Friday, July 7, 2023

TransUnion Part 2: All and All, They are Just Five Bumps on a Log

This case all started with a very American thing. Sergio Ramirez decided to purchase a new car in 2011. Like most people, he needed to finance the car. The car dealership ran a credit check, and accessed his TransUnion credit report, which contained a notice that Mr. Ramirez might be a terrorist.  His name was “similar” name to a terrorist–whatever that means– and appeared on a terrorist watch list created by the Office of Foreign Assets Control (OFAC). This kept him from getting financing to purchase the car, and he went home carless. Perhaps the dealership reasoned  terrorists tend to be poor credit risks.

 

It was a mistake, of course, so Ramirez filed a class action lawsuit against TransUnion. 8,184 people, all of whom had on their credit reports names somehow associated with the OFAC list, sued in federal court in California. And the jury was so outraged—and rightfully so—that they awarded punitive damages, resulting in a $60 million jury verdict.

 

The people had spoken until they were shut up way down the road by a majority of five people, for cabals are often smaller groups. That makes it easier not to leak any information unless you want to do so…that came later but had nothing to do with this kind of decision…right?

 

TransUnion and their $1,000 an hour lawyers knew more than anything else: if you do not have the facts on your side, argue the law. Rather, argue what you think you can get the majority on the Supreme Court to make the law.

 

There’s an old adage from some dearly departed lawyer told to me third or fourth hand in law school by my trial practice professor. It goes like this “That…[expletive inserted] up there on the bench. The judge…that person’s a bump on a log. I’m telling you, a bump on a log. They don’t know any law. You tell them what the law is! You tell them what the law is and make them agree with you! That’s your job!”

 

Undaunted, and with a different version (or maybe the same one) in mind, TransUnion appealed to the 9th Circuit Court of Appeals arguing “no standing,” which reduced the verdict to $40 million for some odd reason.

 

Emboldened, TransUnion appealed to the Supreme Court. They asserted: no standing. They argued none of the plaintiffs had suffered “concrete” injuries that constituted “actual harm.”

 

Not even the Fair Credit Report Act (FCRA) could stop them with all its “bare procedural violations.” Article I, Article II, and Article III of the Constitution, which are supposedly the co-equal branches of government laid out in the Constitution.

 

This is what’s referred to as the “separation of powers,” that lauded concept taught to every child in America…what about that? SCOTUS (don’t let the cozy, marshmallow of an acronym fool you) said, in effect, “Separation of Powers be damned.”

 

The Court ignored the law and threw out the lawsuit for all but 1,800 victims. Those who were lucky enough to be called terrorists “won” the real harm lottery in the eyes of the Court.

TransUnion Commentary Part 1

The courthouse door may have been slammed in your face without ever opening. This is especially true in the realm of your personal information, an ever growing and relevant area referred to as data privacy. This is a vast area, but it affects most people in one of two ways: First, a data breach, which is the theft of your personal information (SSN, bank account information, date of birth, etc., known as personally identifiable information or “PII” ) or protected health information (“PHI”); second, through damaging lies and other untruths about you living online. In either instance, you may have no remedy. It gets worse. You may not even be able to “get your day in court.”

 

If you have not heard of or read the 2021 Supreme Court case,  TransUnion v. Ramirez, you should slog through it. You will be shocked, appalled, or maybe just slightly less than asleep. Perhaps it’s what you’ve come to expect as you now live those dystopian novels you read in high school.

 

Sadly, you may have already been damaged by the forces this case unleased and not even know it, but, in all likelihood you were not damaged enough for the Supreme Court.

 

No flesh wounds for this Court.

 

As the current Supreme Court likes to say, “a bare procedural violation” does not constitute  “actual harm” absent a “plausible chance of success.” And what does that even mean? Try nailing that Jell-O to the wall.

 

It means if you are harmed—perhaps even irrevocably—you have no remedy in a data privacy case. This is true even if some of the justices in the majority don’t know a data breach from a breech birth. Despite this woeful ignorance of technology demonstrated by the Supreme Court, they may have–daresay–aborted your data breach case before it was even conceived.

 

Lawyers and legal scholars may dispute TransUnion’s more nuanced meaning. All you need to know is the people, the ones who are not corporations, lost. Yes, Virginia, corporations have more rights than real people, and they are vacuuming up all the information about you they can.

The Supreme Court Slams the Courthouse Door in Your Face in TransUnion v. Ramirez

The courthouse door may have been slammed in your face without ever opening. This is especially true in the realm of your personal information, an ever growing and relevant area referred to as data privacy. This is a vast area, but it affects most people in one of two ways: First, a data breach, which is the theft of your personal information (SSN, bank account information, date of birth, etc., known as personally identifiable information or “PII” ) or protected health information (“PHI”); second, through damaging lies and other untruths about you living online. In either instance, you may have no remedy. It gets worse. According to TransUnion v. Ramirez, 141 S.Ct. 2190 (2021), you may not even be able to “get your day in court.” Note: Click this link for a concise summary.

 

 

TransUnion v. Ramirez is a data privacy case that dealt with reputational damage that ultimately had economic impact. Although the history of the case is long and the factual situation complex and varied, the basic facts involve a watch list created by the U.S. Treasury’s Office of Foreign Assets Control (OFAC). The so-called “OFAC watchlist” was meant to identify terrorists, drug traffickers, and other serious criminals. If a consumer’s first and last names matched the first and lasts names of a person on this list, then that person was listed as a “potential match” and put on the OFAC watch list. Imagine if your name was John Smith and a terrorist’s name was John Smith. TransUnion listed these alerts on the credit reports of these individuals without (for the most part) checking their veracity. Then, they neglected to tell people about it.

 

8,185 people whose names were on the list filed a lawsuit in federal district court in California saying TransUnion 1) failed to ensure accuracy of their credit files, and 2) sent defective notices to the consumers both of which clearly violated the Fair Credit Reporting Act (FCRA). The case eventually went to trial, and the jury was so upset that it awarded punitive damages, driving the verdict to $60 million.

 

TransUnion appealed the case to the Supreme Court. The Court tossed the jury verdict, and it said only those people, 1,853 in total, who had the credit reports with the inaccurate OFAC watch list sent to third-parties (banks, car dealers, etc.), had suffered any “actual harm.” The Court dismissed the case as to 6,332 people whose credit reports contained misleading alerts, reasoning the “mere presence of an inaccuracy in an internal credit file, if it was not disclosed to third party, caused no concrete harm.” The Court concluded these 6,332 people had no “standing,” which meant they had not been harmed enough to allow the Court to hear the case. Basically, the Court did not think having your name incorrectly placed on a terrorist watchlist without your knowing meant you were even harmed.

 

The ramifications are wide and are alarming for a few reasons that affect everyone: 1) Congress passed the FCRA to remedy these kinds of situations, and it was clearly violated, yet the Supreme Court explicitly said the Court had the right to overrule Congress and take away its law making ability; essentially, the Court “legislated from the bench” and made no bones about its ability to continue to do that if it did not like the law(s) Congress passed. 2) The Court referred to this violation of a privacy statute, the violation of which constituted a privacy violation (similar to those in data breach cases) as a “mere procedural violation,” which is the language it has used to describe violations of consumer privacy the Court does not deem to be serious. The Court continues to focus on financial harm while discounting reputational harm, anxiety, worry, fear, time spent remedying such a situation, and other what are called “intangible harms,” which are largely unrecognized in American law these days. 3) It shows that you must wait for something terrible to happen to you financially to be considered “harmed,” and the law cannot be used to prevent harm. Even if you are “harmed” your remedies are limited as an individual because you will likely only receive a few hundred dollars at most for such a violation, and it would have to be as a member of a class in a class action lawsuit in federal court.

 

A class action is where groups of people with similar injuries band together to form a “class,” the idea being picking one plaintiff to represent a class of sometimes hundreds of thousands of people is more judicially efficient than trying thousands of cases that are virtually identical. Despite their judicial efficiency, the Supreme Court’s current conservative majority does not like class actions, and it bends over backwards to dismiss them at the earliest stage possible.

 

Much ink has been spilled over this case and what it means. The case is quite nuanced as is the commentary, but bottom line: consumers are less protected and have less remedies, and, perhaps most disturbing, the Supreme Court feels no compunction over ignoring Congress and tossing out jury verdicts.

 

Perhaps a good analogy involves basketball, always a welcome subject in “blue Heaven.”  It would be like having UNC crush Duke in the Dean Dome in early March with Spring trying to burst forth too early, and then the referees (the worst “Duke refs” you’ve ever seen) rule the game should never have been played. And then the refs rule Duke the winner even after Duke lost by 40 points or so. And they did it in true ACC fashion, by issuing a press release explaining why it was wrong that UNC won. This just covers the jury part.

 

As for the Supreme Court thinking it can override Congress whenever the Court wants…that’s more like when Julius Caesar declared himself emperor. Despite Caesar’s demise, Roman never went back to a republic after that.

 

Regardless of whatever flawed analogy that is given, it is not a desirable situation for the country to be in at this point. You have little protection for your private information, and you likely cannot maintain a lawsuit if you have your data stolen. Even if you “win” by settling or have a jury verdict, which could be overturned, you will probably only receive a few hundred dollars at most. But the plaintiffs’ attorneys will make hundreds of thousands and possibly millions in fees, and the defense attorneys will make hundreds of thousands and possibly millions in fees. Most disturbing of all is corporations do not have to protect your personal data, which they can collect or steal and ultimately sell, because the law will not hold them accountable. The Supreme Court certainly will not.

Tuesday, July 4, 2023

Is AI going to replace lawyers?

AI is not going to replace lawyers. It will make lawyers more efficient if lawyers choose to embrace it and learn to use it. Lawyers who ignore AI do so at their peril. AI can ameliorate much of the tedium lawyers endure and that makes the practice so difficult. Although the uses of AI are just now beginning to be realized, smart lawyers are already boning up on the topic. AI has many uses, and some of these uses are saving time, allowing earlier (and more accurate) risk assessment, producing higher quality work, improving organizational and logical structure, creative analysis and identification of persuasive precedents, reviewing and proofreading documents, and improving client relationships. In short, it does the things that will free lawyers’ minds and allow them to harvest the powers of their intellect to become happier, better lawyers:

Consider the advantages versus the concerns about AI:

Advantages of AI:

  • Automation and Efficiency: AI can automate repetitive tasks, improving productivity and efficiency in various industries. Examples include document review, formatting, and proofreading.
  • Problem Solving: AI algorithms can analyze vast amounts of data and identify patterns and insights that humans might miss, leading to more accurate decision-making and problem-solving. eDiscovery comes to mind here.
  • Innovation and Discovery: AI can assist in scientific research, drug discovery, and other areas by processing vast amounts of data and generating hypotheses. AI can make inferences and insights it would take humans weeks to make, if ever.
  • Personalization: AI enables personalized experiences in areas like healthcare, entertainment, and marketing, tailoring services and products to individual preferences.
  • Improved Safety and Security: AI can enhance safety and security measures, such as in autonomous vehicles or cybersecurity systems. It will help cut down on data breaches.
Concerns and Challenges of AI:

  • Job Displacement: The automation potential of AI raises concerns about job losses and the need for re-skilling workers to adapt to changing roles. Such has always been a concern with technology, but there is a great deal of opportunity as well.
  • Ethical Issues: AI raises ethical considerations related to privacy, bias, transparency, and accountability in decision-making processes. This is true, but this is why we need lawmakers and citizens to understand it so that it can be used effectively.
  • Inequality and Bias: If not carefully designed and implemented, AI systems can perpetuate existing social biases or widen the gap between different groups. This is a real concern based on the built-in bias of the Internet.
  • Security Risks: AI can be vulnerable to attacks and misuse, posing risks to data privacy, cybersecurity, and even physical safety.
  • Dependence and Loss of Control: Over-reliance on AI systems without proper oversight could lead to a loss of human control and decision-making authority. Will cyborgs take over the world as in Terminator? Probably not, but there are concerns about unethical, rogue technology. Even benign technology could harm us in the name of efficiency.
Lawyers must experiment with and learn to use AI. If not, they will be supplanted or less useful because other lawyers will come along. However, lawyers must not use AI to write their briefs and make up cases like that lawyer in New York. That is a clear misuse of AI. And these lawyers will be willing to use the technology. It’s up to us to use the technology or to become obsolete.


Monday, July 3, 2023

Data Breach: Steve and a real life hypothetical


Steve worked in a factory and fell, injuring his back. The back injury forced him to go on workers' compensation, and he settled his case for far less than it was worth, as is often the case. Eventually, he lost his job and his health insurance because, in America, healthcare is tied to employment. By then, the settlement money was long gone, and he still had thousands of dollars in medical bills with exorbitant interest rates.


Due to his lack of health insurance, Steve couldn't afford to pay his bills, and they accumulated at an obscene 29% interest. This damaged his credit score. Fortunately, he barely passed the credit check for his new job, which only paid half of what he made before. He also managed to pass the credit check for an apartment complex by a narrow margin.


Seven years after the injury, Steven was searching for another job as his lease on the old apartment was about to expire, and his landlord refused to renew. Around that time, Steve received a letter that almost ended up in the trash, but something made him open it. The company's name on the letter sounded familiar—it was the insurer from his workers' compensation case.


The letter informed Steve that the insurance company's systems may have been breached in a ransomware incident caused by a third-party. The company had known about it for a year but had just notified him and other victims. Steve recalled the company's stingy nature since they settled his case cheaply and failed to protect the data they possessed.


The insurance company assured Steve that they would resolve the situation and mentioned that there was no evidence the hacker intended to use the stolen information. They offered him twelve-month credit monitoring and identity theft protection with a reputable company, claiming generosity. However, it turned out that the hackers had already sold Steve's information on the dark web a year earlier.


As a result, Steve was flagged by a government agency for potential involvement in illegal activities like drug sales, human trafficking, or terrorism. This flag remained on his credit report, but Steve had no knowledge of it. He enrolled in the credit monitoring service for one year, which alerted him to the flag on his credit report. He acted quickly, and two agencies removed the flag, but it remained on the third agency's report.


One morning, Steve checked his credit report, hoping to see the notice removed, but it was still there. Filled with anger, he searched for "class action lawyers" and discovered that thousands of people were in the same situation, with an ongoing class action lawsuit in California. Steve joined the lawsuit in time, and after three months, they won. The jury was outraged, and punitive damages raised the amount to a staggering $60 million. However, Steve's compensation was limited to several hundred dollars due to the large number of plaintiffs.


The credit bureau appealed the case all the way to the United States Supreme Court, and unfortunately, the Court dismissed the lawsuit for Steve and thousands of others because the credit report notice had not been transmitted to a third party yet.


About a year later, Steve lost his job again, leaving him with only $50.00 in his account. However, he had a good lead on a new job, and a new apartment complex said they would rent to him if he passed a credit check and secured employment. The interview went well, and he was offered the job, which paid more than his previous position, thanks to his newly acquired computer skills. His job offer was contingent upon passing a credit check.


After the interview, Steve went to the apartment complex to sign a new lease. Unfortunately, the leasing manager informed him that there was a problem with his credit report from one of the agencies. She explained the situation, and, despite her feeling sorry for him, she had no choice. 


She explained the situation, and despite Steve initially thinking it was a joke, her serious expression and teary eyes made it clear it wasn’t. According to company policy, she couldn’t proceed with the lease. The repeated apologies became like a voice echoing underwater in an endless loop.


Feeling disheartened, Steve walked out, determined to make the best of the situation since he had a new job, right? He believed he would find another apartment. However, as he drove away from the apartment complex, the company that offered him the job called his cell phone. They informed Steve that the notice from the credit report issue had also appeared on the report they reviewed.


“I just can’t take a chance. We could be sued for everything, and the company could go under… if you aren’t telling the truth,” the caller said.


“But I am,” Steve pleaded.


“I’m sorry,” the man said and hung up.


Within a month, Steve found himself living in his car. Life had dealt Steve many hardships, but the data breach, seemingly small to many, had completely upended his life just as things were starting to improve. The preventable data breach had put Steve’s future in jeopardy.

California Consumer Privacy Rights Act (“CCPA”) 2023 as Amended by the California Privacy Rights Act (“CPRA”)

Introduction:

On November 3, 2020, Californians voted in favor of Proposition 24, which introduced amendments to the California Consumer Privacy Act (CCPA). These amendments are collectively known as the California Privacy Rights Act (CPRA) and went into effect on January 1, 2023. The CPRA expands and modifies the CCPA while establishing the California Privacy Protection Agency (CPPA) as the new administrator of the law. This blog post aims to provide an overview of the CCPA 2023 as amended by the CPRA.

A. Summary:

 The CPRA amendment, which builds upon the existing CCPA framework, brings several significant changes. It expands the definition of a "business" by raising the threshold of consumers or households to 100,000 and includes "sharing" in addition to "selling" consumer information for reaching that threshold. Significantly, the CCPA (as amended by CRPA) no longer makes a distinction between “sharing” and “selling” consumer information. It is the same, and sharing personal information without permission may result in liability under the CCPA.

The private right of action under the CCPA is expanded to include breaches of email addresses and passwords or security question answers that would allow access to a consumer's account. In other words, if you are a California resident, your email address cannot be taken, sold, or shared to a third party without your permission. Email addresses are deemed personal information worthy of protection, which makes a lot of sense given the value of the email addresses to businesses hoping to use information to make a sale or to sell the information itself.

 The CPRA introduces new provisions, such as the inclusion of "sensitive personal information," an extended look-back period for consumer information requests, expanded consumer rights, and non-discrimination protections.

 B. Pleading Questions:

For lawyers, the question arises: how do you plead a CCPA claim under the CPRA amendment? When filing a complaint under the CCPA 2023, it is still appropriate to plead the CCPA itself, as the CPRA amendment is integrated into the CCPA framework. While it may be prudent to include a footnote acknowledging the CPRA amendment, it is not necessary. However, it is essential to update the definition of a "business" in complaints to reflect the new threshold of 100,000 consumers or households, and to recognize that both "selling" and "sharing" of consumer information count towards that threshold.

 C. Main Points for Private Right of Action:

The CCPA is likely to be the model for comprehensive cybersecurity measures under federal law if Congress ever takes this kind of action. Below is a list of things to keep in mind when pleading a claim under the CCPA as amended by the CPRA.

  1.  Pleading the CCPA: Complaints should continue to plead the CCPA, but the definition of a "business" must be updated to include the new threshold of 100,000 consumers or households, and "sharing" should be considered alongside "selling" for reaching that threshold.
  2. Expanded Private Right of Action: The CPRA expands the private right of action to include breaches of email addresses in combination with passwords or security question answers, eliminating the need to tie such breaches to a specific category of "personal information" to trigger the notice provision and protections of the CCPA.
  3. Introduction of "Sensitive Personal Information": The CPRA adds "sensitive personal information" to the existing category of "personal information." This includes biometric information for unique identification, personal health information, and personal information related to a consumer's sex life or sexual orientation.
  4. Extended Look-Back Period: The CPRA allows consumers to request information beyond the usual 12-month period, if it is not impossible or disproportionately burdensome for businesses to provide. This expands the scope of consumer information requests.
  5. Expanded Consumer Rights: The CPRA grants consumers the right to correct inaccurate information, opt out of sharing their personal information, and limit the use of their information. It also introduces non-discrimination protections to safeguard employees, job applicants, and independent contractors who exercise their rights under the CCPA.

D. Main Points "Fleshed Out":

Below are a few things to keep in mind: 

  1. Use of CCPA after January 1, 2023: The CCPA is still used even after the CPRA amendment.
  2. The CPRA modified and expanded the CCPA without creating a separate law. Therefore, when referring to the law, it remains the CCPA.
  3. Impact on the Definition of a "Business": The definition of a "business" 

The CPRA amendment to the CCPA introduces several changes that impact how businesses are defined and regulated under the privacy law. These changes broaden the scope and obligations for businesses in handling consumer data. Let's delve into the key modifications brought about by the CPRA.

a. Redefinition of "Business":

Under the original CCPA, a business was defined as an entity that met one or more of the following criteria: (A) had an annual gross revenue over $25 million, (B) possessed personal information of 50,000 or more consumers, households, or devices, or (C) derived 50% or more of its annual revenue from selling consumers' personal information.

The CPRA amends the definition of a "business" by increasing the threshold for the number of consumers or households from 50,000 to 100,000. This means that a business must now meet the requirement of buying, selling, or sharing the personal information of 100,000 or more consumers or households to be subject to the CPRA.

Moreover, the CPRA expands the definition of "business" to explicitly include the sharing of consumer information, treating sharing in the same way as selling. This change expands the reach of the CCPA, ensuring that businesses engaged in sharing consumer data on a large scale are also subject to the law's provisions.

b. Strengthened Private Right of Action:

The CPRA amendment enhances the private right of action provision under the CCPA. Previously, to trigger the notice provision and protections of the CCPA, a breach had to involve a category of "personal information." However, under the CPRA, a breach of an email address in combination with a password or security question and answer that would permit access to the consumer's account is sufficient to trigger the CCPA's provisions. This expansion removes the requirement of a breach involving personal information, thereby broadening the circumstances in which consumers can enforce their rights under the law.

c. Addition of "Sensitive Personal Information":

The CPRA introduces a new category called "sensitive personal information" under the CCPA. This includes all the elements of the previous definition of personal information but adds specific types of data, such as the processing of biometric information for unique identification, personal information related to a consumer's health, and personal information related to a consumer's sex life or sexual orientation. The inclusion of sensitive personal information highlights the heightened privacy concerns associated with these types of data and imposes additional obligations on businesses in handling and protecting them.

d. Extended Look-Back Period:

The CPRA expands the "look-back period" for consumer data requests beyond the previous 12-month period under the CCPA. Consumers now have the right to request information that goes beyond the 12-month period, if providing such information is not impossible or disproportionately burdensome for the business. This change enables consumers to access a broader range of historical data held by businesses, enhancing transparency and empowering individuals to exercise their privacy rights.

Conclusion:

The CPRA's amendments to the CCPA significantly impact how businesses are defined and regulated under the privacy law. With changes to the threshold for businesses, the strengthened private right of action, the introduction of sensitive personal information, and the extended look-back period, the CPRA broadens the scope and obligations for businesses in protecting consumer privacy. These changes reflect the evolving landscape of privacy rights and emphasize the need for businesses to adapt their practices to comply with the new requirements imposed by the CPRA.

 

Sunday, July 2, 2023

Legal Technology, Nailing Jell-O to the Wall, and Lawyer Luddites

Technology has become an integral part of modern legal practice, offering numerous benefits and opportunities for lawyers to enhance their efficiency, communication, and client service. Technology is often baffling to lawyers, many of whom did not grow up exposed to the kinds of computing technology we have today. Even those of us who grew up with computers, high speed internet connections, and Facebook still find it difficult to keep up with the ever-changing technological landscape.

 A great deal must be learned—by all of us.

But we can all learn more, and the term “technology” is limiting because it is such a vast area that no one could understand all of it. We are all trying to “nail Jell-o to the wall,” as the saying goes. It means we must continue to work to learn as much as we can so that we can continue (or become in some instances) to be technologically competent.

Some may feel this is a lost cause. If you want to continue as a lawyer, you cannot think that way. You must embrace technology, or you will be a Luddite.

Opportunities exist for lawyers who embrace technology, learn about it, and utilize it in their practices. I firmly believe this, and it is what I’m trying to do as well. It is the central practice management issue of our time.

 As legal professionals embrace these advancements, it is crucial to maintain ethical underpinnings and uphold professional responsibilities. In this blog post, I  will explore the ethical considerations of technology in legal practice, the importance of technological competence, current trends in legal technology, and various aspects of technology that can enhance legal workflows.

 Ethical Underpinnings of Legal Technology:

Duty of Competence: Technological competence is now an essential aspect of competence as a lawyer. Understanding the technological tools relevant to one's practice area and maintaining proficiency is crucial for providing competent legal representation.

Duty of Confidentiality and Attorney-Client Privilege: Technology poses unique challenges to maintaining client confidentiality. Lawyers must utilize secure communication channels and employ encryption, two-factor authentication, and virtual private networks (VPNs) to protect sensitive client information. A blurb at the bottom of an email with statutes people don’t understand or even read is not sufficient.

Communication with Clients: Technology enables efficient and timely communication with clients. However, lawyers must ensure that client communications are secure and protected from unauthorized access.

Importance of Technological Competence and Keeping Up with Technology:

Technological competence is not only necessary for effective legal practice but also a professional obligation. Lawyers should continually educate themselves about relevant technologies and stay updated with emerging tools and trends.

Utilizing technology in legal practice can significantly improve efficiency, streamline processes, and enhance client service. However, it is important not to view technology as a panacea but rather as a tool that needs to be employed judiciously and ethically.

Law Schools and Technological Training:

Most law schools recognize the importance of technological competence and are integrating technology-focused courses into their curriculum. Examples include courses like "Law and Technology" at UVA, "Law and Entrepreneurship" at Duke, "Technology and Legal Innovation" at Vanderbilt, and "Technology in the Law Office" at Wake Forest.

Current Trends in Legal Technology:

Cloud Computing: Cloud-based solutions offer secure storage, easy access, and collaboration for legal professionals. They enable lawyers to store and find documents, maintain client confidentiality, and manage calendars efficiently. They are not perfect, and they must be combined with other technologies and cybersecurity processes.

Practice Software: Dedicated practice management software like Clio, TABS, Salesforce, and Microsoft Word products provide comprehensive solutions for document management, client communication, billing, trust account management, and more.

Practice software must make documents secure, findable, and clearly organized. This means it needs to be straightforward, and files (and their folders) must be named clearly and with the goal of clarity and findability behind them. Likewise, once created, lawyers and others must be told which files are created, what is in the files, and where they are located.

 Let me give you a ridiculous example of poor naming conventions. I won’t say where this was or where I heard it, but once a discovery file was named “Folder XYZ.” That was really its name. And all of the discovery documents (interrogatories, requests for production of documents, and requests for admission) were there, in a Word folder. Because of course it would be in Folder XYZ...duh. Come on! 

Can you imagine that? It's true. I promise that I’m not making it up.

Artificial Intelligence Systems: AI-powered legal research tools like Westlaw, Lexis, and Findlaw enable lawyers to conduct thorough research, analyze large volumes of data, and gain insights more efficiently. AI has been in use for quite a long time, but we are hearing more about it due to the ChatGPT. Yes, it can write, but it is clunky (for now). It can help produce a workable first draft, which can streamline the process. It will allow lawyers to do more work, in my opinion, but it will NOT do the work for them. Ethically and legally, it can’t. We all remember the lawyer in New York, who used AI to write his brief. The AI cited cases that didn’t exist.  

Mobile Lawyering and Remote Work: Technology empowers lawyers to work remotely, access case files, communicate with clients, and attend virtual court proceedings from anywhere, enhancing flexibility and work-life balance. But…cell phones contain loads of data—client data—and are often filled with lots of personal data as well. iPhones tend to be more secure whereas other kinds of phones are not.

Cybersecurity and Information Security: Lawyers must prioritize cybersecurity measures such as encryption, two-factor authentication, VPNs, and secure data storage to protect sensitive client information from unauthorized access. This is not enough. There must be procedures in place. Procedures are essential as technology always changes. People are the biggest threat as 91% of all cyberattacks come from clicking on phishing emails.

Conclusion:

As technology continues to advance, it transforms the legal profession in significant ways. Legal professionals have a duty to embrace technological competence, understand ethical obligations, and utilize technology responsibly. By staying informed about current trends, leveraging practice software, conducting efficient legal research, adopting secure communication methods, and safeguarding client confidentiality, lawyers can enhance their workflows and provide better service to their clients. The integration of technology in legal practice must always be balanced with the preservation of ethical values and the protection of client interests.

 

How Contributory Negligence Can Affect Your Personal Injury Claim in North Carolina

When pursuing a personal injury claim in North Carolina, understanding the concept of contributory negligence is critical. Unlike most state...