In the new digital economy, it often seems like every day brings another tale of some horrific data breach.
Additionally, revelations like the ones involving Cambridge Analytica, the British company that mined the Facebook data of tens of millions of people in an attempt to affect elections worldwide, have left people more mindful of data privacy.
Governments have responded. Data privacy laws abound and more are in process. In such a fluid legal environment, how can a business keep up?
“Legal departments face increasingly complex tasks in staying compliant while minimizing regulatory risk related to data privacy in virtually all areas of their work,” says Trista Engel, Paragon Legal’s Chief Executive Officer. “We ensure our privacy lawyers are well-versed in understanding and mitigating the risks in this critical and ever-evolving field.”
Representatives from Paragon Legal recently attended a virtual event titled “Data Privacy in an Era of Global Change,” hosted by the National Cyber Security Alliance.
The event featured experts from the World Bank, Airbnb, and Visa, among others, who discussed the latest issues companies are facing involving data privacy — as well as how certain best practices can also advance a company’s broader business goals.
Here, we present some actionable takeaways for in-house counsel along with a summary of the current regulatory landscape.
Making Privacy a Core Value
Rita Heimes, General Counsel and Chief Privacy Officer at the International Association of Privacy Professionals (IAPP), recommends that companies build a culture of privacy beyond the risk management technique of compliance with a given law.
Speaking at the event, Heimes said such a culture goes far beyond the avoidance of litigation. People would rather work for “an organization that is thoughtful and careful and has a good soul,” she said.
“Those people are loyal to you and they stick with you for longer because they enjoy where they work,” Heimes continued. “Privacy is one of many components, along with diversity and inclusion. Your employees will notice that you take these things seriously and they’ll respect you for it. They’ll be proud of where they work.”
So, how does a company build a culture of privacy?
First, create a detailed policy, thought-out, tested, and devised by professionals. Heimes recommends that part of this policy be periodic data housecleaning.
“If you don’t have people’s personal data, then it can’t be misused,” she said. “A culture of privacy reduces risks all over.”
Second, dedicate personnel to implement the policy. While a chief privacy officer with a team is ideal, experts recognize this may be beyond the reach of some businesses.
One option companies have is to partner with an alternative legal service provider like Paragon, which maintains teams of privacy-focused professionals to support companies that lack these types of expertise in-house.
Third, thoroughly follow up — particularly with all types of vendors and business partners — to make sure the policy is working as intended. Third-party data protection presents numerous challenges, and companies must remain vigilant to ensure their security needs are being met.
Complying With the GDPR
This attentiveness is important because of ever-shifting regulations. In 2018, the European Union kicked privacy law to a new level when it implemented the General Data Privacy Regulation (GDPR).
The law fosters transparency regarding data collection, mandates that sites cannot collect data unless a user affirmatively opts in to the process, and governs protocols in case of a data breach.
Many companies, no matter where they’re domiciled given our global economy, saw this robust law and thought it best to comply.
They said to themselves, “Europe has come up with a comprehensive consumer privacy law that sets a very high bar. If we build our systems to meet that, we’ll probably comply everywhere, right?” Heimes said. “Because it’s the strictest law, that’s the reactive and appropriate first step.”
She noted, however, that this strategy can be “pretty tough on your data team and you may not need to go that far.”
Post-GDPR, companies have been “fine-tuning their processes, seeking the best procedures for themselves, their vendors and their clients,” Heimes said. And of course, the GDPR is no longer the only robust privacy law.
Eyeing the US Landscape
As it often does, California led the way in the United States with its 2018 California Consumer Privacy Act (CCPA).
While it shares goals with the GDPR, there are a few differences. The CCPA added data about devices and households to the definition of personal information. The right to opt out is narrower than the GDPR’s because it covers only the sale of personal information, but it included broader consumer rights regarding access to data.
However, because data privacy laws never stand still for long, in late 2020, the Sunshine State passed the California Privacy Right Acts (CPRA) to build on the earlier law.
CPRA advocates felt the CCPA was too weak — too susceptible to legal machinations — and set out to fix it. Significantly, they passed the new law through a ballot referendum, demonstrating that the general public is aware of the problem and wants strong laws.
The CPRA establishes an agency, to be called the California Privacy Protection Agency, charged with enforcing the act and promoting awareness of privacy risks, according to materials posted by the NCSA. The agency will get up and running this year, although other provisions of the law don’t take effect until 2023.
The new law also created a category called “sensitive personal information” and includes specific compliance requirements for this category. It expands the opt-in requirement to include the sale and sharing of a user’s personal data, which brings it in line with the GDPR.
On March 2, Virginia became the second state to pass a robust data privacy law.
The Consumer Data Protection Act, which becomes effective in 2023, is similar to the CCPA in that it gives consumers more control over their personal data.
As noted in Corporate Counsel, the Virginia law also contains minor differences that will increase compliance burdens for companies.
Perhaps more important than state-level activity, federal lawmakers have been working to pass legislation as well.
The latest iteration in federal law is the Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act (SAFE DATA Act), a conglomeration of three previous bills, according to a September 2020 article from the IAPP.
If the bill were to become law, it would require companies to obtain affirmative express consent before gathering individuals’ sensitive data and would require privacy policies to be published and transparent.
The bill calls for robust data security practices, and would prohibit the denial of goods or services to individuals who exercise their privacy rights. Users would be guaranteed access to their data and companies would have to designate data security officers and conduct annual assessments, among other things.
The SAFE DATA Act would also require users to be notified if an “opaque algorithm,” uses their personal data to select the content they see, and would require an “input-transparent algorithm” to be on offer.
The U.S. Congress is still at odds over some aspects of the bill. According to the IAPP article, “the two key dividing lines are whether federal privacy legislation will include a private right of action and [whether it will] preempt state laws that offer a higher standard of privacy protections,” such as the CPRA.
“California was a big wake-up call that U.S. states are one by one going to begin adopting standards,” Heimes said. “Now that we have party alignment, more or less, across both houses and in the White House, the chances are better than they’ve ever been that there will be federal privacy legislation.”
Employee Portal
Apply
Leaving Work At Work: Five Steps To Disconnect
/in Articles alternative legal services|employee handbook|legal industry insights|lifehacks|women in law/by competenowWhen you’re at work, no one’s asking about dinner, arguing over toys, or demanding a bedtime story — at least we hope not. And we’re also going to assume your loved ones aren’t approaching you at home asking for reports or requesting a Zoom meeting.
It’s clear that the demands of the office and the demands at home can be drastically different. At the office, you take care of your clients. At home, you take care of your loved ones and, most importantly, yourself.
But that doesn’t always happen. According to a study by Rescue Time, employees take more than a quarter of their work home with them.
An inability to separate work life from home life can make it difficult to adjust your mood and energy to fit each one — especially when you’re bringing work home. When you can’t transition from the office to home life, it can often lead to blurred boundaries, burnout, and feelings of stress or, worse, guilt.
When the pandemic hit, these issues were only heightened as many of us moved to work-from-home life. Our usual routines, like waking up early, going to the gym before work, putting on office clothes and makeup and commuting to the office, all disappeared.
Along with that, many working parents took on extra roles as the pandemic shut down schools and children had to learn from home. With COVID-19 still affecting our daily lives, there’s still a high degree of uncertainty and anxiety, making it more important than ever for hard workers to enjoy life outside of the office.
Being present at home is paramount to maintaining work-life balance. But if you don’t know how to make this transition, it can feel impossible to switch gears, both mentally and physically.
And if you’re still working from home, it can be even harder because you don’t physically change locations; sometimes you don’t change clothes either. You may not be taking the time away from work and family for even just a few minutes to recharge and signal the change from office to home life.
Luckily, there are steps you can take to leave work at work and enjoy your time at home. After all, you work hard all day and deserve a much-needed break from business. Take these actions to easily move from the office to the house each day.
Do a Brain Dump
Keep concerns, questions, and the next day’s tasks at your desk by completing a brain dump before you leave for the day.
A brain dump allows you to “empty your brain” by writing down all of your thoughts onto a piece of paper. Create a to-do list for the next day, with the most pertinent tasks at the top. If there’s anything you need to remember associated with each task, write it down, too.
On another sheet of paper, write down any additional tasks, thoughts, or ideas you have – basically anything that’ll gnaw at you after working hours. This will help get it all out of your head and organized, so your mind doesn’t wander to those things later. It also helps you be more productive.
According to laboratory and field experiments conducted for a paper by the Harvard Business Review, researchers found that new employees who reflected for 15 minutes at the end of the day performed 22.8% higher than those who didn’t.
Create an End-Of-Day Routine
A routine helps cultivate good habits and transitioning from work to home is the good habit you’re looking to build. When you do your end-of-day routine, it signals that the workday is done. It prepares your brain to switch to at-home mode.
Creating a routine simply means creating a sequence of actions you do just before you leave the office. It can be anything you want, but it can be more beneficial if these actions also set you up for success the next day.
For example, you could start by doing your brain dump, then tidying up your desk and wiping it down just before you leave. You’ll signal the end of the day and have everything clean and prepared when you come in the next morning.
Make it more fun by creating a playlist to listen to while completing your tasks or ending the routine with a small treat as a reward for making it through another day.
Take That Commute
Most people see a commute as a necessary evil, but commuting can give you time to decompress and provide the change of scenery needed to signal you’ve left the office. And, if you walk or bike to work, it also gives you fresh air and physical activity to refresh and re-energize you.
According to Rescue Time, we use 80% of our day doing collaborative activities. You need some time in the day for yourself. Use your commute as the time you need to take a breath, spend some time alone, wind down from the workday, and prepare for taking on your household tasks.
Seeing your commute as your “me” time can make the traffic a little more bearable. When you’re using the commute to transition from work to home, you’ll see extra time on the road as extra time for you. Take this time to listen to a book on tape or your favorite podcast. Practice breathing exercises or blast your favorite music — whatever it is that allows you to unwind.
If you’re still working from home, you can find ways to still take that commute. If you’re able to, hop in the car and drive around the block, take a 5-minute walk, or simply sit in your car and play the radio for a few minutes to help signal that change in the day.
Change Out of Those Work Clothes
Another action that can signal the shift from work to home is changing out of those stiff work clothes and into something more casual and comfortable.
Changing out of office clothes works in a couple ways.
For one, you’re literally shedding the workday off. Second, by physically changing your clothes, you’re helping change your mindset. People often associate business attire with work and casual clothing with rest and relaxation.
Make Changes Little by Little
Putting this all into practice can take time, and we don’t recommend making all of these changes at once. Take baby steps to avoid feeling overwhelmed. Start by implementing one or two of these actions into your day and adding little by little as you grow more accustomed to these small changes.
It won’t happen overnight but, soon enough, you’ll find yourself feeling more relaxed and present during at-home hours. And while those hours may not be billable, they are the most important.
GCs Face Ever-Increasing Challenges. Interim Counsel Can Help
/in Articles alternative legal services|employee handbook|legal industry insights|women in law/by competenowIt’s no secret that the pandemic has pulled law departments in contradictory directions, with rising workloads far outpacing operating budgets.
A 2021 survey reveals, for example, that not only do GCs feel the pressure to contain costs, but they also expect department workloads to increase by as much as 25 percent over the next three years.
At the same time, headcounts are expected to rise by only 3 percent, according to the General Counsel Imperative Survey, conducted by Harvard Law School’s Center on the Legal Profession and EY Law.
The survey also reveals that 88 percent of the GCs interviewed plan to reduce their costs across the board over the next three years. Their No. 1 reason? Pressure from the CEO and board.
It’s not surprising, then, that ALSPs are playing an ever-increasing role in helping GCs manage these competing forces: 85 percent of general counsel surveyed said their law departments use ALSPs, a 13 percentage point increase over 2019.
Interim counsel providers like Paragon Legal offer a best-of-both-worlds solution to confront these increasing challenges.
In this environment, a company can bring an experienced attorney onto its team for a far lower cost and with greater oversight than they might get with outside counsel, without the risks and hidden costs of a permanent hire.
Expensive and Stretched Thin
While “do more with less” has become something of a cliche for modern-day law departments, BigLaw bill rates still continue to climb.
At the same time, BigLaw lawyers are stretched between multiple projects. Few go on secondments where a client can have a sole dedicated team member — and law firms are often reluctant to assign a top performer to this type of role.
This means that the advantages of interim counsel go far beyond a lower billing rate — though the rates do represent a transformative discount from those of BigLaw.
Paragon lawyers have significant in-house experience, and in their role as interim counsel, they function as an embedded, dedicated member of a team, as opposed to an outside advisor.
This makes for closer engagement, better outputs, and more intimate knowledge of how the legal team and the company function.
Work progresses more quickly because team members don’t have to waste time interacting with an outside law firm. These flexible counsel are not working under someone else’s direction or on someone else’s timeline — they are part of the company.
There’s also billing transparency.
Interim counsel are visible in a law department’s day-to-day operations, and they’re transparent in their billing and scheduling. The progress they make is self-evident, as they work directly as an embedded team member.
No Budget Leeway
As the Harvard and EY survey also revealed, GCs do not think they will have the budget in the coming years to hire the personnel they need to shoulder their departments’ growing workloads.
Certainly, a law department can address this problem by spreading the extra work among its existing employees, but this creates the danger of the same burn-out that is so prevalent at law firms.
And even if GCs had the budget to hire as many permanent lawyers as they need, it’s difficult to find personnel who can justify such a high level of commitment.
If the budget allows for only a part-time hire, it can be hard to find someone flexible enough to take such a post. Moreover, a given project may require a niche set of skills that don’t translate well to the long-term needs of the department. No one wants to terminate lawyers shortly after expending the time and money to hire them.
Flexible counsel can play a key role in meeting these types of challenges as well.
With Paragon, for example, a GC can request an attorney with experience in the precise areas needed for the project at hand without the risks of hiring the wrong person. If the lawyer isn’t a fit, the commitment is far lower than with a permanent hire.
Costs beyond salary must also be considered. A GC may have to place ads and hire a recruiter. Of course, there are payroll costs, as well as the expense of the benefits and perks that any good workplace offers to its team.
Paragon shoulders this burden for its clients, and all of these costs are baked right into the rate.
Benefits Abound
For lawyers, working in an interim counsel role provides the opportunity to do top-level legal work without the extreme hourly commitment typical of BigLaw.
Such roles are particularly appealing amid daily headlines about the legal industry’s struggles with burnout and work-life balance problems.
Similarly, this kind of solution can make for happy GCs facing a challenging landscape.
Flexible counsel can maximize productivity and minimize costs, leading to a happy and productive law department overall.
At Paragon, we’re dedicated to positive outcomes for all of our people — both our lawyers and our clients. Learn more about our values, resources, and offerings here.
How Busy Lawyers Can Find (More) Work-Life Balance: Part II
/in Articles alternative legal services|employee handbook|legal industry insights|women in law/by competenowFor many attorneys, the concept of “work-life balance” can seem like an urban legend, except even more far-fetched.
Indeed, maintaining time for a robust life outside the office can seem like a mythical concept — like a beautiful unicorn or a Harvard alum who never mentions where they went to school.
At Paragon Legal, we aim to provide both flexibility and high-level work, allowing lawyers to finally make work-life balance a reality.
And from the client’s perspective, happy lawyers are better positioned to deliver top-quality work than those who are burned out.
In the spirit of maintaining a healthy work-life balance, we bring you some time management tips that busy attorneys of all stripes can take advantage of.
In the first installment of this series, we noted how lawyers can audit, guard, and schedule their time. Here, we provide additional tips to manage your day.
Try Time Blocking
Time blocking is when you divvy up your day into blocks of time, during which you focus on specific tasks.
For instance, you may only check email messages for 10-11 a.m. and 4:30-5:30 p.m., allowing you to avoid constant email interruptions while you’re working on projects.
When you decide to do certain tasks is also important.
For some people, it’s easier to tackle important tasks in the morning, while others may find they have better focus in the afternoons. Try scheduling tasks that require more concentration for when you have better focus.
(For even more on when to schedule certain tasks, check out When: The Scientific Secrets of Perfect Timing by Daniel Pink.)
Reduce Multitasking
From Slack notifications to news alerts, we live in a distraction-heavy world.
But each of those interruptions can come with a time cost — it takes an average of 23 minutes and 15 seconds to get back to the task at hand, according to Gloria Mark, a professor at the University of California, Irvine.
To protect your focus, minimize switching between tasks as much as possible.
Mute that group chat, turn off unnecessary social media notifications, and even consider putting your phone in silent mode or in a drawer while working on a project.
Use a Timer
Using a timer can also be immensely helpful in keeping you focused, while also encouraging short breaks to keep your brain fresh.
The Pomodoro Tracker will help you use the Pomodoro Technique, which is a popular time management system in which you focus on a task for 25 minutes, followed by a five-minute break.
Similar apps exist for your phone, like Focus Keeper or the Bear Focus Timer, which acts as both a timer and a way to stop you from checking your phone screen. There are also a plethora of tools — such as Dewo and Freedom — that will help you reduce pesky app distractions.
Outsource, Delegate, Just Say No
Sometimes, the best way to find more time is to get rid of a task altogether. In Time Smart, Harvard professor Ashley Whillans advocates for outsourcing tasks that you especially dislike, noting that shelling out a bit on “time-saving services — like shopping, cleaning, and laundry — can reduce time stress and increase happiness.”
Similarly, don’t be afraid to delegate tasks, even if it means giving up some element of control. There’s no sense in lengthening your workday by insisting on doing things you could be giving to others (as long as they have room on their plate for it).
And if you’re a perfectionist who struggles with delegation, keep in mind how perfectionism could be stealing your time in other ways — for instance, by spending 20 minutes perfecting an email that really could have been written in 10.
Finally, harness the power of saying no. This can be tricky for people pleasers or folks who are eager to show they’re team players. But attending every meeting or taking on too many projects can make you feel like there aren’t enough hours in the day.
When possible (and we know it isn’t always possible, but go with us here), try gently excusing yourself from unnecessary meetings or extra projects.
And hey, if there’s no way you’re getting out of that hefty request that a partner just emailed you, at least you’ve got these other time management tips to help.
Paragon’s mission is to provide legal professionals with meaningful work outside the traditional path, while delivering the highest quality talent and service to our clients. Stay tuned for more ways to make “work-life” balance more of a reality.
How Busy Lawyers Can Find (More) Work-Life Balance: Part I
/in Articles alternative legal services|employee handbook|legal industry insights|lifehacks|women in law/by competenowYou can read Part II of this article here for more time management tips.
For many attorneys, finding “work-life balance” seems about as realistic as catching Bigfoot digging through your trail mix during your next camping trip — and who are we kidding, you don’t have time to go camping.
Thanks to long hours and a demanding culture, finding time for hobbies and family can be a struggle for lawyers, particularly those working within large firms.
Of course, time management has become even harder during the pandemic.
On top of Zoom meetings and increased client demands, your kid might need a snack, the dog might have to go out, and uh, did someone just start a kitchen fire during at-home science class?
Dealing with family and work has “lengthened days and screen time for many,” The American Lawyer recently reported, with both partners and associates working longer or odder hours.
But even with today’s challenges, there are still ways to reclaim your time.
At Paragon Legal, we aim to provide both flexibility and high-level legal work, allowing lawyers to finally make work-life balance a reality. And from the client’s perspective, happy lawyers are better positioned to deliver top-quality work than those who are burned out.
In the spirit of helping lawyers of all stripes promote a healthy work-life balance, we bring you some time management tips that busy attorneys can take advantage of.
Do a Time Audit
The first step in understanding where your day is going is to do a time audit.
In her book Time Smart, Harvard Business School professor Ashley Whillans recommends keeping a log of how you use your time during a random Tuesday (if you can’t swing Tuesday, pick any other work weekday).
For each activity, Whillans suggests noting how you feel about it, including whether the activity was productive, fun, or purposeful. If an activity made you stressed or unhappy, consider whether you can spend less time on it, Whillans suggests.
If you can’t ditch a task altogether, Whillans asks if you can make it more fun or less stressful. Popping on some music or a podcast can turn dreaded tasks (like logging your time or washing dishes) into something you actually look forward to, for example.
Schedule Focused Time
When you’re constantly reacting to requests and messages, making headway on important projects or goals can feel impossible. You spend all day responding to emails, taking calls, and sitting through meetings, only to look up at 7 p.m. and realize that you didn’t actually get anything done.
To combat this, try scheduling at least an hour every day where you block out distractions and focus on an important, but not urgent, task.
Whillans calls this “proactive time” or “pro-time,” for short. This time period can be used for work projects, personal goals, or even leisure activities that you always put off.
The key is to be disciplined about guarding this time — Whillans recommends blocking off your calendar and shutting out all distractions during pro-time.
Using this period for longer-term projects can also keep deadlines from creeping up on you, allowing you to feel less stressed and more in control.
Use To-Do Lists
Don’t underestimate the power of a simple to-do list: It will help you set priorities for the day and help you stay on track.
Remember to keep your list short and sweet, so you don’t list more tasks than you can actually get done in a day (recommendations for the number of tasks vary, but often run from three to six).
Try keeping the list visible, so your priorities stay top-of-mind, even as fresh requests pop up during the day.
You can write your list in a notebook, a planner, a whiteboard, a sticky note, or even a digital app, such as Evernote or the Notes app, which has a checklist feature.
An app or notebook also has the benefit of being portable, so no matter where you are, you can write down tasks for future lists.
Paragon’s mission is to provide legal professionals with meaningful work outside the traditional path, while delivering the highest quality talent and service to our clients. Stay tuned for more ways to make “work-life” balance more of a reality.
How The Pandemic Intensified GCs’ Privacy Focus
/in Articles alternative legal services|covid19|legal industry insights|women in law/by competenowNo one wants to fall prey to scammers and hackers because of a vulnerable home computer, but the need to keep your data private takes on a whole new wrinkle when you’re handling sensitive client information.
During the pandemic, as aspects of our professional and personal lives moved online, privacy concerns grew more acute.
A recent panel titled “How COVID-19 has Changed Data Privacy” examined these concerns and the efforts to address them. The panel was part of the Data Privacy Day, organized by the National Cyber Security Alliance, and attended by Paragon Legal.
Panelist Lindsey Schultz, privacy counsel at Visa, described her company’s thinking when reality began to sink in — employees would be working from home for a long time.
“We started looking at all these processes that [transfer] personal information,” she said. “Normally, we feel relatively protected because we’re doing certain things in the office.”
Of course, that changed. Call centers were a perfect example. “We were testing our VPN capacity and all of our protocols,” Schultz said.
The collection of employee health information while monitoring for the coronavirus was another sticky problem. Normally, such data wouldn’t be collected at all. “And so we did that balancing test to collect a minimal amount of information to protect our fellow employees, but not so much that [it would] make anyone uncomfortable.”
Visa is still doing that balancing act, Schultz said, now that employees can be vaccinated. The company also needs to consider a method for contact tracing when employees return to the office.
On the consumer side, Visa wanted to make sure people felt comfortable using their cards. To that end, the company “aggregated data to make sure that we could support better contactless payments and support moves to more digital spending in digital environments,” Schultz said.
An Alert Public
Perhaps because of increased digital activity, not to mention news stories about data breaches, the public is becoming “more aware of privacy issues and more educated about what those issues are,” according to panelist Brian Philbrook, lead privacy counsel at OneTrust, a platform for privacy, security, and governance programs.
He said that privacy officers have seen a significant uptick in data-subject requests:“Requests for deletion, requests for access to their data, to opt out, all of those different things. . . . I think people are starting to ask the right questions.”
The surge in online learning has also led to more requests and questions concerning data. People indifferent to their own data may become fiercely protective of their children.
Philbrook cited an article published by the International Association of Privacy Professionals (IAPP) about the civil liberties and privacy officer at the National Security Agency. Her child’s school asked for consent to record classes for operational purposes that struck her as overly broad, so she started a conversation about potential issues. This led to policy changes regarding the making and retention of the recordings.
“Obviously this was uncharted territory for the teachers, so they hadn’t even considered privacy implications,” Philbrook said. “And I think that’s kind of where we’re at now. People have gotten used to thinking about some of these things. . . . It’s an opportunity to hash things out, learn from them, and kind of grow with that.”
And while data privacy has been a concern for some time, it seems to be spreading throughout a given business. Philbrook said his company might hear from marketing, human resources, business development, research and development, “really across the board.”
His fellow panelist concurred: “One of the key things to come out of COVID-19 is that privacy is definitely winning,” said Melanie Ensign, founder and CEO of Discernible Inc., a communications consultancy dedicated to security, privacy, and risk issues.
She noted that companies need to be mindful of the fact that when they talk about consumer privacy, they are talking about safety, and consumers are not a monolithic group. A lot of companies struggle to do the most good for the most people without hurting the most vulnerable. Some people have been pushing back.
“We are seeing increased scrutiny and expectations from consumers when [they’re told] they need to compromise privacy in order to increase safety. There is a broader movement to call out ‘safety theatre,’” Ensign said.
An ‘Unhealthy’ Data Appetite
These days, she added, when a company or public entity asks people to compromise their privacy for the sake of safety, they want to know exactly how the data is going to accomplish that.
Institutions still have “a really unhealthy appetite for data,” Ensign said, without a clear case for how that data is going to be used and protected.
For example, during the pandemic governments have mandated that companies participate in contact-tracing programs.
“So those of us who sit in the middle of privacy and safety are faced with this decision,” Ensign said. “Do we go along with what the government is mandating from a public-safety perspective, even though we know it is compromising the privacy of every single one of our users? I found it very encouraging to see more and more privacy as well as safety professionals respectfully push back and try to engage with those government agencies to say, ‘We’ve got to find a middle ground.’”
Ensign described the worst case scenario — if all that data were shared with a well-intentioned government agency and the data were compromised, the company would take the hit to consumer trust because the company collected the data. She said the conversation must hinge on intellectual honesty regarding how and for what purpose the data is going to be used.
Many technologies put in place to track people, either online or in the physical world, don’t necessarily offer more safety, Ensign continued. “And there’s pressure in some industries to provide ‘safety theater’ rather than being honest about whether or not people are actually safer as a result of those privacy-invasive technologies.”
Christopher Harrell, a panelist and the chief technology officer of Yubico, a Swedish and American company that makes authentication and encryption devices and software, described these data grabs as a “knee-jerk reaction” to a dangerous situation.
“I think many countries have even declared states of emergency or words similar to that in order to create mandates or additional powers,” he said.
On the positive side, the situation has stirred examination of privacy in the context of human rights and led to “great writing recently about how COVID has these kinds of trade-offs,” Harrell said. Discussions often centered on the necessity of the gathering and storage of data and the need to ensure they are “only used for the purposes for which they’re collected.”
Harrell characterized a lot of this work as “done last minute,” and he thinks the technology side has yet to catch up with the policy side. In other words, while policy people have responded to growing public awareness of the importance of data privacy, the tools are not yet adequate to the task.
“And I hope we can catch up on that. And I think the consumers are definitely interested, but they’re also scared,” Harrell said.
“People are really tired of paper promises and privacy policies and similar documents,” Ensign said. “They are not convincing to consumers. So I think we’re going to see a lot more investment in technical integrity and development from government agencies the next time they try to take something up of this magnitude.”
Schultz reported that consumers are a lot more focused on Visa’s responsibilities “as a large company with such a large network” to empower them to safeguard themselves. Part of that has been asking to see the data collected about them.
As we ease out of the pandemic crisis, “this dichotomy of safety and privacy is going to be a continued conversation,” Philbrook said. While the European Union already has the “most comprehensive set of privacy laws in the world,” the United States has lagged. Good things have been happening on the state level, but Philbrook thinks the patchwork of laws “could eventually get unbearable to the point where a federal law is necessary.
“So I’m expecting that, and then I would expect much more litigation around the right to privacy and what the boundaries are — what that balance is — in today’s connected world.”
ALSPs’ Role In Legal Industry Diversity Efforts
/in Articles alternative legal services|employee handbook|legal industry insights|women in law/by competenowIt’s common knowledge that the legal industry has long had a diversity and inclusion problem, and law departments are still struggling to improve diversity in their outside counsel.
The good news is that legal departments can go a long way toward addressing these struggles in their hiring decisions.
The days when law departments had only two choices – keeping work in-house or sending it outside to a law firm – are over.
Today, law departments have the additional option of turning to alternative legal service providers (ALSPs), particularly interim counsel providers.
ALSPs’ Role
The legal industry’s diversity problem recently took center stage when Coca-Cola General Counsel Bradley Gayton criticized “highly unproductive” industry efforts to achieve diversity, and said that good intentions were no longer enough.
Coke’s law firms must now staff at least 30% of new matters with diverse attorneys or risk a reduction in legal fees or complete removal from the roster.
This is only the latest in a string of initiatives designed to spur in-house legal departments to advance change by committing to making decisions when retaining outside legal services that help increase diversity and inclusion.
For nearly four years, Diversity Lab’s Mansfield Rule has been working to close the industry’s gender gap, with 117 participant firms signing onto Mansfield Rule 4.0. Similar rules now exist for midsize firms and legal departments. Numerous other diversity initiatives exist across the corporate legal industry.
Law department initiatives directed toward outside counsel are only one piece of the puzzle, however.
That’s because law firms are exerting less unilateral control over the landscape when it comes to providing legal services. As of the end of 2019, ALSPs had a $13.9 billion legal sector market share, up $3.2 billion from the preceding two-year period, according to Thomson Reuters’ 2021 Alternative Legal Service Providers report. The report also shows that 71% of corporations now use ALSPs.
This means that ALSPs are poised to play a significant role in diversity and inclusion efforts in the legal industry. More and more legal departments today are tracking how their ALSPs perform in terms of hiring, mentoring, and promoting diverse talent. Legal departments can be, and indeed should be, putting as much attention on diversity when hiring ALSPs as they have been in law firm hiring.
In fact, legal departments arguably have more power than ever to impact diversity in the profession through their hiring decisions. Having options beyond the traditional in-house/law firm dichotomy opens the door to selecting legal service providers who prioritize diversity.
Legal tech is also playing a significant role in helping law departments boost their diversity efforts.
From technology platforms designed to assist organizations achieve greater diversity, inclusion, and equity in their ranks to AI tools that help users define and measure bias to build more diverse teams, innovation is starting to make real strides on the diversity front.
A consortium of ALSPs, legal departments, and law firms has even launched a data analytics dashboard to help organizations monitor non-financial intelligence, including diversity metrics.
Empowering GCs
If more diversity and inclusion is the goal, law departments need to expand their view beyond law firms and look for legal service providers on all fronts who share their commitment to addressing these issues.
By now, most know the benefits ALSPs can offer in the cost-savings and efficiency departments, but their importance doesn’t end there.
ALSPs can make a significant difference when you’re looking to diversify your legal representation.
In 2020, for example, Paragon Legal placed over 100 attorneys on client engagements. More than 60% of these lawyers are women, and more than 40% are from racial minority groups.
At Paragon Legal, we are very proud of our diversity, but we also know there’s more work to do.
By expanding the staffing choice beyond hiring a law firm or keeping things in-house, law departments are not only empowered to make better business decisions, they also have new avenues for making real change in industry diversity.
How GCs Can Make Privacy a Habit in the Face of New Laws
/in Articles alternative legal services|employee handbook|legal industry insights|women in law/by competenowIn the new digital economy, it often seems like every day brings another tale of some horrific data breach.
Additionally, revelations like the ones involving Cambridge Analytica, the British company that mined the Facebook data of tens of millions of people in an attempt to affect elections worldwide, have left people more mindful of data privacy.
Governments have responded. Data privacy laws abound and more are in process. In such a fluid legal environment, how can a business keep up?
“Legal departments face increasingly complex tasks in staying compliant while minimizing regulatory risk related to data privacy in virtually all areas of their work,” says Trista Engel, Paragon Legal’s Chief Executive Officer. “We ensure our privacy lawyers are well-versed in understanding and mitigating the risks in this critical and ever-evolving field.”
Representatives from Paragon Legal recently attended a virtual event titled “Data Privacy in an Era of Global Change,” hosted by the National Cyber Security Alliance.
The event featured experts from the World Bank, Airbnb, and Visa, among others, who discussed the latest issues companies are facing involving data privacy — as well as how certain best practices can also advance a company’s broader business goals.
Here, we present some actionable takeaways for in-house counsel along with a summary of the current regulatory landscape.
Making Privacy a Core Value
Rita Heimes, General Counsel and Chief Privacy Officer at the International Association of Privacy Professionals (IAPP), recommends that companies build a culture of privacy beyond the risk management technique of compliance with a given law.
Speaking at the event, Heimes said such a culture goes far beyond the avoidance of litigation. People would rather work for “an organization that is thoughtful and careful and has a good soul,” she said.
“Those people are loyal to you and they stick with you for longer because they enjoy where they work,” Heimes continued. “Privacy is one of many components, along with diversity and inclusion. Your employees will notice that you take these things seriously and they’ll respect you for it. They’ll be proud of where they work.”
So, how does a company build a culture of privacy?
First, create a detailed policy, thought-out, tested, and devised by professionals. Heimes recommends that part of this policy be periodic data housecleaning.
“If you don’t have people’s personal data, then it can’t be misused,” she said. “A culture of privacy reduces risks all over.”
Second, dedicate personnel to implement the policy. While a chief privacy officer with a team is ideal, experts recognize this may be beyond the reach of some businesses.
One option companies have is to partner with an alternative legal service provider like Paragon, which maintains teams of privacy-focused professionals to support companies that lack these types of expertise in-house.
Third, thoroughly follow up — particularly with all types of vendors and business partners — to make sure the policy is working as intended. Third-party data protection presents numerous challenges, and companies must remain vigilant to ensure their security needs are being met.
Complying With the GDPR
This attentiveness is important because of ever-shifting regulations. In 2018, the European Union kicked privacy law to a new level when it implemented the General Data Privacy Regulation (GDPR).
The law fosters transparency regarding data collection, mandates that sites cannot collect data unless a user affirmatively opts in to the process, and governs protocols in case of a data breach.
Many companies, no matter where they’re domiciled given our global economy, saw this robust law and thought it best to comply.
They said to themselves, “Europe has come up with a comprehensive consumer privacy law that sets a very high bar. If we build our systems to meet that, we’ll probably comply everywhere, right?” Heimes said. “Because it’s the strictest law, that’s the reactive and appropriate first step.”
She noted, however, that this strategy can be “pretty tough on your data team and you may not need to go that far.”
Post-GDPR, companies have been “fine-tuning their processes, seeking the best procedures for themselves, their vendors and their clients,” Heimes said. And of course, the GDPR is no longer the only robust privacy law.
Eyeing the US Landscape
As it often does, California led the way in the United States with its 2018 California Consumer Privacy Act (CCPA).
While it shares goals with the GDPR, there are a few differences. The CCPA added data about devices and households to the definition of personal information. The right to opt out is narrower than the GDPR’s because it covers only the sale of personal information, but it included broader consumer rights regarding access to data.
However, because data privacy laws never stand still for long, in late 2020, the Sunshine State passed the California Privacy Right Acts (CPRA) to build on the earlier law.
CPRA advocates felt the CCPA was too weak — too susceptible to legal machinations — and set out to fix it. Significantly, they passed the new law through a ballot referendum, demonstrating that the general public is aware of the problem and wants strong laws.
The CPRA establishes an agency, to be called the California Privacy Protection Agency, charged with enforcing the act and promoting awareness of privacy risks, according to materials posted by the NCSA. The agency will get up and running this year, although other provisions of the law don’t take effect until 2023.
The new law also created a category called “sensitive personal information” and includes specific compliance requirements for this category. It expands the opt-in requirement to include the sale and sharing of a user’s personal data, which brings it in line with the GDPR.
On March 2, Virginia became the second state to pass a robust data privacy law.
The Consumer Data Protection Act, which becomes effective in 2023, is similar to the CCPA in that it gives consumers more control over their personal data.
As noted in Corporate Counsel, the Virginia law also contains minor differences that will increase compliance burdens for companies.
Perhaps more important than state-level activity, federal lawmakers have been working to pass legislation as well.
The latest iteration in federal law is the Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act (SAFE DATA Act), a conglomeration of three previous bills, according to a September 2020 article from the IAPP.
If the bill were to become law, it would require companies to obtain affirmative express consent before gathering individuals’ sensitive data and would require privacy policies to be published and transparent.
The bill calls for robust data security practices, and would prohibit the denial of goods or services to individuals who exercise their privacy rights. Users would be guaranteed access to their data and companies would have to designate data security officers and conduct annual assessments, among other things.
The SAFE DATA Act would also require users to be notified if an “opaque algorithm,” uses their personal data to select the content they see, and would require an “input-transparent algorithm” to be on offer.
The U.S. Congress is still at odds over some aspects of the bill. According to the IAPP article, “the two key dividing lines are whether federal privacy legislation will include a private right of action and [whether it will] preempt state laws that offer a higher standard of privacy protections,” such as the CPRA.
“California was a big wake-up call that U.S. states are one by one going to begin adopting standards,” Heimes said. “Now that we have party alignment, more or less, across both houses and in the White House, the chances are better than they’ve ever been that there will be federal privacy legislation.”
How Paragon Opened New Career Paths For Lawyers
/in Articles alternative legal services|employee handbook|legal industry insights|women in law/by competenowCEO Trista Engel and COO Jessica Markowitz discuss putting people first and the virtuous cycles this creates.
The female entrepreneurs who head up Paragon, a corporate counsel on-demand company, want to do law in a different way.
Trista Engel, the Chief Executive Officer, and Jessica Markowitz, the President and Chief Operating Officer, recognize that a traditional law career — with its long hours and all-consuming demands — might not be for everyone.
They also know there’s a wealth of talented lawyers out there who want to do meaningful work — but still have room in their lives for family, creative projects, travel, or any number of fulfilling pursuits.
Recently, Trista and Jessica sat down with Above the Law to talk about their vision for the company, their female partnership, and a challenging year. (The interview has been edited for length and clarity.)
Trista Engel, Chief Executive Officer.
ATL: Paragon was founded by a lawyer looking for balance in her own life and career. Would you call this a unifying vision at your company — seeking a career with flexibility? How has this shaped Paragon’s team and culture?
Trista: The desire for balance, flexibility, and autonomy is definitely a unifying vision at Paragon. It’s part of the company’s DNA, and for many people, it’s what drives them to join Paragon.
Something that’s really important and unique about Paragon is that it began as a way to create opportunities for attorneys who are looking for a non-traditional way to practice law, where they can do challenging work that they’re really good at while also having flexibility and balance in their lives. And it holds for clients as well – we’re helping support their workflow so they, too, can have balance in their lives. For both sides, we help you find a way of working that works for you.
And it’s fundamental to Paragon culture — putting people first – attorneys and clients — treating everyone as individuals, making sure they’re happy and feel supported. We pride ourselves on providing the best client experience and attorney experience. When our attorneys are happy and they’re treated well, they do good work that leads to happy clients. It’s a nice, virtuous cycle.
Jessica Markowitz, President and Chief Operating Officer.
Jessica: And it’s also about our attorney team taking a little bit more control of their careers. So it may be that someone wants to work 20 hours a week or it may be that they want to do short-term projects and then travel for a few months. It’s that freedom to pursue other interests that makes you whole.
For example, we’ve had a documentary filmmaker on our team, several people who write children’s books, one who opened a kickboxing studio — all while being a lawyer for big-name clients. So whether it’s taking care of kids or parents or pursuing other interests, we offer flexibility and balance, not just in hours, but in how people want their careers to develop and continue.
Trista: There is a desire for balance and flexibility in every career, in every industry. The notion of balance, flexibility, and autonomy in your work life is something that the practice of law hasn’t traditionally provided.
This is an alternative avenue for folks who are really experienced, great lawyers, great at their job, but who want a different way of doing things.
The founder of Paragon used to say she started the company so she could stay a lawyer. One of the tragic side effects of the traditional law career has been that if you decide you want balance and flexibility, it’s harder to find the right fit and that can mean making a choice between law and your life outside of law. The beauty of Paragon is that we’re providing this flexibility and optionality not only to our own attorneys, but also to our clients who bring us on to support their teams.
We’re helping great lawyers love the practice of law, because they don’t have to choose.
ATL: As relatively new leaders of a company, you were given a big task with the events of 2020, pandemic, etc. How were you able to keep your eye on Paragon’s culture and make sure to continue to manage in the same way with all the challenges we all faced last year?
Jessica: I don’t think we managed in the same way, to be perfectly honest. We had to do more because there was so much uncertainty.
We had to communicate more, we had to move faster. We had to make changes internally and have a heightened awareness of our team and our people.
It was a huge task, and it doesn’t feel exactly over. It feels less intense right now.
Through it all, our culture and our values helped us stay focused. We made a lot of tough decisions in 2020, but we made them within the framework of putting our team first. I wouldn’t say it made it easy, but it helped.
Trista: When I look back at 2020, we had a strong year operationally, all things considered, but I think the thing that I’m the most proud of is the fact that we really did live by our values.
We did everything we could to keep people employed and maintain people’s health insurance and incomes. And we did everything we could to make sure we weren’t leaving our clients in the lurch if they were going through tough times. Those things didn’t generate revenue for the business, but they were the right thing to do.
ATL: You state on your website your team is 40 percent people of color and over 50 percent female. Please talk about diversity at your company and in general, as a value, and as a business advantage.
Trista: Diversity is a core value of our business. We focus on it and we value it because it’s good for society. We also think it makes really good business sense.
There’s no question that having different perspectives at the table helps us make better decisions. Internally, we’ve seen firsthand how different perspectives give you different vantage points and lead to innovation and more robust and valuable discussions. So there is a very real business advantage to bringing different perspectives to the table and pushing the company to be the best it can be.
We’re very proud of the diversity of Paragon, but we also know there’s more work to do.
Jessica: One of the cool things too, is that we get to provide that diversity to other businesses. We place attorneys on projects in the legal departments of companies. When we hire really strong, diverse talent for our team, we’re also providing access to that really strong, diverse talent for our clients.
ATL: Your path is clearly unique. You both have backgrounds in finance, a field even more dominated by men than law. What was it like being female entrepreneurs in that world? And how did you come to Paragon?
Trista: Before we even encountered Paragon, Jessica and I had similar desires for our careers as many of our attorneys do. We were both on traditional career paths, but we wanted more balance in our lives and control over our own destiny.
We wanted to join a really strong business with a great culture and a lot of potential, and one where our business backgrounds could really add value so we could take the company to the next level. When we met [Paragon founder] Mae [O’Malley], we just really liked each other and shared the same fundamental values, and it all just clicked.
Jessica: When Trista and I were raising money to acquire Paragon, it never occurred to us that there were so few women who tried to do something like this. We started to realize that we were an anomaly.
People asked us why we thought we were going to succeed when no other women had before us. When you’re paving a new path, there is pressure to be successful because you want other underrepresented groups to follow your path. The only women end up representing all women.
And when you don’t see anyone who looks like you who has done it, you worry that if you fail, a lot of people will assume it was because you’re a woman or because you’re X, Y, or Z. So that pressure to be successful has motivated me. I want to make Paragon successful because people are watching us.
In terms of the business background, I think that’s critically important for the work that we do as we look to achieve success, however we define it for ourselves. To have that business mindset is a plus because we don’t practice law in our day-to-day on the Paragon leadership team, we are running a business and that requires understanding how to manage people and processes in a way that will move the needle. It’s a different skill set that we bring, but we can’t do this in a vacuum so about half of our leadership team is attorneys.
After 2020, which was sort of this weird lost year for everyone, we’re energized for the future. It’s exciting to find something that fits your culture and your values and also has a lot of growth potential, and we’re really excited for 2021.
Fireside Chat with Shellye Archambeau
/in Articles lifehacks/by competenowHosted by Anna Armstrong
Senior Director of Recruiting at Paragon Legal
Paragon was honored to host a fireside chat with Shellye Archambeau at our All Hands meeting in October 2020. Shellye is a truly inspiring and special woman. Her insights, advice and lifehacks about such things as setting expectations in all areas and integrating work and personal life offered both inspiration and practicality. We especially appreciated Shellye’s infectious combination of intelligence and warmth. We hope you enjoy her chat with Paragon’s own Anna Armstrong as much as we did!
Food for Thought: Protecting Grocery Workers (and Consumers) by Implementing Touchless Payments at Check-Out
/in Articles covid19|employee handbook/by competenowBy Vicky Lang
Attorney, Paragon Legal
In the midst of the Covid-19 pandemic, grocery stores remain at the top of the list of “essential services.” Despite the implementation of safety practices and precautions, public access to grocery stores presents challenges.
In response to these challenges, the Centers for Disease Control (“CDC”) has issued recommendations to protect grocery workers during the COVID-19 pandemic. Similarly, the Occupational Safety and Health Administration (“OSHA”) has expanded on the more general legacy protections for employees in the workplace by issuing detailed guidance on the implementation of new protocols due to pandemic specific risks. Specifically, OSHA’s protocols encourage employers to implement engineering solutions to protect employees from the COVID-19 virus, which market operators have implemented to address the spread of the virus to employees – e.g., use of signage cues to encourage social distancing, installing plexiglass shields at check-out counters, and providing store workers with personal protection equipment.2 In addition, as the virus may be spread by touching the nose, mouth, or eyes after first touching a contaminated object, the CDC recommends that grocery stores minimize the handling of cash and credit cards through the deployment and promotion of touchless payment systems.3
As the name implies, a touchless payment does not require physical contact between a consumer and the grocery clerk.1 Based on technology used at EMV chip enabled transaction terminals, touchless payments are typically conducted through mobile wallet smart device applications (e.g., Google Pay, Apple Pay), or a bank issued credit card/debit card with touchless payment capability. These touchless options allow the consumer to waive their card or mobile device application over a reader at the point of sale (“POS”) and the transaction occurs without having to physically touch anything.
An added, but less publicized, benefit of touchless payments is that the risk of fraud is significantly lower than physical card payments since the transaction does not involve the consumer’s name, card number, or three figure security code.
An added, but less publicized, benefit of touchless payments is that the risk of fraud is significantly lower than physical card payments since the transaction does not involve the consumer’s name, card number, or three figure security code. Instead, the card sends a one-time code with information that does not expose account details. Each time the card is used, a unique code is sent. Even further, using a mobile application for touchless payments often requires an additional level of security in order to access the service, such as a fingerprint scan or other sign in technology.
Touchless payments maintain the high EMV security standard, providing fraud protection for consumers and merchants alike, while also minimizing physical contact for consumers and grocery workers.4 While concerns have been raised that card data could be electronically skimmed by someone standing near the cardholder, and then used to create a fraudulent card, the instances of such actions are quite rare.5 When a touchless enabled physical credit or debit card is stolen or lost, the risk typically lies with the issuing bank, and not the consumer, as long as the card status is reported in a timely fashion. There can even be some protection for prepaid gift cards loaded onto a mobile device, though that risk varies based on the mobile wallet provider and the gift card issuer.
The roll out to consumers of touchless payments has taken some time to gain traction, predominantly due to the need to upgrade POS systems and issue touchless cards to consumers.6 Despite these practical obstacles to broader adoption, MasterCard recently announced that touchless payments were up forty percent during the first quarter due to the pandemic. More consumers are looking for “a quick way to get in and out of stores without exchanging cash, touching terminals or anything else.”7 Clearly, consumers are clamoring for touchless payments, and such systems are yet another engineering tool to meet the legal guidance issued to protect essential grocery workers at the POS. The COVID-19 virus may be the impetus near term to move markets and card issuers into further adopting this technology – to the physical and financial benefit for all involved.
Sources: