The standing paradigm for assessing business strategies and situations is the SWOT analysis, which considers Strengths, Weaknesses, Opportunities, and Threats.  This model is outdated, due to the speed at which business now operates, the diversity of potential influences and influencers that now be considered, and the increasing super-complexity of consumer, competition, and climate for business.

Multidisciplinary “BLITS”, a necessity.

In addition and as a result, any new paradigm must approach and pursue the many questions of modern business with a combination of business, legal, industry, technical, and strategic knowledge, skills, and abilities in order to properly occupy the field and turn over all of the stones that need to be so turned.

SSBSS must be merged.

To date, experts, academics, practitioners, and business leaders have further duplicated and convoluted approaches to the creation and evaluation of business strategy by using many different terms to say what is essentially the same thing; or squeezing ever more diverse content into each of these different terms.  We call those leading options, the “Seven Smart Business Strategy Sisters” (SSBSS), and they are:

1. Business Intelligence (mostly technical and statistical methods for data mining, benchmarking, and predictive analysis);
2. Competitive Intelligence (mostly the who, where, what are they doing, and how are they doing it, with regard to competitors);
3. Market Intelligence (essentially, knowing the market in terms of maturity, trends, and the like);
4. Knowledge Management (essentially, having a good grip on what you know and how best to use it, what you do not know, and what you need to find out including its urgency level);
5. Best Practices (revolving around training, industry and regulatory standards, and the like);
6. Due Diligence (being scruples in ethics and corporate social responsibility; proper and adequate target scrutiny before a merger or acquisition; and proper and adequate corporate security protocols, to guard against harms);
7. Contingency Planning (is guarding against extraordinary events: in the business process, due to environmental or regulatory complication, and due to third-party or other influences).

Ten Concentric and Co-central Corners (TOP Analysis).

What we have developed, then, is an analytical tool that covers ten concentric and co-central corners, or a TOP Analysis that properly contains, correlates, and contradistinguishes as appropriate, the Terrain, the Operations, and the Players with regard to business strategy, as follows.

“T” for Terrain.

At the four principal compass points and bounding the model’s remaining 6 points, we place the 4 Ts of Terrain: to the North, South, East, and West.

“O” for Operations.

Forming a trilateral pyramid with the base down, we have the Operations; being Overseers and Operations at the base, and Outliers at the apex.

•Operations (business processes), includes marketing, manufacturing, recruiting, raising financing, restructuring, and research and development.

•Overseers (government and governance), includes general and competition laws and regulations, ethics and corporate governance, and the regulators themselves.

•Outliers (special events), includes scenarios and modeling that considers environmental, product, industry, and contingent events, whether foreseeable or remote, in the business planning and hardening process.

“P” for Players.

Forming an inverted trilateral pyramid with its base-up, and intersecting the “O” pyramid to form a star, we have the Players; being the Product at that inverted apex, and the Population and Players at the inverted base.

•Product (good or service), will also consider planning, placement, promotions and projections.

•Population (the market), which can be anywhere and anytime in the current system of “absolute competition” filled with competing products, competing markets both physical and virtual, and proprietary technologies, will also consider channels, selections, segmentation, seniority, and differentiation; along with consumer-specific choices, locations, abilities, and tastes.

•Players (the competition), will consider competitors, partners, predators, and companies standing-by).

Further Portfolio analysis, Life-cycle analysis, Anticipatory analysis, Implication analysis, and Demandanalysis, can likewise be applied  to each Operations element, each Players element, and each Terrain element, respectively.

Summary.

The TOP Analysis promises to be a better and significantly more comprehensive means to get the job done, in helping you adroitly navigate changing times and paradigms to further leverage your success.  Oh yes, about the four “T”s: you will learn of those when we assist you in applying the analysis :–)

Author:

Ekundayo George is a sociologist and a lawyer, with experience in business law and counseling, diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S.A.).  See, for example: http://www.ogalaws.com.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, high stakes, strategic projects with multiple stakeholders, large budgets, and multidisciplinary teams.  See, for example: http://www.simprime-ca.com.

As an avid reader, writer and blogger Ekundayo George is a published author in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices or Strategic IMPRIME Consulting & Advisory, Inc. (S’imprime-ça), in whole or in part for their content, or accuracy, or availability.

This article does not constitute legal advice or create any lawyer-client relationship.

The final settlement number, with, apparently all State Attorneys General except the one for Oklahoma, is $25 Billion; and the Federal Attorney-General, Eric Holder, has both made a press release,[4] and established an informational website for homeowners.[5]

Many are still waiting to see what happens with the Fannie Mae and Freddie Mac suit.[6]  In the meantime, however, all those touched by the mortgage crisis or with an interest in seeing it dealt with to their satisfaction, should pay very close attention to how this partial settlement will be implemented, whether its implementation follows that plan, and how effective it turns out to be, for those suffering homeowners that it is intended to help.

****************************************************************

Author:

Ekundayo George is a Sociologist, Lawyer, and Strategic Consultant, with experience in business law and counseling, diverse litigation, and regulatory practice.  He is licensed to practice law inOntario,Canada, as well as multiple states of the United States of America (U.S.A.); and he has published in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article does not constitute legal advice or create any lawyer-client relationship.

There is already at least one branch of the Missionary Church of Kopimism in the Americas – British Columbia- and the new faith, [4] with its Holy Kopimi Pyramid, and its sacred symbols of “Ctrl-C”, and “Ctrl-P”,[5] may well spread, quickly, despite efforts by those who would not like to see it spread; which some might even call impermissible religious persecution in violation of applicable individual freedoms and human rights.[6]

If one nation has recognized this new religion, and the Internet virtually or physically leads the activities of that religion to another nation that highly values freedom of religion and a separation of Church and State; alongside its sovereignty in deciding how and in what way to best enforce its laws, and resolve any apparent conflicts between its laws, its treaty obligations, and plain old common sense….what will be the end-result?  We may soon see!

 **********************************************************************

Author:

Ekundayo George is a Sociologist, Lawyer, and Strategic Consultant, with experience in business law and counseling, diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as multiple states of the United States of America (U.S.A.); and he has published in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article does not constitute legal advice or create any lawyer-client relationship.

The practice of law is quickly running into a very big problem.  More and more national and sub-national jurisdictions are passing laws regarding e-Commerce that have an impact on business entities organized outside, and individuals residing outside, their physical boundaries, but that also do business in, have a defined nexus with, or travel through or over their sovereign territory.  While it is important to know the laws of the place where one “intends” to do business or travel, it may be helpful and even advisable, to know the laws of the place where one “might” do business or find oneself physically (through emergency landings and layovers), or virtually through no fault of one’s own (in the case of a data breach, or an online defamation matter, or through the workings of a social medium, as the result of some “User-generated Legality Issue”, a.k.a. “an UgLI”).

In addition, regulatory authorities are developing a growing habit of commencing and continuing to conclusion, multiple and separate actions against the same defendant or group of defendants and based upon the same facts or confluence of circumstances, sometimes in the same venue and sometimes in different venues, or cooperatively against multiple jurisdictions.  When the government with unlimited resources refuses to forbear or stay itself, or a court find that any stay of proceedings which could save the defendants time and money is not necessary, or not in the public interest, or not contemplated by law, then it immediately becomes necessary for sometimes very many lawyers to do the same or similar things, very many and expensive times.[1]

Unfortunately, licenses for the practice of law are issued by each specific jurisdiction of practice, and often after checks, long study, and success on a Bar Examination.  Hence, in effect, advising on or interpreting the laws of a jurisdiction or a place where one is not licensed, can be deemed to be the Unauthorized Practice of Law (UPL), with sanctions up to and including disbarment.

How does a lawyer, who is not a part of a 1,000+ lawyer firm with global offices, provide effective and professional and complete advice and counsel to clients without: (a) engaging in unauthorized practice of law; (b) inviting a malpractice claim for lack of care or thoroughness in the giving of that advice; or (c) losing clients by advising that they engage legal counsel in every jurisdiction in which they may be organized or authorized to do business, to or through which their products or services may be transported, or within which a person impacted by a data breach may need to be notified in accordance with the applicable law of that jurisdiction?

Undoubtedly, many lawyers do give the advice to go and get advice, despite the prohibitive costs.  Also, and verifiably, many lawyers already speak on the laws applicable in jurisdictions where they are not licensed, especially at seminars on professionalism, ethics, and best practices; and they may well be doing the same with their clients – with, no doubt, the caveat to seek a licensed practitioner in the appropriate jurisdiction and practice area for a clear and complete treatment.

QUESTIONS:

This current and increasingly urgent situation raises at least 10 (“ten”) very interesting, and yet long-neglected questions, for Law Societies and Bar Associations, worldwide, to try to answer.

1. Is the cost of full legal and regulatory compliance while doing international business, or even while engaging in limited e-Commerce, becoming prohibitive for the small and medium-sized business in (or across, to, or through) any or every jurisdiction?

2. Are lawyers being forced to choose between practicing exclusively locally, or potentially engaging in the Unauthorized Practice of Law by rendering proper advice and counsel?

3. Is it time for lawyers running into this issue, to state and contract that any and all information they provide that regards a jurisdiction other than their own, is rendered for general information purposes, only, and not intended or to be deemed or accepted or construed, as actionable legal advice or counsel?  What will this do to lawyer usefulness?

4. How is it (and is it fair over question 5, below), that transactional lawyers cannot freely draft agreements governed by the laws of jurisdictions where they are not licensed, even if those laws are understood in great detail through studies and consultations, and other familiarization, without UPL allegations and sanctions?

5. How is it (and is it fair over question 4, above), that litigators presenting supporting caselaw and distinguishing conflicting caselaw of jurisdictions where they are not licensed to practice law, in their arguments before senior Judges and seasoned legal practitioners of courts and tribunals and in papers submitted, are not subject to wholesale UPL allegations and sanctions?

6. Are litigators favored with an unfair competitive advantage under the current system?

7. Is the continued licensing of lawyers by separate and distinct jurisdictions, an undue restraint on the trade and practice and profession of law, that can be subjected to a Competition Review or an Antitrust challenge in any court or tribunal of competent jurisdiction?

8. Are the very large law firms operating under the current model open to challenge for unduly restraining the trade and practice and profession of law, by the chilling protection of the Unauthorized Practice of Law (UPL) allegation, to the extent that they may be: (a) forcibly broken-up; (b) mandated to make their services available to businesses at more affordable rates; or (c) required to enter into consulting or associative arrangements, also at affordable rates, with smaller firms and individual lawyers (subject to appropriate conflict checks), in order to make the multijurisdictional practice that is increasingly essential for the rendering of effective and ethical legal advice and counsel, available to a wider section of the Bar(s) and Law Societies to which they belong?

9. Has the time come to consider the issuance of a Multijurisdictional Law License, or a Multijurisdictional Practice Certificate (whether across states or provinces in a Nation State, or by practice area in a Nation or economic region – such as:

a. Outsourcing;

b. Privacy Laws;

c. Cloud Computing;

d. Social Media practice;

e. International Trade Laws;

f. Legal and Regulatory Compliance;

g. Data Breach Notification Protocols;

h. International Law (Laws of War, Laws of Space, Laws of the Sea, Laws of International Organizations, International Environmental Laws, and so forth);

or by practice area across economic or geographic regions, or in some combination that includes one or more of these options), in order to provide a Safe Harbor for lawyers with clients who travel widely, or who are engaged in e-Commerce or International Trade or other International operations that require legal counsel to be well-versed, well-respected, and not constantly in and out of hearings defending themselves against UPL charges?

10. How much would it cost and where would the received moneys go?  What would be the pre-qualifications for such a Multijurisdictional Law License (M.L.L.) or Multijurisdictional Practice Certificate (M.P.C.), prior licensing in 2 (“two”) or more jurisdictions, multilingual abilities, a number of years of practice, a demonstrated need in the lawyer’s client base, or other factor(s)?

ANSWERS??

There are precedents for most if not all issues and acts considered in the above questions.  However, it remains to be seen where we go, and whether it is steps forward or steps backwards – if and when one or more of the Bar Associations and/or Law Societies willing to take the lead in this area, acts boldly, before the test cases start-a-coming, and at a ridiculously rapid pace.

***********************************************************************

Author:

Ekundayo George is a Sociologist, Lawyer, and Strategic Consultant, with experience in business law and counseling, diverse litigation, and regulatory practice. He is licensed to practice and has practiced, in Ontario, Canada, as well as multiple states of the United States of America (U.S.A.); and he has published in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article is intended and presented for general information purposes and is not intended or construed or to be read, as constituting legal advice or creating any lawyer-client relationship.

1.         ACCEPTABLE SERVICE LEVELS: If and when offering a service or product to the public, then the quality of that offering must be acceptable.  Bad product or bad service, leads to bad reputation.  With the current pace of word-of-mouth advertising through Social Media, a company’s reputation can be tanked, with a quickness.  Why spend so much time generating all that buzz, and then bet the company by offering something that is a substandard product (bug-infested), a service that is obviously not quite yet ready for primetime (the wider, mass market), or something that is otherwise badly managed in the initial rollout (going cheap on the launch)?

This may have worked for some businesses in the past, and it may still be tried in some cases by those businesses feeling secure or carefree enough with the substantial following for their product or service, or suite of same.  But, today?  No way!!  Beta testing is available for a reason.  Use it!  The more alternatives that proliferate, and providing that there is a relative inelasticity in providers, the less tolerant the market will be for mediocrity and unacceptable service levels.

2.         SECURITY: Of course, the company crown jewels (I.P.R., trade secrets including strategies and customer lists, and so forth), must be secured.  If not, then the model can be replicated either without shame and by an obvious copycat, or through reverse engineering with a very good idea of where they need to go, from having the product, your product, right there in front of them.  Physical security, electronic security, and a security frame of mind, must permeate the business and the workforce from top to bottom, in order to hit this checkpoint right.

The added networking functionalities that Social Media now gives to developers, programmers, and scientists, coupled with the fact that massive amounts of raw and unencrypted data can be lost (and are being regularly lost) on smartphones, laptops, and through online theft and hacking, means that achieving comprehensive Cybersecurity is no easy task, as I have already blogged.[1]  You may notice that some of the largest, most successful, longest-lasting e-Commerce successes are entities with a very zealous dedication to security.  Obviously, there are good reasons for this.

3.         POLICIES and PRIVACY: It is also vitally important to have effective and comprehensive policies on a variety of topics, so that there are no fatal gaps in employee guidance as to the policies and procedures that they need to follow in specific circumstances, or in those very tricky or novel situations where the guidance of other employers may be found lacking due to imprecision, or a lack of clarity, or a failure to consider and plan for such an eventuality – even by providing a dedicated line on which employees may call for guidance from a responsible person in the company.  Situations that should be policy-covered include but are not limited to, privacy breaches, emergencies and complex emergencies, Social Media usage, employee hiring (with appropriate background checks) and termination (with exit interviews and securing of access permissions and company property), and privacy and security, generally.

Where policies are lacking, employees may well take the initiative.  There is nothing wrong with having employees who can think for themselves, especially in a knowledge-driven economy or an Internet-driven business.  However, where employees lack the critical additional knowledge, subject matter expertise, or general leadership training and discipline to know what is best for the company and also in accordance with law, their initiative may initiate a problem, or two, or three.  Sometimes extrication is simple, and sometimes, it comes at a very steep price, including personal liability for directors and officers, very steep fines and regulatory penalties, lawsuits with their companion legal costs and expenses and insurance coverage disputes, and even destruction or dissolution of the company as a going concern.  It is better to lead and set the tone with a coherent policy, after careful business consideration and consultation with legal counsel.

4.         INTELLECTUAL PROPERTY RIGHTS (I.P.R.): Where the entity owns and has developed its own I.P.R., then this should be protected, of course, through proper registration and ongoing monitoring.  It is not prudent, and very much ill-advised, to put a branded product or service on the market without first ensuring that the name chosen, is available and free for use.  Otherwise, a flashy and expensive marketing campaign may lead directly to a messy and expensive legal battle for I.P.R. infringement or misuse.  This could be ruinous if the seed money or risk capital has already run out or nearly run out, and whether or not the deep-pocketed investors get frightened-away by that kind of rather costly, and potentially very bad publicity.

Similarly, the unauthorized use or willful misuse of the I.P.R. of another, can bring severe and negative consequences through suits and injunctions.  Even where the law is unclear or imprecise and with apparent loopholes, this does not prevent an incensed litigant or an ambitious prosecutor from applying novel theories and significant resources to make a test case stick, or to prove a point, or to chill or still the fervor of any and all who might think to follow a bad lead.

5.         REGULATORY COMPLIANCE: All of the foregoing ties-in with regulatory compliance.  This does not just apply to industry-specific regulations, but also to national laws; laws of the municipality, state, and province, as appropriate; and any International or otherwise multijurisdictional accords and protocols that may be or become relevant, or applicable, or appurtenant to the business or the business model in question.

Having a good idea of what is being planned or proposed, and where possible, being able to chime-in on the debate through a trade or industry group, are best practices.  It is better to know, plan, and prepare, than to be suddenly surprised.  Sometimes, even with the delayed applicability of new laws and regulations, the time, cost, and efforts required to become fully compliant – let alone the fines and penalties for failing to be so compliant – can be a drain on resources and an unwelcome distraction from the core mission.

6.         ENFORCEMENT: Additionally, all company policies must be regularly communicated, enforced, and audited for the degree of compliance therewith; otherwise the company may face more than its share of User-generated Legality Issues (UgLIs).[2]  As for leadership in this endeavor, even in a smaller company, it can be highly advisable to have both a Chief Compliance Officer and a Chief Privacy Officer.

To the extent that a candidate is qualified, both of these titles may be held by a single, double-hatted individual.  However, if that is the case, then it is advisable that the person hold no third portfolio, as the pace of development in both of those areas will keep him or her more than sufficiently occupied.  Indeed, many an entity may find it more affordable and prudent to have a limited In-House capacity in both of these areas, but outsource the bulk of its needs for guidance in privacy and compliance to legal providers who can promptly deliver legal updates and customized policies, in conjunction with occasional audits, and tweaking as the business matures and moves though standard and non-standard cycles, or other critical events (mergers and acquisitions, litigation, regulatory investigations, public offerings and buybacks, or insolvency).

7.         DEDICATED CASHFLOWS: The initial dot-com heydays were replete with businesses that sold nothing, gave away copious amounts of services or software or both of these for free, and essentially, burned through cash as though the patience of their dedicated investors would never end.  Eventually, it did, and so did they.

There has to be revenue, and it needs to be projected to start at some point down the line, right from the start.  This way, milestones can be recorded, and steps taken to address any failures to meet them – whether in extensions of time and financing, or in a change of policy or management, or both of these.  There is nothing wrong with having a loss-leader, and giving away services or software in order to capture market share and loyal customers.  Advertising, therefore, when responsibly and lawfully and tastefully done, is the easiest way to generate revenues, and build a business from the traffic to, or the following or patronage of, a popular site or service.

Summary: E-commerce and the Internet-driven business are still very much works in progress, as governments struggle to keep up with their ever-changing nature, and the consuming public (in sections and subsets of same), thrives on the tensions generated and in the spaces created, by this state of constant flux.

Some have accused the People’s Republic of China and the Russian Federation of high complicity in organized theft of strategic assets by exploiting flaws in and their failures on, one or more of the above 7 checkpoints.[3]  However, these alleged culprits are also obvious victims;[4] and allegations of economic espionage and leveraging for advantage, legally, not so legally, and quite illegally, including with government support or complicity,[5] are really nothing new.

Whether one’s problems show success or a failing equal to those of others on the same or substantially the same above checkpoints, is in the beholder’s eye.  Regardless, however, perhaps if regulators focused a little more on fixing the failings in this winning formula than spinning for sanctions and shame, more would thrive and succeed in this brave new, Online Great Game.

Author:

Ekundayo George is a Sociologist, Lawyer, and Strategic Consultant, with experience in business law and counseling, diverse litigation, and regulatory practice. He is licensed to practice and has practiced, in Ontario, Canada, as well as multiple states of the United States of America (U.S.A.); and he has published in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article is intended and presented for general information purposes and is not intended or construed or to be read, as constituting legal advice or creating any lawyer-client relationship.

ADVANTAGES (potential):

Floor Space: Of course, when you cut down on the amount of space you need for your own servers, wiring, HVAC, and individual desktops with full monitor and CPU packages, you can re-dedicate the space to other internal purposes and business units, earn revenues by sub-leasing (to the extent the landlord lets you), or move to a smaller location.  These are increasingly pertinent considerations in any cost-conscious climate.

Operational Efficiencies: Cloud providers allow clients to pay for only that amount of service that they actually use, in addition to any standby or contingent services that are retained as available for purposes of surge capacity, emergencies, or other events whether or not specified.  This allows for the streamlining of staff and functions, a slimmer I.T. department, and a clearer focus on essential, mission-critical business functions.

Capex to Opex: What would formerly have been capital expenditures for I.T. equipment, including servers, setup and administration costs, and repairs and replacements, can now be expensed as operational costs.  Even with the loss of those once available depreciation allowances, the CFO should be happier with the cleaner budget, and greater cost control through a better defined and appropriately confined predictability of outflows.  Software licensing costs do not have to be so closely monitored and temperamental legacy servers running dedicated software in-house that can or cannot be easily upgraded and updated, can be downgraded in priority, as Cloud Vendors can often accommodate a variety of Cloud subscription fee arrangements including per-seat, per use, per tier, and so forth.

Ubiquity: As defined by the National Institute of Standards and Technology (NIST) of the United States Department of Commerce: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.”[1]  The key word here, is “ubiquitous”, with a one to many service model available anywhere, to any or all persons, and at one or all times.  Wireless and satellite Internet access, and portable hotspots where no fixed-site or sufficiently secure or reliable Internet on-ramp exists, make this all possible.  However, this ubiquity comes with costs, as I will outline under the Disadvantages, below; specifically under the Legal and Liability Issues section.

Scalability: The prudent and professional Cloud Vendor will generally maintain sufficient spare capacity to handle the surge requirements of all of its clients.  Certain industries and business models, as well as regular business events – such as for accounting and regulatory filings at the end of a month, quarter, or year – and the happening of special or otherwise distinctive events (public offerings, mergers, bankruptcies, or litigation), will generally lead to a heightened usage requirement due to the additional activities and actors that will be brought online.   That is “really” not the time, if ever, for a Cloud Vendor to say that there is no more to give, or that the capacity to handle such an expected spike was never actually considered or built-in, to the service model.  This nightmare scenario will invariably lead to side litigation on the main instigation, and nervous General Counsel calls to insurers, counterparties, and regulators.  But, we are still listing the Pros; yes?!  Always, always, discuss your actual, anticipated, and remotely potential needs, thoroughly, with the Cloud Vendor, so that “your” package fits “you”.  Besides which, savvy parties are already moving to put adequate and secure capacity in place[2], to ground the infrastructure for this promising but tricky new platform.

DISADVANTAGES (potential):

Vendor Inelasticity: Once you have decided on a particular Vendor, with its services and cost structure, it can be hard to move.  There will always be costs associated with any change in vendor, and it may take quite some time to have the same service or a comparable or better service (depending, of course, on the reason for your relocation), up and running in the successor location, including potentially significant unanticipated costs and delays.  Once you are in, then you should plan to be there for the long-haul.  This is why, one again, due diligence and a mutuality of party good faith, are essential.  In Cloud and outsourcing contracts that I have drafted, I provide for open party communication lines, detailed ADR clauses, and a means to address any failure to meet agreed SLAs.  In addition – always a detailed exit protocol with a combination of specific steps, cost structures, and room to negotiate if and where possible.  Cloud Vendors offering no exit strategy, or an overly-rigid or convoluted one, should be approached with high caution.

Access to Data: There are at least 5 (“five”) viewpoints on this issue, depending on whether you are talking about source code, backup and contingency planning, customers in the third-party, server location, or insolvency.

(a) The cloud vendor will be very reluctant to escrow its source code, the very essence of its competitive advantage, as we now often see touted by many a commentator.  Onlookers argue that such an escrow arrangement is essential to providing the customer with the peace of mind that their data will always be accessible, and that the service will be replicable, should any calamity befall their Cloud Vendor or a related provider in the chain.  Indeed, there is more than one way to provide peace of mind.

(b) Sensible backup and contingency planning requires multiple levels of redundancy, and the United States Securities and Exchange Commission (SEC),[3] for one, has issued guidance on the disclosure of Cybersecurity risks by issuers.  In time, this may expand to non-issuers in that and other jurisdictions.  I would advise that the customer, and the Cloud Vendor must have and share, and coordinate, their disaster management policies, plans, and procedures.  To the extent that this will require that the customers of a specific Cloud Vendor all know one another and thereby decrease their mutual security, or that a third-party “security coordinating group or consultant” intervenes to preserve some anonymity, or some other solution or suite of solutions is developed for this requirement of mutually assured security and stability, will remain to be seen.

(c) In some industries, such as healthcare in the United States, [4] and generally under the Privacy laws of Canada,[5] the patient (or data subject, as appropriate) of the Cloud Vendor’s client – and therefore who is not in direct privity of contract with the Cloud Vendor – will have a right to access, and track, and by implication correct errors in, their own personal data.  In a growing number of jurisdictions, the right of governments to access data on individuals with or without warrants, and with or without notification to the subject individual, is expanding.  Without a doubt, new legislation will be created, or existing legislation will be interpreted, to permit the accessing of this information in the hands of the Cloud Vendor, without notice to the Customer, or to the third-party customer as patient, for example.  This complicated mix of privacy, information technology, National Security, and contract, should be closely watched, bracketed and predicted and controlled by appropriate and adequate insurance and drafting, and disclosed in advance by all parties collecting or holding information on individuals, and to all parties considering the use or offering of Cloud-based or Cloud-amenable services.

(d) Server location, is a critical issue that may feed or impede point (c).  Having your data in the jurisdiction or jurisdictions that you know, will always let you more easily manage those hiccups that may occur from time to time.  Going after your data in a jurisdiction where you don’t speak the language, where you are unfamiliar with the laws, or where there is hostility to you or one or more of your Cloud Vendors or your government, will always make data recovery and re-custody, that much harder.[6]  Some commentators and practitioners in the field have alerted others to the danger of employees and contractors working with Trade Secrets and other critical information on mobile media and otherwise through the Cloud, including by backing-up devices; even going do far as to say that “no” Trade Secrets should ever be put on the Cloud, at least not yet.[7]  This is a legitimate concern, and cannot be lightly dismissed, because, as they point-out, nobody really wants to be that first test case.  However, with many industries, including the legal profession,[8] moving to the Cloud – albeit cautiously – I think the genie is already pretty much out of that lamp.

(e) Insolvency can be a very complex area with regard to a Cloud Vendor, itself in distress, or when a holder of Intellectual Property Rights (I.P.R.) or an I.P.R. licensee is in distress and a Cloud Vendor gets caught in the middle.  Under recent caselaw in the United States of America, we have seen that sometimes the court will decide that the proper venue is that where the injury is deemed to have taken place and thereby where the I.P.R. claimed to have been violated, were originally held.[9]  Where does this leave the Cloud Vendor that provides the means to access that material across jurisdictions?  Sometimes, the court will refuse to permit a foreign licensor in receivership or a similar insolvency situation, to disclaim or otherwise curtail or constrain the I.P.R. licenses granted to United States entities.[10]  Where does this leave the Cloud Vendor who can be sued by one or both sides for compliance and non-compliance alike, and for contributory infringement, [11] or as an accessory to, or as a first party in, I.P.R. infringement?[12]  Foresight, experience, broad practice area knowledge, and good drafting can address some, but not all of the potentially very serious wrinkles that might very easily arise.

Uptime and SLAs: Service Level Availability agreements run from light, through adequate, to (almost) iron-clad.  Some Cloud Vendors will want to exclude mandatory downtime for maintenance and upgrades, or for addressing user-generated issues (such as hacks and malicious code), and the customer, depending on its business model and leverage, may or may not agree or even be comfortable with this.  In addition, many Cloud Vendors will want to limit available remedies for failing to meet stated or contracted-for SLAs, to service credits, exclusively.  Hence, SLAs must always be cautiously and thoughtfully negotiated.  However, some Cloud Vendors will offer a set menu from which to choose, in which case a potential customer should choose wisely, because when things go wrong, as they well may, [13] downtime could be extensive.[14]

Legal and Liability Issues: There are an appreciable number of legal and liability grey areas that remain to be addressed by contract or legislation, and I have addressed some of these in the foregoing.  Now, the transfer of personal data between jurisdictions in North America and the Pacific Rim has also been eased by the recent establishment of the Asia-Pacific Economic Cooperation (APEC) Privacy Rules, involving 21 (“twenty-one”) nation-parties.[15]

Technical Issues: These mainly revolve around security, privacy, and e-Discovery.  The truth of the matter, actually, is that most people are already using, often heavily, some form of Cloud.  Examples include BlackBerry,[16] Google,[17] Hotmail,[18] and Gmail,[19] for a host of social media, email, regimented,[20] and telecommunications (“Smert”) applications.  2011, alone, has seen technical challenges identified for all of these 4 (“four”), some other known or knowable risks,[21] and spectacular failures to failover.[22]

In terms of privacy and security, the potential to use a Cloud service for wrongdoing[23] has heightened the awareness of the public, of legislators, and of law enforcement and national security entities and their operatives, globally,[24] as to the obvious security and privacy challenges presented by this platform. 

Indeed, with the move to criminalize so much misconduct involving e-Commerce and the Internet, a test case will surely come when an as yet unknown Cloud Vendor in e-Discovery, and using a 5^th Amendment argument,[25] finally and successfully refuses to turn-over discoverable records that are clearly within its possession or control – whether or not those records are ultimately its own – that may, or indeed, would, tend to incriminate it for some bad act or acts, whether in doing a thing, failing to do a thing, or having a wanton or reckless disregard for risks of harm from doing or not doing a thing.[26]

SUMMARY? (in a way, somewhat):

I say “in a way”, because this fast-moving business platform that touches so many areas of law, as I described in an earlier blog,[27] cannot be so easily summarized.  Many honest I.T. professionals will tell you that their skills can be fast outpaced by the market, very easily, if they do not work very hard to stay current and abreast of developments in the industry.  I do not think you can identify too many weather systems, if any (at least not on this planet of ours), that just stay over the same spot of geography with clouds, rain, high winds, thunder, and lightning that does not stop, waver, or let the sun in now and then.

The above, however, is still a handy checklist to have and consider when looking at the Cloud industry and its development over the coming little while.  The Cloud Vendor contracts may be or become quite complex, if you are a potential Cloud customer, and the customer demands or prerequisite requirements may be or become almost impossible to meet, if you are a prospective Cloud Vendor.  However, seasoned and knowledgeable legal counsel, properly structured insurance coverage, and due diligence coupled with stringent and zealously enforced internal controls, including Social Media usage policies, may still let some or all of those involved, sleep soundly.

Sweet dreams, then, count the sheep well, and don’t forget to set your alarm.  Happy New Year, 2012.

Author:

Ekundayo George is a Sociologist, Lawyer, and Strategic Consultant, with experience in business law and counseling, diverse litigation, and regulatory practice. He is licensed to practice law in Ontario, Canada, as well as multiple states of the United States of America (U.S.A.); and he has published in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article does not constitute legal advice or create any lawyer-client relationship.

Unfortunately, however, while everyone may “think” they are talking about the same thing, I dare say that they are not.  It is, of course, important to know and understand what we are all talking about, before we attempt to secure it with any hope of success.  So, then, what is Cyberspace, we ask?  The answer: almost anything, and nearly everything.  Let me explain, as Cyberspace in its totality, comprises 5 Domains, multiplied by 3 Bundles, to give 15 “e-Compartments”; which e-Compartments should be the focal points of and for, specific protective and exploitative techniques and technologies, as appropriate.  This is a different, flexible approach better attuned to the rapidly changing world of technology.  It will take an extremely momentous event or series of events closely related in time and space, to change and re-align all e-Compartments at once, or to render techniques and technologies used for exploitation and security in more than a handful of these, all obsolete at one and the same time.  I will also discuss cyber-breach consequences, and make commonsense recommendations.

5 DOMAINS:

(a) The Internet (“Net”) is its own domain, and comprises all systems and services accessible through same, as well as being the catch-all category for everything “online”.

(b) A second domain is the telecommunications networks (“Telco”), which cover phone, fax, voicemail, voice over I.P., videoconferencing, webcasting, and so forth.  The Net and Telco are becoming increasingly intertwined and to a large extent, near indistinguishable.

(c) Third, is that complex of computers, servers, and thin and thick clients (“I.T.”) that drive and serve and access the above 2 (“two”), and the remaining 2 (“two”) domains

(d) The fourth domain, is that of mobile devices (“Mobile”), or the plethora of “steadily richer clients” in smartphones, PDAs, Notebooks, Tablets, and so forth; along with all the portable drives with capacities ranging from a few megabytes to many terabytes (or even “quigaflops”, as I have also blogged, elsewhere).[2]

(e) The fifth domain of Cyberspace may well surprise some of you, but it shouldn’t.   It includes paper!   Yesterday, today, and tomorrow are not the first times that people will walk critical papers, performances, paintings and portraits, and other personal or positive assets including intellectual property out of monitored or even secure locations, by taking their pictures.  This is the world of “P2ED”, where those papers, performances, paintings and portraits, and other personal or positive assets (collectively being the “P”), can be converted into Electronic Documents (meaning “2ED”), and thereby, in essence: “made to move, to order.”  Modern rapid scanning technologies, the camera-capture tools on almost every mobile data device now available on the market, and the staggering storage capacity of portable drives as earlier stated, mean that almost anything can be relocated in time and space almost instantly and quite completely; often without the victim or “targeted subject” being the wiser.  When you add-in the abilities of three-dimensional printers working with multiple pictures from multiple angles, or simple panned video footage, that “P” can be very easily reproduced in and as an “infringing facsimile”, in any place, at any time, and very many times.

An Electronic Document, I would therefore and expansively, define as: 1 (“one”) or more items of data that may include meta data, created or collected or compiled by electronic means from a paper source or sources, an electronic or other source or sources, or a combination of these and that is:

(i) organized in the same or substantially the same way as the original source or that otherwise characterizes and represents or presents the data in a cognizable format; and

(ii) capable:

(1) of being provided or published or posted or displayed or distributed or otherwise transferred by or to, or retained or reviewed as appropriate, by its creator or compiler, or by any other party or parties possessing the appropriate access permissions and utilities, or by both of the creator or compiler and others; or

(2) of being received or retrieved or acquired or accessed or analyzed or processed or altered as appropriate, by its creator or compiler, or by any other party or parties possessing the appropriate access permissions and utilities, or by both of the creator or compiler and others;

in such a way that makes it capable of being stored and therefore used for subsequent reference; and
(iii) capable of being replicated as is or in an alternate format by its creator or compiler, or by any other party or parties with the appropriate access permissions and utilities, or by both of the creator or compiler and others.

3 BUNDLES:

The three bundles by which to multiply each of the five domains, are: Hardware (“HA”), Software (“SO”), and Services (“SE”).

15 E-COMPARTMENTS:

A full treatment of this multiplication into the 15 e-Compartments, would take a very long time; and so, I gladly leave it to the reader.  However, and as a much abbreviated series of examples:

(i) securing one compartment of the hardware (HA) in any or many domains may include access barriers or credentials verification, whether with keys and passes, or by biometric or other technical means.

(ii) Exploiting one compartment of the software (SO) in any or many domains may include knowing and using the vulnerabilities found and from time to time exposed in certain types of programs, where updates and antiviral or other protections are lacking, and in people, by means of social engineering.

(iii) Services (SE), you can further divide into at least 6 (“six”) sub-elements to create “sub-compartments” after the multiplication, of: (a) internal; (b) contracted; and (c) outsourced accredited service personnel, and then the same 3, once again, for actual services performed.  To secure your internal personnel, you would of course, have conducted background checks, and engage in some sort of “lawful” ongoing and periodic monitoring.  Securing contracted services, would involve due diligence of the providers, perhaps additional checks and balances on the personnel to do the actual work, and then of course, there is insurance, appropriate contractual terms including warranties and indemnifications from the provider, and other steps as are reasonable, and sometimes seen as unreasonable by the other side.  When they protest, it can be reassuring to see that they are paying attention and not so desperate for your business as to accept any and all conditions without a word.  Similar steps can also be taken to secure outsourced services, with additional precautions where offshoring or a sensitive industry (such as healthcare, or involving personal information or an especially vulnerable and protected class of persons like children, the disabled, the mentally-challenged, or the elderly), is involved.

(iv) If one were to look at Radiofrequency Identification (RFID) and Near-field Communications (NFC) for example, it becomes obvious how one size does not fit all e-Compartments when trying to secure HA (smart phone passwords), SO (against hacking, tampering, and redirection of funds or data sent or  received), and SE (challenge and handshake protocols, and perhaps using geolocation – to the extent lawful – to guard against someone’s account being accessed with the same credentials, and apparently from the same device, in two or more jurisdictions at the same time, as spoofed, or in less time than one could reasonably be expected to travel between them).  Each Domain must therefore have and maintain its own set of techniques and technologies to secure Ha, So, and Se in RFID and NFC, as and where applicable, inter alia.

3 CONSEQUENCES OF CYBER-BREACH:

Remediation:  This can include the costs of any combination of cash settlements; credit monitoring; credentials replacement for the impacted parties or persons; and changes in the compromised (or absent or insufficient) policies, procedures, personnel, and platforms.

Reputation:  Reputational damage can be felt by its effects on clients, who may leave or reduce their business dealings; labor markets where it may become harder to get the best and brightest talent; media and social media circles, not just the late night talk shows, which may all combine to continue and compound a storm that would otherwise have passed-by and been forgotten more quickly; and of course, insurance deductibles paid and heavier premiums going forwards.  Depending on the specific facts of the situation, the insurer may or may not seek to decline coverage or reduce the available benefits under the applicable policy or policies for errors and omissions, general liability, privacy, and otherwise.  Additional economic impacts may also be felt by issuers in greater “activism” of their shareholders.  The share prices may take a hit, impacting upon debt covenants, debt to equity ratios, leverage ratios – with or without ensuing margin calls – solvency, and directors and officers liability insurance policies, as well.  This, again, could build upon itself in a negative direction if not properly and timely managed.

Regulatory:  The possibility of heavy fines and penalties is always there, whether before or after grueling regulatory investigations that sap time, and resources, and money.  An entity may also face ongoing monitoring and operational restrictions that may go as far as mandatory supervision or takeover.  Suits at law or in equity, or both, may also accrue at a very fierce pace.

4 KEY COMMONSENSE RECOMMENDATIONS:

Systemic Security:  Secure the systems, and those who use and maintain the systems.  This involves the personnel security, the access controls, and educating everyone in the organization on the benefits of compliance with policies, as it could impact upon their salaries and bonuses, the viability of the business, and their jobs.  Where there is a tie-in to their personal realities, stakeholders who see and appreciate potential downsides will be more likely to buy-in to those business practicalities.

Active Management:  Have an Active (and not reactive) Management.  It is never a good recommendation to wait until something bad happens, before thinking about what you will do and how you will react when something bad happens.   More and more jurisdictions are enacting breach notification laws, and so this luxury is no longer an option; even if your jurisdiction has been slow to follow-suit.  Business, today, is hardly so uni-locational as to allow you to be ignorant of global best practices, and still expect to compete and succeed against the competition.  Join and form reputable local industry groups; develop a relationship with a good Public Relations firm; find and retain inside and/or contract and/or outside legal counsel that can cover you on the 3 (“three”) prongs of litigation and e-Discovery, regulatory compliance in your industry, and your contracting and labor practices – in all jurisdictions where you operate; have a solid Social Media presence and policy; and adopt and prepare and plan for, an all-hazards disaster response.

Internal Controls:  Active Management must monitor and verify the Systemic Security through internal controls, inter alia.  Your people must be following these wonderful policies and procedures, otherwise you have just been wasting paper in employee handbooks and handouts, and storage space on your intranet or bulletin board system.  Is Social Media being used responsibly during work time, and regarding work but outside the office?  Are employees following your portable data policies and mobile device policies?  Are contractors being properly segregated from physical areas, online accounts, and specific data that they are not authorized to access?  Are those with authority acting within and not exceeding their access, alteration, and audit authorities?  These and other questions must be asked and answered.  Industry-specific internal controls should include, for any entity with developers writing software or an I.T. department, a policy on Open Source Software (OSS), as I will further explain, below.

Legal and Regulatory Compliance:  Compliance is also very important.  If and when something goes wrong, it always helps to show that you did or were doing the right things, in accordance with law.  The hammer generally tends to fall harder on those who were lax in their compliance, as the weight of culpability becomes significantly harder to avoid.  This is especially important for entities that do not have any in-house legal personnel, which could mean that there is nobody keeping a regular eye on practices and policies that may well slip or dip from time to time, in the ordinary course of business.  The value of regular legal audits becomes that much greater, for a periodic “compliance fine-tuning”.  One area that requires careful scrutiny, tracking, and audits, is Open Source Software (OSS), which is far from being the “free software” that so many may think it is.  Incorporating someone else’s Intellectual Property in company products, or inadvertently contributing the employer’s Intellectual Property to an outside product, through off-time or online collaboration projects, could have dire results.  Some open source licenses will then require that you post all the source code for free and further use by all and sundry; damming a revenue stream and giving away valuable I.P. rights.  Employees and contractors who’se contracts state that all they create belongs to the employer, should be made aware of this “significant risk area”, and have some restrictions placed on what they can and cannot do in terms of OSS, collaboration, and their skills as co-mingled with employer property.  The penalties for I.P. infringement, whether of copyright, patent, trademark, or trade secrets, can be severe.

SUMMARY:

This different, flexible approach to Cyberspace and its 15 e-Compartments should serve as a roadmap, in guiding your conceptual approach to the issues in a logical, and step-by-step or compartment by compartment strategy.  As the fields of e-Commerce, Cyberspace, and Cybersecurity grow by leaps and bounds and expand into, above and beyond the “Clouds” – at least until we are all hardwired to be and remain online, at the same time, and all the time – the above basic typologies should suffice and remain the same; and the 5 Domains of Cyberspace, as set out and identified so far, should hold fast, again absent any “category-killer-app” as a caveat.

Happy (belated) Cyber-Monday; and Merry Christmas, 2011!

Author:

Ekundayo George is a Sociologist, Lawyer, and Strategic Consultant, with experience in business law and counseling, diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as multiple states of the United States of America (U.S.A.); and he has published in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article does not constitute legal advice or create any lawyer-client relationship.

[1] Ekundayo George, Cybersecurity (the Big Picture): Avoiding “Destabilizing Data Disaster” (D3).  Published on September 1, 2011.  Available at: http://ogalaws.wordpress.com/category/strategic-consulting/cybersecurity/

[2] Ekundayo George, “M”edia Effectiveness. (Blog Tab).  Available at http://ogalaws.wordpress.com/media-effectiveness/

Vendors (“Cloudmasters”):

For Vendors, especially the Master Vendors, or “Cloudmasters”, 3 (“three”) critical and indispensable components of the ecosystem (short for “e-commerce system”) and cloud business model, are the “Air”; the “Water”; and the “Seeds.”

1. AIR: The air is, of course, the environment within which one does business.  Bad air can lead to acid rain.  I think this has been well-enough established in the field of environmental law.  In and comprising the air, there is law, there are regulations, and there is company policy.  It is not impossible for a Cloudmaster to be in compliance with law, and have lax internal controls and policies at the same time.  All the air must be good, or else something will suffer.  Certain jurisdictions have strong privacy laws, and others do not.  Certain jurisdictions and types of activity call for the application of heightened regulatory oversight, and this must be respected.  The Cloudmaster choosing the law of a one jurisdiction as the preferred location for any “rain” must also be and remain aware and relatively up to date regarding the laws of certain other jurisdictions through or by or from which some or all of the cloud Residents are governed, whether as individuals or as businesses, and whether as parties to the contract, or third-parties in interest.  Many laws may be national, but the air knows no borders!  National and sub-national governments may also go in many and conflicting directions at once in terms of cybersecurity,[1] for example, and until things settle, the Cloudmaster must follow the storm and sail in the direction of every conflicting wind at the same time.  Helping shape a uniformity in the direction of these winds is just one of the many ways in which lobbyists “can” be useful.

2. Water: Water, also, knows no borders.  Considering the vast array of chemicals that are toxic, carcinogenic, and persistent organic pollutants, and also water-soluble, and considering also, the richness of microscopic life that can be found in the waters of this glorious planet, I think an analogy of data as water, is quite apt.  You never really know what is in it, until it is in your system and has had a chance to … relax, look around, and spread its wings to feel right at home.  Water that gets into the wrong place of a critical system can cause rust, fry circuits, and give some nasty shocks to anyone in contact with or in the vicinity of, that system.  Bearing all of this in mind, it becomes rather important, in a one- to-many service offering such as with the offering of a Cloud Utility, for the Cloudmaster to “most stringently enforce” some shared responsibilities on the Residents for the good of all, and to credibly and demonstrably promote best practices in safeguarding the resilience of critical processes.  What this means is that “Your” water, as a Resident, gets nowhere near the bigger body, unless you can show that some that, at a bare minimum, some very basic things are in place, such as procedures for enforcing internal controls, employee integrity, and system security; and taken seriously.

Consider this: (i) many reputable antivirus programs will not even install, until after they have performed a basic scan; (ii) a number of educational institutions will not let a user onto their wireless network unless and until the presence of a “current end functioning” antiviral program on that potential user’s system, has been detected;  and (iii) it is always advisable to at least take a tour of a new neighborhood before you move-in, unless you are in the habit of buying “sight unseen”  and without any clue as to what you might be getting into.  Checking the credentials or credit of an applicant or prospective resident, or asking about the standard operating procedures and policies of a landlord, employer, or prospective host, are really not new or alien practices.

Some Cloudmasters will accept all comers in order to grow fast and bulk-up ahead of the competition.  When the indiscriminate taking-on of water catches up with them and becomes too much for the emergency pumps, the market will surely assign them their just rewards.  Know your water source before it gets to your water course, to the extent possible, and ensure that all Residents have, in advance or within a reasonable time after joining, information security, infrastructural security, best practices, acceptable and defined compliance and internal governance programs, and self-certification or third-party certification in the form of a warrant and representation, a covenant and undertaking, or both of these; and always with indemnification.

3. SEEDS: Bad seeds will either not grow, or they will grow into the wrong and unanticipated, and unexpected plant.  Remember, a weed, an insect eating plant, and a cactus, are all still plants – at least to my non-botanist self.  Your seeds are your Residents.  A bad seed may be a rotter on the water, or just not care for the air.  Cloudmasters can ill afford to follow suit, and must be prepared when called for, to give a bad seed the boot, before it really takes root and creates a bad breed that cannot be easily or cheaply removed from the system.  Prevention is always better than the cure; and it is also much cheaper, in most if not all cases.

But, what of those Residents?  Should they not look-upon and treat their Cloudmasters with equal, if not greater suspicion?  Of course, why not!

Customers (Cloud “Residents”):

For cloud Residents, the primary 4 (“four”) critical questions they should consider, begin with: “Who?”; “Where?”; “What?”, and “Why?”

a. WHO: Know your primary cloud vending entity (“Cloudmaster”), draft your agreements defensively, and protect against both changes in control (theirs and yours) and changes in liquidity as a going concern (again, both theirs and yours).

b. WHERE: Be sure to extract an iron-clad guarantee from the Cloudmaster that your data will be kept “solely and entirely” in the appropriate country (such as Canada or the United States), or another jurisdiction acceptable to you, such as the European Union (EU); or the European Economic Area (EEA) to further include Norway, Iceland, and Liechtenstein; or the European Free Trade Area (EFTA) to further include Switzerland, as appropriate.  If the Cloudmaster cannot definitively tell someone where their data will be hosted, or if they just do not know, then the end-result of any decision to continue doing business with such a Cloudmaster, will be solely and completely for the one so deciding to continue.

Everyone who has been paying attention to the news in this area will know that data breaches and the costs of these data breaches in reputation, fines, settlements, and regulatory enforcement actions and investigations and sanctions, have been mounting at a fierce pace.  In addition to your undoubtedly stringent precautions in the above and otherwise, it is not irrational to try to deal with as few privacy regulators as possible, should a breach occur that forces you to make the appropriate disclosures to clients and the proper authorities.  More jurisdictions of operation means more potential discovery and e-discovery obligations; most definitely a greater level of costs for ongoing compliance; and, more than likely, significantly greater costs of remediation in credit counseling and monitoring, changes to and replacement of compromised documents and credentials, and the various and assorted court and regulatory proceedings to monitor and report on the progress of same.  Some courts are becoming rather aggressive in striking-down arbitration clause provisions that specified arbitration (and imposing outright litigation in its stead), or that specified a particular forum (and imposing their own idea of what is or should be, the appropriate forum, which is, invariably, the court striking down that carefully-drafted contract clause).

Just as the cloud has expanded access to hitherto unheard of computing capacity and lowered its costs, it may also lead to either: (a) greater insularity and a lower level of “real” cross-border trades, because of the almost unlimited potential liabilities; or (b) new laws and/or regulations on a regional bloc-basis or on an international or near-international level, in order to control for some of these risks and to put both the market and the consumers more at ease.  Privacy Insurance has already taken a firm hold in a number of jurisdictions; albeit not yet too uniform as to underwriting standards, coverage options, and policy limits.

c. WHAT: In addition to the above, you would be well-advised to develop an in-depth understanding of the Cloudmaster’s security, data retention, and other policies, and also those in the links and structures of the cloud; as well as the who, where, and what of the other cloud participants, sub-vendors, and sub-contractors to the extent that they are disclosed and distinct or otherwise discoverable by due diligence, in order to prevent your being inadvertently caught in a “chain of rain” that brings far more pain than the originally anticipated gain.

d. WHY: Of course, you also need to know what and how often the Cloudmaster does purge or intends to purge, and what logs, if any, they keep and can provide to you without breaching their obligations to other cloud users and deemed cloud residents, whether permanent, or occasional as needed, or transient and otherwise fleeting (each and all deemed and defined herein as “Residents”).

Over-partitioning the data of different Residents, where and as available, adds costs, of course, but it may well also add serious peace of mind in enabling ease of recovery and e-Discovery, and decreasing the risk of inadvertent disclosures  and/or cross-contamination when discovery does come-a-calling.  That is a trade-off computation that must be done and presented to a company’s management for their own good Business Judgment, then the appropriate sign-off can be a waved as shield – once properly discovered – against that judicial Sword of Damocles.  Whether Sarbanes-Oxley requires legal counsel, accountants, or auditors to protest more loudly and publicly where and when a publicly-listed entity is unwilling or unable to pay that extra cost and then fails to disclose this in the MDA or otherwise in accordance with law, such as with the current and growing push by the United States Federal Trade Commission (FTC) for greater disclosure of cybersecurity risks by issuers, is significantly beyond the scope of this little missive.

Let the Cloudmaster know what, how, and how much of that “purgeable content” and other data content you want: (a) not purged and kept in place; (b) not purged and delivered to you in backup format on a periodic basis; (c) purged but similarly delivered to you on a periodic basis; or (d) otherwise dealt with.  A Cloudmaster is not responsible for meeting anyone’s preservation or discovery or e-discovery obligations but its own, except if contractually so bound to comply or assist in the same and appropriately motivated by consideration in cash and contract and consequences of complying-not.  In the case of a Platform-as-a-Service (Paas) or an Infrastructure-as-a-Service (Iaas) Cloudmaster providing a flow-through Utility, appropriate Digital Millennium Copyright Act (DMCA) safeguards and the like, may further so endeavor to hold that Cloudmaster them harmless, and potentially also adequately defended and indemnified against an assortment of potential claims.

SUMMARY:  To the exclusion of any particular industry of Resident focus or Cloudmaster competence, which would be additional, we should all be mindful that cloud computing touches over two dozen practice areas and is therefore extremely complex, by nature.  Anyone who cannot appreciate this fact from the outset, is not setting-out well, at the very least.  Some cloud-touching and cloud-touched practice areas that I have identified, so far, include those listed below, and in no particular order:

Contracts;

Criminal law;

Antitrust law;

Competition law;

Information Technology (I.T.);

Insurance;

Outsourcing;

Class Actions;

Labor and employment law;

Bankruptcy and insolvency policies;

Securities regulation;

Corporate governance;

International trade law;

Choice and conflicts of laws;

Interstate and interprovincial trade;

E-discovery;

E-commerce;

Banking and secured transactions;

Litigation (including forum selection);

Intellectual Property Rights (I.P.R.);

Libel and Defamation;

Alternative Dispute Resolution (A.D.R.);

Constitutional law and National Sovereignty;

Law Enforcement and National Security (LENS);

Media, privacy, new and social media, and moral rights.

The Cloud is still quite new, as was aviation before it, once upon a time.  The aviation industry built-upon the foundations of shipping, which has been in place for a very long time, and the cloud will build upon the lessons, disasters, and opportunities of both of these same – that are themselves, still evolving (in shipping, such as with the Laws of the Sea re: territorial limits, ocean dumping, and piracy; and in aviation such as with GHG emissions, Air Marshalls, Space law and space tourism, and passenger bills of rights when stuck on the ground between the terminal and the flight plan).  Alas, things move significantly faster over the Internet and through the Cloud – especially those things to which significant liability can and does attach, and so these older, tried and tested concepts may need to be speeded-up, re-mixed, re-constituted and re-configured, just to keep pace with the speed of this our human race.

We should also add Taxation to the above listing of practice areas, as the United States and other jurisdictions, are looking with increasing favour and fervor at a tax on internet-based or internet-enabled commerce as a way to boost falling (and flat) government revenues.[2]  Following the earlier lead of the E.U. in this effort,[3] the questions of who is taxable and why, and of what transactions from where and to where, are taxable at what rate or rates, will most certainly keep practitioners in conflicts of laws, constitutional law and national sovereignty, and the other above-listed practice areas, rather busy, then.

For now, watch the weather forecast, but always take your own precautions, scan the horizon, mind the air, the water and the seeds, and keep a reinforced umbrella handy.

Anyone telling you that the Cloud is a simple thing to seed or read, is, I think, mistaken.

Author:

Ekundayo George is a Lawyer and Strategic Consultant.  He is a published author in Environmental Law and Policy; licensed to practice law in multiple states of the United States of America, as well as Ontario, Canada; and has over a decade of solid legal experience in business law and counseling, diverse litigation, and regulatory practice.

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article does not constitute legal advice or create any lawyer-client relationship.

CONCEPT.

A.        Lawyers and non-lawyers can share in ABS management and control;
B.         An ABS can have external investment and ownership;
C.        An ABS can offer multiple services to clients (including legal services) from within the same entity (known as a multidisciplinary practice).[6]

COMPETENCE.

I am not an expert on U.K. law or licensed to practice there.  It appears, however, that while the SRA application to be the sole licensing authority for ABS is pending before the Legal Services Board (LSB), any other “Approved Regulator” may license ABS in the interim, so long as said regulator already has the authority to regulate the “Reserved Legal Activity” or activities, that will be performed within that ABS.[7]  This seems to be what happened in the case of the CLC’s recent licensing action.[8]  I will, therefore, restrict my commentary to the CBA Article, and generally consider the 9 (“nine”) ABS options identified there; with my own titles added for better classification, clarification, and comparison.

CONGLOMERATIONS.

1. Sole-branded Lawyering: A fully externally-owned ABS, with the ring-fenced owner merely taking profits and having no interest in the supply of ABS legal services.

2. Co-branded Lawyering: A fully externally–owned ABS, with the owner having an interest in supplying both ABS services and its own co-branded products and/or services.

3. Multi-Disciplinary Practice (MDP): A single-source ABS offering or arranging a variety of legal and other services.

4. Co-Operative Lawyering: An externally-owned ABS providing both legal services and non-legal services.

5. Private Equity Lawyering: An ABS owned by a Private Equity entity that does not, itself provide any legal services.

6. Listed Law Company: An ABS that is publicly-listed, with non-lawyer shareholders, and likely non-lawyer directors, also.

7. Legal Service Arrangement: An ABS that is, essentially a non-legal practice administrative Hub (which may still need to be licensed for one or more reserved legal activities), and that has and maintains various spokes providing either different types of legal services, or legal services in different jurisdictions.

8. Parallel Non-Profit Lawyering: Not-for-Profit entities, as ABS, that offer legal services.

9. Parallel In-House Lawyering: In-House legal teams, operating as ABS, that also market and offer their services to clients other than their own corporate employer(s).

COMMENTARY.

“Safe-so-far” models: These are or have been tried, tested, or discussed in other jurisdictions or amongst practitioners and regulators at length, and seem to be safe; if well thought-out, well-regulated, and well-managed.

3. Multi-Disciplinary Practice (MDP): has been considered in legal practice for some time.  However, it has not really taken hold in any major way on either side of the Atlantic; due to the need for rigorous attention and adherence to Rules of Professional Conduct for lawyers.  The already very tough compliance requirements on multijurisdictional law practices with global operations, have, doubtless, made  many a Managing Partner balk at the thought of even more – and potentially conflicting – codes of conduct with which to comply.

7. Legal Service Arrangement: The hub and spoke model is already in use; but in a highly regulated format, such as with a Legal Aid model, or a Lawyer Referral Service.  Granted, the hub does not provide legal services per se, it can and does, sometimes only for a membership fee and sometimes for both a membership fee and a user fee, handle back office administrative duties, advertising, and general facilitation of access to and for its members.  Many models may also certify members for a minimum level of competence, and verify or require that adequate insurance coverage be present as a pre-condition for membership in good standing and therefore referrals with confidence.

8. Parallel Non-Profit Lawyering: Again, this is a variant of the hub and spoke model, but within the Not-for-Profit sector.  Any or all of a community assistance entity, a social welfare entity, and a court services department may offer legal services on a not-for-profit basis, in parallel with their standard or regular functions.

“Suspicious” Models: These are entirely alien to the currently accepted, normative models of legal practice.  To my knowledge, they are not yet in use in the Americas, in Europe, or in Africa or Asia, for that matter, as their existence and availability could well jeopardize lawyer independence.

6. Listed Law Company: A publicly-listed law firm or other entity that regularly provides legal services will raise significant questions about the degree of control a board of directors will have over day-to-day operations and the provision of client services.  Will the profit motive take precedence over quality, and will management put additional pressure on practitioners to settle a major suit quickly before the share place slips too far; to skimp on the due diligence for a major merger due to a potential bonus fee promised for its speedy conclusion; or otherwise pressure them to perform outside the reasonably possible or the ethically advisable, due to promises earlier made to clients by non-lawyer officers or directors, or both.  The potential pitfalls of this model, are really quite perturbing.

1. Sole-branded Lawyering: Branding the law practice with anything other than the name of a current or former or deceased practitioner of that firm, or with another permissible name under the applicable Rules of Professional Conduct, just, for me, serves to cheapen the practice of law.  Many may ask why lawyers should be so different?  The answer: they just are!  Consider these questions, to demonstrate this point.  (i) Not all potential clients will be attracted to that name.  Will a law firm be permanently smeared by former attachment to a named entity that runs sweatshops, has a nasty environmental incident, is sanctioned for abuse of a dominant position or for foreign corrupt practices, or faces bankruptcy in the wake of a mass casualty incident?  (ii) If a dispute arises over the use of that name or brand, what will the firm use in the interim, and how and to what extent should it raise and contribute the funds for any settlement of that dispute?  How happy will the firm’s clients be when approached to fund a surcharge as their contribution for the benefit of having been served by a firm bearing that name, in the past, and for wok that has already long been completed?  (iii) How tacky can the co-merchandising become, before someone has or a group of someones have, a gag reflex, and state that enough is enough?

(iv) How foreseeable is the likelihood of a given name brand proving a disaster in the future, when it comes to coverage and denial of coverage, if things go wrong and an insurable claim is filed against an ABS firm?  Which regulator, if any, will be responsible for approving who can practice law under what brand?  (v) There are certain types of business (gambling, pornography, liquor sales) and even religious and cultural practices, that are not universally welcomed in all jurisdictions where lawyers can and do work.  What will be the impact upon the World Trade Organization (WTO), the General Agreement on Trade in Services (GATS), and the various Human Rights regimes, regarding any barriers constraining the seamless or reciprocal conduct of such ABS around the globe?  Will anyone be listening, or, if listening, rush or be able, to do anything about it?

There are almost as many potential questions as there are jurisdictions, and yet few of these, if any, appear to have been asked and/or answered, or can be adequately covered and accounted for in brief Rules of Practice and website disclaimers, or contracts that are thinner than multiple, bound volumes, that a layman or a laywoman can digest in non-legalese.

Is it not better to have a lawyer focused on your issue, and exclusively your issue, as opposed to any or all of the above?

“Strange” Models: In light of my concerns as earlier highlighted, I really fail to see the rationale in the remaining 4 (“four”) models.  To call them strange, is to significantly lessen their import when it comes to upholding legal ethics and public confidence, and not bringing the administration of justice and the practice of law, into disrepute.

2. Co-branded Lawyering: This model brings to mind, for me, the “complications” that resulted in the current financial crisis, which came about as a result of cross-selling, excessive risk taking, co-dealing with both their own money and client money, and other practices, at various financial services industry actors, including those related to the mortgage industry n the United States of America.  This industry was claimed to be fully regulated and controlled, but someone, somewhere, obviously dropped the ball.  It would be wise to avoid doing the same thing to the U.K. or European legal services industry, by introducing a strange practice model with far too much haste.

4. Co-Operative Lawyering: This is another strange model, but it can work if the services are complementary and could, conceivably, be practically and ethically offered together under appropriate circumstances and with applicable controls.  The Estate Planning example given in the CBA article is one option, with will writing, funeral services, and probate services offered under the same corporate brand.  Other examples might include Municipal (zoning applications, regulatory infractions, small claims, title searches and liens, landlord and tenant); Health and Wellness (Drug regulatory agency representation, health food store ownership, Health Maintenance Organization representation, insurance defence, and medical malpractice litigation).  Another example, of course, is that of Premier Property Lawyers (PPL),[9] the first ABS licensed under the new UK regulatory regime.  This cooperative model may also be combined with a hub and spoke model, to enable members of a union or a club, to access legal services in designated fields.  There is, though, a greater potential for conflicts of interest – such as with the Health and Wellness model – that some readers may have missed, which potential for conflict I will address more generally, below.

5. Private Equity Lawyering: With an ABS under this model, law will become a strict commodity business and no more a service industry, just as is possible with the Listed Law Company, detailed above.  With a Private Equity owner, however, the ABS may have its ultimate owners more focused on beefing-up the profits, before going public or selling the business, and taking their profits.  The prospect of having law firms bought and sold – outside the self-directed movement of Partners and their practice groups – should leave many lawyers in England and Wales with sleepless nights, right now.  There are tangible benefits in having a “professional services” entity managed by professionals in that same line of service work; who know, and can understand, and can respect (with knowledge of the repercussions from a failure to respect) the rules and regulations by which those performing on the front-lines, in their line of service work, are bound.

9. Parallel In-House Lawyering: I see this as an insurmountable conflict of interest.  The In-House legal team should be exclusively focused on serving the corporate client.  Indeed, many employment contracts specifically prescribe against any outside interest or remunerative work; even for non-lawyers.  I will not even begin to count the number of ethical rules that could be violated, here.  (i) The lawyer could be unwittingly consulted by a person with a grievance against his or her employer, thereby putting said lawyer into a conflict from a duty to keep that confidence private, after, of course, declining the representation.  Could the lawyer then continue to represent the corporate employer and not be in breach of a duty to one or the other client?  (ii) How will the lawyer, practicing outside, or practicing in-house but with an outside parallel practice, guard against being consulted by such a person?  How will such a lawyer manage in a diversified holding company where he or she may not know that a subsidiary is the potential adversary, until it is late in the consultation and far too much has been disclosed?  (iii) There are actually good and valid reasons for the attorney conflict of interest rules; and anything less or their widespread re-writing in the belief that “customers will find legal services become more accessible, more efficient and more competitive”,[10] does not adequately consider the impact of these downside risks, excessive competition, and the results of that competition on clients in the inevitable failure of ABSs that cannot adequately compete under the new model, and the dire straits in which some or all of their clients will be left.  Unlike a bank account with deposit insurance, there is no protection for funds on deposit other than being segregated in a trust account until earned as fees or expended as disbursements.  What about the work in progress when a firm goes bust?  Once the retainer is expended, there may still be work done but left unpaid for.  A good number of lawyers will not take-on a case where moneys are owed to the former lawyer, and a lien is in place or may be emplaced on any recovery or resultant winnings.  This could leave the client in a tough spot, unless the former lawyer takes the financial loss and signs-off to a reduction or a release of that debt.  In certain cases, Rules of Professional Conduct will mandate that the lawyer not prejudice a former client’s interests, and therefore he or she must take that loss.  In other cases, a mid-level lawyer who does not have enough of his or her own clients when a firm collapses, may really need to be paid for that work already done, while diligently seeking another employer.  The results, for many, could be very ugly indeed.

CONCLUSIONS.

You can call me a traditionalist, but I prefer the safe-so-far models, for now.  I don’t think that things have become so bad, at least not yet, that legal practitioners must now sell their ethics to the highest bidder, through these other models.  There are, of course, also those annoying little restrictions on lawyers splitting fees, ambulance chasing, and communicating with the clients of someone else, that these new models seem to overlook or treat as a mere inconvenience.

Available options for this our cash squeezed legal profession, include lowering the Law Society dues payable by lawyers; control of premium costs across the board for the malpractice or errors and omissions insurance of accredited professionals (including lawyers, architects, doctors, accountants, and engineers), whether with or without Tort Reform; and dedicated loan pools and credit lines for accredited professionals that would help them maintain their professional independence, ethical duties, and levels of service for their clients.

Available options for the cash-squeezed public and governments, include unbundling of legal services, which will allow for the provision of limited services in more palatable fee portions;[11] courthouse and regulatory reforms to streamline and speed-up some of the most time consuming procedures (including Estate probate, Real Estate closings, and so forth); and reducing law school tuition, so that graduate debt loads create fewer potential disasters in practice, due to more of a focus on getting the bills paid, than on keeping to the best and proper practices.

Time will tell how far the ABS model actually goes in the UK, and whether and to what extent, and in what form or forms, it will migrate to other jurisdictions.[12]  I have grave misgivings for this excessive focus on competition, and I would certainly favour the words of Max Hill, Q.C., Chairman of the UK Criminal Bar Association, over those of the UK Justice Minister, as reprinted above, and of the Irish Justice Minister as reprinted in the footnotes. Speaking on another matter of legal services regulation, but with immediate and equal application, Max Hill aptly said, “Where professional livelihoods are at stake, these matters cannot be rushed.”[13]

As a legal practitioner, I fully agree.

Author:

Ekundayo George is a Lawyer and Strategic Consultant.  He is a published author in Environmental Law and Policy; licensed to practice law in multiple states of the United States of America, as well as Ontario, Canada; and has over a decade of solid legal experience in business law and counseling, diverse litigation, and regulatory practice.

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article does not constitute legal advice or create any lawyer-client relationship.

Efficient Project Management:

Everyone on the project, needs to be able to say to themselves “I go!”, and willingly so, as a statement to self of sincere commitment.  This is why efficient project management starts quite some time before the actual project, in order to bring everyone together on this level.  Each letter in that statement to self represents a stage of the process in getting on the team and staying on the team.  The “I” stands for Indoctrination; the “G” stands for Getting to landmarks; and the “O” stands for Optimizing outcomes.  These typologies have their own sub-typologies, and can also be described as: Inspirational leadership options; Good workflow organization; and Optimizing and re-engineering, generally.

To qualify common misconceptions, “I go” is, of course, not written as “ego”; although, the two are closely related because the Latin language question “quiz” meaning “who” or “whom” is answered by “ego”, meaning “I” or “me”.  So it is, that “Ego”, and “I go”, can be and mean the same thing, but only for so long as the “ego” is not ……. over-inflated!

Indoctrination (Inspirational Leadership options).

Indoctrination in this context is nothing insidious.  It just means buying-in to the program or project.  There are a total of 5 (“five”) options, as described and arranged in a “FOCUS” sub-typology, and they can also overlap to a greater or lesser extent.

F-unctions or tasks, denotes a critical or needed skill or ability, and so the bearer of same will be diligently and persistently recruited to join the project or program.

O-pportunity, denotes the ability of the person or persons with something to offer, to see that the project or program could well be their opportunity to shine, and therefore gain a following, spread their names, and build referral or repeat opportunities.  In this case, those potential participants with something to offer will be the ones working hardest to get on the team, as they are, in effect, inspired to lead themselves onto the team.

C-hallenge or crisis, denotes a situation where a challenge has been put out to the general community to address a problem, or the crisis is clear.  In this case, F, O, and other elements of this sub-typology may all come into play, because the situation most perfectly demonstrates the classic Latin “quiz?”, in a call for volunteers or options or suggestions, as defined and described above.

U-tility, denotes that situation where the necessity for the project is clear to all, or to a specific group or community with the requisite knowledge and understanding.  The need for that utility may have come about as a result of a crisis or challenge, or some other confluence of circumstances; and, again, F, O, C, and other elements of this sub-typology may all come into play, in some way.

S-pirit, denotes a spirit of nationalism and patriotism, ethnic or civic responsibility, or loyalty to the employer, that either draws one to volunteer for the group project, or, if already a member, inspires a very high level of dedicated performance.  This single element can be key and a rallying-cry to draw people in, or inspire their best.

Getting to Landmarks (Good Workflow Organization).

Other than “Analytics”, which I will describe in greater detail, below, the project manager must ensure that workflow is properly organized, and the tasks and sub-tasks well-assigned.  There should be deadlines and landmarks to gauge progress and the time taken to complete certain stages of the project.  The specific techniques and technologies used to achieve this will vary by project, industry, and individual project manager, but the general approach lies in a “MUTUAL”; sub-typology, as a way to remind all participants of the mutual benefit in their joint and indivisible success on a group program or project.

M-eeting, first with the initiators of, or critical stakeholders in, the project, is always a necessity – whether in-person or by electronic or virtual means.  In this first meeting or series of meetings, will be discussed the total picture and scope of the project, timelines applicable and resources available, and the tasks and sub-tasks required on the project.  Additional meetings with these initiators and stakeholders, and with the potential and actual project participants, will continue to be held, as the work commences and continues to its completion.

U-pgrades, will be made to the concept or the task as needed.  In line with the “Responsiveness”, that I will explain below, the project manager should not shy-away from asking for additional details, additional or alternative resources including but not limited to personnel, or additional time on a sub-task or main task, if and as needed.

T-asking-out of leadership roles, group members, reporting lines, and job functions by group, should be done in a clear and consistent manner and well-communicated.  Any and all changes should be timely communicated not just to those members of the group or team immediately impacted, but to all other members on the project who may need to know.  It is, of course, always preferable to avoid inundating team members with a steady stream of “noise”, which is information that is not immediately applicable or useful to them in their specific work.  For this reason, a notice board or bulletin-board system, where project updates are indexed by category and posted for all, would likely be the best, most efficient, and most convenient way to get this done.

U-nderstanding all deadlines, reporting lines, protocols and procedures in-depth and with clear and unequivocal certainty, is essential for the project manager and all managerial and supervisory staff.  If they are unclear on these, then their guidance of their subordinates will, likewise, be neither clear nor consistent, and mismatches and miscommunications may very soon ensue, and mount to the point of faults and failures.  Management must meet on a regular basis to ensure that everyone is on the same page, and has a consistent understanding of what needs to be consistently understood.  If and where there is disagreement or uncertainty or inconsistency that cannot be settled with the documents and specifications on hand or otherwise be reconciled, and which therefore needs ultimate clarification from higher up, then the project manager should take the lead and seek-out clarification on the issue from the initiators and stakeholders.

A-cknowledging and adapting to bottlenecks, is also a critical management function.  Issues and bumps on the delivery road will arise, to which management must take leadership in addressing, to ensure they are addressed in a way that is in accordance with best practices, specifications on the project, and applicable law.  An inconsistent approach to the same issue by different teams or task-groups, can lead to problems and arguments when notes are compared or personnel shared across the teams.

L-essons learned, is just that – learning from the experience, and any challenges or mistakes that arose in relation to it.  There should be a means for gathering and monitoring a central database of issues, problems and bottlenecks on the project, as well as the suggested or tried and tested means to address them, that is accessible to management across the project at an appropriate level for consultation, information input, discussion and debate, and urgent alerts.  The project manager for his or her own benefit, and for the benefit of the initiators or critical stakeholders, should be able to review progress and performance on the project throughout its lifespan, and re-design outdated or inefficient protocols and procedures, techniques and technologies, as the need arises.

Optimizing Outcomes (Optimizing and Re-engineering, generally).

The output of the various participants and the final results attained, cannot be or remain at their best if care is not taken along the way to engage in active management.  You cannot just start people off, point them in the general direction of your goals, and leave them to muddle their way through, somehow.  Good management is active management that knows when and how far to get into the micro-details; but on a sparing basis.  If the people you selected cannot manage the details, then you made an initial error in their selection that may or may not be too late to change.  If you build problems or poor performance into the formula from the outset, then you will be plagued by problems and poor performance throughout.  Starting correctly is always preferable to the project manager taking-on more work in quietly and shamefully opting to fix the problems of others and re-do their shoddy work in-house, time and again, and so not having time to do the main job of managing.  The wiser option would be to get a competent replacement.  Being, and spreading the need to be and to work, “SMART”, is the sub-typology, here.

S-haring, denotes a sharing and spreading of best practices, feedback, and available resources that are or may be useful to the task.  Of course, in a complex project or one with Law Enforcement and National Security (LENS) ramifications, information and specific elements of the project may be compartmentalized or have sharing and other restrictions imposed, in which case those requirements will take precedence and tend to make the need to get the right people emplaced on the first attempt, even more critical.

M-utual respect, denotes the need for all participants to have the requisite level of maturity and professionalism to be able to get along and focus on the project.  There should be a preference for low tones of address, low tempers throughout, and a high level of tolerance for slow learners to the extent that the project can tolerate them, unexpected delays, and bottlenecks.  Blazing tempers lead to distractions, and hotheads tend to be avoided, marginalized, and not get that level of support and information and cooperation that they need to get the job done right the first time, and then every time.

A-nalytics, denotes the proper use of scenarios and modeling, and ongoing reporting and quality controls, that lets everyone know what is right, what is wrong, and how to get it fixed.  There will inevitably be changes in the materials or the work, or the scope of the work.  In addition proper interviewing techniques and background checks will tend to weed-out the unsuitable or under-qualified or ill-adjusted, and quality controls in product and material inputs, will avoid many a failure and mismatch.

R-esponsiveness, denotes acting and reacting with alacrity to the above; whether something is uncovered by the analytics, or if either or both of sharing and mutual respect need some work in terms of a situation or a participant.  The project manager must always and quickly respond to needs, queries, and challenges as and when they arise; failing which, members of the team may resort to self-help or use their “initiative” in an unstructured and uncoordinated, and potentially counterproductive way in relation to a mission-critical requirement, system, or subsystem.  Sometimes, a discrete failure leads to a cascading failure in multiple systems or areas, and the project can be set back or cancelled in its entirety, if the cost or time for recovery or restart cannot be justified in terms of budgets, human and material resources, or the exigent situation.

T-eamwork, denotes an obvious and much touted, but often woefully neglected essential element.

(i) There must be unity of command, in a set chain of authority, including alternates per shift and per function, in times of unavailability, and for emergencies, also.

(ii) There must be unity of effort, and coordination amongst sub-disciplines, sub-units, and back office functions.  An overall board or coordinating group is inevitable for any larger project or program put together without a designed-in defect or obsolescence.

(iii) There must also be unity of outcome, in that all discrete element team-members must want the same tactical end-results; all members of management must be oriented-on the same optimal operational outcomes; and every person on the project must be strictly focused on the same mutually-beneficial, strategic goal of its overall success.

Summary:

Quiz?

Author:

Ekundayo George is a Lawyer and Strategic Consultant.  He is a published author in Environmental Law and Policy; licensed to practice law in multiple states of the United States of America, as well as Ontario, Canada; and has over a decade of solid legal experience in business law and counseling, diverse litigation, and regulatory practice.

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article does not constitute legal advice or create any lawyer-client relationship.