Category: Technology

Five Ways to Encourage Lawyer Participation With Your CRM System

Lawyers are busy and often resistant to change, so getting them on board with using a new or even your existing CRM system can be challenging.

But if you approach your CRM efforts as a value-added benefit that will support their marketing and business development efforts and is not difficult to use or time-consuming, you can increase CRM adoption and participation by your lawyer population at any size law firm or professional services organization. Here’s how.

  1. Explain what’s in it for them. Spend the time to clearly outline to users how the CRM system will directly benefit them, not just the organiztion as a whole.
  2. Put yourself in their shoes. Overcomplicated systems and non-technical users are a recipe for disaster. The whole point of implementing a CRM system is to improve efficiency and productivity, not hinder it, so make it easy for your lawyers to use it – or they simply won’t. In addition, lawyers use many different systems on a daily basis, such as time and billing, practice management and document management. CRM can become the one place to get all or most of what they need and allow them more time to be lawyers. Tip – look for CRM systems that include customizable dashboards to personalize daily views.
  3. Show lawyers how easy it is to gain value and insights from the information in the CRM on their own. Engage your marketing professionals to regularly meet with lawyers on a regular basis to gather new and updated contact information.
  4. Find a system that makes it easy for lawyers to share appointments and activities with CRM. This way, marketing professionals can provide strategic, proactive support for upcoming prospect and client meetings based on CRM data. For example, let’s say your marketing manager sees a calendar appointment with a prospective client on an attorney’s schedule. She could then reach out to them and proactively create pitch materials and share who-knows-who info, past matters information and other intelligence. After meetings, attorneys can be prompted to add their meeting notes in CRM too.
  5. Maintain clean, updated CRM data. Your CRM is only as useful and strong as the information entered into it, so if its users are inputting inaccurate data, you’ll only distill inaccurate insights from it. Ensure your data is up to date and accurate, and implement a regular data cleaning process which you can outsource if you don’t have internal resources to manage it.

5 Ways to Encourage Lawyer Participation With Your CRM System

While the keys to CRM adoption success will vary for each firm, the common, important thread is always the “value exchange.” If you make it easy for your attorneys to contribute valuable information – and ensure they are getting value out of the CRM – adoption and CRM success will follow.

Increasing CRM adoption and participation takes time, but it is an important investment to make and one that will provide many long-term benefits for your lawyers and your firm.

Another strategy to consider: redefining CRM success by minimizing the need for attorney adoption. Many smart firms are moving away from the traditional model of having attorneys be responsible for data entry. We’ll discuss that in an upcoming post.

Article By Christina R. Fritsch JD of CLIENTSFirst Consulting

For more business of law legal news, click here to visit the National Law Review.

© Copyright 2022 CLIENTSFirst Consulting

How Technological Advances Possibly Affect Automobile Insurance Policy Holders in New Jersey

In the 1970’s, “no-fault” insurance laws were enacted in New Jersey and several other states in response to criticism regarding the time-consuming and costly process of determining who was at-fault when an accident occurred. 

No fault insurance laws sought to streamline the claims process.  One key feature allowed insurers to pay for medical treatment of their injured policyholders.  This allowed for timely treatment and provider payment.  NJ automobile insurance policies offered up to $250,000 in coverage for medical treatment.  Recent changes in law now allow insureds to choose less coverage for medical treatment.

Further, recent technological advances change the way insurance customers choose coverage online.  While customers are served by the ease, flexibility, and pricing of policies through internet platforms, some adverse consequences naturally flow.  In this article, we discuss the changes, the consequences and subsequent response from participants and 3rd parties to address these outcomes.

Background

In the 1960’s, many more vehicles were entering into American roadways than in previous decades.  Baby boomers were coming of age and more cars were sold than ever before.  A natural consequence was automobile accidents and as a result, the necessary adjudication of which party caused the collision.

Insured and insurers alike expressed criticism of the process which consisted of petitioning the civil court system to resolve disputes.  In response, state legislatures adopted laws designed to streamline the process, and the 1970’s, many states adopted policies allowing injured accident victims to recover damages from their own auto insurance policies.

Almost half of the United States now have similar laws where policyholders are entitled to “benefits” from their own policies.  This of course means insurers are on the hook for more compensation, a fact they obviously utilized to lobby legislatures to place certain restrictions on the right to sue for damages not only against the insurer but against the tortfeasor as well.

One of the “trade-offs” made by the legislation was injured parties giving up some of their rights to sue under certain circumstances.

New Jersey No-Fault Law and Application

New Jersey’s no-fault laws have been amended throughout the years.  One of the most profound changes to the law occurred in 1998 with the passage of the Automobile Insurance Cost Reduction Act (“AICRA”).  This change in law gave NJ residents the opportunity to purchase a standard or basic policy.

The standard policy is much like a typical no-fault policy containing Personal Injury Protection (PIP) which pays for medical treatment (more on this in a moment); liability coverage for injury or property damage to another; and uninsured/underinsured coverage which kicks in if the at-fault driver has no or insufficient coverage.

A basic policy provides minimum coverage in certain areas such as personal liability, property damages, and medical benefits.  Because having automobile insurance is mandatory, the purpose of the basic policy was essentially to afford an option to those who simply wanted to follow State mandates.

With regard to the right to sue restrictions, a New Jersey insured was and still is offered a choice – give up the right to sue for “non-permanent” injuries (those with no objective medical evidence of permanency) and have the premium reflect a savings or retain the right to sue (zero threshold) and pay a much higher premium to offset the cost.  Further, one of the things insurers had to trade was that victims would have $250,000 worth of PIP coverage to pay for medical expenses.

Changes to NJ No-Fault Insurance and Consequences

The AICRA changes have been in effect for years.  Since that time, the internet altered the manner in which policyholders interact with insurers when choosing coverages.

The internet streamlines the sales process for many businesses.  Insurance is no different.  What is troubling about this streamlining is the lack of guidance users receive from insurance companies regarding their choice of coverage.

For example, one website asks you to choose between:

  • More Affordable
  • Popular Coverage
  • More Coverage

It is not so much that the choices are misleading – they aren’t.  However, other than these descriptions, there is little explanation of their consequences.  If you choose the “more affordable” option, you’re led to a screen that explains the coverages in more detail.

Do people read all the information?

Can they understand the language even if they do decide to read it?

Could it be that the ease of picking the cheapest option is too much to overcome?

Consider this description from a law firm in Maryland:

“PIP is easy to overlook, especially in this age of online insurance applications. It’s one box out of 200 that you can check. The application will say something like, “Waive PIP and save $57.” The applicant clicks and saves 57 bucks…when in reality, they’ve lost $2,500 if they get in an auto accident. Too many Maryland policyholders waive their PIP coverage. It’s really a good coverage not to waive. “

Likewise, in New Jersey’s Standard Coverage Selection Form, used by insurance companies as a questionnaire to draft a proposed policy, the PIP limits selection form actually lists the savings from choosing lower limit PIP coverage.  Remarkably, no such comparison exists on the Form for reductions in Bodily Injury/Liability limits.

In the old days, an insurance agent was tasked to explain various coverages.  A real human being who would answer questions depicting real word scenarios involving accidents.  This obviously allowed for more informed choices.

Now, a great deal of selling is done online.  Many cost-aware customers might respond only to a difference in price.  Many can and do simply choose the cheaper alternative.  This could cause problems later if an accident occurs and a claim is made.

A Potential Problem with Minimal Coverages

Consider a situation where the insured has the minimum coverages for PIP – $15,000.  The insured sustains a back injury and begins treatment.  The Emergency Room visit totals $6,000 complete with 3 level CT scans which reveal problems with the upper and lower back.  The insured then follows up with an orthopedic who requests MRI scans on the back which equal another $2,500.  Add in some physical therapy and the $15,000 PIP limits are exhausted in a couple of months.

None of this is a problem if the scans fail to reveal a major issue.  A soft tissue injury is serviceable under this scenario in that the insured gets treatment and is on the way to recovery.  If the scans reveal problems, such as multiple herniated discs and impingement on the spinal cord, treatment options become a tricky proposition.

The treatment is tricky because the benefits are gone.  Now the injured party must seek other options – some of these can be costly.

Responding to the Need

In response to the above, providers, lawyers and other market participants stepped in to serve the need for accident victims to secure medical treatment.  The following are some of those alternative payment methods.

Letters of Protection

Letters of protection (LOP’s) are agreements between the injured party’s attorney and a medical provider that the medical bills will be “protected” by the proceeds of any settlement received.  In return for the attorney’s promise to honor the lien against file, medical providers will perform a variety of treatments to the plaintiff, including surgery.  Surgery is often a deciding factor in the plaintiff’s ability to secure the treatment because normally, the case’s settlement value is increased after the procedure.

Use Existing Health Insurance to Pay Bills After PIP is Exhausted

In some instances, plaintiffs can use their own health insurance to pay for accident medical bills.  In NJ, insureds can choose which coverage is primary.  However, some health insurance policies exclude coverage for car accidents.  The standard health insurance limitations apply as well.  These include the need to pay deductibles, co-payments and sometimes co-insurance.  Further, there may be limits on the choice of medical provider.  Some policies require doctors to be “in network”.

Litigation Funding

In many cases, litigation funding is used to pay for much-needed medical treatment.  Originally utilized to bridge the gap between accidents and settlement, litigation funding sought to alleviate the need for plaintiffs to accept low-ball settlement offers simply because they were struggling financially.  Because lawsuit funding is the sale of a portion of the future proceeds of a personal injury case, they are sometimes used to pay for surgical or other procedures when there is no coverage available.

Technological Advances and Practical Trade-offs

Technology has certainly made life more convenient over the years.  Conveniences exist today that weren’t in our collective consciousness 20 years ago.  Consider being able to speak via video conference to someone on the other side of the world for FREE, when the toll charges for an overseas telephone call were many dollars only a short time ago.

But technology can cut both ways.  The ease with which insurance consumers can pick coverages that may or may not be in their best interest may be one such trade-off.  Thankfully, market participants (doctors, lawyers, litigation finance companies) step in and address the outcomes which naturally arise.  Free markets usually perform this function admirably.

Article By Paul M. Coppola of Fair Rate Funding

For more insurance and reinsurance legal news, click here to visit the National Law Review.

© Copyright 2022 Fair Rate Funding

Could the Crypto Downturn Lead to a Spike in M&A?

In 2021, we saw a cryptocurrency boom with record highs and a flurry of activity. However, this year, the cryptocurrency downturn has been significant.  We have seen drops in various cryptocurrencies ranging from 20 to 70 percent, with an estimated $2 trillion in losses in the past few months.

Industry watchers had already predicted a spike in crypto M&A from the beginning of 2022, and in a recent interview with Barron’s, John Todaro, a senior crypto and blockchain researcher at Needham & Company, said he believes this downturn could lead to a wave of mergers and acquisitions in the crypto space for the second half of this year and even into 2023.

Valuations have dropped across the board this year as the market has faced incredible volatility, and Todaro told Barron’s, “The valuations for public crypto companies have fallen by about 70% this year.”  These lower valuations could make these companies increasingly attractive targets for acquisition, and this activity has already started to pick up.

According recent coverage from CNBC, some larger crypto companies are already looking for acquisition targets in order to drive industry growth and to help them acquire more users. Todaro feels most of the M&A activity we will see will be this kind of crypto to crypto acquisition as opposed to traditional buyers, although there is still opportunity for non-crypto companies to capitalize on these lower valuations and some are already doing so.

With more government regulation coming for the crypto sector this year, it could also impact the activity level as well.  Achieving some legal and regulatory clarity could have implications for this uptick in M&A for crypto companies. Our analysis of the SEC’s recent proposed regulations, other government activity in this area, and their potential implications can be found here.

We could of course see a growing number of acquisitions across industries as valuations remain lower than a year ago, but as the crypto sector continues to see this kind of a downturn, the level of activity in this area could be much greater than it has previously seen.  With that said, both the target company and the acquirer should be looking at any transactions with the same level of due diligence instead of rushing into any deal fueled by panic or haste.

Article By Louis Lehot of Foley & Lardner LLP

For more mergers and acquisitions legal news, click here to visit the National Law Review.

© 2022 Foley & Lardner LLP

A Rule 37 Refresher – As Applied to a Ransomware Attack

Federal Rule of Civil Procedure 37(e) (“Rule 37”) was completely rewritten in the 2015 amendments.  Before the 2015 amendments, the standard was that a party could not generally be sanctioned for data loss as a result of the routine, good faith operation of its system. That rule didn’t really capture the reality of all of the potential scenarios related to data issues nor did it provide the requisite guidance to attorneys and parties.

The new rule added a dimension of reasonableness to preservation and a roadmap for analysis.  The first guidepost is whether the information should have been preserved. This rule is based upon the common law duty to preserve when litigation is likely. The next guidepost is whether the data loss resulted from a failure to take reasonable steps to preserve. The final guidepost is whether or not the lost data can be restored or replaced through additional discovery.  If there is data that should have been preserved, that was lost because of failure to preserve, and that can’t be replicated, then the court has two additional decisions to make: (1) was there prejudice to another party from the loss OR (2) was there an intent to deprive another party of the information.  If the former, the court may only impose measures “no greater than necessary” to cure the prejudice.  If the latter, the court may take a variety of extreme measures, including dismissal of the action. An important distinction was created in the rule between negligence and intention.

So how does a ransomware attack fit into the new analytical framework? A Special Master in MasterObjects, Inc. v. Amazon.com (U.S. Dist. Court, Northern District of California, March 13, 2022) analyzed Rule 37 in the context of a ransomware attack. MasterObjects was the victim of a well-documented ransomware attack, which precluded the companies access to data prior to 2016. The Special Master considered the declaration from MasterObjects which explained that, despite using state of the art cybersecurity protections, the firm was attacked by hackers in December 2020.  The hack rendered all the files/mailboxes inaccessible without a recovery key set by the attackers.  The hackers demanded a ransom and the company contacted the FBI.  Both the FBI and insurer advised them not to pay the ransom. Despite spending hundreds of hours attempting to restore the data, everything prior to 2016 was inaccessible.

Applying Rule 37, the Special Master stated that, at the outset, there is no evidence that any electronically stored information was “lost.”  The data still exists and, while access has been blocked, it can be accessed in the future if a key is provided or a technological work-around is discovered.

Even if a denial of access is construed to be a “loss,” the Special Master found no evidence in this record that the loss occurred because MasterObjects failed to take reasonable steps to preserve it. This step of the analysis, “failure to take reasonable steps to preserve,” is a “critical, basic element” to prove spoliation.

On the issue of prejudice, Amazon argued that “we can’t know what we don’t know” (related to missing documents).  The Special Master did not find Amazon’s argument persuasive. The Special Master concluded that Amazon’s argument cannot survive the adoption of Rule 37(e). “The rule requires affirmative proof of prejudice in the specific destruction at issue.”

Takeaways:

  1. If you are in a spoliation dispute, make sure you have the experts and evidence to prove or defend your case.

  2. When you are trying to prove spoliation, know the new test and apply it in your analysis (the Special Master noted that Amazon did not reference Rule 37 in its briefing).

  3. As a business owner, when it comes to cybersecurity, you must take reasonable and defensible efforts to protect your data.

Article By Gretchen E. Moore of Strassburger McKenna Gutnick & Gefsky

For more cybersecurity and media legal news, click here to visit the National Law Review.

©2022 Strassburger McKenna Gutnick & Gefsky

Wegmans Settles With NYAG for $400,000 Over Data Incident

The New York Attorney General recently announced a data security-related settlement with Wegmans Food Markets. The issue arose in April 2021 regarding a cloud-based incident. At that time a security researcher notified Wegmans that the company had an Azure cloud storage container that was unsecured. Upon investigation, the company determined that the container had been misconfigured and that three million customer records had been publicly accessible since 2018. The records included email addresses and account passwords.

Of concern for the AG, among other things, were that the passwords were salted and hashed using SHA-1 hashing, rather than PBKDF2. Similarly, the AG found concerning the fact that the company did not have an asset inventory of what it maintained in the cloud. As a result, no security assessments were conducted of its cloud-based databases. The NYAG also took issue with the company’s lack of long-term logging: logs for its Azure assets were kept for only 30 days. Finally, the company kept checksums derived from customer driver’s license information, something for which the NYAG did not feel the company had a “reasonable business purpose” to collect or maintain.

The NYAG argued that these practices were both deceptive and unlawful in light of the promises Wegman’s made in its privacy policy. It also felt that the practices were a violation of the state’s data security law. As part of the settlement, Wegmans agreed to pay $400,000. It also agreed to implement a written information security program that addresses, among other things:

  1. asset management that covers cloud assets and identifies several items about the asset, including its owner, version, location, and criticality;
  1. access controls for all cloud assets;
  1. penetration testing that takes into account cloud assets, and includes at least one annual test of the cloud environment;
  1. central logging and monitoring for cloud assets, including keeping cloud logs readily accessible for 90 days (and further stored for a year from logged activity);
  1. customer password management that includes hashing algorithms and a salting policy that is at least commensurate with NIST standards and “reasonably anticipated security risks;” and
  1. policies and procedures around data collection and deletion.

Wegmans agreed to have the program assessed within a year of the settlement, with a written report by the third-party assessor provided to the NYAG. It will also conduct at-least-annual reviews of the program. As part of that review it will determine if any changes are needed to better protect and secure personal data.

Putting It Into Practice: This case is a reminder for companies to think not only about assets on its network, but its cloud assets, when designing a security program. Part of these efforts include clearly identifying locations that house personal information (as defined under security and breach laws) and evaluating the security practices and controls in place to protect that information. The security program elements the NYAG has asked for in this settlement signal its expectations of what constitutes a reasonable information security program.

Article By Kari M. Rollins and Liisa M. Thomas of Sheppard, Mullin, Richter & Hampton LLP

For more data privacy legal news, click here to visit the National Law Review.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.

Are You Being Served? Court Authorizes Service of Process Via Airdrop

In what may be the first of its kind, a New York state court has authorized service via token airdrop in a case regarding allegedly stolen cryptocurrency assets. This form of alternative service is novel but could become a more routine practice in an industry where the identities of potential parties to litigation may be difficult to ascertain using blockchain data alone.

Background on the Dispute

According to the Complaint in the case, the plaintiff LCX AG (“LCX”) is a Liechtenstein based virtual currency exchange. As alleged in the Complaint, on or about January 8, 2022, the unknown defendants (named in the Complaint as John Does 1-25) illegitimately gained access to LCX’s cryptocurrency wallet and transferred $7.94 million worth of digital assets out of LCX’s control. Cryptocurrency wallets are similar in many ways to bank accounts, in that they can be used to hold and transfer assets. In the same way a thief can transfer funds from a bank account if they gain access to that account, thieves can also transfer cryptocurrency assets if they gain access to the keys to the wallet holding digital assets.

Following the alleged theft, LCX and its third-party consulting firm determined that the suspected thieves used “Tornado Cash,” which is a “mixing” service designed to hide transactions on an otherwise publicly available blockchain ledger by using complicated transfers between unrelated wallets. While Tornado Cash and other mixing services have legal purposes such as preserving the anonymity of parties to legitimate transactions, they are also utilized by criminals to launder digital funds in an illicit manner.

Even the use of these mixing services, however, can often also be unwound. This is especially true in transactions of large amounts of cryptocurrency, similar to how transactions utilizing complex money laundering schemes in the international banking system can be unwound. According to the blockchain data platform Chainalysis, although Illicit crypto transactions reached an all-time high of $14 billion in 2021, these suspected nefarious transactions accounted for 0.15% of crypto volume last year, down from 0.62% in 2020.

While the Complaint alleges the suspected thieves used Tornado Cash, LCX believes its hired consultants were able to unwind those mixing services to identify a wallet which is alleged to still hold $1.274 million of the allegedly stolen assets.

Unlike bank accounts which have associated identifying information, there are often no registered addresses or other identifying information connected to digital wallets. This makes it difficult to provide the actual proof of service required to institute an action or obtain a judgement against an individual where the only known information is their digital wallet addresses. Service via token airdrop into those wallet addresses solves that issue.

Service Via Airdrop

Service of lawsuits is traditionally made on the defendant personally at a home or business address via special process servers. In cases where service on the individual is not possible for some reason, many states authorize alternative means of service if the plaintiff can show that the alternative means of service likely to provide actual notice of the litigation to the defendant. For example, courts have historically allowed notice via newspaper publication as an alternative means of service where the defendant cannot be serviced personally.

Here, the Court permitted service via “airdrop” in which a digital token is placed in a specific cryptocurrency wallet, similar to how a direct deposit can place funds in a traditional bank account. This particular token contained a hyperlink to the associated court filings in the case, and a mechanism which allowed the data of any individual who clicked on the hyperlink to be tracked. While this is a novel way to serve notice of a lawsuit, similar airdrops have been used to communicate with the owners of otherwise anonymous cryptocurrency wallet owners. Such was the case recently when actor Seth Green had his Bored Ape non-fungible token (“NFT”) stolen and the unknowing buyer of the stolen NFT was otherwise difficult to locate.

While this type of digital service is new, it could be implemented in many disputes in the future regarding digital assets. Similar to the authorization of service that was seen recently in the Facebook Biometric Information Privacy Act litigation (where notice was served on potential class members via email and directly on the Facebook platform), service via airdrop may be the most efficient way to inform potential lawsuit participants of the pending dispute and how they can protect their rights in that dispute.

This type of airdropped service is not without issues, though. First, transactions on the blockchain are largely publicly available, meaning any individual with the wallet address would also be able to see service of the lawsuit notice. Additionally, many users are hesitant to click on unknown links (such as the one in the airdropped LCX) due to legitimate cybersecurity concerns.

While service via airdropped token is unlikely to replace traditional methods of service, it may be a useful means of serving process on unknown persons where there is a digital wallet linked to the acts which the applicable lawsuit relates.

Article By Bryan M. Westhoff, Daniel L. McAvoy, and Jonathan E. Schmalfeld of Polsinelli PC

For more litigation legal news, click here to visit the National Law Review.

© Polsinelli PC, Polsinelli LLP in California

Italian Garante Bans Google Analytics

On June 23, 2022, Italy’s data protection authority (the “Garante”) determined that a website’s use of the audience measurement tool Google Analytics is not compliant with the EU General Data Protection Regulation (“GDPR”), as the tool transfers personal data to the United States, which does not offer an adequate level of data protection. In making this determination, the Garante joins other EU data protection authorities, including the French and Austrian regulators, that also have found use of the tool to be unlawful.

The Garante determined that websites using Google Analytics collected via cookies personal data including user interactions with the website, pages visited, browser information, operating system, screen resolution, selected language, date and time of page views and user device IP address. This information was transferred to the United States without the additional safeguards for personal data required under the GDPR following the Schrems II determination, and therefore faced the possibility of governmental access. In the Garante’s ruling, website operator Caffeina Media S.r.l. was ordered to bring its processing into compliance with the GDPR within 90 days, but the ruling has wider implications as the Garante commented that it had received many “alerts and queries” relating to Google Analytics. It also stated that it called upon “all controllers to verify that the use of cookies and other tracking tools on their websites is compliant with data protection law; this applies in particular to Google Analytics and similar services.”

Article By the Privacy and Cybersecurity Practice Group at Hunton Andrews Kurth

For more data privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

3 Benefits of Cloud-Based Law Firms

Any law firm that’s evaluating practice management software has seen “cloud-based” options. Cloud technology has been around for a while, but some law firms are hesitant to switch to the cloud due to security concerns, lack of control, or downtime. The cloud has numerous benefits for a law firm, however. Instead of relying on filing cabinets and in-office servers, law firms can embrace the cloud and maximize their time and profits.

Why Should My Firm Use Cloud-Based Software?

Traditionally, law firms have relied on in-office software that is installed on a local computer or server within the office space. These servers are only accessible from computers in the same space but limit any remote access or capability. This setup quickly became an issue for law firms looking to sustain business continuity during the pandemic.

A cloud-based solution isn’t installed locally on the office server but is fully hosted on the internet. It uses a remote server maintained by the software provider, and access occurs through the internet. More recently, cloud-based legal practice management software has become the gold standard for law firms to manage and operate their business from anywhere. LPMs have slowly started to replace traditional servers and become the backbone for law firms to handle client management, calendaring, tasks, billing, and document storage.

Even post-pandemic, law firms are still learning to embrace legal technology and leverage the advantages of shifting their practice to the cloud. When done correctly and with the right resources, cloud-based law firms can improve aspects of their business from accessibility, security, client support, and even hiring and retention.

If you’re still on the fence about moving your firm to the cloud, here are 5 benefits that may change your mind:

Person checking phone for security code

1. Improved Security

Legal technology has come a long way in recent years with a strong emphasis on compliance and security. Law firms may be concerned about security, but some are realizing the cloud is more secure and cost-efficient than an on-premise solution. This is mostly because on-premise solutions typically require specialized support staff to perform lucrative updates to the system. These updates can cause severe downtime and even cost money calling in support.

With a cloud-based legal practice management software like PracticePanther, the all-in-one platform automatically updates and comes with the security and support your firm needs. The platform comes equipped with ABA and IOLTA compliant features and 256-bit military-grade encryption to ensure confidential information is safeguarded. It also offers two-factor authentication and customized security settings, which allow law firms to limit access to certain aspects of the software for some staff members.

Person communicating via video call

2. Supports Remote and Hybrid Work

Though many law firms are still working out the kinks — remote and hybrid working environments are a mainstay in the legal industry. Many lawyers are enjoying the productivity benefits and work-life balance of remote or hybrid schedules, allowing them to put in the hours they need for casework while also balancing their responsibilities at home.

On-premise legal software limits lawyers with remote work in many ways. Cloud-based legal software enables law firms to work securely within a centralized platform from anywhere. This allows staff to continue their responsibilities without risking accessibility or tasks falling through the cracks when staff are in different locations. For example, PracticePanther can create workflows with triggered tasks for staff to complete a new client onboarding, send documents for electronic signature, and even process payments. This process can be done from anywhere and lives in one system where the appropriate staff can easily access the case or client matter.

3. Streamlined Billing and Online Payments

Clients’ expectations have shifted and they want more convenient processes, especially with legal billing and how they conduct business with law firms. These clients are already using online services for virtually everything, from grocery shopping to accessing medical bills, and they want the same digital experience from their lawyers.

Cloud-based software makes this simple, especially when billing and online payments are built natively. This means firms can track time, create invoices, and send them for payment with easy-to-use payment links embedded. Platforms like PracticePanther also include exclusive reporting functions so firms can gain better insight into where and how their cash flow is generated to make more informed business decisions.

Outlook on Cloud-Based Firms

Cloud-based software offers law firms a unique opportunity to manage their practice and staff while growing their business from virtually anywhere. This structure has proved sustainable for many law firms and will continue to be the standard in the legal industry for firms that want to remain competitive and most importantly, profitable.

Article By Nina Lee of PracticePanther

For more legal marketing and technology news, click here to visit the National Law Review.

© Copyright 2022 PracticePanther

Throwing Out the Privacy Policy is a Bad Idea

The public internet has been around for about thirty years and consumers’ browser-based graphic-heavy experience has existed for about twenty-five years. In the early days, commercial websites operated without privacy policies.

Eventually, people started to realize that they were leaving trails of information online, and in the early ‘aughts the methods for business capturing and profiting from these trails became clear, although the actual uses of the data on individual sites was not clear. People asked for greater transparency from the sites they visited online, and in response received the privacy policy.

A deeply-flawed instrument, the website privacy policy purports to explain how information is gathered and used by a website owner, but most such policies are strangely both imprecise and too long, losing the average reader in a fog of legalese language and marginally relevant facts. Some privacy policies are intentionally obtuse because it doesn’t profit the website operator to make its methods obvious. Many are overly general, in part because the website company doesn’t want to change its policy every time it shifts business practices or vendor alliances. Many are just messy and poorly written.

Part of the reason that privacy policies are confusing is that data privacy is not a precise concept. The definition of data is context dependent. Data can mean the information about a transaction, information gathered from your browser visit (include where you were before and after the visit), information about you or your equipment, or even information derived by analysis of the other information. And we know that de-identified data can be re-identified in many cases, and that even a collection a generic data can lead to one of many ways to identify a person.

The definition of data is context dependent.

The definition of privacy is also untidy. An ecommerce company must capture certain information to fulfill an online order. In this era of connected objects, the company may continue to take information from the item while the consumer is using it. This is true for equipment from televisions to dishwashers to sex toys. The company likely uses this information internally to develop its products. It may use the data to market more goods or services to the consumer. It may transfer the information to other companies so they can market their products more effectively. The company may provide the information to the government. This week’s New Yorker devotes several pages to how the word “privacy” conflates major concepts in US law, including secrecy and autonomy,1 and is thus confusing to courts and public alike.

All of this is difficult to reflect in a privacy policy, even if the company has incentive to provide useful information to its customers.

Last month the Washington Post ran an article by Geoffrey Fowler that was subtitled “Let’s abolish reading privacy policies.” The article notes a 2019 Pew survey claiming that only 9 percent of Americans say they always read privacy policies. I would suggest that more than half of those Americans are lying. Almost no one always reads privacy policies upon first entering a website or downloading an app. That’s not even really what privacy policies are for.

Fowler shows why people do not read these policies. He writes, “As an experiment, I tallied up all of the privacy policies just for the apps on my phone. It totaled nearly 1 million words. “War and Peace” is about half as long. And that’s just my phone. Back in 2008, Lorrie Cranor, a professor of engineering and public policy at Carnegie Mellon University, and a colleague estimated that reading and consenting to all the privacy policies on websites Americans visit would take 244 hours per year.”

The length, complexity and opacity of online privacy policies are concerning. The best alleviation for this concern would not be to eliminate privacy policies, but to make them less instrumental in the most important decisions about descriptive data.

Limit companies’ use of data and we won’t need to fight through their privacy options.

Website owners should not be expected to write out privacy policies that are both sufficiently detailed and succinctly readable so that consumers can make meaningful choices about use of the data that describes them. This type of system forces a person to be responsible for her own data protection and takes the onus off of the company to limit its use of the data. It is like our current system of waste recycling – both ineffective and supported by polluters, because rather than forcing manufacturers to use more environmentally friendly packaging, it pushes consumers to deal with the problem at home, shifting the burden from industry to us.  Similarly, if the legislatures provided a set of simple rules for website operators – here is what you are allowed to do with personal data, and here is what you are not allowed to do with it – then no one would read privacy policies to make sure data about our transactions was spared the worst treatment. The worst treatment would be illegal.

State laws are moving in this direction, providing simpler rules restricting certain uses and transfers of personal data and sensitive data. We are early in the process, but if the trend continues regarding omnibus state privacy laws in the same manner that all states eventually passed data breach disclosure laws, then we can be optimistic and expect full coverage of online privacy rules for all Americans within a decade or so. But we shouldn’t need to wait for all states to comply.

Unlike the data breach disclosure laws which encourage companies to comply only with the laws relevant to their particular loss of data, omnibus privacy laws affect the way companies conduct the normal course of everyday business, so it will only take requirements in a few states before big companies start building their privacy rights recognition functions around the lowest common denominator. It will simply make economic sense for businesses to give every US customer the same rights as most protective state provides its residents. Why build 50 sets of rules when you don’t need to do so? The cost savings of maintaining only one privacy rights-recognition system will offset the cost of providing privacy rights to people in states who haven’t passed omnibus laws yet.

This won’t make privacy policies any easier to read, but it will become less important to read them. Then privacy policies can return to their core function, providing a record of how a company treats data. In other words, a reference document, rather than a set of choices inset into a pillow of legal terms.

We shouldn’t eliminate the privacy policy. We should reduce the importance of such polices, and limit their functions, reducing customer frustration with the privacy policy’s role in our current process. Limit companies’ use of data and we won’t need to fight through their privacy options.

ENDNOTES

1 Privacy law also conflates these meanings with obscurity in a crowd or in public.

Article By Theodore F. Claypoole of Womble Bond Dickinson (US) LLP

For more privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022 Womble Bond Dickinson (US) LLP All Rights Reserved.

You Have Mail (Better Read It): District Court Finds EEOC 90-Day Deadline Starts When Email Received

If a letter from the EEOC is in your virtual mailbox but you never open it, have you received it? Most of us are familiar with the requirement that a claimant who files an EEOC charge has 90 days to file a lawsuit after receiving what is usually required a “right-to-sue” letter from the agency. This is one of the deadlines that both plaintiff and defense counsel track on their calendars. But when is that notice officially “received” by the claimant — especially in these days of electronic correspondence? In Paniconi v. Abington Hospital-Jefferson Health, one Pennsylvania federal court decided to draw a hard line on when that date actually occurs.

A Cautionary Tale

Denise Paniconi worked for a hospital in Pennsylvania and filed a charge of discrimination with the EEOC alleging race and religious discrimination. The EEOC investigated and issued a right-to-sue letter dated September 8, 2021, which gave her 90 days to file her complaint. She filed her complaint 91 days after the EEOC issued the letter. The employer moved to dismiss the complaint for failing to comply with the 90-day deadline.

What ordinarily would just be a day counting exercise took a twist because of how the EEOC issued the notice. The EEOC sent both the plaintiff and her lawyer an email stating that there was an “important document” now available on the EEOC portal. Neither the plaintiff nor her lawyer opened the email or accessed the portal until sometime later. They argued that the 90-day filing deadline should run from the date that the claimant actually accesses the document, not from the date the EEOC notified them it was available.

The court dismissed the complaint for failing to meet the deadline. The opinion noted that although the 90-day period is not a “jurisdictional predicate,” it cannot be extended, even by one day, without some sort of recognized equitable consideration. Paniconi’s lawyer argued that the court should apply the old rule for snail mail  ̶  without proof otherwise, it should be assumed that the notice is received within three days after the issuance date. The court disagreed and pointed out that no one disputed the date that the email was sent  ̶   it was simply not opened and read by either Paniconi or her lawyer. The court said that there was no reason that those individuals did not open the email and meet the 90-day deadline.

Deadlines Are Important

This is another example of how electronic communication can complicate the legal world. The EEOC has leaned into its use of the portal, and the rest of the world needs to get used to it. The minute you receive an email or notice from the portal, you need to calendar that deadline. Some courts (at least this one) believe that electronic communication is immediate, and you may not get grace for not logging on and finding out what is happening with your charge. Yet another reason to stay on top of your emails.

Article By J. William Manuel and Anne R. Yuengert of Bradley Arant Boult Cummings LLP

For more labor and employment legal news, click here to visit the National Law Review.

© 2022 Bradley Arant Boult Cummings LLP