions, including providing a strong private right of action, and allow the states to continue to respond to new technologies and new privacy challenges with state privacy laws.”

On June 13, a trio of trade groups representing some of the largest tech companies sent their open letter to Congress, supporting passage of a federal privacy law, but ultimately opposing the ADPPA. Contrary to the position taken by the ACLU, the industry groups worry that the bill’s inclusion of a private right of action with the potential to recover attorneys’ fees will lead to litigation abuse. The groups took issue with other provisions as well, such as the legislation’s restrictions on the use of data derived from publicly-available sources and the “duty of loyalty” to individuals whose covered data is processed.

Industry groups and consumer protection organizations had the opportunity to voice their opinions regarding the ADPPA in a public hearing on June 14. Video of the proceedings and prepared testimony of the witnesses are available here. Two common themes arose in the witnesses’ testimony: (1) general support for federal privacy legislation; and (2) opposition to discrete aspects of the bill. As has been the case for the better part of a decade in which Congress has sought to draft a federal privacy bill, two fundamental issues continue to drive the debate and must be resolved in order for the legislation to become law: the private right of action to enforce the law and preemption of state laws or portions of them. . While civil rights and privacy advocacy groups maintain that the private right of action does not go far enough and that federal privacy legislation should not preempt state law, industry groups argue that a private right of action should not be permitted and that state privacy laws should be broadly preempted.

The Path Forward

The Subcommittee on Consumer Protection and Commerce of the House Energy and Commerce Committee is expected to mark up the draft bill the week of June 20. We expect the subcommittee to approve the draft bill with little or no changes. The full Energy and Commerce Committee should complete work on the bill before the August recess. Given the broad bipartisan support for the legislation in the House, we anticipate that the legislation, with minor tweaks, is likely to be approved by the House, setting up a showdown with the Senate after a decade of debate.

With the legislative session rapidly drawing to a close, the prospects for the ADPPA’s passage remain unclear. Intense disagreement remains amongst key constituency groups regarding important aspects of the proposed legislation. Yet, in spite of the differences, a review of the public comments to date regarding the ADPPA reveal one nearly unanimous opinion: the United States needs federal privacy legislation. In light of the fact that most interested parties agree that the U.S. would benefit from federal privacy legislation, Congress has more incentive than ever to reach compromise regarding one of the proposed privacy bills.

Article By Shea Leitch, Jeffrey L. Turner, Kristin L. Bryan, and Kyle R. Fath of Squire Patton Boggs (US) LLP

For more data privacy and cybersecurity legal news, click here to visit the National Law Review.

© Copyright 2022 Squire Patton Boggs (US) LLP

Privacy Tip #335 – Health Care Sector Continues to Be Hit with Ransomware

According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care sector shared that 66 percent of them had experienced a ransomware attack in 2021, which was an increase of 69 percent over 2020. This was the largest increase of all sectors surveyed.

If you look at the Office for Civil Rights data breach portal, you will see that a vast majority of breaches reported by health care providers and business associates are related to “Hacking/IT incident.” This confirms that the health care sector continues to be attacked by threat actors seeking to steal protected health information of patients.

If you are a patient who receives a breach notification letter from a health care provider or business associate, the letter will provide guidance on how to protect yourself following a data breach and may offer some protection guidance, including credit monitoring or fraud resolution. Such a letter has been sent to patients to comply with the breach notification requirements of HIPAA and state law. Part of those requirements includes that the patients be provided mitigation steps following the breach to protect themselves from fraud. Avail yourself of these protections in the event your information is compromised. Take the time to sign up for the mitigation offered. It is clear that these attacks will not subside any time soon.

Article By Linn F. Freedman of Robinson & Cole LLP

For more cybersecurity and media legal news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

June 2022 Legal Industry News and Highlights: Law Firm Hiring, Industry Recognition, and New Diversity and Inclusion Efforts

Happy Summertime from the National Law Review! We hope you are staying safe, healthy, and cool. Read on below for the latest news in the legal industry, including law firm hirings and expansion, legal industry awards and recognition, and diversity, equity, and justice efforts in the field.

Law Firm Hiring and Expansion

Michael Best & Friedrich LLP has added Brett R. Valentyn as Senior Counsel to the firm’s Corporate and Transactional Practice Group. Mr. Valentyn, a well-practiced mergers, acquisitions, and corporate attorney, has a wide array of experience in areas such as private equity, corporate governance, and transactional and contractual matters. He has advised clients across industries in buy-side and sell-side transactions for both small-cap and large-cap companies.

“Brett’s successful history in advising clients on transactional matters has him well-positioned to flourish,” said Jason Rogers, Chair of the Corporate & Transactional Practice Group. “Brett’s impressive background in transactional law will only strengthen our already deep bench of talented and business-minded private equity and M&A attorneys. I’m confident Brett will make a wonderful addition to our Corporate & Transactional Practice Group.”

Corporate attorney Eric D. Statman has joined the Toxic Torts practice group at Goldberg Segalla. A 20-year veteran of complex commercial litigation, Mr. Statman is poised to continue his environmental, product liability, and mass tort practice out of the firm’s Manhattan office.

Previously, Mr. Statman has aided clients across a variety of industries, resolving major disputes with minimum impact to corporations through mediation or litigation, as well as negotiating a large number of group settlements. Notably, he has represented asbestos defendants as local and national counsel, helping to develop strategies to minimize exposure.

Michael J. Ligorano has rejoined Norris McLaughlin’s Real Estate, Finance, and Land Use Group and Immigration Practice Group after nine years as the Diocese of Metuchen’s General Counsel. Ligorano is an established New Jersey land use and immigration practitioner with experience evaluating undeveloped land, as well as acquiring, developing, and financing municipal projects around the state. In addition to city planning, Ligorano has served as a legal resource for multinational businesses who wish to enter the United States, assisting in the navigation of the US immigration process. He is the former supervising attorney for the Diocese of Metuchen Catholic Charities Immigration Program, and a member of the American Immigration Lawyers Association.

“Michael has a deep understanding of our firm and of the local landscape. He is not only one of the state’s foremost land use and commercial real estate attorneys, but as an experienced immigration counsel will help make ours arguably the best immigration practice in the region,” said David C. Roberts, Chair of Norris McLaughlin. “We are pleased to have Michael at the firm and look forward to his leadership and cross-practice collaboration.”

Five partners and eight associates have joined the Chicago office of the MG+M The Law Firm. The Asbestos Litigation Practice welcomes Partners Timothy KrippnerMichael CantieriChristopher TriskaWilliam Irwin, and Daniel Powell, as well as Associates Alex BlairElizabeth GrandeAerial HendersonDragana KovacevicCindy Medina-CervantesEmily Sample, and Andrea Walsh. The new members bring with them decades of combined high-stakes complex commercial and liability defense experience.

“MG+M enthusiastically welcomes this exceptional team of professionals to our firm,” commented MG+M Chairperson and Partner John B. Manning. “We have collaborated with this group of lawyers for years and look forward to their enhancement of our brand as a go-to firm for high-stakes litigation matters in Illinois, the Midwest and nationally.”

Legal Industry Awards and Recognition

The Environmental Practice Group at Greenberg Traurig, LLP has been recognized in the Legal 500 United States 2022 Guide. 31 attorneys across 12 offices in the US were included in the list, highlighting the firm’s expertise in areas such as environmental regulation, environmental litigation, energy regulation, mass torts, and Native American law.

Of particular note, shareholder David B. Weinstein was recognized in the U.S. Guide as a Leading Lawyer in the category of Dispute Resolution > Product Liability, Mass Tort, and Class Action – Defense: Toxic Tort. Likewise, shareholder Troy A. Eid was recognized as a Leading Lawyer for Industry Focus > Native American Law.

Canadian law firm Blake, Cassels & Graydon LLP was recognized six times at the 2022 Benchmark Canada Awards, including three separate “Firm of the Year” Awards. Specifically, the firm was named the Competition Litigation Firm of the Year for the first time, the White Collar Crime/Enforcement Firm of the Year for the third consecutive year, and the Arbitration Firm of the Year for the fifth consecutive year.

In addition, Blakes was granted the Impact Case of the Year award for work on Sherman Estate v. Donovan, led by partner Iris Fischer. Partners Michael Barrack and Melanie Baird also received the Hall of Fame Award and the IP Litigator of the Year award, respectively.

Thomson Reuters has named six Stubbs Alderton & Markiles attorneys as “Rising Stars” on the Southern California Super Lawyers list. The members of the firm that have been selected are listed here:

Attorneys selected for the Super Lawyers list demonstrate a high degree of personal and professional achievement, as well as a significant level of peer recognition. The list selects only 2.5 percent of under-40 lawyers in the Southern California area for the “Rising Stars” designation, making decisions based on peer nomination, independent research, and peer evaluation.

Two Womble Bond Dickinson (US) attorneys have been ranked in the 2022 edition of Chambers USA. Cristin Cowles, Ph.D., an experienced patent prosecution and patent lifecycle management attorney, has been ranked in Intellectual PropertyJed Nosal, a practiced state regulatory oversight, enforcement, and compliance attorney, has been ranked in Energy & Natural Resources.

Additionally, the firm’s Massachusetts-based Energy & Natural Resources practice has been recognized by Chambers USA as an industry leader. In total, 60 Womble Bond Dickinson attorneys and 22 state-level practice areas have been recognized in the 2022 edition of Chambers USA.

Diversity, Equity, and Justice Efforts

Chris Slaughter, CEO of Steptoe & Johnson PLLC, affirmed the firm’s commitment to diversity and inclusion by taking the Leaders at the Front Initiative Pledge with the Leadership Council on Legal Diversity. Nationally recognized for its strengths in energy law, business, labor and employment, and litigation, Steptoe & Johnson has a longstanding commitment to diversity, equity, and inclusion, with efforts such as the D Cubed Program, the Standing Diversity & Inclusion Committee, and ongoing diversity recruitment and retention efforts.

The Leaders at the Front Initiative is a movement intended to forefront the conversation about diversity and inclusion for major organizations and law firms. It requires an organization to act on their pledge by creating an action plan that turns their words into measurable actions, with the end goal of helping a new diverse generation of attorneys obtain positions of leadership and in return create a national legal industry that is diverse and inclusive.

Three Bradley Arant Boult Cummings LLP attorneys have been recognized by the Virginia Access to Justice Commission for their outstanding pro bono services. Lee-Ann C. Brown, an associate at the firm, has been named the 2020-2021 Pro Bono Service Champion, an honor reserved for top Virginia attorneys reporting the highest number of pro bono hours. Douglas L. Patin and Henry C. Su have likewise been named 2020-2021 Pro Bono Service Honor Roll members for contributing over 40 hours of pro bono service.

The Virginia Access to Justice Commission was established in 2013 by the state’s Supreme Court to promote equal access to justice, with a particular emphasis on the civil needs of Virginia residents. The bar’s participation in pro bono service has since become a priority for the Commission, connecting judges, lawyers, and legal aid and social services to assist in making the courts more accessible for all.

“These attorneys have made tremendous strides in providing pro bono service and working to promote access to justice in the Virginia community, and we are proud of their significant contributions,” said Bradley Pro Bono Counsel Tiffany M. Graves.

Hunton Andrews Kurth LLP has announced the establishment of the HuntonAK Pathfinders Scholarship Program, a 10-week, paid Summer Clerkship for outstanding first-generation 2L law students. Stemming from the winning submission at the firm’s annual “Hackathon,” a brain-storming competition for enhancing diversity and inclusion in the legal industry, the scholarship seeks to attract students to the private practice of law while providing valuable work and mentorship experiences at the firm.

Hunton Andrews Kurth is committed to making our profession more accessible to talented law students who have already demonstrated great determination by climbing the first rung of the educational mobility ladder,” said managing partner Wally Martinez. “This scholarship, strictly for first-generation students, is one of the first of its kind and we are honored to help lead the way with this effort.”

Article By Chandler Ford and Crissonna Tennison of The National Law Review / The National Law Forum LLC

For more business of law legal news, click here to visit the National Law Review.

Copyright ©2022 National Law Forum, LLC

Six Tips for Selecting the Right CRM System

Before deciding on a new CRM, follow these steps to select the right CRM system that meets your requirements, enhances adoption, offers value to your users – and can provide a return on your investment.

Research estimates that up to 70% of CRM systems fail to meet expectations – and a failed CRM implementation can be extremely costly, not just in terms of the financial expense, but also because of the costs in lost time – and credibility. Even more impactful: you don’t often get a second chance at CRM success. This means that it’s critical to select the right CRM system the first time.

The good news is CRM success is more than possible. If you simply follow a few critical steps before and during the CRM selection process, you can ensure that the system you select will help you achieve your organization’s goals, enhance adoption and provide value to your users – and deliver a return on your technology investment.

Tip 1: Problems First, Then Products

When attempting to successfully select and implement CRM software, it’s essential to focus on people and processes first, products second. Too many people immediately rush out to find potential vendors, so they can set up demonstrations of the most popular CRM software.

While it’s easy to get caught up in the shiny bells and whistles of a good CRM demo, it’s important to resist the temptation to dive into features and functions too soon without first taking the time to gain a real understanding of your organizational and user needs.

Tip 2: Assess Your Needs

Organizations buy CRM software for a number of reasons – but each organization is unique. To provide real value and ROI, before making the purchase, you have to understand what you are trying to accomplish.

Start by putting together a list of the key reasons you think you need a CRM.

  • Are you trying to communicate more effectively with clients and prospects?
  • Manage and evaluate the ROI of events or sponsorships?
  • Track and enhance business development efforts?
  • Help the organization be more efficient?
  • Increase business and revenue?

After assessing your organization’s needs, you may discover that you have more goals than you first thought.

If this is the case, it will be important to prioritize the goals. Don’t try to boil the ocean. If you try to tackle too many things at once, especially during the initial rollout, you will be less likely to succeed. Instead, assign your goals to a timeline based on importance and value to users. For the initial implementation, set a few relevant goals, achieve those initial successes, communicate the successes – and repeat.

Making your users part of the process up front will also make them more likely to adopt the software later.

Once you understand your organization’s unique needs and requirements, it’s time to talk to your users. One of the biggest frustrations we hear from clients is a lack of CRM adoption. This isn’t surprising since, in many of these organizations, system users were not involved during the selection process. To get people to buy in and use software, it has to provide value not only to the organization, but to the users individually. The challenge is that different people define value differently, which means different groups or types of users will have their own unique needs and requirements. That’s why it’s so important to get them involved early. Making your users part of the process up front will also make them more likely to adopt the software later.

To gather user input, consider creating focus groups to provide feedback on product features and functions. You may even want to meet with some of the naysayers individually to start encouraging their participation and head off future roadblocks. Finally, be sure to involve key stakeholders in system demonstrations to help evaluate the software and solicit their feedback before proceeding with system selection. In fact, it’s beneficial to have users involved throughout the rollout to offer ideas on how to improve the CRM implementation for everyone.

Tip 3: Evaluate the Systems and Providers

After gathering all the relevant information, it’s important to fully document your requirements and make sure you are well-prepared before reaching out to providers. The best way to do this is with what I call a ‘demo roadmap.’ This is a comprehensive two- to three-page document that sets out all of the details for the demonstrations along with all the needs and requirements gathered during the needs assessment and the features and functionality that you want to see.

Your ‘roadmap’ will guide the CRM providers so that they show you the key system attributes that are critical to the success of your organization and users and also helps to prevent the demonstrations from becoming a ‘dog and pony show.’ Your roadmap should be shared with the CRM providers well in advance of the demonstrations to give them time to adequately prepare.

Some larger organizations may also find it beneficial to take an additional step and create a much more detailed, formal RFP document. This request for proposals would be sent to potential CRM providers to solicit answers to a number of questions before scheduling any demos. The formal responses allow you to evaluate and compare the vendors and their system features and pricing in advance of the demonstrations. Many organizations use the RFP to limit the demonstrations to only the potential providers who are able to meet the organization’s budget and other requirements.

Once you have identified a few CRM systems that meet your requirements, you can begin the vetting process to select the right CRM system for your organization.

Tip 4: Direct the Demonstrations

It’s essential that the CRM demonstrations allow you to make an informed decision and adequately and accurately compare systems, features and pricing. It’s also important at this phase to again involve your users. CRM systems have a reputation for being notoriously difficult to implement, and the last thing you want is to be responsible for unilaterally selecting a system that then doesn’t meet user expectations. This can also help to make them more invested in system success.

It’s also important to structure the participation and demonstrations so you maximize the benefits.

First, it can be helpful to thin the field of participating CRM providers to a manageable number.

Next, select a group of users to participate. It can be good to choose users from different groups such as professionals and administrative, so you get some different perspectives.

Participants selected must have the time and inclination to participate and must be willing to sit through all of the demonstrations so they can accurately compare all the systems.

Finally, you may want to prepare the users by sharing the requirements and/or roadmap with them and asking them to be prepared to ask any questions they may have.

You should also prepare the providers. First, let them know how much time they have. A typical CRM demonstration can take between one and two hours.

Also let them know who will be participating and what their needs and interests are. If you have professional or executive users who have limited time for demonstrations, it can be helpful to direct the providers to spend the first 30 minutes to an hour of the demo on the features that are most relevant to those users.

Then they can step out and the rest of the time can be spent showing you the more detailed back-end functionality. Finally, be sure to leave at least 15 minutes at the end of the demonstrations for questions.

Tip 5: Check References

CLIENTSFirst CRM References Checklist

Before making the final commitment to a CRM system, it’s important to make sure you go through a thorough vetting process. It’s important to make sure you get all the information you need before finalizing your purchase.

First, ask the CRM vendor for references you can speak with. But don’t stop there. Talk to other companies or organizations in your industry who have used the software. Be sure to ask open-ended questions that will help you learn not only about the software, but also about other important areas. A few good questions to ask include:

  • Would you recommend the software?
  • Has the system performed as expected?
  • What were the biggest challenges with the implementation?
  • Were there any unexpected costs or delays?
  • What do you wish you had done differently during the selection and implementation?
  • How was the service after the sale?

For a comprehensive list of good questions to ask before finalizing the sale, check out our CLIENTSFirst CRM Reference Checking Questions Document.

Tip 6: Final Selection Steps

Once you have selected the right CRM system for your organization, there are still a few additional important details that require attention. You will want to have a formal scoping call with the provider to be able to accurately gauge the actual cost. The final price can vary depending on a number of variables including:

  • The number and types of licenses
  • Additional modules or software needed
  • Professional services to implement
  • Ongoing annual subscription or maintenance costs
  • Any proposed integrations
  • The types of training and materials
  • Data conversion and/or quality

If the price is an issue with your system of choice, there are also options. First, there may be room for negotiation. Alternatively, you can do a phased rollout to spread the costs over time. Some organizations prefer to start the rollout with Marketing and power users and then roll out to a small pilot group. Then additional groups can be added in later phases over time.

Finally, remember that in any sale, you are not finished until the paperwork is done. After the price is agreed upon, you will need to review the contract or agreement. While these documents may look official and final, in fact they are often open to negotiation, so it can be beneficial to modify some of the contract terms.

For instance, if the software is new to the market, you may be able to get a discount or arrange a beta test at a reduced rate.

Additionally, instead of paying the entire invoice up front, you can often negotiate payment terms that are stepped over time based on the satisfactory completion of key deployment steps. This can enhance your chances of CRM success by aligning your CRM vendor’s success with yours.

One Last Tip: Don’t Do It Alone

Selecting the right CRM system can be a daunting process. Most firms have never been through the process before – and few want to repeat it.

Article By Christina R. Fritsch JD of CLIENTSFirst Consulting

For more business of law legal news, click here to visit the National Law Review.

© Copyright 2022 CLIENTSFirst Consulting

Hackers Go Phishing in Beeple’s Deep Pool of Twitter Followers

“Stay safe out there, anything too good to be true is a … scam.” Beeple, a popular digital artist, tweeted to his followers, addressing the phishing scam that took place on May 23, 2022, targeting his Twitter account. The attack reportedly resulted in a loss of more than US$400,000 in cryptocurrency and NFTs, stolen from the artist’s followers on the social media website.

After hacking into Beeple’s Twitter account, perpetrators tweeted links from the artist’s page, promoting a fake raffle for unique art pieces. The links would reportedly take the user to a website that would drain the user’s cryptocurrency wallet of their digital assets.

Phishing scams for digital assets, including NFTs or non-fungible tokens, have steadily increased, with funds as large as $6 million being stolen. Various jurisdictions have adopted privacy and security laws that require companies to adopt reasonable security measures and follow required cyber incident response protocols. A significant part of these measures and protocols is training for employees in how to detect phishing scams and other hacking attempts by bad actors. This incident is a reminder to consumers to exercise vigilance, watch for red flags and not click on links without verifying the source.

The remaining summaries of news headlines are separated by region for your browsing convenience. 

UNITED STATES

Relaxed Deaccessioning COVID-19 Exemptions Expire

The global COVID-19 pandemic brought many changes, including dire financial consequences of the shutdowns for museums. In April 2020, the Association of Art Museum Directors (AAMD) made a decision to ease the rules that dictate how museums may use proceeds from art sales. Until April 2022, museums were permitted to use the funds for “direct care of collections” rather than to procure new artworks for their collections.

This relaxed policy and some of the museums that followed it met with backlash on more than one occasion; others, however, advocate for its continuation, citing considerations of diversity and inclusion. Some further argue that a policy born out of financial desperation should be continued to provide museums with the means to overcome any future financial issues that may arise.

Given that “direct care” is vague and open to interpretation, opponents of the relaxed rules counter giving museums such latitude to decide on the use of the proceeds, as it can lead to abuses and bad decisions. While AAMD has returned to its pre-pandemic regulations, and museums have followed suit, it appears that the public debate around deaccessioning is far from over.

Inigo Philbrick Sentenced to a Prison Term

Former contemporary art dealer Inigo Philbrick was sentenced by a federal court in New York to serve seven years in prison for a “Ponzi-like” art fraud, said to be one of the most significant in the history of the art market, with more than an estimated US$86 million in damages. Philbrick stood accused of a number of bad acts, including forging signatures, selling shares in artworks he did not own and inventing fictitious clients.

New York Abolishes Auction House Regulations

As the U.S. government is studying whether the art market requires further regulations to increase transparency and to combat money laundering, New York City repealed its local law that required auctioneers to be licensed and required disclosures to bidders, including whether an auction house had a financial stake in the item being auctioned. While the abolition of the regulation was ostensibly to improve the business climate after the pandemic, some commentators note that the regulations were outdated and not serving their purpose in any event. As an illustration, a newcomer to an auction will likely struggle to understand the garbled pre-action announcements or their significance. Whether the old regulations are to be replaced with new, clearer rules remains to be seen.

EUROPE

Greece and UK to Discuss Rehoming of Displaced Parthenon Marbles

The Parthenon marbles, also known as the Elgin marbles, have been on display in London’s British Museum for more than 200 years. These objects comprise 15 metopes, 17 pedimental figures and an approximately 250-foot section of a frieze depicting the birthday festivities of the Greek goddess Athena. What museum goers might not know is that these ancient sculptures were taken from the Acropolis in Greece in 1801 by Lord Elgin.

Previously, the British government, seeking to retain the sculptures, relied on the argument that the objects were legally acquired during the Ottoman Empire rule of Greece. However, for the first time, the UK has initiated formal talks with Greece to discuss repatriation of the Parthenon sculptures. These discussions are expected to influence future intergovernmental repatriation negotiations.

ASIA

Singapore High Court Asserts Jurisdiction over NFTs after Ruling Them a Digital Asset

The highest court in Singapore has granted an injunction to a non-fungible token (NFT) investor, Janesh Rajkumar, who sought to stop the sale of an NFT that once belonged to him and was used as collateral for a loan. The subject NFT from the Bored Ape Yacht Club Series is a rarity, as it depicts the only avatar that wears a beanie. Rajkumar now is seeking to repay the loan and have the NFT restored to his cryptocurrency wallet. The loan agreement specified that Rajkumar would not relinquish ownership of the NFT, and should he be unable to repay the loan in a timely manner, an extension would be granted. Instead of granting Rajkumar an extension, the lender, who goes by an alias “chefpierre,” moved to sell the NFT. The significance of the Singapore court’s decision is two-fold: the court has (1) recognized jurisdiction over assets cited in the decentralized blockchain, and (2) allowed for the freezing order to be issued via social media platforms.

THE MIDDLE EAST

Illegal Trading Leads to Raiding of Antique Dealer by the Israeli Authorities

A recent raid on an unauthorized antiquities dealer in the city of Modi’in by the Israel Antiquities Authority recovered hundreds of artifacts of significant historical value, including jewelry, a bronze statue and approximately 1,800 coins. One the coins is a nearly 2,000-year-old silver shekel of great historical significance. The coin is engraved with the name Shimon, leader of the 132–136 C.E. Bar Kokhba revolt.

Investigations are ongoing to determine where the antiquities were obtained. The Antiquities Robbery Prevention Unit intends to charge the dealer and their suppliers upon obtaining this information.

Article By Jana S. Farmer and Meenka Maharaj of Wilson Elser Moskowitz Edelman & Dicker LLP

For more entertainment, art, and sports news, click here to visit the National Law Review.

© 2022 Wilson Elser

Thailand’s Personal Data Protection Act Enters into Force

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA, originally enacted in May 2019, provides for a one-year grace period, with the main operative provisions of the law originally set to come into force in 2020. Due to the COVID-19 pandemic, however, the Thai government issued royal decrees to extend the compliance deadline to June 1, 2022. 

The PDPA mirrors the EU General Data Protection Regulation (“GDPR”) in many respects. Specifically, it requires data controllers and processors to have a valid legal basis for processing personal data (i.e., data that can identify living natural persons directly or indirectly). If such personal data is sensitive personal data (such as health data, biometric data, race, religion, sexual preference and criminal record), data controllers and processors must ensure that data subjects give explicit consent for any collection, use or disclosure of such data. Exemptions are granted for public interest, contractual obligations, vital interest or compliance with the law.

The PDPA applies both to entities in Thailand and abroad that process personal data for the provision of products or services in Thailand. Like the GDPR, data subjects are guaranteed rights, including the right to be informed, access, rectify and update data; restrict and object to processing; and the right to data erasure and portability. Breaches may result in fines between THB500,000 (U.S.$14,432) and THB5 million, plus punitive compensation. Certain breaches involving sensitive personal data and unlawful disclosure also carry criminal penalties including imprisonment of up to one year.

Article By Hunton Andrews Kurth’s Privacy and Cybersecurity of Hunton Andrews Kurth

For more communications, media & internet news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

How to Create an Impactful and Authentic Pride Month Social Media Campaign for Your Company

June is Pride Month, which offers companies of all kinds a unique opportunity to celebrate, show support and raise awareness for LGBTQIA+ rights on their social media channels.

Businesses of all kinds and sizes can get involved, raise awareness and give back for Pride Month regardless of their budget or reach.

While Pride is most definitely a celebration, an impactful Pride campaign should include education, awareness, and center around people.

Celebrating Pride and showing your support for the LGBTQIA+ community is not a trend— and it shouldn’t be treated as such.

Here’s how to create and implement an impactful and genuine Pride Month social media campaign at your company.

The Do’s and Don’ts of Pride Month social media planning

Before you dive head-first into planning your corporate Pride initiatives, it’s important to get a wide range of employees involved in the planning process.

If your company has an LGBTQIA+ affinity group or diversity committee, collaborate with them or if you don’t have a group, consider convening a committee of employee volunteers of diverse backgrounds to serve as a sounding board and provide their input as your plans begin to take shape.

Please note: these volunteers should be compensated for their time and efforts in some meaningful way (vacation time, bonuses, gift cards, etc.). While it may be too late to do this for this year’s campaign, activate or assemble the group now for your 2023 initiative.

Don’t: Exploit social initiatives and conversations as a means to reach business goals.

Celebrating Pride and showing your support for the LGBTQIA+ community is not a trend— and it shouldn’t be treated as such.

If you’re simply posting rainbow-branded imagery (rainbow washing) during the month or posting about your commitment to the cause without having any real initiatives or actions to back it up, you’re just paying lip service to and perhaps exploiting yet another social initiative. Make sure your company can really walk the walk before you talk the talk. Performative allyship can backfire, alienating your employees, your clients, recruits, and others.

Remember that everyone (employees, clients, and the general public) is watching what you post online, even if they don’t actually like or comment on it.

Do: Ask yourself why you’re supporting this initiative and have a clear purpose.

Before publishing Pride-related content, ask yourself, are we actually adding value to this conversation? What are we hoping to gain from inserting ourselves into this conversation? What are our motivations? Is our company an actual safe space or inclusive environment that includes active and engaged allies?

Remember, Pride Month should not be about your business goals. You also don’t have to have accomplished all of your LGBTQIA+ related inclusion goals to commemorate Pride, but your efforts should be more than surface level.

Do: Support LGBTQIA+ initiatives year-round.

If you don’t already take steps to support the LGBTQIA+ community year-round, take the opportunity to discuss doing so with management and staff before Pride. June is only one month out of the year, a month where it’s arguably the “most acceptable” to show support for the LGBTQIA+ community. To be a true ally, it’s important to show this level of support year-round. Work to ensure that your company’s policies and practices are inclusive and address the needs of your LGBTQIA+ employees.

In addition to internally focused actions, consider how your true commitment can be reflected externally. There are many organizations to which you can donate and volunteer. Solicit voluntary feedback from your LGBTQIA+ employees and clients to ensure that they feel involved and included in the process.

Do: Educate yourself and those around you on the origins and history of Pride Month.

Pride Month has a rich, political history that companies often fail to understand and recognize as they participate in Pride Month. Pride Month is celebrated in June to honor the 1969 Stonewall Uprising in Manhattan — a tipping point for the Gay Liberation Movement in the United States.

Not only is Pride a time to recognize the progress that’s been made since the Stonewall Riots, but it’s just as important to acknowledge how far we still must go as a society, particularly considering recent efforts to overturn or narrow the progress that has been made. A successful Pride campaign should have education and awareness at its core.

Do: Make education and awareness the core of your campaign.

Ideas for content for your Pride Campaign can include educating your followers on the meaning behind the Pride flag, using posts to tell the history of the Pride flag, and what Pride means to your employees, and run their answers in Q&A posts.

Another idea is to create posts to help followers better understand Pride Month and provide resources to help people better educate themselves on the cause and support those of the LGBTQIA+ community.

In addition, spotlighting members of the LGBTQIA+ community is a helpful way to educate your followers and amplify the contributions of individuals.

No matter what you choose, create a campaign that is rooted in improving awareness and education amongst your community.

Do: Let inclusivity be at the core of your all campaigns.

Inclusivity should be an active mission as part of your Pride campaign, and for your future marketing efforts too. Aim to have better representation on social media for your community — that means including people of all marginalized or otherwise underrepresented voices.

If you really want to reach, represent, and support your diverse community, it’s time to make active shifts towards better inclusive marketing year-round. It’s less about what you need to do for Pride today and instead, how are you supporting LGBTQIA+ folks year-round?

Do: Put your money (and time) where your mouth is.

Instead of treating Pride like a marketing campaign, put your efforts toward an activity that will positively impact the LGBTQIA+ community.

While monetary donations can be helpful, volunteering at community events or spending time with LGBTQIA+ advocacy organizations can be more impactful for your employees.

Consider hosting or taking part in LGBTQIA+ programming and donating to local charities doing work in your community to support LGBTQIA+ initiatives.

Do: Use the right hashtags to be discovered

  • #lgbtqia
  • #lgbtqpride
  • #lgbtqhumanrights
  • #equality
  • #pridemonth
  • #loveislove
  • #pride

Every organization that wants to support Pride on social media can find a way to do so, we challenge you to do it in a way that is authentic, genuine, and impactful to your brand and most importantly, to your employees and your clients. The world is watching you, so challenge yourself by doing the right thing.

This article was authored by Stefanie Marrone of Stefanie Marrone Consulting, and Paula T. Edgar, Esq, the CEO of PGE Consulting Group LLC, a firm that provides training and education solutions at the intersection of professional development and diversity, equity and inclusion. 

For more legal marketing and law office management news, click here to visit the National Law Review.

Copyright © 2022, Stefanie M. Marrone. All Rights Reserved.

Small Businesses Don’t Recognize Risk of Cyberattack Despite Repeated Warnings

CNBC surveys over 2,000 small businesses each quarter to get their thoughts on the overall business environment and their small business’ health. According to the latest CNBC/SurveyMonkey Small Business Survey, despite repeated warnings by the Cybersecurity and Infrastructure Security Agency and the FBI that U.S.- based businesses are at an increased risk of a cyber-attack following Russia’s invasion of Ukraine, small business owners do not believe that it is an actual risk that will affect them, and they are not prepared for an attack. The latest survey shows that only five percent of small business owners reported cybersecurity to be the biggest risk to their company.

What is unfortunate, but not surprising, is the fact that this is the same percentage of small business owners who recognized a cyber attack as the biggest risk a year ago. There has been no change in the perception among business owners, even though there are repeated, dire warnings from the government. Also unfortunate is the statistic that only 33 percent of business owners with one to four employees are concerned about a cyber attack this year. In contrast, 61 percent of business owners with more than 50 employees have the same concern.

According to CNBC, “this general lack of concern among small business owners diverges from the sentiment among the general public….In SurveyMonkey’s polling, 55% of people in the U.S. say they would be less likely to continue to do business with brands who are victims of a cyber attack.” CNBC’s conclusion is that there is a disconnect between business owners’ appreciation of how much customers care about data security and that “[s]mall businesses that fail to take the cyber threat seriously risk losing customers, or much more, if a real threat emerges.” Statistics show that threat actors are targeting small to medium-sized businesses to stay under the law enforcement radar. With such a large target on their backs, business owners may wish to make cybersecurity a priority. It’s important to keep customers.

Article By Linn F. Freedman of Robinson & Cole LLP

For more cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.