Category Archives: Implementation

Backup & Recovery Systems, California Lawyer, Cost, Duties, e-Evidence Insights, Education, Implementation, Law, Law Practice Management, Management, Media, Privacy, Privilege, Science, Scope, Security, Strategy, Technology

CALIFORNIA LAWYERS ASSOCIATION PWG: Proposed California Consumer Privacy Act Regulations – COMMENTS

Hello Again, All:

Last week, on Twitter, I promised to try to post the California Lawyers Association Privacy Working Group’s comments on the California Consumer Privacy Act.  I made it.  Before you skip directly to the comments, I wanted to briefly discuss my specific role and also make a suggestion (it’s my blawg, so I get to do that!)

My colleagues are attorneys who immersed themselves in technology and the law.  In my case the opposite is true.  I’m a technology professional who passed the California Bar when I was 44 years old (2007, for the curious).  As such, I became the ‘roving technology consultant’ on the various aspects of this law.  In short, I worked with several of our writing subgroups to identify where the concepts in the law don’t mesh with how the technology actually works.

Aside from some minor formatting differences between WordPress and the original – plus some bolds and one URL added by me – these are verbatim comments.

The suggestion?  While you may discern most of the original issues via the comments alone, it would be best to review the proposed regulations that these comments address.

Estimates are that implementation of CCPA may cost $55 billion – and it does not exclusively apply to California companies – so, we understand and appreciate your interest in being well-informed.

Best wishes for the holiday season and the adventure that awaits us in 2020!

Perry

**************************************************************************

December 6, 2019

Privacy Regulations Coordinator

California Office of the Attorney General

300 South Spring Street, First Floor

Los Angeles, CA 90013

Email: PrivacyRegulations@doj.ca.gov

Re: Proposed California Consumer Privacy Act Regulations

Dear Attorney General Becerra:

The California Lawyers Association (“CLA”) Privacy Working Group (“PWG”) respectfully submits these comments on the proposed California Consumer Privacy Act (“CCPA”) regulations. The PWG is a multidisciplinary group with members drawn from various sections of the California Lawyers Association, including: Antitrust, UCL and Privacy; Business Law; and Intellectual Property Law. Our members have broad-ranging expertise in areas that include consumer privacy, cybersecurity, and data protection, and extensive experience with related regulatory, transactional, and litigation matters.

The Attorney General released these proposed regulations for public comment on October 10, 2019. The regulations are intended to operationalize the CCPA and provide clarity and specificity to assist in the implementation of the law. The CCPA requires the Attorney General to adopt initial regulations on or before July 1, 2020.

The PWG applauds the Office of the Attorney General for engaging in a broad and inclusive rulemaking process, including public forums. This public comment period is important because the stakes are high. According to estimates in the Standardized Regulatory Impact Assessment for the CCPA regulations, published by the Berkeley Economic Advising and Research, LLC, the CCPA will protect over $12 billion worth of personal information that is used for advertising in California each year. If finalized, businesses are estimated to spend between $467 million to $16,454 million in costs to comply with the draft regulation during the period 2020-2030. The CCPA grants new rights to consumers and imposes new obligations on businesses.

As highlighted in the CCPA Fact Sheet, published together with the proposed regulations, the CCPA and the European Union’s General Data Protection Regulation (“GDPR”) are separate legal frameworks with different scopes, definitions, and requirements. A business that is subject to GDPR and also processes personal information of California consumers will need to reconcile the differences between the two regimes. In addition, a business will need to examine what additional obligations apply under the CCPA that are outside of how personal information is collected, processed, sold or disclosed pursuant to the federal Gramm-Leach-Bliley Act, the California Financial Information Privacy Act, the Driver’s Privacy Protection Act of 1994, the Confidentiality of Medical Information Act, the Health Insurance Portability and Accountability Act of 1996 and the Federal Policy for the Protection of Human Subjects.

We submit the following comments on the proposed regulations.

All views expressed in these comments are our own as individual members of the PWG and do not represent the views of any entity whatsoever with which we have been, are now, or will be affiliated.

Overall Concerns:

The PWG notes that the proposed regulations will not be final before the January 1, 2020 effective date of the CCPA. Once the regulations are final, it will likely take most businesses several months to fully implement processes consistent with the final regulations. Accordingly, we urge the Office of the Attorney General to take into consideration the practical impact these regulations will have on businesses as well as the desire to protect consumer rights.

Our comments below are organized by section. We underlined for ease of reading new or amended language and we struck out language we propose to have deleted (i.e., underline or strike out).

Article 2. Notices to Consumers

§ 999.305. Notice at Collection of Personal Information

Section 999.305(a)(2)(d) provides that a notice at collection of personal information shall: “Be accessible to consumers with disabilities. At a minimum, provide information on how a consumer with a disability may access the notice in an alternative format.” This same language exists in § 999.306(a)(2)(d) (Notice of Right to Opt-Out of Sale of Personal Information), § 999.307(a)(2)(d) (Notice of Financial Incentive), and § 999.308(a)(2)(d) (Privacy Policy).

The PWG is concerned that “accessible” in the first sentence is unclear, ambiguous, and undefined. This could result in regulatory enforcement issues as well as prolonged litigation regarding interpretation and applicability, similar to other litigation we have already seen concerning website accessibility. In order to address this concern, the PWG suggests that the phrase “accessible to consumers with disabilities” be tied to the requirements of other specific provisions of law and recommends revising

§ 999.305(a)(2)(d) to read as follows:

§ 999.305(a)(2)(d)

Be accessible to consumers with disabilities to the extent required by the Americans with Disabilities Act, the Unruh Civil Rights Act, the California Disabled Persons Act, or any applicable regulations. At a minimum, provide information on how a consumer with a disability may access the notice in an alternative format.

We recommend that this same amendment be made to § 999.306(a)(2)(d)

§ 999.307(a)(2)(d), and § 999.308(a)(2)(d).

Section § 999.305(a)(3) appears to create an opt-in and consent requirement. The PWG is concerned that a new opt-in requirement not already part of CCPA will potentially lead to “click fatigue” in which consumers ignore notices because of their ubiquity. We think a better approach may be to limit the use of personal information to the purposes that were included in the notice at the time of collection or uses that are within the reasonable expectation of the consumer. We understand that the existing text of the CCPA already allows for exceptions that permit use of personal information for other purposes, as enumerated in Civil Code § 1798.145(a), including: (1) to comply with federal, state or local laws; (2) to comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities; (3) to cooperate with law enforcement agencies concerning conduct or activity that the business, service provider,

or third party reasonably and in good faith believes may violate federal, state or local laws;

  1. to exercise or defend legal claims; and (5) to collect, use, retain, sell, or disclose consumer information that is deidentified or in the aggregate consumer information. As such, uses required by law or in furtherance of legal processes, such as serving subpoenas, providing required warranty or recall notices, providing notice of pending class actions, etc. would be permitted even if the notice at collection did not adequately cover these use cases. We recommend revising § 999.305(a)(3) to read as follows:

§ 999.305(a)(3)

A business shall not use a consumer’s personal information for any purpose other than those disclosed in the notice at collection, required by law, or reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business, or within a lawful manner that is compatible with the context in which the consumer provided the information. If the business intends to use a consumer’s personal information for a purpose that was not previously disclosed to the consumer in the notice at collection, the business shall use and obtain explicit consent from the consumer to use it for this new purpose.

Section § 999.305(b)(4) appears to require a link to a privacy policy in the notice at collection, implying the privacy policy must be a set of text that is separate from the notice at collection. The PWG suggests that if a privacy policy is provided at or before the time of collection, then a separate notice would not be required. We recommend revising § 999.305(b) to read as follows:

§ 999.305(b)

A business may inform consumers as to the categories of personal information to be collected and the purposes for which the categories of personal information shall be used by providing a link to the privacy policy at or before the point of collection, or in the case of offline notices, the web address of the business’s privacy policy, by URL, QR code, or similar means. If the privacy policy or a link to the privacy policy cannot be provided at or before the time of collection, a business shall provide a separate notice at collection which includes:

    1. A list of the categories of personal information about consumers to be collected. Each category of personal information shall be written in a manner that provides consumers a meaningful understanding of the information being collected.
    2. For each category of personal information, the business or commercial purpose(s) for which it will be used.
    3. If the business sells personal information, the link titled “Do Not Sell My Personal Information” or “Do Not Sell My Info” required by section 999.315(a), or in the case of offline notices, the web address for the webpage to which it links.
    4. A link to the business’s privacy policy, or in the case of offline notices, the web address of the business’s privacy policy.

Similar to the change noted above, we recommend revising § 999.305(a)(2)(e) as follows, to allow for other means to link to privacy policies than web addresses, such as QR codes or shortened URLs such as bit.ly:

§ 999.305(a)(2)(e)

Be visible or accessible where consumers will see it in reasonable proximity to where any personal information is collected. At a minimum, the notice may consist of a link to the portion of the privacy policy that describes the categories of information collected and the purposes of collection, though a business may also choose to provide a separate notice, so long as the notice complies with this section. For example, when a business collects consumers’ personal information online, it may conspicuously post a link to the notice on the business’s website homepage or the mobile application’s download page, or on all webpages where personal information is collected. When a business collects consumers’ personal information offline, it may, for example, include the notice on printed forms that collect personal information, provide the consumer with a paper version of the notice, or post signage directing consumers to the web address where the notice can be found, by URL, QR code, or similar means.

§ 999.306. Notice of Right to Opt-Out of Sale of Personal Information

Similar to our comment for § 999.305, we recommend allowing businesses to provide the notice of right to opt-out as part of their privacy policy. We recommend revising § 999.306(b) to read as follows:

§ 999.306(b)(1)

A business may inform consumers as to the right to opt-out of sale of personal information by providing a link to the privacy policy, or in the case of offline notices, the web address of the business’s privacy policy, by URL, QR code, or similar means. If the privacy policy or a link to the privacy policy cannot be provided, a business shall provide a separate notice of right to opt-out. A business shall post the notice of right to opt-out on the Internet webpage to which the consumer is directed after clicking on the “Do Not Sell My Personal Information” or “Do Not Sell

My Info” link on the website homepage or the download or landing page of a mobile application. The Notice shall include the information specified in subsection (c) or link to the section of the business’s privacy policy that contains the same information. For example, one of the acceptable methods to provide the notice of right to opt-out would be for the business to provide the “Do Not Sell My Personal Information” or “Do Not Sell My Info” link on the website homepage or the download, settings or landing page of a mobile application and direct the consumer to the section of the business’s privacy policy that contains the information in subsection (c). Using pop-up or pop-over windows or check boxes may also be acceptable and appropriate means for informing consumers as to the right to opt- out.

We also recommend removing § 999.306(c)(5) so it is clear to the businesses that if a link to the privacy policy was provided, a separate notice of right to opt-out is not necessary.

We encourage the Office of the Attorney General to consider other permissible means of presenting the opt-out notice in § 999.306(b)(2), particularly for offline notices, such as providing the web address to the privacy policy or using QR codes which link to the privacy policy.

Article 3. Business Practices for Handling Consumer Requests

§ 999.312. Methods for Submitting Requests to Know and Requests to Delete

The proposed regulations in § 999.312(a) set forth the requirements for businesses to provide two or more designated methods through which consumers may submit requests to know. We ask the Office of the Attorney General to consider the legislative changes under AB 1564 (Stats. 2019, ch. 759), which clarify this toll-free number requirement and would require a business which “operates exclusively online and has a direct relationship with a consumer” to only provide an email address for submitting access requests.

We recommend revising § 999.312(a) to read as follows, adding this clarification to make the draft regulations consistent with the CCPA:

§ 999.312(a)

A business shall provide two or more designated methods for submitting requests to know including, at a minimum, a toll-free telephone number, and, if the business operates a website, an interactive webform accessible through the business’s website or mobile application. A business that operates exclusively online and has a direct relationship with a consumer from whom it collects personal information shall only be required to provide an email address for submitting requests for information required to be disclosed pursuant to Sections 1798.110 and 1798.115. Other acceptable methods for submitting these requests include, but are not limited to, a designated email address, a form submitted in person, and a form submitted through the mail.

We also recommend revising the proposed example (1) in § 999.312(c)(1) to clarify that if a business is primarily an online retailer but also has certain products or services that are provided to consumers at brick-and-mortar retail stores, the consumer may submit requests through the email address that is provided on the business’s retail website.

In Example 2, the PWG proposes revising the requirement so that the businesses can consider the methods by which they interact with consumers but the number of designated methods the retail businesses must provide is no more than the two that are required for other industries to avoid any confusion on the minimum requirement.

As such, our recommended revision to § 999.312(c) reads as follows:

§ 999.312(c)

A business shall consider the methods by which it interacts with consumers when determining which methods to provide for submitting requests to know and requests to delete. At least one method offered shall reflect the manner in which the business primarily interacts with the consumer, even if it requires a business to offer three methods for submitting requests to know. Illustrative examples follow:

      1. Example 1: If the business is primarily an online retailer, businesses can provide an email address on their retail website through which consumers can submit requests to know or requests to delete. at least one method by which the consumer may submit requests should be through the business’s retail website.
      2. Example 2: If the business operates a website but primarily interacts with customers in person at a retail location, the business may shall offer three methods to submit requests to know consumers the following designated methods for submitting requests to know or requests to delete: a toll-free telephone number, an interactive webform accessible through the

business’s website, and or a form that can be submitted in person at the retail location.

We understand that the intent of § 999.312(d) may be to allow for instances where a consumer may have submitted the deletion request by mistake, especially in an electronic setting where accidents may occur at the click of a button. However, we do not believe this is a significant issue as deletion requests under the CCPA already require a process for verifying the identity of the consumer. As such, we recommend revising § 999.312(d) to indicate that the businesses can apply discretion in asking the consumers if they indeed meant to submit such deletion request but it is not a requirement. Our suggested language for § 999.312(d) reads as follows:

§ 999.312(d)

A business may shall use a two-step for online requests to delete where the consumer must first, clearly submit the request to delete and then second, separately confirm that they want their personal information deleted.

The PWG suggests removing proposed §999.312(f) because it is overly burdensome and unworkable as drafted. If a business has 10,000 employees, we cannot expect all 10,000 employees to be trained to handle privacy-related inquiries. Especially given that the draft regulations require a response from the business within certain number of days after receiving such requests, we ask that the regulations do not add this new requirement and keep the requirement intact as it is written in the CCPA, which is for the businesses to respond to requests that are submitted through the designated methods. In the alternative, we would propose at a minimum that the requirement is amended to read as follows:

§ 999.312(f)

If a consumer submits a request in a manner that is not one of the designated methods of submission, or is deficient in some manner unrelated to the verification process, the business shall, to the extent feasible, either:

  1. Treat the request as if it had been submitted in accordance with the business’s designated manner, or
  2. Provide the consumer with specific directions on how to submit the request or remedy any deficiencies with the request, if applicable.

§ 999.313. Responding to Requests to Know and Requests to Delete

Section 999.313(c)(7) allows a business that maintains a password-protected account with the consumer to comply with a request to know by utilizing a secure self-service portal for consumers to access, view, and receive a portable copy of their personal

information. The PWG proposes the below changes to make clear that the business which uses such a portal may direct the consumer to the portal for submission and processing of a consumer request.

The PWG suggests revising § 999.313(c)(7) to read as follows:

§ 999.313(c)(7)

If a business maintains a password-protected account with the consumer, it may comply with a request to know by using directing the consumer to a secure self- service portal for consumers to access, view, and receive a portable copy of their personal information if the portal fully discloses the personal information that the consumer is entitled to under the CCPA and these regulations, uses reasonable data security controls, and complies with the verification requirements set forth in Article 4.

Section 999.313(d)(1) requires businesses to treat a failed deletion request as an opt-out request. The CCPA treats the right to opt-out and the right to delete as two separate rights. We do not recommend conflating the two and instead recommend clarifying that if the business is unable to verify the identity of the requestor for the deletion request, the requestor must be informed how she may rectify the issue and allow an opportunity to complete verification. The PWG recommends revising § 999.313(d)(1) to read as follows:

§ 999.313(d)(1)

For requests to delete, if a business cannot verify the identity of the requestor pursuant to the regulations set forth in Article 4, the business may deny the request to delete. The business shall inform the requestor that their identity cannot be verified, and shall instead treat the request as a request to opt-out of sale the information needed for verification, and allow the requestor to provide additional information to complete verification.

We understand the intent behind the proposed regulations in § 999.313(d)(3) may be to provide the businesses the flexibility to not have to search through and delete personal information from archived or backup systems if the information is not in use currently. We recommend revising the language in § 999.313(d)(3) to clarify that the requests to delete do not apply to information on archived or backup systems but if the information were accessed or used by the business, the deletion request would apply to that information. Our recommended version reads as follows:

§ 999.313(d)(3)

If a business stores any personal information on archived or backup systems, it may delay compliance with the consumer’s request to delete, with respect to data stored on the archived or backup system, until the archived or backup system is

next accessed or used. The consumers’ request to delete shall not apply to any personal information on archived or backup systems, as long as that information is not accessed or used by the business.

§ 999.315. Requests to Opt-Out

The CCPA already contains a provision which restricts the resale of personal information (see Civil Code § 1798.115(d)). We suggest removing § 999.315(f), as any third parties to whom the personal information is sold would already be restricted from reselling the personal information unless the consumer has received explicit notice and is provided an opportunity to exercise the right to opt-out. The proposed requirement to look back 90 days in § 999.315(f) is unnecessary and unduly burdensome.

§ 999.317. Training: Record-Keeping

In § 999.317(b), there is no clear indication of when the 24 month clock starts (i.e., from the date the business receives the request, responds to the request, etc.). The PWG recommends the Attorney General clarify when the 24 months record-keeping requirement begins. Recommended version of § 999.317(b) reads as follows:

§ 999.317(b)

A business shall maintain records of consumer requests made pursuant to the CCPA and how the business responded to said requests for at least 24 months from the date the consumer submitted any such request.

The PWG proposes a minor change to § 999.317(f) in order to provide clarity as to what record-keeping purpose it pertains. We recommend revising § 999.317(f) to read as follows:

§ 999.317(f)

Aside from this the record-keeping purpose referred to in subsection (e), a business is not required to retain personal information solely for the purpose of fulfilling a consumer request made under the CCPA.

Article 4. Verification of Requests

§ 999.325. Verification for Non-Accountholders

The PWG recommends adding language to § 999.325(c) to allow for electronic signatures, as follows:

§ 999.325(c)

A business’s compliance with a request to know specific pieces of personal information requires that the business verify the identity of the consumer making the request to a reasonably high degree of certainty, which is a higher bar for verification. A reasonably high degree of certainty may include matching at least three pieces of personal information provided by the consumer with personal information maintained by the business that it has determined to be reliable for the purpose of verifying the consumer together with a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request. A signed declaration may be physically signed or electronically signed. Businesses shall maintain all signed declarations as part of their record-keeping obligations.

Article 5. Special Rules Regarding Minors

§ 999.330. Minors Under 13 Years of Age

The PWG recommends adding language to § 999.330.(a)(2)(a) to allow for additional electronic methods for businesses to verify user identities. Recommended changes to

§ 999.330(a)(2)(a) reads as follows:

§ 999.330(a)(2)(a)

Providing a consent form to be signed physically or electronically by the parent or guardian under penalty of perjury and returned to the business by postal mail, electronic mail, electronic form, facsimile, or electronic scan;

We thank you for your consideration of these comments.

Members of the Privacy Working Group that prepared these comments are identified below. Affiliations are provided for identification purposes only.

Stanton Burke, Member of the California Lawyers Association

Christopher James Donewald, Member of the California Lawyers Association Aigerim Dyussenova, Member of the California Young Lawyers Association

Jennifer S. Elkayam, Member of the Antitrust, Unfair Competition, and Privacy Law Section of the California Lawyers Association

Jared Gordon, Past co-chair of the Internet and Privacy Law Committee of the Business Law Section of the California Lawyers Association

Christian Hammerl, Past co-chair of the Internet and Privacy Law Committee of the Business Law Section of the California Lawyers Association

Thomas A. Hassing, Chair of the Internet and Privacy Law Committee of the Business Law Section of the California Lawyers Association

Irene Jan, Member of the Intellectual Property Law Section of the California Lawyers Association

Minji Kim, Member of the Antitrust, UCL and Privacy Section of the California Lawyers Association

Joshua de Larios-Heiman, Executive Committee Member of the Antitrust, UCL and Privacy Section of the California Lawyers Association

Marina A. Lewis, Member of the California Lawyers Association Gayatri Raghunandan, Member of the California Lawyers Association

Mary Stone Ross, Executive Committee Member of the Antitrust, UCL and Privacy Section of the California Lawyers Association

Perry L. Segal, Board Representative, Law Practice Management and Technology Section of the California Lawyers Association

Jeewon Kim Serrato, Executive Committee Member of the Antitrust, UCL and Privacy Section of California Lawyers Association

Kieran de Terra, Executive Committee Member of the Intellectual Property Law Section of the California Lawyers Association

Emily S. Yu, Secretary of the Intellectual Property Law Section of the California Lawyers Association and Chair of the Technology, Internet and Privacy Interest Group

California Lawyer, Implementation, Law, Law Practice Management, Technology

My Original, Unedited Public Comments to atils

Hi All:

I haven’t used this blawg much as I prefer Twitter these days (shorter & easier). However, as many of you know, I submitted a four-page public comment document through the California Lawyers Association, which is my proper channel to do so. As I’d stated at the time, the Government Affairs Committee collected and compiled comments from all of our sections, as well as individual comments from our members, to create a master document.

I think they did a terrific job. However, it did end up to be a ten-page document – and they weren’t able to incorporate all of my comments – but they had no problem with me both submitting my entire document to ATILS directly, and posting them publicly. Now, even at four pages, there was much more that I wanted to say, but preparing a thorough documents takes time, so I chose a reasonable ending point.

It’s important to understand that, while I support the goals of ATILS in principle, I have concerns; therefore I decided to write my comments as a thought piece in order to encourage the Task Force to think more broadly about the implications of their policies. Below are my comments, exactly as originally written (typos and all) on August 12, 2019:

ATILS COMMENTS – AUGUST 12, 2019

Perry L. Segal

CLA Board Representative, Law Practice Management and Technology Section

Attorney-at-Law, Charon Law

Technology and Management Consultant, Charon Solutions, Inc.

Dear ATILS:

I feel that I have a unique perspective as someone who spent twenty years in technology and technology management, then entered a second career as a technology attorney approximately twelve years ago (passing the July 2007 California Bar exam).  I also have two business entities:  A technology and management consultancy C-Corporation that I started in 1999 as well as a Sole Proprietorship Law practice that I started in 2008.  Further, as a Council Officer under the previous iteration of CLA, I was involved in the prior examination of these issues, which at the time was referred to as the, “Limited License Working Group.”

At the outset, let me say that the formal comment form that provides three position choices:  Support, Oppose or State No Preference, does the entire process a disservice.  I sense that like myself, others support some of the concepts, oppose some and are neutral on others.  What is a person like me supposed to select that won’t present a skewed picture of my views?

THE DIFFERENCE BETWEEN A LAWYER AND A NONLAWYER

PERCEPTION VS. REALITY

Many nonlawyers believe that they can be lawyers; some will be right, some will be wrong, but the biases and concepts that nonlawyers bring to the real-world practice of law are critical.  First, they’ve been exposed to what they think law practice looks like via television programs, radio, news and the internet.  Most of these programs have an interest in making the practice of law appear exciting and dramatic.  As most attorneys know, this is normally not the case.  There’s no exposure to the behind-the-scenes machinations that make up most lawyers’ days, and many of us have heard the phrase, “I could do that!” based on a completely false idea of what it means to be a lawyer.

Let me use myself as an example.  In the corporate world, I interfaced with legal departments all the time.  In one particular example, my technology group assisted the attorneys at Tri-Star Pictures to fight off a gargantuan eDiscovery demand – long before eDiscovery as a word existed.  I’d represented myself in small claims court – and won – and, having always regretted not going to law school, I thought, “I can do this!”  Well, having passed the California Bar exam, apparently, I can, but a lot transpired along the way.  For one thing, I quickly learned the difference between the layman’s concept of law vs. the reality.  I was lucky in one respect; my upbringing and job experience already prepared me to see all sides of an issue.  However, I saw most students struggle mightily with this more than almost anything else.  They’d always had opinions; and now they were being told to throw them away and see all facets of the problem.  For me, that came naturally – for most nonlawyers, it requires years of practice.  My support for this?  The current pass rates on the California Bar Exam.  Students are struggling.

If the Bar seeks to regulate nonlawyers, this and other issues must be addressed.  Without law school – and training during – and after – law school, how will one accomplish the goal of producing nonlawyers who can, “Think like a lawyer?” in a highly-compressed period of time?

FINANCIAL ASPECTS

As I’ve said to colleagues before, the issue of allowing nonlawyers to provide legal advice might make sense as a concept, but I keep seeing it couched as lawyers practicing protectionism, or lawyers refusing to accept change, or lawyers belly-aching that they had to pay for years of very-expensive law school and toil away as a low-paid associate – and nonlawyers will bypass this requirement.  Lawyers are mocked and told to “get with the program” and condescendingly told to accept the coming future of our technological overlords.  Well, I’ve been immersed in technology since I was a teenager and In my view, this is simplistic, and actually diminishes the inherent risks involved, one of which is the danger of creating the Uber of legal advice.

What seems to be lost in the discussion is the model under which nonlawyer practice would operate.  There should be a focus on the costs of lawyers vs. nonlawyers that doesn’t focus on the above inequities, but because of what effect it will have on the relationship between lawyers and nonlawyers.  For example, Bob is a lawyer.  Tim is not.  Bob has a ton of overhead operating his practice.  Tim does not.  Therefore, Tim rightly surmises that he can charge much less for his service, yet earn the same profit margin as Bob, so he does it.  Bob, experiencing the predictable drop of business due to this, is forced to lower his prices as well.  Bob’s activity increases, but Tim’s falls somewhat, so Tim elects to make a little less profit, and lowers his fees again.  Unchecked – and absent the understanding that this is a likely result – could result in a race to the bottom; and both sides lose.

If this is to be attempted, there must be a framework to address problems like these.

UNAUTHORIZED PRACTICE OF LAW (UPL)

I teach CLEs to educate attorneys, young and old, about the ethical challenges of the combination of technology and law.  A primary part of my practice is assisting lawyers to market ethically via social media.  Here’s what I’ve learned in one sentence:  Older attorneys are too cautious with technology, but younger attorneys are not cautious enough!

Like it or not, we already possess demographics to illustrate the divergence between tech use by older attorneys vs. younger ones, but there’s another divergence:  The difference between practicing the required amount of caution vs. those who throw caution to the wind.  Technology is only as talented as those who design it – and the public is very excited about using these new technologies – but one must keep in mind: self-driving cars keep killing people, listening devices are listening a little too much, and social media sites are aggregating and selling your data.  For the nonlawyer, the goal is profit – and there’s nothing wrong with that.  However…

Like it or not, attorneys must forgo profit in exchange for ethics.  I’m contacted constantly by attorneys who wish to advertise via social media, and must advise them that ethically, they simply cannot do it “that way”.  Both new and career attorneys argue with me until they’re blue in the face to try to persuade me to give them the fork in the road that will allow them around the ethical rules; but there is no fork available.  If even the attorneys can’t see it, the regulators had better be wary of what the nonlawyers see.

It’s not the software; it’s the mindset of the individual(s) using it.  Mindsets are very difficult to change, especially for people who have no idea how technology actually works.  The good news is it can be done.

NONLAWYER FINANCIAL INTEREST IN A LAW PRACTICE

I think this is the most intriguing to me of these proposals, especially as an individual who is forced to operate two business entities due to the restrictions on lawyers.  This means, separate bank accounts.  Separate credit cards, separate financial statements, separate tax returns, separate business licenses, separate franchise taxes (in CA); even separate phone numbers, email addresses, business cards and stationery.  In short, costs that could be avoided.  All things being equal, ethical people would have no problem accomplishing this goal.  Unfortunately, not all people have ethical goals.  There are conflict-of-interest issues to examine – and I’m obviously not the first to mention them.

First, let’s examine a real-world example of what I consider an ominous illustration of the potential dangers conflict of interest could cause.  It occurred in Florida, but has a California connection:  Terry Gene BOLLEA, professionally known as Hulk Hogan, Plaintiff, v. GAWKER MEDIA, LLC, et al., DefendantUnited States District Court, M.D. Florida, Tampa Division.  December 21, 2012. [https://www.leagle.com/decision/inadvfdco131011000161]

In short, Hulk Hogan had a valid claim against Gawker.  The case was filed in USDC in Florida.  However, what was not revealed until much later was that Hogan had a secret benefactor who had his own serious personal beef with Gawker – and bankrolled Hogan to the tune of $10 million dollars:  Silicon Valley billionaire Peter Thiel [https://www.nytimes.com/2016/05/26/business/dealbook/peter-thiel-tech-billionaire-reveals-secret-war-with-gawker.html]:

“What the jury — and the public — did not know was that Mr. Bollea [Hogan] had a secret benefactor paying about $10 million for the lawsuit: Peter Thiel, a co-founder of PayPal and one of the earliest investors in Facebook.”

It’s important to note that Mr. Thiel is a lawyer; however, his status as such has nothing to do with what occurred here.  He was a disinterested party in this case – or so it appeared.  From the article:

“He said that he hired a legal team several years ago to look for cases that he could help financially support. ‘Without going into all the details, we would get in touch with the plaintiffs who otherwise would have accepted a pittance for a settlement, and they were obviously quite happy to have this sort of support,’ he said. ‘In a way very similar to how a plaintiff’s lawyer on contingency would do it.’  But there was another element involved:

“A 2007 article published by Gawker’s Valleywag blog was headlined, “Peter Thiel is totally gay, people.” That and a series of articles about his friends and others that he said “ruined people’s lives for no reason” drove Mr. Thiel to mount a clandestine war against Gawker. He funded a team of lawyers to find and help “victims” of the company’s coverage mount cases against Gawker.”

The implications are obvious, so I won’t repeat them.  Some would argue – and in my opinion, fairly – that this is the same thing that law firms do now (take cases on contingency); but is it?  When a law firm considers contingency, one obvious goal is winning, but the firm practices various tests to attempt to evaluate the risk/reward vs. the potential strength of the case.  In any case where an “outsider” becomes an “insider”, there must be serious evaluation as to what potential outcomes might be.  If there isn’t some sort of ethical wall of separation between the investor side of the business and the lawyers best qualified to evaluate the health of a choice, the investor could potentially demand that the firm sue a competitor of theirs for an advantage, or pursue a case that is potentially unwinnable – but can be brought with the bare level of probable cause – but is initiated with a sinister goal in mind and not the achievement of justice for the client (or is the investor the client?).

Investment banking firms possess a similar ethical wall of separation.  Perhaps a model to examine?  [https://www.investopedia.com/articles/analyst/090501.asp]

LAWYERS SHARING FEES WITH NONLAWYERS

Briefly, I see this as a similar issue to outside investment, but in reverse.  I had a case several years ago where a firm wished to ethically advertise and accepted the assurance of a vendor that they would advertise according to attorney ethical rules.  In short, the vendor did not do so, and with the first advertisement, a partner in the firm was brought up on a state bar’s ethical violations.  I was hired to find the way out.  When I spoke to the vendor, they were incensed when I informed them of how they’d violated attorney ethics and put the attorney at risk.  “That’s stupid!”, they said.  My answer (which is the same today as it was then): “It may be stupid or not, but it’s the rule!”.  Others have already addressed that nonlawyers don’t have a license to lose, but I think it goes further than that:  Nonlawyers also don’t have years of experience, completed extensive coursework and had to pass more than one exam on the subject (law school itself, and potentially both the MPRE and also having it tested again on the Bar exam).

CONCLUSION

I hope my comments are taken as I meant them to be:  A plea to stop simplifying these extremely complex issues and a commitment that, if we as a profession decide to move forward with some – or all – of these recommendations, hopefully, my information may be used as a thought piece to seriously address these issues.  We must find a way to provide access to justice to those who desperately need it, and we need to find that fork in the road, even if there’s some pain along the way.  I, and a large group of people who believe the same as I do, successfully spun off the Sections into the CLA.  Was there pain?  Yes.  Yet here we are, in spite of it.

With my best regards, and best wishes for good luck, I thank you for considering my comments.  I’m at your service.

Perry L. Segal

Duties, eDiscovery California, Implementation, Management

1st Things 1st: The Litigation Hold Letter (A Blast from the Past)

J0309498 All – as part of my ‘repairs’, I’ve looked at some of the blog logs (say that 3x fast) and since this item was posted over six years ago, it’s still ranked as #1 on the site!  So, it seemed like this was the perfect opportunity to republish it.  The letter itself is slightly updated, but the post is reproduced verbatim:

Wow…this is my 100th post!  Who knew I could pontificate this long?

In analyzing the new California Electronic Discovery Act (I’m going to start calling it “CEDA” for short), I might as well start at the beginning.

The first thing that will occur if litigation arises?  There’ll be a bunch of litigation hold letters going around.  I say a bunch because it could manifest several ways; outside counsel to your adversary, outside counsel to inside counsel, inside counsel to the enterprise, the CIO/CTO to the IT department, the CEO to the CIO/CTO…you get the idea.  In some cases, as illustrated above, the letter may not even be coming from an attorney.

What might the letter look like?  Here’s an example of a litigation hold letter theoretically issued from outside counsel to an adversary (in PDF format).  The names were changed to protect the innocent (and the guilty, for that matter).

This is only a sample to give you an idea of what a letter of this kind might look like.  The purpose is to illustrate items you may or may not have thought about.  Like snowflakes, no two letters will ever be exactly the same.  Only a professional with personal knowledge of your specific requirements should ever create and/or issue a litigation hold letter.

Enough disclaimers?  Ok then…chew on this for a Monday.

Education, Implementation, Privacy, Security, Technology

Test-Driving Windows 10: What You Need to Know Before You Upgrade

[…and what to do if you’ve already upgraded]

Windows-10-wallpaper
Windows 10 was released in late July to a lot of fanfare.  Even as a ‘tech-guy’, my rule of thumb is to never install an upgrade to a Windows operating system until Service Pack 1 is released.  But, as is true with many other users, Windows 8.1 (and Windows 8.0 before it) was a big disappointment to me and I figured anything would be better than standing pat.  So, under the dual-philosophies of, “Tech, Heal Thy PC” and “Document it for my readers”, I installed Windows 10 as soon as it became available.

Good thing I know how to fix my technology.  On the plus side, you get to learn from my pain.

LOOKING UNDER THE HOOD

Do I regret doing it?  No.  Was it a successful upgrade?  Yes and no.  First of all, there are a lot of tweaks that must be dealt with, but other than being time-consuming, they weren’t particularly difficult.

What was difficult was that Bluetooth support disappeared.  What do I mean by disappeared?  I mean that, not only did it not work, the entire module was missing as if that feature didn’t exist on my PC.  It can be blamed on both Microsoft and Toshiba, my PC manufacturer.  As I found out later, Toshiba didn’t release Windows 10 compatible drivers until about a week after the upgrade was available (which strengthens my advice never to rush to upgrade).

But that was a week later.  I had a problem to address now.  I dug out my old usb mouse (my current mouse is Bluetooth) and got to work figuring it out.  When it comes to troubleshooting these types of problems, patience is a virtue.  There’s always an answer, but it may take time to find it.  In this case, the answer was simple: my driver didn’t work and I had to find one that did work.  The fix, on the other hand took time.  I visited both the Toshiba and Intel sites for support, but being unable to find drivers that specifically identified as being compatible with Windows 10 (or my PC model), I simply started with the next version up from my driver and continued a pattern of install/reboot/remove/reboot, install/reboot/remove/reboot until finally, Bluetooth miraculously reappeared!

Of course, I had to try a lot of drivers – and had a lot of other work to do – so that process took two days.  Not that bad; but the real reason I needed to repair it was that I connect to my smartphone via Bluetooth for other purposes.

Remember, I was willing to take the risk, so I’m fine with the results.  Are you?

LOCKING YOUR DOORS

As you’re already aware, some very talented people all over the Internet have written articles about functionality and features, but I want to focus on what attorneys need to know, and the most important item is that Windows 10 poses serious risks to your privacy – and the confidentiality of your client information.

You’ll want to start with the privacy settings (which can be located – predictably – under Settings > Privacy) but be warned, depending on your configuration, there will be approximately thirteen separate modules of privacy that you must review, and you’ll have to spend some time in each one (see below):

Windows 10 Privacy

In short, you’re going to find yourself turning a lot of features off.  For most users, this will be sufficient.

For those who wish to go a step further, there are other settings referred to as Telemetry, which Windows 10 has embedded in the software.  It automatically sends your information to them – and it doesn’t provide a means to turn itself off.  I know what you’re thinking.  “I’m staying with my current version!”  That’s not going to work, because just recently, Microsoft began backporting its telemetry software to both Windows 7 and 8.

All is not lost, however.  There are tools available that will mitigate the problem. Personally, I recommend the aptly-named, “Windows Tracking Disable Tool”, which does exactly what it says.  This is a third-party program so as always, practice due diligence and be sure you understand what you’re doing as you’ll be installing it at your own risk.

TUNE-UPS

There’s a lot of debate about installing various patches provided by Microsoft.  I fall squarely in the camp of installing them.  Over the past month, there have been several patches to Windows 10 and I can honestly say that just over a month out, it’s working much better than on day one.  And that brings us full circle around the track to where we began:  Service Pack 1.

Did I say service pack?  That’s the old nomenclature.  It’s not called a Service Release anymore – it’s called Threshold 2.  The best estimates say it’ll likely be available sometime in October.  That’s a fairly rapid turnaround for a service release, compared to the old days.

For those who ‘do as I say; not as I do’, I guess you’ll be idling at the red light a few weeks longer.

California Lawyer, eDiscovery California, Education, Implementation, Law Practice Management, Strategy, Technology

Guest Post – Peter N. Brewer: LegalTech – Day Two

Peter Brewer Caricature

I think this is the first time I've ever done this on the blog, but immediately following LegalTech, I had to leave for a trip.  However, Peter Brewer, my trusty colleague from the Law Practice Management & Technology Section, was kind enough to write up a guest-post about his experience this year.

<<< I leave it to you to determine which image to my left is the real Peter Brewer:

"The ALM LegalTech West Coast event, historically always venued in the Los Angeles area, was held instead this year in San Francisco at the Hyatt Regency on July 13 and 14. As in the past, the event consisted of keynote sessions, seminars, and importantly, a large vendor exhibit area. The first day had five seminar tracks running consisting of; corporate legal operations, information governance, advanced IT, the cloud and mobile technology, and E discovery. The second day the tracks were four in number and consisted of; information governance, E discovery, information technology, and corporate counsel perspectives. 

I attended only the second day, which kicked off with an interesting discussion of the Ellen Pao versus Kleiner Perkins Caufield Byers case. On the panel were two reporters who covered the trial, and the defense attorney, Lynne C. Hermle, from Orrick Herrington and Sutcliffe. The plaintiff’s attorney, Alan B. Exelrod, of Rudy, Exelrod, Zieff & Lowe, had been scheduled to be on the panel but had to withdraw due to a scheduling conflict. This keynote proved to be a lively hour of informal discussion in which Lynne Hermle gave substantial credit to the jury for their thorough and diligent evaluation of the evidence. 

The keynote was followed by seminar sessions throughout the day, with ample breaks to visit the vendor exhibit hall.  I attended one of the seminar sessions on E discovery, “Every day E discovery: Bringing It In-House or Outsourcing It.” The panelists were knowledgeable; they consisted of an independent consultant, a claims manager, a partner from the major law firm, and a representative of Lexis-Nexis. The discussion was lively, but for my tastes it was a broad overview with much discussion of the concepts but very little grass-roots, take-home practical advice. I came away feeling that the discussion had been thoughtful, but with no better sense of, “where do I start,” or “what are my first steps when I get back to the office.” 

I also attended a session on cyber security. Again, the panelists were well qualified and knowledgeable. The discussion included such things as the availability of data breach insurance, engaging outside consultants to do cyber security audits of your business, and a general, high-level discussion of the topic of data security in the office. Toward the end of the session the moderator opened the discussion up to questions from the audience. I commented to the panel that, while I found the discussion interesting, I would like to have some specific action items that I could take back to my five-attorney law firm and implement, step-by-step. 

The advice that was given in response was to start with written policies and procedures. As in any endeavor, if you don’t know where you’re going, any road will take you there. A cautionary bit of advice that went with the suggestion of developing written policies and procedures was that then you are duty bound to follow them. Failing to observe your own procedures can increase rather than decrease your liability.

It was also suggested that I consider hiring a security consultant to do a risk assessment of my office. Apparently for a firm the size of mine (<10 total staff) this endeavor can run approximately $5,000 – $10,000. While this seems like a sizable chunk of discretionary spending, the cost of a data breach and one’s exposure to liability for it would no doubt be a multiple of many times that amount. 

Contrasting the 2015 event with LegalTech events in years past, one significant difference stood out to me.  In past years there were seminar sessions on a broader variety of topics. There have been sessions on such things as what financial reports a law firm owner should regularly produce and review, sessions on tech gadgets, useful mobile devices, helpful apps, practice management software, and so forth. This year by far the greatest emphasis was on data. Even the vendor exhibit hall, although it did have exhibitors of a variety of useful products, seemed to be heavy on the e discovery and data security vendors. While this information is no doubt useful to some, I found it not very applicable to my small firm’s real estate law practice, where we do not get cases involving discovery of tens of thousands, or more, documents. Circling back to the keynote discussion that kicked off that day, attorney Lynne Hermle said that in the Ellen Pao vs. Kleiner Perkins case Ellen Pao had produced something approaching a million documents. May I be blessed to reach the end of my career without ever having to tackle such a daunting task. 

All in all, the LegalTech event is an enjoyable break from the office, especially for those of us interested in tech.  Are you one of us?  Check your wrist.  If there’s an Apple watch on it, you are inescapably a techie.  It was nice to have this event in Northern California for a change, and the Hyatt Regency was a lovely and accommodating venue.  I hope to see the event back in San Francisco again next year."

Peter Brewer

************************************************

About the Author:   Peter N. Brewer has been a lawyer for over 35 years, and is also licensed by the California Bureau of Real Estate as a real estate broker.  Peter started his own firm in 1995.  The firm has grown to five attorneys, practicing real estate and lending law.  The firm serves the legal needs of homeowners, purchasers and sellers, real estate and mortgage brokers, agents, brokerages, title companies, investors, other real estate professionals and their clients. Peter and his firm also represent clients in debt collection, creditor representation in bankruptcy, breach of contract matters, and other litigation and transactional work.

Peter obtained his Juris Doctor degree from the University of Santa Clara Law School in 1979 and is also licensed to practice law in all State and Federal Courts in Idaho and certain Federal Courts in Michigan and Iowa (and probably in other states he no longer recalls).  He loves dogs, hates kids, and is generally considered to have an insufferable disposition.

Law Offices of Peter N. Brewer

2501 Park Blvd, 2nd Flr.

Palo Alto, CA 94306

(650) 327-2900 x 12

www.BrewerFirm.com

BayAreaRealEstateLawyers.com                 

Real Estate Law – From the Ground Up®

California Lawyer, Duties, eDiscovery 101, eDiscovery California, Education, Implementation, Law Practice Management, Privacy, Privilege, Sanctions, Scope, Security, Spoliation, Strategy, Technology, Zubulake

My Analysis of Calbar Formal Opinion 2015-193: eDiscovery & ESI? “Don’t Be Stupid”

The last three words from this short Beverly Hills Cop video clip sum up my analysis of the opinion:

I wrote public comments to COPRAC (The State Bar of California Committee on Professional Responsibility and Conduct) re their interim versions of the opinion and, in a rare step, I’m posting a verbatim excerpt because my assessment of this opinion remains unchanged.  One modification – I bolded a quote, because the Committee adopted my definition verbatim in their opinion (page three, footnote six):

“I’m seeing a very common thread in COPRAC’s reasoning that afflicts those who understand technology at a more surface-level; the tendency to think of it in physical, rather than ethereal terms.  In other words, the Committee has focused on the word evidence, instead of the word electronic.  Take water, for example.  Whether it exists in a lake, a bathtub, or a glass, it’s still water.  It’s the same with evidence.  Whether it exists as writing on a tombstone, a paper document, or in electronic form (e.g. sitting on a flash drive), it’s still evidence.  It’s the medium that should distinguish it for your purposes.  That’s the contrast missing here.

Whereas the Committee has done a better job of defining parameters such as clawbacks and laying out accurate mistakes by our hapless attorney, once again, it descends into conduct that isn’t eDiscovery-based; but competence-based.  This opinion relies too much on unrelated reasoning, such as “assumes”, “relying on that assumption” and “under the impression”.  That’s not an eDiscovery problem; that’s a general competence problem.  It’s also not what the audience needs.  If they’re attorneys licensed in California, they’ve presumably passed both a Professional Responsibility course and the MPRE exam and know – or should know – their duty of competence.  It’s not as if an attorney retains a med-mal case, then immediately “assumes” or is “under the impression” that s/he’s a doctor and can read an x-ray.  But I could intertwine those facts with this opinion and make it about medical experts.  What attorneys specifically need to know is how their actions, or lack thereof, in the procurement, assessment and handling of electronic evidence morph into a violation.  This is a highly specialized area unto itself.  See my previous example.  The x-ray is electronic evidence.  Proper acquisition is one matter; analysis, forensic or otherwise, is quite another.  That doesn’t just include the adversary’s evidence.  It also includes the Client’s evidence.  In this scenario, one is seeking to exculpate the Client through all available means – not just via the adversary.

Contradictions also exist in Footnote Six on page three that states, “This opinion does not directly address ethical obligations relating to litigation holds.”.  I respectfully submit that the opinion goes on to do exactly that.  Perhaps this is due to the criteria set forth in Footnote Six being inaccurate as defined.  In a legal setting, Attorney is charged to know what the Client does not, and this may involve issuing litigation hold instructions to their own Client; not just third parties or adversaries.  If attorney was interacting with the CIO or CTO (The “Information”/”Technology” chiefs, perhaps s/he could reasonably reply on their assessments.  But here, attorney is interacting with the CEO who likely has no intimate knowledge of what goes on in the IT department.  It should read, “A litigation hold is a directive issued to, by or on behalf of a Client.”  Otherwise, how does the competent Attorney protect a Client who, in good-faith, endeavors to do the right thing or protect themselves when a Client, in bad-faith, engages in intentional spoliation?  One of those scenarios exists on page two, when the eDiscovery expert, “tells Attorney potentially responsive ESI has been routinely deleted from the Client’s computers as part of Client’s normal document retention policy”.

Understanding these nuances and acting on them is the very definition of competence as applied to an eDiscovery attorney – or an attorney who engages the services of a third-party eDiscovery vendor.  In this arena, eDiscovery is like a game of falling dominos; once competence tips over, the rest (acts/omissions, failing to supervise, and confidentiality) will logically follow.  As they say, timing is everything.”

Conclusion:  The opinion does a good job of explaining fundamentals of the eDiscovery process, but in my opinion, doesn’t go nearly far enough.

Implementation, Miscellaneous, Security, Technology

Int-Elect Required to Defeat Cyberattacks on Voting

MP900402417Sometimes, it's not easy thinking about disaster-planning all of the time.  Not incorporating enough caution means you get it wrong and somebody will be angry with you.  Incorporate too much caution and everyone thinks you're paranoid (insert usual joke here about you all watching me…).

So, how alarmed should we be to hear about the first documented case of a cyberattack on a U.S. election?  If you're in disaster-planning, you would have been concerned about it years ago, prior to election functions like registration migrating to the 'Net and voting machines using touchscreens and tabulating via software.  And to think; recently 'they' were suggesting voting by email

I can't think of anything more critical than preserving the integrity of the electoral process, but here's some food for thought to all of the factions currently bickering over Voter-ID laws:

While you're bickering over how to guard the front-door, perhaps you should send someone 'round back

Education, Implementation, Law, Law Practice Management, Science, Scope, Strategy, Technology

ReInventLaw Silicon Valley: GoldenState & the Three Bears

RILSC 2013
What the hell was that???

I’m speaking of the all-day ‘experiment’ (that’s what I’m calling it), ReInventLaw Silicon Valley 2013 conference this past Friday.  Is that a criticism?  Not at all.  This was the kickoff event of a collaborative effort; law students, professors, technologists, investors, inventors, attorneys and everything in-between, all convening in one place (The Computer History Museum in Mountain View, California, to be exact) to talk about the future direction of law practice.  Approximately 40 speakers in all.  You read that right; 40 speakers in a single day (enough to make an LPMT Chairman cry).

And what did we see?  Good talks, bad talks, decent talks, shameless sales pitches, moderately-shameful sales pitches.  Terrible speakers with outstanding messages, outstanding speakers with terrible messages & mediocre speakers with mediocre messages.  Speakers who went on too long, speakers who didn’t go on long enough and speakers who were juuuust right (yes, this was the LPMT-equivalent of the Three Bears…).

And of course, live streaming Tweets hosted on a PC with an IP-address conflict (DHCP, my friends; old school!).  There were funny tweets about there only being five ties in the room (I happened to be one of them).  My response was to create the hash tag, #thesmartesttiesintheroom.

In other words, I had a great time!  It’s very easy to criticize something like this, I suppose, but the organizers were able to land many hard-to-attain speakers while simultaneously coaxing approximately 350 people (by my rough count of how many actually showed up vs. the 500 tickets that were distributed) to convene in one location for a healthy exchange of ideas.

I gotta go…my porridge is getting cold…

Implementation, Management, Media, Rants & Raves!, Strategy

Yahoo! and the Robot (not Remote) Employee

MP900427654

Wouldn't the world be a perfect place if we simply followed every talking head who pontificates on a subject (yours truly excluded…)?  Of course, the goal doesn't usually involve the content of the story, but to create a bait headline that'll compel a reader to click-through (the shortest way to accomplish this: make them angry).  And what a perfect subject to select for this purpose; Yahoo! CEO Marissa Mayer rescinds remote privileges!

* * * * * * * * * * * *

Then, the experts swoop in to tell us what she's really doing:

  1. Implementing a stealth layoff by pissing-off employees, who will then quit on their own,
  2. Discriminating against working moms (what about dads?),
  3. Taking us back to draconian times!

You get the idea…and you know what?  Every one of these claims might be true!  But, perhaps she is:

  1. Putting her arms around a human resources issue that's grown out of control,
  2. Fostering improved inter-company relations,
  3. Trying to better-assess a situation she can't see.

Mix & match as you like.  Does that mean I support the decision?  It's not about that.  I, like you, can easily cite detriments as well:

  1. More hours/dollars wasted on fuel, time and wear & tear sitting in traffic (I've been wondering whether the increase in traffic would actually be noticeable to outsiders),
  2. Less quality/leisure time with family, friends or hobbies,
  3. More pressure on significant other/spouse/parent to 'pick up the slack' of the Yahoo! employee (i.e. What I'm getting at is, suppose this particular employee is also a caregiver to an elderly parent; it ain't only about children, is it?)
  4. More pressure on single, unattached employee for similar reasons (there are only so many hours in the day for grocery shopping, errands and of course, appointments).
  5. Don't even get me started on morale…at least in the short term.
  6. Higher costs for Yahoo! as well; supporting all of these additional bodies on-site will have a marked effect on resources, such as electricity, maintenance, space allocation, furniture & supplies, etc.

I hate to quote Facebook, but:  It's complicated.

This is why it's extremely difficult to be a manager; too many cooks and Monday-morning quarterbacks.  My favorite is the propensity to quote studies about the benefits/detriments of working remotely.  You know what?  It's irrelevant except as it pertains to Yahoo!! (So, when I want to add a 'bang' to a sentence ending in the word "Yahoo!", is that how I do it?).

Of course, there is a place for statistics and studies as a general guide.  But what matters most is, how do these statistics and studies relate to the specific situation at Yahoo!?  There are a lot of factors involved, and I don't see too many of these articles wading very far into the weeds.

Last point; substitute any other name for Yahoo!  Same rules apply.

P.S.  I've included articles from people who do know the subject well – a lot better than I do, anyway (e.g. Richard Branson) but I think his particular comments answer his own concerns:

"To successfully work with other people, you have to trust each other. A
big part of this is trusting people to get their work done wherever they
are, without supervision." [Italics added].

Two questions:

  1. Is it possible that Yahoo! harbors irrational mistrust of their employees?
  2. Is it possible that some employees have abused Yahoo!'s trust?

It could be one, both or neither.  I wonder how this will play out in the months leading up to implementation?  I wonder what things will look like six months after implementation?

Related articles
Silicon Alley Insider: Why Marissa Mayer Told Remote Employees To Work In An Office … Or Quit (YHOO)
Yahoo policy stirs hot debate on working from home
Ex-Yahoos Confess: Marissa Mayer Is Right To Ban Working From Home (YHOO)
Richard Branson Says That Marissa Mayer Got It Wrong About Remote Employees
Yahoo Issues Statement Over Home-Working Ban: It's Right For Us
California Lawyer, Criminal Liability, Duties, Education, Implementation, Law Practice Management, Scope

Calbar Looking at Limited Law Licenses: It’s all about Standards

MP900341927An article in the February 2013 issue of the California Bar Journal states that the Calbar Board of Trustees is examining the possibility of creating a class of "limited-practice licensed" individuals.  Among the reasons provided as the catalyst (e.g. lower cost to consumers, path to eventual Bar passage), ostensibly, the Board also believes this would circumvent instances of unauthorized practice of law (UPL).  UPL (Rule 1-300) falls outside of the Bar's jurisdiction and is normally addressed as a misdemeanor charge via a criminal complaint.

A form of certification already exists within the Bar (or at least, it used to), called "Certified Law Clerk".  I know it well because I was one when I worked at the L.A. County D.A.'s Office during law school.  From memory, some of the criteria to be certified included being a 3L and having already passed the Evidence course, among other things.  Certification allowed me to perform more duties than a standard law clerk.  Obviously, I see some benefit to the idea.

However, I also see detriment, and the first one that comes to mind is expectations.  What level of expertise will a client of this class of legal professional believe they are – or should be – receiving?  Who will guard the line between limited-practice and unlimited practice to ensure that the provider doesn't cross it?  Who is at fault if the provider doesn't meet the standards the client believes they should meet?

Is a new tort called "Limited-Malpractice" going to spring out of this plan?  Will it ultimately 'dilute the brand' of what being a lawyer means?

Considering that I'm Chair of the Law Practice Management and Technology Section Executive Committee, if this new class is ultimately created, my Excom will likely be front and center during the implementation process.

Either way, I'll say this; the Board has their work cut out for them!