When in Greece, Know that You Know Nothing

Greece 2

I expend a great deal of hot air preaching both here in this blog and in the classes I teach to young professionals about how important it is for lawyers, especially in-house counsel, to understand their client’s business, industry and strategy.

Two months ago, my team together with my manager Jackson Pek held our annual team building event in Athens, Greece. Jackson brought along two senior GC’s (in experience not age), Duc Trang and Evangelos Apostolou. Duc now trains lawyers and other professionals in business acumen and is due to come out with a new book about the Architecture of Deals and how to design transactions. But for our Athens adventure, Duc gave us a session on how to analyze a business’ competitive position in order to make better strategic decisions.  I hate to use the term, but it was “awesome”.

When you are the one in front of the group doing all the talking, you often forget that there is a lot of value in being the one who is listening and learning. So it was very humbling to learn from Duc. His very simple approach to assessing a company’s relative competitiveness enables lawyers (and other corporate support functions) to better engage with their clients as more effective business partners.

In today’s corporate world, HR departments spend a lot of time building up their employees’ important soft skills, but at the end of the day, little effort is made to teach business acumen. I can’t stress enough how much value legal teams get from the sort of business skills training that Duc offers, and he has a unique ability to put it into the context of what we lawyers do in our every day roles. In fact, by the end of our first session, we were already analyzing our own internal client’s competitive position and brainstorming about improved strategic approaches and better ways to focus our support. Again, it was “awesome”.

Then there was the icing on the cake. My team and I got to hang out in Athens with Jackson, Duc and Evangelos, and I got to pick their more seasoned brains with lots and lots of questions about how to be a more effective business partner and a better manager for the amazing team I work with.

It reminded me of Socrates’ “the only thing I know is that I know nothing”. Efharisto, there is always something to learn and luckily someone to learn it from.

Advertisements

Five Things Companies Can Do

fb congress

Earlier this week I wrote a long-winded post describing steps companies can take – in light of recent concerns about companies misusing personal data – to make sure their technologies are offering us all something of value.

Here are the five things, in abbreviated form, that companies can start doing now:

  1. Privacy by Design (and security by design): Put the end user at the center of your technology’s architecture, minimize the amount of personal data you will need to provide the service, give the end-user control, and be transparent. If you concentrate on what the end user will be comfortable with and empower her with control over her data, then you are on the right track.
  2. Value Proposition: Make privacy protections and good practice a central point of differentiation. Make it core to your overall value proposition.
  3. Business Model. Re-think the business model. Propose different fee structures or revenue sharing options that give end users more control and something of value in return for handing over their data.
  4. Product Ethics: Before thinking about the legality of a new product or service, focus on it from an ethical viewpoint. Consider a products ethics committee, including bringing in an ethicist. Look not just at data use but the potential for a product or service to be misused (even if hacked) with results that are contrary to the company’s values. Remember the last thing you want is for your CEO to have to sit in front of lawmakers struggling to explain why your service was linked to a major human rights violation, political scandal, or massive leak of sensitive personal data.
  5. Data Use as a Corporate Social Responsibility: Make data use and innovation part of your company’s CSR policies where you commit to (i) not use the personal data and technology at your disposal in a way that has a negative effect on your community and stakeholders, and (ii) affirmatively use technology and innovation for the good of your community and stakeholders.

Put all together, the most important thing a company can do is to take the time to have open, internal conversations about the effects that its products and services may have on users and society. That way senior management can make informed decisions in line with the companies core values and identity. Lawyers don’t like surprises, and neither do their client.

I’m going to stop whining. Here are a few simple things companies can do

I just saw this interview  with Tim Cooks where he says that privacy is a fundamental right and core to the American identity. With all of my recent ranting and raging about private companies and dystopia, I could start proposing solutions or become real cynical about the Apple CEO’s words. Maybe Apple is desperate to distance itself from Facebook’s recent scandals including news that phone manufacturers reached secret deals with the social media giant to access user data.

immendorffOf course, there is also the glaringly stark contrast between the FCC now permitting American ISPs to sell user data to third parties and how the new European data law (the infamous GDPR) — not Americans’ passion for privacy rights — is the primary catalyst for the current public conversation around privacy rights in the digital era.

But instead of complaining, maybe I should look at what Apple is saying as a teachable moment. Likely Apple sees a major marketing opportunity to remind its customers (and promote the fact) that it is not in the data sharing business and that monetizing its customer’s data is contrary to its core values. At a time when companies (for example U.S. ISPs) are licking their fingers at the chance to rake in big bucks by reselling their paying customers’ data, there is a huge niche – analogous to the organic/bio foods business – for privacy-friendly products and technologies.

So taking advantage of this potentially positive turn of events, I should walk-the-walk and do what I keep saying lawyers ought to. Propose solutions! So here it goes:

For lawyers in private practice, I encourage them to continue to play a pivotal and activist role in bringing claims against and putting pressure on companies and governments that misuse our personal data or infringe on our rights. Holding them accountable does not happen by osmosis. You need lawyers leading as change agents (think about the essential role of lawyers in the Civil Rights Movement).

tshirtsNow as an in-house counsel in a tech company, I would suggest leaving your beret and Che Guevara t-shirt at home. Instead concentrate on how your company can build trust amongst its customers so that they will feel comfortable using your services, and in turn, you will feel comfortable providing them with those services. Here are some basic things, some of which I have mentioned before, that in-house lawyers can propose within their companies:

Privacy by Design (and security by design): Put the end user at the center of your technology’s architecture. Try to minimize the amount of personal data you will need to provide the service, limit what you share with third parties to only what needs to be shared, and give the end user the ability to opt-out of features that share more detailed personal data. Be transparent. If you concentrate on what the end user will be comfortable with and empower her with control over her data, then you are on the right track.

Value Proposition: As the tech giants, especially ones where consumers have little bargaining power (like ISPs, Facebook, and Google), demand more access to their users’ data, companies can use privacy protections as a strong differentiating value proposition. As mentioned above, the market opportunity is huge. For example, if European consumers are not comfortable with the ease at which their data may be swept up and monitored by American spy agencies (as revealed by Edward Snowden), why not offer European-based services that guarantee greater freedom from the intrusion of a foreign government? As with Apple, if you sell sleek, cool, and lifestyle, the minute your customers perceive that you are no longer any of those things – and btw selling customer data is creepy not cool – then game over.

Business Model. Re-think the business model. Propose different fee structures or revenue sharing options that give end users more control and something of value in return for handing over their data. For example, offer customers discounted fees (like Amazon does with the Kindle) if they allow the company to monetize their data. Alternatively, how about a giving a piece of the revenue to the customer when the company makes money off her data? I worked for a WiFi sharing start-up where, keeping true to the company’s value of sharing, we shared revenues with users who shared back. If my ISP is making money off my data, then why not demand something in return?

fb congress

Product Ethics: Before thinking about the legality of a new product or service, focus on it from an ethical viewpoint. Many companies now have data governance committees, but consider a broader products ethics committee made up of a cross section of the company. Look not just at data use but the potential for a product or service to be misused (even if hacked) with results that are contrary to the company’s values. If you build products that resell or rely on processing large volumes of personal data, put an ethicist on staff. Remember no matter who your CEO is or how much of a celebrity he may be, the last thing you want is for him to have to sit in front of lawmakers struggling to explain why your service was linked to a major human rights violation, political scandal, or massive leak of sensitive personal data.

Data Use as a Corporate Social Responsibility: Include data use and innovation in your company’s CSR policies. Call it your Innovation for Good Policy where you commit to (i) not use the personal data and technology at your disposal in a way that has a negative effect on your community and stakeholders, and (ii) affirmatively use technology and innovation for the good of your community and stakeholders. For example, at my current company, Amadeus, I am very proud to have been involved in two CSR initiatives with UNICEF where we used technology and aggregated travel data to help suffering children and to predict the spread of diseases like Ebola and Zika.

Put all together, the most important thing a company can do is to take the time to have open, internal conversations about the effects that its products and services may have on users and society. That way senior management can make informed decisions in line with the companies core values and identity. Lawyers don’t like surprises, and neither do their clients.

How Legal Teams Can Work in Agile

Scrum“Agile” or its sexier variation “agility” often seem like nothing more than buzzwords of the digital era. Everyone wants to be agile, everyone seeks agility.

We usually associate the terms with agile software development, as opposed to the more traditional waterfall methodology, where you define all of a project’s software requirements and milestones upfront and in great detail, and then you don’t deliver until the product is market ready, or as close to market ready as possible. The problem with this is that IT projects, like marriages, are works in progress and not everyone knows exactly what they’ve signed-up for until after they’ve said “I do”. Conditions change, technology evolves, and customers are impatient. Moreover, in long term projects developers tend to become further removed from the customer while the account managers lose track of the technical complexity of the project or have already moved on to the next opportunity.

Agile development tries to solve these problems by dismantling those silos where teams operate in isolation of each other and by delivering in short imperfect iterations known as sprints. Instead of focusing on the perfect, each sprint allows for customer feedback and correction, improving customer ownership and engagement in the project, permitting the supplier to show value right away, and empowering the development teams to be more innovative. In Agile, you are allowed to fail fast until you get it right. In waterfall, you fail hard and pay delay penalties.

The two major problems with Agile are: first scope creep where you lose control of the development costs in front of a customer with a fixed budget who keeps asking for modifications; and second Agile only works when your customer can reciprocate your agility. Agility requires both a shift in how you build your business case and how you interact with your customer.

scrum meeting

When most of us think of Agile, we think of a wall full of post-its and nerds without suits in stand-up meetings. But the concepts and best practices of Agile don’t need to be limited to R&D teams, and many other areas of business are looking at Agile to ameliorate some of the same challenges.

In particular, when a company grows, especially as it globalizes, it tends to suffer from silo-ization or the isolation of key internal stakeholders across a business unit, area of specialization or geography. These teams’ ability to interact is vital to convey and obtain the necessary input, not just for delivering a project but also for making informed decisions or improving communication.

Imagen032
Sitting on puffs during my start-up days

So take a start-up as an example. At first, it is a small team that inhabits the same open-space. When you want to talk to marketing, operations or to the product manager, you pull up a chair. When I worked for a start-up, we’d literally take our laptops and puffs to a quiet corner of the office. In fact, I happened to sit between two web designers. I would bug them all day long with my ridiculous ideas for new marketing campaigns. In a normal company, no one would have paid any attention to me. But in a start-up, nobody cared that I wasn’t Marketing. We all gave our input and were able to try out lots of ideas quickly until we got one right.

Imagine that start-up (or a new business unit) scaling up very quickly. Suddenly you have a product management team of ten people, three regional sales teams, and operations and R&D located at separate sites from the business-facing teams. Next thing you know, your business has become very siloed, communication is strained, messages are lost in translation and teams become tribal. We’ve all seen this happen. Sales doesn’t understand what it is peddling and R&D doesn’t understand what the customer needs. The support functions, like Legal, HR or Finance, become their own centralized tribe out of sync with actual customer and market needs, and what they have to offer is many times too late, out of context, or one size fits all.

Also as companies grow exponentially and teams silo based on geography or subject matter, employee engagement often diminishes. Now one step removed from customers, other teams, or where decisions or products are made, employees lose perspective, rarely receive positive feedback or gain visibility for their work, cease seeing the value in their own output or their roles, and become more entrenched in the group think of their tribe or immediately surroundings. We fight our myopic battles and resort to finger pointing. Sales fights with Operations, Product Management with Strategy, R&D with Implementation, and everyone rolls their eyes at Legal.

The idea behind business agility is that by better defining your customer’s needs and your deliverables, you can build cross-functional squads that work together on the same goal whose output (ie, sprint) can be shared very quickly with the customer. You break down both geographical and subject matter barriers, create a vehicle for communication, promote risk taking in a controlled environment, and empower squad members, giving them greater visibility of customer needs while allowing them to earn recognition for a job well done.

Okay, Eric, got it. Now what does this have to do with lawyers and in-house counsel?

In many in-house legal departments, you have the same issues. You are either organized regionally, by area of expertise, business unit or all of the above. So you have transactional lawyers who are customer-facing and negotiate commercial deals, and you have subject matter experts like competition, privacy or tax lawyers who have their day job of helping the company meet its regulatory obligations, but also need to support the transactional lawyers on the drop of a dime. You may also have other related teams like Risk & Compliance, Industry Affairs, and Information Security (as we do in Amadeus). This means that the Legal Department tends to work in silos as well, and when I am the transactional lawyer in a large deal where I need input from subject matter experts, I become the bottleneck. The business unit that I support wants to quickly get a new product to market and I need to chase the privacy or competition lawyer because I don’t know the answer, I become the bottleneck.

Luckily, I work with some very forward thinking colleagues who made me sit through basic Lean and Product Management training. In a very simplistic nutshell, Lean teaches you to define your output (ie, the “work”) so that you can remove unnecessary tasks (“don’t improve what needs to be removed”) and become more efficient. In Project Management training, I had the revelation that we lawyers – whose inclination is to go at it solo, office door closed or earplugs in, and draft away in silence — should start treating major negotiations as projects with predefined tasks, processes and the coordinated collaboration of others.

And luckily, I also get to work with very smart and capable internal business process consultants who I have recently harassed about working in Agile. What I really wanted to know was how we could design efficient, silo-busting teams in Legal to work in project mode on specific, timely initiatives. These very smart and capable colleagues kept bringing me back to reality. Agile is just a buzzword, they’d tell me, unless you can define your deliverable and the customer need that justifies an Agile solution. So this is what I came up with:

First I don’t want to give myself or anyone else added or unneeded work. People are busy, and if my goal is to build a squad from across different teams within the Legal Department, I need buy-in from the squad members’ bosses. I won’t get them on board if I am wasting people’s time. For this I need to choose projects:

  • that relate to new initiatives that the business has prioritized
  • that require a holistic legal perspective
  • where the team can provide real, tangible deliverables, and
  • that are timely, meaning we can help out the business right away

For my company, this would generally mean projects relating to new technologies or products, and in most cases, the deliverables would be either holistic legal guidance on the new product – including on product design from a privacy, security, regulatory and customer relationship perspective (including how you would contract with and charge your customers) – or on producing the contract templates for sale of the product. For other companies it may not be so tech focused, but may mean new lines of business or entering new markets. The key is that you are looking into novel opportunities where you don’t have an off-the-shelf solution at hand. Moreover, you want to avoid scenarios where the business gets your input too late and has to go back and start all over after they have already invested time, effort and resources on the new venture.

Imagine that your company has developed a new service which they have already pitched to a couple of customers. The Sales team is very excited as are the perspective customers. They call you up and ask you for the contract. You say, “a contract for what?” They explain and you use a preexisting template, hoping that making a few changes here and there will do the trick. For the data protection provision, you show it to your privacy lawyer who raises an eyebrow as it looks like data may be stored in various data centers around the world. She asks a bunch of questions and points you in the direction of the information security office. No one ever told them about the project, and they never analyzed the service’s architecture. You are almost too afraid to ask the Tax team whether the locations of the databases presents a permanent establishment risk, and you realize that maybe the IP team wasn’t put in the loop either. Houston we have a problem. The customer is ready to go, but we will likely need to rewire a chunk of the work, losing weeks of effort and resources. Everything from the product architecture to the business case needs to be reevaluated. Worst of all, the business thought that you were the lawyer who solved all their problems, but now you’re the guy who causes havoc and panic. And the worst kind of lawyer is the one who doesn’t have the situation under control.

Again, Eric, we got it. So just tell us how you are going to work in Agile.

Here’s the plan:

Once we have identified the project, we can then assemble our squad. The squad will be composed of six to eight members of the Legal Department, each from different teams. Ideally, I would have:

  • One lawyer who supports the business unit who owns the new product
  • Another lawyer who supports a different business unit that may use the product or a similar product in the future and who can provide a different perspective
  • One privacy lawyer
  • One information security member
  • One intellectual property lawyer
  • One tax lawyer/team member

Depending on the nature of the project, for example if it relates to an area that is self-regulated by industry stakeholders, where the regulations are unclear, or where we are heavily dependent on a supplier, we would then want to include:

  • One regulatory lawyer
  • One person from Industry Affairs
  • One procurement lawyer, or
  • One person from Risk & Compliance

Once we have identified our squad members, we set up a meeting with the new product owner who will present us with the initial product plan, prototypes or sales pitches. In this session, we can ask questions and gather information to prepare our first sprint. The product owner becomes our customer, and the purpose of the sprint will be to deliver our initial holistic guidance. These sprints occur over relatively short periods of time, so that we can provide our input quickly to the customer. The process is repeated regularly with new sprints until the squad and the customer are comfortable that the product is ready for market.

In parallel, squad members will report back to their individual Legal teams, informing them of how the new product is developing and sharing information. Throughout the project, we will have:

  • Reduced silos
  • Gained more across-the-department knowledge of the business
  • Learned more about our colleagues and taught our colleagues more about ourselves
  • Given ourselves the opportunity to take active roles in the development of new business and ownership in the success of those ventures
  • Empowered team members outside of their normal activities
  • Built stronger relationships
  • Provided more holistic iterative legal guidance, in a more efficient, faster to market way, and
  • Hopefully increased overall engagement.

So will it work? I will let you know. But in order for it to work, we need to have very good networking abilities across the business to identify opportunities for collaboration and customers willing to engage with Legal on these projects. If we don’t have good interlocutors or don’t select projects that can deliver real value, then the squad members will quickly lose interest and the customers will lose faith in our ability to deliver. Then we’re back to square one. For now, my plan is to start one project at a time.

Of course there is nothing stopping in-house counsel from proactively participating in squads that are managed by other teams. In fact, we should encourage our lawyers to play more leading roles as business partners, including taking a seat at the table in our internal clients’ Agile projects. Because at the end of the day, if you aren’t invited or going to the party, you aren’t having any of the fun!

Location Location Location

Last week, I read this article in the New York Times about Amazon’s search for a second North American headquarters, being dubbed HQ2. For both large and small, tech and non-tech companies, where you put your headquarters is a key strategic decision. It helps you attract, hire, maintain and train talent. It helps you be close to distribution and travel hubs, close to customers, and it may help better place you politically or improve your regulatory and tax outlook.

So, for example, if you area tech company looking to recruit young talent: you want to be close to universities with quality students, and you want to be located where qualified talent want to live when they’re done with college or when they start raising a family. If you think it’s cheaper to build your headquarters in the boondocks, then you are going to have to pay your team more, and keep paying them more each year to retain them.

Just think about the wars between Google, Apple and Microsoft to entice the best talent. It’s a competetive world.

All of these issues are what Amazon is thinking now. The article lists the leading contenders, and happily for me, among the 20 finalists there are three sites – Northern Virginia, Washington DC, and Montgomery Country MD – all within the Washington Metropolitan Area where I am from. The area has great universities, lots of diversity, domestic and international airports, an urban setting, and is the nation’s capital.

Similarly, I read today in TechCrunch that Google will open its AI headquarters in Paris, France. Paris is a great urban setting for young professionals, has access to universities and business schools, is the center of French political power, but more importantly as mentioned in the article:

In recent years, Google faced a huge $1.3 billion fine for tax noncompliance in France. A court in Paris canceled the fine in July 2017. But it’s clear that France represents an important market and a regulatory risk for big tech companies. Hiring people in France, investing in France and “training” people about Google’s services is a great way to lobby the French government using a bottom-up approach.

That is smart politics especially when the Europeans are giving U.S. tech companies the stink-eye.

Finally, if I were looking for inexpensive, quality developers, I would be focusing on smaller cities in Spain. Spain is full of great young talent who are willing to stay local if the opportunities are right. They are also much cheaper than other EU nationals and likely easier to manage than their counterparts in developing markets. Plus Northern Europeans are looking for any excuse to move to Spain. They just need a job. If I were the regional government in places like Zaragoza, Murcia, Alicante or Valencia, I would be bending over backwards to find the right incentives to bring tech employers to my neck of the woods.