ISSUES:

The practice of law is quickly running into a very big problem.  More and more national and sub-national jurisdictions are passing laws regarding e-Commerce that have an impact on business entities organized outside, and individuals residing outside, their physical boundaries, but that also do business in, have a defined nexus with, or travel through or over their sovereign territory.  While it is important to know the laws of the place where one “intends” to do business or travel, it may be helpful and even advisable, to know the laws of the place where one “might” do business or find oneself physically (through emergency landings and layovers), or virtually through no fault of one’s own (in the case of a data breach, or an online defamation matter, or through the workings of a social medium, as the result of some “User-generated Legality Issue”, a.k.a. “an UgLI”).

In addition, regulatory authorities are developing a growing habit of commencing and continuing to conclusion, multiple and separate actions against the same defendant or group of defendants and based upon the same facts or confluence of circumstances, sometimes in the same venue and sometimes in different venues, or cooperatively against multiple jurisdictions.  When the government with unlimited resources refuses to forbear or stay itself, or a court find that any stay of proceedings which could save the defendants time and money is not necessary, or not in the public interest, or not contemplated by law, then it immediately becomes necessary for sometimes very many lawyers to do the same or similar things, very many and expensive times.[1]

Unfortunately, licenses for the practice of law are issued by each specific jurisdiction of practice, and often after checks, long study, and success on a Bar Examination.  Hence, in effect, advising on or interpreting the laws of a jurisdiction or a place where one is not licensed, can be deemed to be the Unauthorized Practice of Law (UPL), with sanctions up to and including disbarment.

How does a lawyer, who is not a part of a 1,000+ lawyer firm with global offices, provide effective and professional and complete advice and counsel to clients without: (a) engaging in unauthorized practice of law; (b) inviting a malpractice claim for lack of care or thoroughness in the giving of that advice; or (c) losing clients by advising that they engage legal counsel in every jurisdiction in which they may be organized or authorized to do business, to or through which their products or services may be transported, or within which a person impacted by a data breach may need to be notified in accordance with the applicable law of that jurisdiction?

Undoubtedly, many lawyers do give the advice to go and get advice, despite the prohibitive costs.  Also, and verifiably, many lawyers already speak on the laws applicable in jurisdictions where they are not licensed, especially at seminars on professionalism, ethics, and best practices; and they may well be doing the same with their clients – with, no doubt, the caveat to seek a licensed practitioner in the appropriate jurisdiction and practice area for a clear and complete treatment.

QUESTIONS:

This current and increasingly urgent situation raises at least 10 (“ten”) very interesting, and yet long-neglected questions, for Law Societies and Bar Associations, worldwide, to try to answer.

1. Is the cost of full legal and regulatory compliance while doing international business, or even while engaging in limited e-Commerce, becoming prohibitive for the small and medium-sized business in (or across, to, or through) any or every jurisdiction?

2. Are lawyers being forced to choose between practicing exclusively locally, or potentially engaging in the Unauthorized Practice of Law by rendering proper advice and counsel?

3. Is it time for lawyers running into this issue, to state and contract that any and all information they provide that regards a jurisdiction other than their own, is rendered for general information purposes, only, and not intended or to be deemed or accepted or construed, as actionable legal advice or counsel?  What will this do to lawyer usefulness?

4. How is it (and is it fair over question 5, below), that transactional lawyers cannot freely draft agreements governed by the laws of jurisdictions where they are not licensed, even if those laws are understood in great detail through studies and consultations, and other familiarization, without UPL allegations and sanctions?

5. How is it (and is it fair over question 4, above), that litigators presenting supporting caselaw and distinguishing conflicting caselaw of jurisdictions where they are not licensed to practice law, in their arguments before senior Judges and seasoned legal practitioners of courts and tribunals and in papers submitted, are not subject to wholesale UPL allegations and sanctions?

6. Are litigators favored with an unfair competitive advantage under the current system?

7. Is the continued licensing of lawyers by separate and distinct jurisdictions, an undue restraint on the trade and practice and profession of law, that can be subjected to a Competition Review or an Antitrust challenge in any court or tribunal of competent jurisdiction?

8. Are the very large law firms operating under the current model open to challenge for unduly restraining the trade and practice and profession of law, by the chilling protection of the Unauthorized Practice of Law (UPL) allegation, to the extent that they may be: (a) forcibly broken-up; (b) mandated to make their services available to businesses at more affordable rates; or (c) required to enter into consulting or associative arrangements, also at affordable rates, with smaller firms and individual lawyers (subject to appropriate conflict checks), in order to make the multijurisdictional practice that is increasingly essential for the rendering of effective and ethical legal advice and counsel, available to a wider section of the Bar(s) and Law Societies to which they belong?

9. Has the time come to consider the issuance of a Multijurisdictional Law License, or a Multijurisdictional Practice Certificate (whether across states or provinces in a Nation State, or by practice area in a Nation or economic region – such as:

a. Outsourcing;

b. Privacy Laws;

c. Cloud Computing;

d. Social Media practice;

e. International Trade Laws;

f. Legal and Regulatory Compliance;

g. Data Breach Notification Protocols;

h. International Law (Laws of War, Laws of Space, Laws of the Sea, Laws of International Organizations, International Environmental Laws, and so forth);

or by practice area across economic or geographic regions, or in some combination that includes one or more of these options), in order to provide a Safe Harbor for lawyers with clients who travel widely, or who are engaged in e-Commerce or International Trade or other International operations that require legal counsel to be well-versed, well-respected, and not constantly in and out of hearings defending themselves against UPL charges?

10. How much would it cost and where would the received moneys go?  What would be the pre-qualifications for such a Multijurisdictional Law License (M.L.L.) or Multijurisdictional Practice Certificate (M.P.C.), prior licensing in 2 (“two”) or more jurisdictions, multilingual abilities, a number of years of practice, a demonstrated need in the lawyer’s client base, or other factor(s)?

ANSWERS??

There are precedents for most if not all issues and acts considered in the above questions.  However, it remains to be seen where we go, and whether it is steps forward or steps backwards – if and when one or more of the Bar Associations and/or Law Societies willing to take the lead in this area, acts boldly, before the test cases start-a-coming, and at a ridiculously rapid pace.

***********************************************************************

Author:

Ekundayo George is a Sociologist, Lawyer, and Strategic Consultant, with experience in business law and counseling, diverse litigation, and regulatory practice. He is licensed to practice and has practiced, in Ontario, Canada, as well as multiple states of the United States of America (U.S.A.); and he has published in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article is intended and presented for general information purposes and is not intended or construed or to be read, as constituting legal advice or creating any lawyer-client relationship.


[1] See e.g. Jonathan Stempel, Top cop: SEC may not delay civil cases.  Reuters.com.  Published in Business & Financial News, Breaking US & International News, on Tuesday, May 4, 2010.  Available at: http://www.reuters.com/assets/print?aid=USTRE6434GY20100504

See also David Smyth, Siemens Executives Face Parallel FCPA Proceedings.  Brooks, Pierce, McLendon, Humphrey & Leonard, L.L.P.  Posted on December 15, 2011.  Available at: http://www.secmiscellany.com/2011/12/15/siemens-executives-face-parallel-fcpa-proceedings/

See also Daniel Matzkin, AON settles FCPA enforcement actions with DOJ, SEC.  Squire Sanders.  Posted on December 21, 2011.  Available at: http://www.anticorruptionblog.com/foreign-corrupt-practices-act/aon-settles-fcpa-enforcement-actions-with-doj-sec/

But see contra Pinsent Masons LLP.  EU competition regulators agree guidelines for cross-border cooperation.  Published on November 10, 2011.  Available at: http://www.out-law.com/en/articles/2011/november/eu-competition-regulators-agree-guidelines-for-cross-border-cooperation/

Advertisements

Since the “dot-com” era began, many Internet-driven businesses have come and gone.  Some resurfaced in a new guise, but others were never to be seen or heard from, again.  Why was this so, and what did some of them do correctly, that others did wrongly?  I think those that failed, did so for not meeting 1 (“one”) or more of the 7 (“seven”) checkpoints in the e-Commerce success formula, applicable both in the times gone by and in the current climate.  As further detailed below, these are: Acceptable Service Levels; Security; Policies and Privacy; Intellectual Property Rights (I.P.R.); Regulatory Compliance; Enforcement; and Dedicated Cashflows.

1.         ACCEPTABLE SERVICE LEVELS: If and when offering a service or product to the public, then the quality of that offering must be acceptable.  Bad product or bad service, leads to bad reputation.  With the current pace of word-of-mouth advertising through Social Media, a company’s reputation can be tanked, with a quickness.  Why spend so much time generating all that buzz, and then bet the company by offering something that is a substandard product (bug-infested), a service that is obviously not quite yet ready for primetime (the wider, mass market), or something that is otherwise badly managed in the initial rollout (going cheap on the launch)?

This may have worked for some businesses in the past, and it may still be tried in some cases by those businesses feeling secure or carefree enough with the substantial following for their product or service, or suite of same.  But, today?  No way!!  Beta testing is available for a reason.  Use it!  The more alternatives that proliferate, and providing that there is a relative inelasticity in providers, the less tolerant the market will be for mediocrity and unacceptable service levels.

2.         SECURITY: Of course, the company crown jewels (I.P.R., trade secrets including strategies and customer lists, and so forth), must be secured.  If not, then the model can be replicated either without shame and by an obvious copycat, or through reverse engineering with a very good idea of where they need to go, from having the product, your product, right there in front of them.  Physical security, electronic security, and a security frame of mind, must permeate the business and the workforce from top to bottom, in order to hit this checkpoint right.

The added networking functionalities that Social Media now gives to developers, programmers, and scientists, coupled with the fact that massive amounts of raw and unencrypted data can be lost (and are being regularly lost) on smartphones, laptops, and through online theft and hacking, means that achieving comprehensive Cybersecurity is no easy task, as I have already blogged.[1]  You may notice that some of the largest, most successful, longest-lasting e-Commerce successes are entities with a very zealous dedication to security.  Obviously, there are good reasons for this.

3.         POLICIES and PRIVACY: It is also vitally important to have effective and comprehensive policies on a variety of topics, so that there are no fatal gaps in employee guidance as to the policies and procedures that they need to follow in specific circumstances, or in those very tricky or novel situations where the guidance of other employers may be found lacking due to imprecision, or a lack of clarity, or a failure to consider and plan for such an eventuality – even by providing a dedicated line on which employees may call for guidance from a responsible person in the company.  Situations that should be policy-covered include but are not limited to, privacy breaches, emergencies and complex emergencies, Social Media usage, employee hiring (with appropriate background checks) and termination (with exit interviews and securing of access permissions and company property), and privacy and security, generally.

Where policies are lacking, employees may well take the initiative.  There is nothing wrong with having employees who can think for themselves, especially in a knowledge-driven economy or an Internet-driven business.  However, where employees lack the critical additional knowledge, subject matter expertise, or general leadership training and discipline to know what is best for the company and also in accordance with law, their initiative may initiate a problem, or two, or three.  Sometimes extrication is simple, and sometimes, it comes at a very steep price, including personal liability for directors and officers, very steep fines and regulatory penalties, lawsuits with their companion legal costs and expenses and insurance coverage disputes, and even destruction or dissolution of the company as a going concern.  It is better to lead and set the tone with a coherent policy, after careful business consideration and consultation with legal counsel.

4.         INTELLECTUAL PROPERTY RIGHTS (I.P.R.): Where the entity owns and has developed its own I.P.R., then this should be protected, of course, through proper registration and ongoing monitoring.  It is not prudent, and very much ill-advised, to put a branded product or service on the market without first ensuring that the name chosen, is available and free for use.  Otherwise, a flashy and expensive marketing campaign may lead directly to a messy and expensive legal battle for I.P.R. infringement or misuse.  This could be ruinous if the seed money or risk capital has already run out or nearly run out, and whether or not the deep-pocketed investors get frightened-away by that kind of rather costly, and potentially very bad publicity.

Similarly, the unauthorized use or willful misuse of the I.P.R. of another, can bring severe and negative consequences through suits and injunctions.  Even where the law is unclear or imprecise and with apparent loopholes, this does not prevent an incensed litigant or an ambitious prosecutor from applying novel theories and significant resources to make a test case stick, or to prove a point, or to chill or still the fervor of any and all who might think to follow a bad lead.

5.         REGULATORY COMPLIANCE: All of the foregoing ties-in with regulatory compliance.  This does not just apply to industry-specific regulations, but also to national laws; laws of the municipality, state, and province, as appropriate; and any International or otherwise multijurisdictional accords and protocols that may be or become relevant, or applicable, or appurtenant to the business or the business model in question.

Having a good idea of what is being planned or proposed, and where possible, being able to chime-in on the debate through a trade or industry group, are best practices.  It is better to know, plan, and prepare, than to be suddenly surprised.  Sometimes, even with the delayed applicability of new laws and regulations, the time, cost, and efforts required to become fully compliant – let alone the fines and penalties for failing to be so compliant – can be a drain on resources and an unwelcome distraction from the core mission.

6.         ENFORCEMENT: Additionally, all company policies must be regularly communicated, enforced, and audited for the degree of compliance therewith; otherwise the company may face more than its share of User-generated Legality Issues (UgLIs).[2]  As for leadership in this endeavor, even in a smaller company, it can be highly advisable to have both a Chief Compliance Officer and a Chief Privacy Officer.

To the extent that a candidate is qualified, both of these titles may be held by a single, double-hatted individual.  However, if that is the case, then it is advisable that the person hold no third portfolio, as the pace of development in both of those areas will keep him or her more than sufficiently occupied.  Indeed, many an entity may find it more affordable and prudent to have a limited In-House capacity in both of these areas, but outsource the bulk of its needs for guidance in privacy and compliance to legal providers who can promptly deliver legal updates and customized policies, in conjunction with occasional audits, and tweaking as the business matures and moves though standard and non-standard cycles, or other critical events (mergers and acquisitions, litigation, regulatory investigations, public offerings and buybacks, or insolvency).

7.         DEDICATED CASHFLOWS: The initial dot-com heydays were replete with businesses that sold nothing, gave away copious amounts of services or software or both of these for free, and essentially, burned through cash as though the patience of their dedicated investors would never end.  Eventually, it did, and so did they.

There has to be revenue, and it needs to be projected to start at some point down the line, right from the start.  This way, milestones can be recorded, and steps taken to address any failures to meet them – whether in extensions of time and financing, or in a change of policy or management, or both of these.  There is nothing wrong with having a loss-leader, and giving away services or software in order to capture market share and loyal customers.  Advertising, therefore, when responsibly and lawfully and tastefully done, is the easiest way to generate revenues, and build a business from the traffic to, or the following or patronage of, a popular site or service.

Summary: E-commerce and the Internet-driven business are still very much works in progress, as governments struggle to keep up with their ever-changing nature, and the consuming public (in sections and subsets of same), thrives on the tensions generated and in the spaces created, by this state of constant flux.

Some have accused the People’s Republic of China and the Russian Federation of high complicity in organized theft of strategic assets by exploiting flaws in and their failures on, one or more of the above 7 checkpoints.[3]  However, these alleged culprits are also obvious victims;[4] and allegations of economic espionage and leveraging for advantage, legally, not so legally, and quite illegally, including with government support or complicity,[5] are really nothing new.

Whether one’s problems show success or a failing equal to those of others on the same or substantially the same above checkpoints, is in the beholder’s eye.  Regardless, however, perhaps if regulators focused a little more on fixing the failings in this winning formula than spinning for sanctions and shame, more would thrive and succeed in this brave new, Online Great Game.

Author:

Ekundayo George is a Sociologist, Lawyer, and Strategic Consultant, with experience in business law and counseling, diverse litigation, and regulatory practice. He is licensed to practice and has practiced, in Ontario, Canada, as well as multiple states of the United States of America (U.S.A.); and he has published in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article is intended and presented for general information purposes and is not intended or construed or to be read, as constituting legal advice or creating any lawyer-client relationship.


[1] Ekundayo George. “Cybersecurity (the Nitty-Gritty; and what is Cyberspace?): A Different, Flexible Approach.”  Oglaws.  Published on December 9, 2011.  Available at: https://ogalaws.wordpress.com/category/strategic-consulting/cybersecurity/

[2] See Ekundayo George. “M”edia Effectiveness, at the text containing endnotes 5 through and including 12, for an explanation of this concept.  Ogalaws page Tab.  Available at: https://ogalaws.wordpress.com/media-effectiveness/

[3] United States of America, Office of the National Counterintelligence Executive (ONCIX)Foreign Spies Stealing U.S. Economic Secrets in Cyberspace. Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011.  Published in October, 2011.  Available at: http://www.ncix.gov/publications/reports/fecie_all/Foreign_Economic_Collection_2011.pdf

[4] BBC News, TechnologyChina seeks to combat hi-tech crimewave.  Published on December 30, 2011.  Available at: http://www.bbc.co.uk/news/technology-16357238

See also BBC News, EuropeUK diplomats in Moscow spying row.  Published on Monday, January 23, 2006.  Available at: http://news.bbc.co.uk/2/hi/europe/4638136.stm

[5] New York Times.  Air France Denies Spying on Travelers.  Published on September 14, 1991.  Available at:   http://www.nytimes.com/1991/09/14/news/14iht-spy_.html

See generally Paul M. JoyalIndustrial Espionage Today and Information Wars of Tomorrow.  Integer Security, Inc. Information and Analytic Services.   A report prepared by Paul M. Joyal (President of Integer Security Inc.), for presentation at the 19th National Information Systems Security Conference, held in Baltimore, Maryland, U.S.A., on October 22-25,1996.  Available at: http://csrc.nist.gov/nissc/1996/papers/NISSC96/joyal/industry.pdf

See e.g. CTVNews.ca StaffCorporate espionage costing billions each year.  CTVNews.ca Published on Tuesday, November 21, 2011.  Available at: http://www.ctv.ca/CTVNews/CanadaAM/20111129/corporate-espionage-secrets-companies-111129/

%d bloggers like this: