Substack is here

 

click here

Why are big banks so bad at data privacy?

Banks typically stink at protecting data, and they know better. Why is this? The main reason: GREED. They are cheap when it comes to cybersecurity because it allows them to pay their executives more. Oh...they like to blame lawyers and regulators, but that's all talk. 

The banks "doth protest too much." 

Their bellyaching is meant to blind you to what they do, which is almost nothing. Banks are supposed to be secure. They aren't and likely won't be anytime soon. 

What that saying about _____ flowing down hill? You are at the bottom of that hill.

 Here are some ways banks screw up (almost all the time): 

1. Weak Cybersecurity Measures: Insufficient cybersecurity measures, such as outdated software or lack of regular security audits, can make banks vulnerable to hacking and data breaches. Just look at Wells Fargo, which CNN reports "has been plagued by scandal." Consumer deposits just disappeared back in March. This should come as no surprise since Wells Fargo settled a lawsuit for $3 billion back in 2020 over fake accounts. One of the funniest and most absurd things I ever heard came from a lawyer who used to work for a large bank (it wasn't Wells Fargo), and he claimed the bank he worked for them cared about the people whose bank held the mortgage. Fortunately I wasn't near the guy because I spit out my coffee in shock over this absurd statement. Big. Banks. Do. Not. Care. They don't care. They have never cared. And they never will care. 

2. Inadequate Data Encryption: If sensitive personal data is not properly encrypted, it can be easily accessed by unauthorized individuals during data transmission or storage.

3. Improper Data Handling: Banks might mishandle data by sharing it with third parties without consent or keeping it longer than necessary, increasing the risk of unauthorized access. In other words, they sell your data to third-parties, some of whom are not exactly above board.

4. Weak Authentication: Banks sometimes use weak authentication methods, like simple passwords or outdated security questions, making it easier for attackers to gain unauthorized access to accounts.

5. Lack of Employee Training: Without proper training, bank employees might inadvertently mishandle data, fall victim to social engineering attacks, or fail to recognize suspicious activities. People are the biggest problem with 91% of cybersecurity incidents coming from human error. 

6. Insufficient Access Controls: Poor access controls can allow unauthorized personnel to access sensitive customer information, increasing the risk of data breaches.

7. Inadequate Incident Response Plans: Without a robust plan in place, banks might struggle to respond effectively to data breaches, leading to prolonged exposure of sensitive information.

8. Ignoring Regulatory Compliance: Failure to comply with data protection regulations like GDPR or HIPAA can result in legal consequences and damage to the bank's reputation.

9. Overlooking Physical Security: Focusing solely on digital security while neglecting physical security measures can expose sensitive data to theft or unauthorized access.

10. Vendor Management Issues: Banks that work with third-party vendors must ensure these partners also adhere to stringent data protection practices, as vendor breaches can impact the bank's customers.

To mitigate these mistakes, banks need to invest in robust cybersecurity measures, implement strong encryption protocols, train employees on data privacy, regularly update their systems, and establish effective incident response plans. Additionally, staying informed about evolving cybersecurity threats and compliance requirements is essential to maintaining the security and trust of their customers. Of course, this would require caring about their customers, which they may not always do. In fact, I suspect they rarely care. If they did, they would protect their customers.

Why is AI a threat to lawyers?

The statements below are true, but I also think AI helps lawyers more than it hurts them. And we are already using it and have been for a long time. Of course people--lawyers especially--are afraid of things we do not understand. However, that is no reason to ignore change. We need to embrace change, or we will become obsolete; some of us already are. Of course, AI is no panacea, but it cannot be ignored. Ignoring AI is perilous, but relying on it is perilous, too,  and maybe even more dangerous than not using it at all. 




AI is considered a potential threat to lawyers in several ways:

1. Automation of repetitive tasks: AI can automate various repetitive tasks that lawyers typically handle, such as document review, contract analysis, legal research, and due diligence. This can significantly reduce the time and effort required for these tasks, potentially leading to a decrease in demand for junior lawyers or paralegals. Another upshot is you won't have to read through dense blocks of 8 point font afraid of missing an italicized period. 

Likewise, you won't have to focus sooooooo much time on formatting and dealing with lawyers who fixate on this (it is important but not that important). The best example here is in class action litigation, which is heavily reliant upon forms where the questions are standardized as well as their formatting. I recall lawyers complaining about formatting all the time. It matters some, but not for a freaking diagnostic tool. And you shouldn't have to explain your notes to some glorified hall monitor. That's silly. Why not just have the AI format it? 

In my opinion, the time would have been better spent focusing on the questions asked to the potential claimant. Some of the questions--the ones I didn't draft actually--were terrible, compound, objectionable questions. If you tried to ask them in a deposition, you'd never get them out without an objection. And the objection would be warranted. You'd also have have a very confused witness. I honestly can't begin to tell you how terrible these forms were. I came to the conclusion that the people drafting them knew nothing--absolutely nothing--about taking or defending depositions. So, if their job is to construct and format these forms, then automation will take their jobs as it should. They need to focus on the questions they ask and (I realize this is a novel concept) LISTENING TO THE CLIENT. The one lawyer I'm thinking about maybe took one deposition in two years. The one he took was an absolute disaster, or so I gathered as I wasn't there. 

2. Legal research and analysis: AI-powered tools can quickly analyze vast amounts of legal data, including case law, statutes, and regulations, to provide insights and recommendations. This can help lawyers in their research and analysis work, but it also means that AI systems can potentially perform these tasks more efficiently and accurately than humans, posing a challenge to lawyers' expertise and value. Wouldn’t it be nice to have a second set of eyes reviewing your work? 

3. Contract review and drafting: AI can review and analyze contracts, identifying potential risks, inconsistencies, or missing clauses. It can also generate draft contracts based on predefined templates and specific requirements. This threatens the traditional role of lawyers in contract review and drafting, as AI systems can perform these tasks faster and with fewer errors. This would be great for drafting complaints or other pleadings that all essentially say the same thing with the only differences being the names. 

4. Cost reduction and access to legal services: AI-powered legal services, such as chatbots or virtual assistants, can provide basic legal advice and guidance to individuals at a lower cost compared to hiring a lawyer. This may make legal services more accessible to a broader population, but it also means that lawyers may face competition from AI systems in providing routine legal advice. I think you can cut out a ton of paralegal time with these as primary screeners. If there's something there, then a human can do it. 

5. Ethical and privacy concerns: The use of AI in legal practice raises ethical and privacy concerns. For example, AI algorithms may have biases or lack transparency, potentially leading to unfair outcomes or decisions. Arguably AI is racist as it utilizes data steeped in racial stereotypes. Lawyers need to be aware of these issues and ensure that AI systems are used responsibly and in compliance with legal and ethical standards.

While AI poses certain threats to lawyers, it also presents opportunities for them to enhance their work, improve efficiency, and focus on more complex and strategic aspects of legal practice.

Why Should You Care About Security and Data Privacy?

 Ignorance can be expensive. Depending upon the severity of the violation, penalties for violating the GDPR, CCPA, and HIPAA can be in the millions. 

For GDPR violations, organizations can be fined up to 4% of their global annual turnover or $20 million Euros (whichever is greater). 

CCPA violations can be up to $7,500 dollars per violation. Why do you think California law firms are falling all over themselves to hire as many lawyers to file lawsuits as fast as possible. Although the fines are paid to the State of California, civil penalties can be up to $750 per California consumer class member, which can add up to a bunch in a data breach class action lawsuit. And that's just one of the things companies might be liable for with a data breach. 

Then there's HIPAA, that frequently violated statute, where fines can be up to $1.5 million dollars per violation. 

Discussion with ChatGPT Regarding AI in Legal Research and Writing

There must be some middle ground between letting AI write a brief for you and banning all use of it. I asked ChatGPT about it.

Hasn’t AI been used online and with apps for years now?

Yes, that's correct! AI has been used online and with apps for many years now. It has become an integral part of various online platforms and applications, offering a wide range of functionalities such as natural language processing, recommendation systems, image recognition, and more. AI technology continues to advance, enabling more sophisticated and useful applications in the digital world.

What about with legal research search engines such as Westlaw and Lexis?

Yes, AI has also been integrated into legal research search engines like Westlaw and LexisNexis. These platforms have leveraged AI technologies to enhance their search capabilities, making it easier for legal professionals to find relevant case law, statutes, regulations, and other legal materials. AI algorithms can analyze vast amounts of legal data, improve search accuracy, and provide more efficient results, saving time and effort for legal researchers and practitioners. This integration has been particularly valuable in the legal field, where access to precise and up-to-date information is crucial for legal research and analysis.

Do you know some judges have banned use of AI?

Wouldn’t that rule out most kinds of legal research? As of my last knowledge update in September 2021, I am not aware of any widespread bans on the use of AI in legal research. However, it is possible that some individual judges or jurisdictions may have raised concerns or implemented restrictions on the use of AI in specific legal contexts.

The use of AI in legal research is generally aimed at improving efficiency and accuracy, not replacing the role of human legal professionals. AI technologies can assist lawyers and legal researchers by quickly sifting through vast amounts of information and providing relevant results. It's essential to strike a balance between utilizing AI tools and relying on human expertise to ensure the best possible outcomes in legal proceedings.


If there have been developments or changes in regulations regarding AI usage in legal research beyond my knowledge cutoff, I would recommend checking the latest legal news and official sources for the most up-to-date information.

Note: a June 2023 article says Judge Brantley Starr (any relation to Jeb) of N.D. Tex.banned ChatGPT assisted briefs and said it “hallucinated.” LOL. He made lawyers sign a pledge they didn’t use it. Absurd.

How long has AI been used in the major legal databases?

The integration of AI in major legal databases has been a gradual process over the past decade or so. While the specific timelines and implementation details may vary across different platforms, AI technologies started to make their way into legal databases around the mid-2010s.

Initially, AI was used for improving search algorithms, natural language processing, and data analysis to provide more accurate and relevant search results for legal professionals. As AI capabilities continued to evolve and improve, it became more prevalent in various legal research tools and platforms.

By leveraging machine learning and natural language processing techniques, legal databases like Westlaw and LexisNexis have been able to enhance their search capabilities, assist with legal research, and streamline the discovery of pertinent legal information.

It's important to note that the integration and development of AI in legal databases are ongoing processes, with continuous improvements and updates being made to adapt to the evolving needs of the legal community.

What’s a cookie?

I know a lawyer, who is supposed to be a great and knowledgeable lawyer when it comes to litigating technology cases. Not when it comes to his understanding (or lack of it) of cookies.

What are cookies?

But…this same lawyer once asked me, “What are cookies?” It’s true. Is he what he thinks he is? It’s not for me to say. This has led me to the conclusion that no one will ever tell this poor man what a cookie is. So…what is a cookie?

Cookies are defined as “small text files containing unique data to identify your computer to the network.”

Cookies track you.

When you visit a website, the website's server sends a small file (the cookie) to your web browser and stores it on your device. This cookie contains information specific to your interaction with the website. When you revisit the same website or navigate to another page on the site, your web browser sends the stored cookie back to the website's server.

According to the website All About Cookies (www.allaboutcoorkies.org), when you visit a website, cookies can:

•  Set your chosen language preference
• Remember items in a shopping cart
• Remember if certain settings are turned on
• Authenticate your identity
• Prevent fraud
• Create highly targeted ads
• Track how you interact with ads
• Make personalized content recommendations
• Track items you view in an online store
• Auto-fill information in forms

ARE YOU AFRAID YET?

Cookies help websites tailor the site to induce purchases.

The website server then reads the information in the cookie to remember details about your previous visit. For example, it can remember your login status, language preference, or items you added to a shopping cart. This helps the website tailor the user experience and provide personalized content.

Persistent Cookies v. Session Cookies.

Cookies can be either "session cookies" or "persistent cookies." Session cookies are temporary and are deleted when you close your browser, while persistent cookies remain on your device for a specified period or until you manually delete them.

ALL Websites Use Cookies—even the reputable ones.

It's important to note that cookies can store personal information, but reputable websites usually use them responsibly and in compliance with privacy regulations. However, some users may choose to block or delete cookies for privacy reasons.

 

The Corrosive Nature of Mean Emails.

It’s incredible some of the horrible things people say via email, and lawyers are some of the worst.





But when a work colleague attacks another colleague and then copies other staff people on an email, it is generally viewed as highly unprofessional and inappropriate behavior. This action can have several negative consequences:

1. Damage to professional relationships: Attacking a colleague in a public forum like an email can severely damage professional relationships. It creates a hostile and confrontational environment, making it difficult for colleagues to work together effectively.

2. Erosion of trust and teamwork: Such behavior erodes trust among team members and undermines the spirit of collaboration. It creates a sense of fear and insecurity, making it challenging for colleagues to trust and rely on each other.

3. Negative impact on morale: Witnessing or being involved in such an incident can have a significant negative impact on team morale. It creates a toxic work environment where employees may feel anxious, stressed, or demotivated.

4. Damage to reputation: The colleague who initiates the attack risks damaging their own professional reputation. It reflects poorly on their ability to handle conflicts or work well with others, which can have long-term consequences for their career growth.

5. Potential escalation of conflicts: Copying other staff people on the email can escalate the conflict and involve more individuals in the issue. This can lead to further misunderstandings, conflicts, or even a breakdown in team dynamics.


In most professional settings, it is expected that conflicts or disagreements be addressed privately and respectfully, through appropriate channels such as one-on-one conversations or discussions with supervisors or HR. Attacking a colleague and copying others on an email is generally seen as an inappropriate and counterproductive way to handle workplace conflicts.

Who "wins" class action lawsuits?

 

I believe corporations and other entities should be held legally accountable. Sometimes the only way to do that is with a lawsuit. At times, single lawsuits wouldn't work, and similarly aggrieved people must band together. This is what happens in a class action lawsuit, which allows representative plaintiffs to act as plaintiffs for their particular class. There are often multiple classes in a federal class action lawsuit. This is true in some state class actions as well. The settlements are often tens of millions of dollars, sometimes hundreds of millions of dollars. What do the class members get for all of this?

Not much. Between $13-$90 per person according to a 2019 empirical analysis done by Reuters.

And what is the size of the average class action settlement? $56.5 million. Furthermore, the median claims rate (according to the FTC) is 9%. Contrast that with the average personal injury settlement where the average settlement is $60,000 plus. Usually this would mean $20,000 for the medical bills, $20,000 for the client to walk away with, and $20,000 for the lawyer. Now, the standard fee is 40% if a lawsuit is filed, but, if the lawyer can resolve it without a bunch of time and costs, then it can be a good idea to split 1/3 1/3 1/3.

What do lawyers make in class action lawsuits? Well...the defense lawyers make hundreds of thousands of dollars defending these massive lawsuits, and the plaintiffs lawyers get between 35-40%  of the total recovery on average. The more claims that are filed the smaller the payout for the class members. Lawyers can elect to take a percentage or they can multiply their hourly rate times the hours they worked, and there is a formula that's applied. In larger states it's not unusual for lawyers to bill exorbitant rates ($500-$1,000). It's great for the lawyers, but most of the money goes to ID protection and credit monitoring neither of which help much.

So...what do you do when you hear lawyers talking about "truth, justice" and all those inflated and meaningless words in the context of many class actions? I'd be skeptical.