Category: News Feeds

Singer-songwriter Fiona Apple will be donating the royalties from which song to pay for the legal fees of detained, asylum-seeking immigrants?

Hint: The song won the Grammy Award for Best Female Rock Vocal Performance at the 40th Grammy Awards and was also nominated for Best Rock Song.

See the answer on the next page.

Staci Zaretsky is a senior editor at Above the Law, where she’s worked since 2011. She’d love to hear from you, so please feel free to email her with any tips, questions, comments, or critiques. You can follow her on Twitter or connect with her on LinkedIn.

It really is possible to have too much of a good thing, at least as far as General Data Protection Regulation (GDPR) notifications are concerned.  According to a report issued by Pinsent Masons using data from the United Kingdom’s Information Commissioner’s Office (ICO) and other EU data protection authorities, data breach notifications substantially increased since the effective date of the GDPR in May 2018.  How much?  According to the report, from approximately 3,300 notifications in the year preceding the implementation of the GDPR to over 11,000 reports through February 2019 (14,000 reports through May 2019 if one extrapolates the numbers) — an almost four-fold increase in notifications.  Suffice it to say that many companies have opted to “play it safe” and report whenever a data incident occurs, but the “safe play” may not really be the right call in many cases.

One can understand why companies are supposedly erring on the side of caution here.  As I have written previously about the GDPR, the GDPR takes the place of the old EU Data Privacy Directive (“EUDPD”) from 1995 — although the EUDPD was created to address the disparate handling of personal data between EU member states and foster the free flow of information within the EU, the growth of the internet made the EUDPD outdated.  The GDPR represents a comprehensive update to data privacy in the EU, but it is complicated.  From acquiring (and documenting) consent to the collection of “personal data” from data subjects in the EU and the “right to be forgotten” to the handling of personal data breaches, there is a lot to digest in implementing the GDPR and maintaining compliance.  Non-compliance can reach up to 4 percent of global annual turnover or $20M euros (whichever is greater).  Needless to say, this regulation definitely gets a company’s attention when it comes to the handling of “personal data” from EU data subjects.

The increase in notifications was expected, but the nature of the notifications is surprising.  Using the United Kingdom as an example, almost 2/3 of data security incidents (61 percent) were reported to the ICO according to the Pinsent Masons report. Under Article 33 of the GDPR, notification of a personal data breach by the controller to the relevant supervisory authority must take place within 72 hours of becoming “aware” of such breach. Moreover, 53 percent of the notifications to the UK ICO took place within three days of incident detection, another 11 percent taking four days, leaving over a third of the remaining notifications (36 percent) taking place in five or more days.  Other countries have shown similar increases according to the report (such as the Netherlands, Ireland, and Denmark). The point?  The GDPR notification requirements have pushed notification to much earlier in the data incident response process, which likely pressures companies to err on the side of caution.

What is interesting is that although the GDPR’s personal data breach notification requirement is definitely giving supervisory authorities more notifications than anticipated, existing guidance does not seem to dictate such a result. The Article 29 Data Protection Working Party (29WP) issued updates to its “Guidelines on Personal data breach notification under Regulation 2016/679” (Guidelines) that specifically address “awareness” of a “personal data breach” and handling of notification in a timely manner.  Although there is no bright-line test for “awareness” of a personal data breach, these Guidelines from the 29WP remain incredibly helpful, even giving examples of scenarios that would not trigger notification.  As a result, it seems that the WP29 Guidelines (among other resources) show an attempt to provide some level of reasonableness to the GDPR notification requirements.

With this in mind, here are three considerations that your company (or client) should take into account when faced with the prospect of a potential personal data breach as a controller under the GDPR:

1. Not every data incident rises to the level of a data breach.  This point cannot be stressed enough as it is specifically referenced in the WP29 Guidance document — when faced with a data incident, it is essential to take steps (whether through technical safeguards or other measures) to limit further data compromise. Personal data can be compromised where the confidentiality, availability, and integrity of the data is affected (even temporarily).   These actions are not only important to protect personal data, but may prevent further compromise.   The point:  Such actions may be the difference between a simple data incident and a full-blown personal data breach. This means that your company’s (or client’s) incident response plans need to be updated if they don’t take these considerations into account.

2. Not every data breach requires a notification to the supervisory authority.   This point may be a little hard to fathom, but a review of the GDPR Article 33 notification requirements and the WP29 Guidelines support this proposition.  Specifically, no notification is required where the personal data breach is “unlikely to result in a risk to the rights and freedoms of natural persons.” An example of this exception would be where the personal data is made up of publicly available information, or where the personal data has been rendered unintelligible to unauthorized parties and the data are either a copy or a backup otherwise exists.  That said, it is essential that your company (or client) take immediate steps to determine whatdata has been compromised, placing an “emphasis…on prompt action to investigate an incident to determine whether personal data have indeed been breached, and if so, to take remedial action and notify if required.“

3. Not every data breach requires notification to the individual data subjects.  Article 34 of the GDPR specifically states that “[w]hen the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.”  The GDPR language is clear, but when it comes to putting it to practice, not so much.  The GDPR broadly cites the rights and freedoms of natural persons, so care must be taken when making this determination. Although the threshold for notification to individuals is higher than that to supervisory authorities, where required it must also be made “without undue delay.”  When in the midst of determining whether a personal data breach has occurred, time is definitely not on your side, so be careful!

Based upon personal practice experience and that of colleagues, these considerations are not presented in a vacuum and should be heeded.  Take the time to review the incident response plans of your company (or client) so that they take GDPR notification requirements into context so a reasonable and timely GDPR notification determination can be made.  Suffice it to say that letting a supervisory authority know what you don’t know is one thing, but letting them know that you don’t know is another (and more troubling) thing altogether.

Tom Kulik is an Intellectual Property & Information Technology Partner at the Dallas-based law firm of Scheef & Stone, LLP. In private practice for over 20 years, Tom is a sought-after technology lawyer who uses his industry experience as a former computer systems engineer to creatively counsel and help his clients navigate the complexities of law and technology in their business. News outlets reach out to Tom for his insight, and he has been quoted by national media organizations. Get in touch with Tom on Twitter (@LegalIntangibls) or Facebook (www.facebook.com/technologylawyer), or contact him directly at tom.kulik@solidcounsel.com.

I am heartened for the future because we, as a profession, finally appear ready to start having a real, constructive dialogue on the complicated, and often uncomfortable, issue that is mental health. The dialogue is going to have its ebbs and flows, but it is a dialogue nonetheless—one that we were not having, and in fact actively avoided, until quite recently.

— Mark Goldstein, who works as counsel at Reed Smith, in comments made about what has happened to him since he told the Biglaw world about his mental health struggles this past February in an op-ed published in the American Lawyer. Since that time, Goldstein has received thousands of letters of support from members of the legal profession. Goldstein closes his latest op-ed piece with the following: “I suffer from mental health disabilities. And if you do too, or if you simply are passionate about or can relate to this issue, remember that you are not alone and that together, we can create the future about which I am so heartened.”

Staci Zaretsky is a senior editor at Above the Law, where she’s worked since 2011. She’d love to hear from you, so please feel free to email her with any tips, questions, comments, or critiques. You can follow her on Twitter or connect with her on LinkedIn.

Company: General Counsel [A Point of Sale Financing Company] (Los Angeles)

Position: Our client, a point of sale financing company based in Los Angeles, has engaged us to recruit a General Counsel to manage the legal affairs of the company.

About the Company: Our client has pioneered an automated financing portal specifically created to help businesses grow. With a unique approach that has created a true one-stop solution for customers’ financing needs, the company offers an affordable financing option that allows borrowers to quickly purchase the goods and services they want. For merchants, there’s no cost to get started and you can offer the option to apply for financing to every customer who walks in — the process takes just minutes, you never know who’s going to want the convenience payment plan. For borrowers, there’s also no cost to apply and no commitment required. You simply fill out the form. There’s no waiting period or runaround. The company has combined the best of people and technology to make some of the fastest approvals around. The main industries serviced are medical, pet, funeral, and other consumer services.

Requirements: The ideal candidate will have at least five years of major law firm experience, and ideally a few years of industry experience (although not necessary) with a specialty in regulatory compliance for consumer lending, including but not limited to AML, DSA, audits, and the like. General experience with corporate transactions is a plus.

Contact: Please email your résumé and cover letter to exclusivejobs@laterallink.com.

Ed. note: This is the latest installment in a series of posts from Mainspring Legal’s team of expert contributors. Sarkis Adajian manages marketing and business development for Lateral Link.

Lateral Link is one of the top-rated international legal recruiting firms. With over 14 offices world-wide, Lateral Link specializes in placing attorneys at the most prestigious law firms and companies in the world. Managed by former practicing attorneys from top law schools, Lateral Link has a tradition of hiring lawyers to execute the lateral leaps of practicing attorneys. Click ::here:: to find out more about us.

Most people will read a headline like this and assume it’s a knock on the firm. With all the complaints about “black box” firms that treat their associates — and increasingly their partners — as cannon fodder undeserving of even the most basic transparency, it’s understandable that rebranding the whole firm without the input of all but a select handful of partners would be the subject of scorn. But this is actually the rare case where firms probably should be more of a dictatorship.

There’s a lot of good that can come from decision-making by democracy, but aesthetic choices are rarely included in that. Far too often, involving hundreds of stakeholders in designing a logo only results in gridlock and second-guessing. It’s how you end up turning a firm into a mid-grade shoe store of compromise.

That’s not to say that single decision-makers or small committees are universally good. They can ruin a branding as easily as anyone. But by narrowing the decision to a small group, the risk of going off the rails is exponentially reduced.

Goldberg Segalla, a firm on the rise that’s climbed up into the Am Law 200 in recent years, prides itself on its “committee of all” approach. Which is why it’s noteworthy that managing partner Richard Cohen decided to keep the partnership largely in the dark about its new look:

“It’s human nature, particularly with lawyers, to have an array of differing opinions with respect to almost anything,” Cohen said. “We recognized that when we did unveil the concept to our ownership community that it was extremely unlikely that all of us would have the exact same vision. We were prepared for a wide array of reactions.”

Cohen said they were pleased, but not surprised, that the rebrand thus far has gotten a positive response.

Ultimately, a three-partner committee worked with internal branding folks and outside consultants — you know, people actually trained in how to do this as opposed to Bob from Tax — to come up with a new logo, color palette, and website. It didn’t shorten its name like most firms do these days, which is a shame because “Goldberg” has that vintage late-90s wrestling feel.

 Loading …

Why This Am Law Firm Kept Partners in the Dark on a Branding Overhaul [American Lawyer]

Earlier: Biglaw Firm Rebrands, And The New Logo Is… Let’s Just Say ‘Unconventional’

Joe Patrice is a senior editor at Above the Law and co-host of Thinking Like A Lawyer. Feel free to email any tips, questions, or comments. Follow him on Twitter if you’re interested in law, politics, and a healthy dose of college sports news. Joe also serves as a Managing Director at RPN Executive Search.

Last week, University of Buffalo School of Law student Matthew Benedict died by suicide. He jumped to his death from the Liberty Building in downtown Buffalo where he was working as a summer associate at the firm of Rupp Baase Pfalzgraf Cunningham.

As reported by Law.com, according to his mother Anne Benedict, Matthew pursued a career in the legal profession to “do good for the world”:

“Since he’s been a child, he’s loved the law. He’s loved history and writing and he loved the truth. He wanted to do good for the world, he wanted to serve people in some way and he thought this is the way he could do that with the talent he was given,” his mother said about his career path.

His mother also indicated Matthew had been struggling with depression for about five years. She said her son’s struggles with mental health began after he suffered a concussion while playing football at Middlebury College. Matthew’s family said, at least initially, that law school seemed to help with his mental health issues, but that coupled with working as a summer associate created a lot of stress for him:

While he suffered from depression before joining law school, his father, William Benedict, said going to law school initially helped guide him on a career path.

But, “over time there was an awful lot of stress” during law school, William said. This summer, Matthew was taking two classes at the law school while working the summer associate position, his family said.

“It became extremely stressful for him,” Anne Benedict said, adding she recalls he was worried about taking and passing the bar exam. He was also worried he was not doing a good enough job at the law firm, his mother said, but she later learned from the firm’s partners he “was doing a stellar job.”

Since Matthew’s death, his family has created Matthew Benedict’s One Last Goal. The fund’s goal is to support who that are struggling with mental heath issues.

If you or someone you know is depressed and need help, please call the National Suicide Prevention Lifeline (1-800-273-8255) or a lawyer assistance program in your state.

Kathryn Rubino is a Senior Editor at Above the Law, and host of The Jabot podcast. AtL tipsters are the best, so please connect with her. Feel free to email her with any tips, questions, or comments and follow her on Twitter (@Kathryn1).

On Sunday, Attorney General William Barr swapped out the legal team defending the Trump administration’s attempt to include a citizenship question on the 2020 Census. No explanation for the line-change was given, but to me, it sure looks like the Federal Programs lawyers at the Department of Justice have finally had enough of being humiliated in court in defense of Donald Trump’s lawless desires.

I don’t think Barr just woke up on Sunday and decided it was time for “fresh blood” on the Census. I think he woke up on Sunday confronted with the reality that the current team was done lying for him and his boss. To understand that contention, you have to understand what the lawyers were being asked to do. It’s not just that Chief Justice John Roberts ordered the Commerce Department to come up with a legitimate reason to add the citizenship question, a reason the administration doesn’t have so the lawyers were going to have to defend a different lie in open court. The lawyers probably would have done that, no problem.

The issue is that the lawyers were going to have to go back in front of a judge and admit they’d been lying to the court all along about the “expedited”/”emergency”/”THIS IS NOT A DRILL” timing over finalizing the Census questions.

Remember, the government’s case was expedited by the district court and fast-tracked for Supreme Court review. This was done because, according to the Department of Justice’s lawyers, the questions on the upcoming Census had to be finalized by June 30th. According to Solicitor General Noel Francisco, that was a non-negotiable deadline.

On Balkinization, Marty Lederman has the play-by-play of the DOJ’s timeline arguments:

[The ACLU motion opposing Justice’s attempt to move forward with the Citizenship Question after the Supreme Court ruling] cites chapter and verse–many chapters and many verses–of the ways in which DOJ has insisted to Judge Furman and to the Supreme Court (among others) that June 30 was a hard-and-fast deadline. The motion also explains that the courts and the parties relied upon those representations. DOJ’s assertion of a June deadline was the reason that Judge Furman himself, for instance, expedited discovery, trial, and briefing schedules. “[T]ime is of the essence,” he wrote, “because the Census Bureau needs to finalize the 2020 questionnaire by June of this year.” See also id. at page 191. The Solicitor General also invoked the June 30 deadline as the basis for his extraordinary request for the Supreme Court to grant certiorari “before judgment” (i.e., to take the case before the court of appeals could consider it). “[T]he Census Bureau must finalize the census forms by the end of June 2019 to print them on time for the 2020 decennial census,” the SG explained to the Court. Accord id. at 13–14 (“the government must finalize the decennial census questionnaire for printing by the end of June 2019”), id. at 16 (referring to “the June 2019 deadline for finalizing the census form”). Again in his motion for an expedited briefing and oral argument schedule, the SG told the Court that “the questions presented must be resolved before the end of June 2019, so that the decennial census questionnaires can be printed on time for the 2020 census” (emphasis added). The June 30 deadline was also an essential part of the grounds on which the government successfully urged the Supreme Court to add the Enumeration Clause question to the case well after cert. had been granted.

To argue that the citizenship question can still be added now — after the Commerce Department comes up with another (fake) reason, we have discovery and litigation into that reason, and we have a ruling and perhaps an appeal of that ruling — is to argue that the Justice Department was lying about the timeline before, and yet still needs the case to move forward quickly now.

That was a bridge too far for Federal Programs lawyers. The lawyers in the Federal Programs division are career DOJ lawyers. They defend the government’s policies, regardless of who is in control of the government. I believe their apolitical approach has led them astray during the Trump administration. A lawyer who defends a terrorist is a noble tool of the legal system and its commitment to due process. A lawyer who defends the state-sponsored terrorism promulgated by the Trump administration is merely a blunt object in the service of a corrupt regime, even if they don’t think of themselves like that. There will be an accounting, in this life or the next, of people who helped Trump or opposed Trump, and I think lawyers at Main Justice are on the wrong side.

However, and we’ve seen this time and again with “institutionalists” during the Trump era, these people are willing to sacrifice the country, but not their precious “reputations.” Here, Federal Programs lawyers, many of whom would like to have a job after Trump, would have had to go into court and be humiliated. They’d have had to lie, while admitting they were lying before, and they were informed that they’d have to do all this lying via tweet. There’s a great bit in Robert Graves’s I, Claudius, where Claudius prosecutes the Praetorians who killed Caligula. The assassins argue that Caligula was a bad man, and a danger to all of Roman society, which is true. But Claudius points out that Caligula had been a danger to all of Rome for most of his reign, and it was personal insults Caligula doled out to his bodyguards that turned them against him, not some greater love of Rome.

I think that’s what happened to the Census lawyers. They balked, not out of some deep love of country or deep concern about the rule of law. They bailed because Trump was about to embarrass them. Bill Barr couldn’t keep them in line anymore. So, to do Trump’s bidding, Barr is going to have to go to more political lawyers who want future federal judiciary appointments and are thus willing to say anything Trump wants them to say.

It’s just a theory. Normally, you need an explanation for switching out an entire trial team when the clock is ticking on filing motions and appeals. Of course, chaos is so common in the Trump White House, it could also be that Trump randomly decided that it was the lawyers’ “fault” for “losing” in front of the Supreme Court and stomped around saying “you’re fired” a lot as if that was a solution to his problems. My suggestion that anybody associated with Trump has anything approaching principles any more, or even normal self-preservation instincts, is probably wrong.

Justice Dept. to Replace Lawyers in Census Citizenship Question Case [New York Times]

Elie Mystal is the Executive Editor of Above the Law and a contributor at The Nation. He can be reached @ElieNYC on Twitter, or at elie@abovethelaw.com. He will resist.