An unfiltered view of all posts.

You are currently viewing Privacy Policies Are Good For Customer Relations

Privacy Policies Are Good For Customer Relations

Really, the title of this post should say that good privacy policies are good for customer relations. Many companies see the privacy policy as a necessary evil. They cannibalize market competitors’ privacy policies and call it a day, but the truth is they are missing out on a real opportunity to connect with their customers. If your privacy policy says that you can collect everything under the sun, yes, you might avoid some legal liability issues, but everyone will assume that your alarm clock app or shopping cart website is recording their phone calls. On the other hand, if your privacy policy doesn’t do enough, you could find yourself in a lawsuit for not following the terms of your own policy. 

That’s why I advocate for companies to take pride in their privacy policies.

Privacy Policies are more than just a legal hoop to jump through. With fallout from privacy breaches like with Facebook, Quora, and Newegg, privacy is moving to the front of customers’ minds. Privacy-forward companies are seeing surges in use (DuckDuckGo searches nearly doubled from 2017 to 2018), and, according to the Pew Research Center, 93% of Americans care who has their personal information, and 90% of Americans care what kind of information is held.

Privacy is now a feature of trusted consumer brands. That’s why it’s important to have thought through your privacy values. You need to understand your business model thoroughly to decide whether the collection, sale, sharing, or storage of user data is necessary to your business, because if not, you may be leaving some goodwill on the table with an overly broad privacy policy.

A broad privacy policy will help protect you during litigation, but it won’t let people know where you actually stand when consumers are deciding which brands to trust.

A good rule of thumb for a solid privacy policy is to follow the rule of the 5Ws – use your privacy policy to tell people:

  1. Who is collecting their data
  2. What data is being collected
  3. When the data will be collected
  4. Where the data goes
  5. Why the data is needed; and
  6. How the data is being collected

The above list is a bit of a simplification, but it gets the general idea across of what goes into a good privacy policy. As you’re sifting through the lives of various people with your data, remember that transparency on your end can go a long way towards building trust and lifelong customer relationships.

You are currently viewing Five Things Your Startup Can Do to Improve GDPR Compliance Right Now

Five Things Your Startup Can Do to Improve GDPR Compliance Right Now

CybersecurityThe General Data Protection Regulation (GDPR) is a robust piece of privacy legislation coming out of the European Union. You might think that being in Austin, Texas, or anywhere outside of the EU would protect you from the obligations, but you’d be wrong. If you collect data on anyone currently in, or a resident of, the EU, then you are subject to the law. The consequences for failing to comply can be huge – fines up to 4% of global revenue. That’s a huge hit. So what can you do about it?

1. Update Your Privacy Policy
The GDPR is all about transparency and consumer choice. When was the last time you read your privacy policy? When was the last time you read any privacy policy? If you collect data from users of your app or visitors to your website, then there’s a good chance that you need to have a privacy policy. What’s more, you actually need to do the things that are stated in your privacy policy. Being out of compliance with your privacy policy can open you up to administrative action and lawsuits from more than just the EU. Make sure your privacy policy is up to date with the latest requirements of the GDPR, California, and other jurisdictions – if you collect data on residents from those jurisdictions, you need to follow their laws.

2. Implement or Update Internal Privacy Policies 
The GDPR isn’t just about providing user choices, you need to also be able to demonstrate compliance when a regulator requests a demonstration. The logic of this makes sense when you think about what will happen when the EU moves to enforce – they’ll ask you to prove you’re complying, and they don’t have time to comb through your systems to find proof. Having internal policies that are protective of user information will provide a data point that the regulators can rely on to see that you’ve made an effort to comply – there’s failure to comply and then there’s failure to comply for lack of effort. There’s a chance the regulators would be willing to work with you if they see the failure as innocent and with a good faith effort.

3. Provide Users with Choices About How Their Data is Used
As mentioned above, one of the goals of the GDPR is to provide consumer choice when interacting with companies. Being able to offer consumers options with regard to data collection, use, distribution, decommissioning, and review will be necessary for GDPR compliance, so the more privacy is baked into the development process, the better.

4. Update Your Vendor Contracts to Be Privacy Conscious
Under the GDPR, you’re not just responsible for how you use and treat consumer data, but you’re also responsible for how consumer data is treated by those who you give the data to. If you, as a steward of consumer data, give that data to a payment processor, and that payment processor then uses that data in a way that’s out of compliance with your privacy policy or the GDPR, you can be held responsible for that. One defensive measure you can take is by including privacy and security provisions in each contract you enter with vendors.

5. Build Your Systems to Demonstrate How You Protect Consumer Data
Gone are the days of simply seeking to protect your data, you need to be able to prove that you’ve done it. If a European regulator comes knocking on your door asking whether you’re protecting consumer data, telling them you’ve done so is not enough. Instead, you’ll need to show them how the processes work. When a user opts out of marketing materials, can you show that choice has been memorialized somewhere? Can you show that you work to ensure that those choices are honored? Those are the types of things you should orient yourself towards.

As you might have gathered, the GDPR (and other privacy laws) is no joke. When the GDPR was first announced, they provided companies with three years of runway to get their systems compliant before enforcing the laws. At this point in time, the EU expects compliance. You really should talk to an attorney to make sure you’re in compliance, but hopefully taking these steps will get you part of the way there!

You are currently viewing Would Batman Be A Criminal In Texas? Part 2

Would Batman Be A Criminal In Texas? Part 2

Part 2

An overly aggressive man in a mask is telling you to empty your wallet. You sigh and explain to him, the government already did that, and besides, you’re in line to deposit a check – who carries cash anymore? You see the gunman’s eyes narrow in fury, as he lifts his gun and shoves it in your face, telling you to keep your mouth shut. Fear suddenly grips you, and flashing before your eyes is a question –

Is it legal for Batman to carry and use his weapons?

As everyone knows (or should know), Gotham’s Dark Knight doesn’t go in on guns. So, if the World’s Greatest Detective took up residence in the Lone Star State, he’d have some more interesting (if less hot-button) issues with his combination of Batarangs, Bat-Bolas, and Bat-Darts than, say, Deadshot with his 8 million rifles. So let’s take a look at those three items, and see what’s legal and what’s not.

1. Batarang
On September 1st, 2017, the rules on knives in Texas changed pretty drastically. Before that, the Batarang would’ve fallen under the “illegal knife” law as a “hand instrument designed to cut or stab another by being thrown” (also, if there has ever been a Bat spear, that would’ve been illegal here too). But now, the Batarang would be allowed absolutely anywhere if it was under 5.5”, and Batman would only be prevented from carrying a Batarang over 5.5” in these places:

  • Schools and on any passenger transportation vehicle of a school
  • Polling Places
  • Courthouses
  • Airports past Security Screening (all knives are already prohibited by TSA)
  • Racetracks
  • Within 1,000 feet of the premises where an Execution is being conducted, if posted
  • Establishments (bars/restaurants) that derive 51% or more of their income from alcohol sales and which have a RED 51% sign posted
  • Sporting Events (high school, collegiate or professional sporting event or interscholastic sporting event)
  • Correctional Facilities
  • Hospitals
  • Nursing Homes
  • Mental Hospitals
  • Amusement Parks
  • Churches, Synagogues and Established Places of Worship.

Assuming Batman wasn’t going to watch the newest version of Robin play Quidditch at UT-Austin, he can happily walk along with a 6″ Batarang. How useful that would be is a question for another time.

2. Bat-Bolas
As long as it’s not fired from a device that has been modified, Batman’s Bat-Bolas are A-OK to carry around. I mean, come on, this is Texas, proud land of cowboys and lassos, did you really expect bolas to be no good?

3. Bat-Darts
As any pub game aficionado will tell you, there’s nothing illegal about carrying around darts. However if Batman wasn’t stepping up to the line to throw, but shooting them from a Bat-Dart-Launcher, he’s running into issues with the Zip gun ban under Tex. Pen. Code 46.05(5) (that’s the non-firearm modified to shoot other things, mentioned above). And, if he’s got any of that patented shark-repellent, knock-out-spray, or any other chemical “capable of causing an adverse psychological or physiological effect on a human being” he’s running into trouble with Tex. Pen. Code 46.05(4).

To sum it all up, it’s like this:
The Batarang is a knife, and since 2017 has been legal just about anywhere except the ‘prohibited places’ (that list of places applies to pretty much any weapon, by the way).

I’m going to bet that a Texas Legislature has never actually considered the legality of a bola, bat- or not, so that one falls through the cracks, and is going to be legal to carry anywhere, as it’s not even classified as a weapon.

The Bat-dart also wouldn’t be classified as a weapon, but anything Batman put on them to aid in his crime fighting would definitely be a chemical substance that would be prohibited.

Two follow up points.
1) While possessing these weapons might be legal for Batman, keep in mind that using them, in almost any way, is incredibly likely to saddle him with felony assault charges. Moral of the story? You can carry a big knife, you can’t stab people with it.

2) If Batman ever decided to start using a Bat-Tomahawk, he’d be out of luck. The Texas Penal Code specifically lists Tomahawk (a single-handed axe, of a size similar to a hatchet, originating in North America and typically used by various Native American nations and later European settlers) as a ‘club’ and prohibits anyone from carrying said Tomahawks in public. Mind you, an axe is not listed, nor is a hatchet. Batman could walk down the street carrying a typical European longsword, a lumberjack’s axe, or a long gun, but no Tomahawks. I’ll let you make a guess about the logic behind this oddly specific law. Hint: it’s probably racist.

Stay tuned for Part 3 as I dig deeper into the potential crimes of the Batman.

This guest post was written by criminal defense attorney Carl Guthrie.

Carl Guthrie is a criminal defense lawyer who will proudly stand beside you when the sh*t hits the fan. He practices primarily in Austin, TX, but for the right fight is probably willing to travel. Find out more at GuthrieDefenseLaw.com.

If you would like to write a guest post on the criminal side of Batman, reach out to me through the contact page.

You are currently viewing Texas Opportunity and Justice Incubator’s Fourth Cohort

Texas Opportunity and Justice Incubator’s Fourth Cohort

Promise Legal is part of the Texas Opportunity and Justice Incubator’s Fourth Cohort. The Texas Opportunity and Justice Incubator (TOJI) is an initiative by the State Bar of Texas to provide attorneys dedicated to bridging the justice gap with the resources necessary to succeed. TOJI also helps attorneys bake pro bono services into their practices – each member performs 10 hours of pro bono service per month. The program is 18 months long, and encourages outside-the-box thinking in terms of services, pricing, and structure.

The latest cohort has attorneys in a variety of practice areas, including business, criminal, family, and immigration law. The members rely on weekly trainings given by State Bar employees, as well as the experiences of the fellow cohort members to support their practices. From keeping websites up-to-date, to learning new areas of law, being able to ask your neighbor for help keeps the attorneys flexible in providing legal services.

Read more about TOJI at this link.

You are currently viewing Athlete Entrepreneurs

Athlete Entrepreneurs

​When you think of a professional athlete, you probably don’t think about what they’re planning to do after they retire. Turns out, most athletes don’t either, but a small number of them are blazing the trail into entrepreneurship. ​

Two of them participated on a panel during SXSW. Walter Powell and Josh Martin, alongside sports agent Justin Giangrande, answered questions posed by Erica Duignan Minnihan, Founding Partner at 1000 Angels & Reign Ventures.

The two athlete-founders had different motivations for why they started thinking beyond their careers in sports.

Powell found himself unfulfilled in his career, and he turned to his older brother for advice. Powell found he had no answer when his brother asked him, “What’s your purpose?” After a lot of soul-searching, Powell discovered he had a passion for keeping people informed about politics, so he launched a startup called Politiscope with his best friend – before development of the app, his friend was his own personal Politiscope.

Martin on the other hand, always had one eye on the exit. He didn’t get picked up in the draft, and when he finally did get signed to a team, he ended up playing for four different teams in his first year. He knew after that first year that his football career could end at any moment. He holds his education at Columbia in high regard, and says his motivation to play for them was the job security his degree could get him. Now he runs a podcast and is planning a trip across America to ask regular people about the issues affecting them.

The two players mused on stage over the short duration of an NFL paycheck for the vast majority of players. The average player has 2.6 years in the NFL, and the average contract length is 2 years. That’s not a lot of runway.

When asked about how they got involved in entrepreneurship, for both players, it was all about the networking. The support system is crucial. According to Giangrande, new, nimble, and future-focused agencies do what they can with players to support them in every decision they want to make, whether on the field or off it. Powell chimed in that current players will never be more relevant than they are now, and they should use their school’s alumni network to get plugged in early. Martin added, don’t be afraid, use your time in the limelight to practice your networking, and set yourself up for future success.

You are currently viewing Army Futures Command is Here

Army Futures Command is Here

The future is not predetermined. The last 75 years do not guarantee the next 75 in terms of military or diplomatic dominance.

Conflict in the “gray zones” has expanded – that mean’s undeclared conflict such as the conflict in Crimea or a cyber-conflict. And the rate at which information spreads has lent itself to the creation of a high-velocity environment.

The US Army has come to Austin and brought with it a new 4-star command: Army Futures. Army Futures Command controls a nearly $50 billion dollar budget dedicated to R&D and materials development, and that’s why they’ve come to Austin.

Deputy General Eric J Wesley said the one thing the US military is not good at is changing, and things that don’t change, die.  So they wanted to come to a place where weirdness is embraced, and entrepreneurship flourishes, and hopefully have some of that spirit spread into the Army’s R&D culture. They are hoping that the Austin economy can help update the Army’s approach to technology. The days where military technology outpaces civilian technology are no more. According to Wesley, the private sector outspends the military 3-to-1 on tech.

Ironically, Army Futures Command’s arrival in Austin has brought several of the large defense contractors to town, but the traditional partners of the military are exactly the group that the Army is trying to avoid. While having more large companies come to town may be good for startups looking for partnerships, the real benefit is AFC’s commitment to the startup ecosystem.

Companies looking to get involved in the AFC ecosystem should visit the Army Applications Lab sitting at the Capital Factory. That’s the best place to determine how prepared your solution is for AFC, and what steps you need to take to make a deal happen.

You are currently viewing How Common are CyberAttacks?

How Common are CyberAttacks?

Cybersecurity is entering mainstream consciousness more and more. Every attack that passes raises the question, a little bit closer to home – will I be next?

A recent study conducted by Sophos and Vanson Bourne of 3,100 IT managers globally had some surprising results.

68% of organizations surveyed fell victim to a cyberattack in the last year. That means that these organizations were unable to prevent attackers from entering their network and/or endpoints. Additionally, those organizations that were victim of at least one cyberattack suffered an average of two attacks within the one-year period.

The organizations reported that threats were in their systems for an average of 13 hours before being detected. The report is quick to point out that the 13 hour number represents the minimum amount of time a threat was within the organizations’ systems.

Additionally, the 2018 Verizon Data Breach Investigations Report states that (coincidentally) 68% of cyberattacks take “months or longer” to discover. The disparity between the two statistics is probably accounted for by the difference in capabilities – companies who are breached are not in the business of cybersecurity, their teams do the best they can with the tools they have, but they are underequipped and unable to analyze and respond to threat horizons with the precision of cybersecurity providers.

These reports highlight the need to have a strong cybersecurity plan in place, not only technical measures but operational ones too.

Over a quarter of attacks come from inside threats, with about 17% of all breaches resulting from employee error and 4% coming from clicks on phishing campaigns.

Insider threats can be somewhat addressed through technical measures, but having clear policies in place regarding data operations, regular auditing of compliance measures, and consistent employee training. 

A well equipped, well prepared team can mean the difference between prevention, neutralization, and recovery, and a staggering blow to productivity and consumer trust.

You are currently viewing Do You Care About Your Customers’ Rights Enough to Pay Them to Read a Contract?

Do You Care About Your Customers’ Rights Enough to Pay Them to Read a Contract?

An insurance policy buried a $10,000 prize deep in the contract, stating, “If you’ve read this far, then you are one of the very few Tin Leg customers to review all of their policy documentation,” the contract then provided instructions for the winner to redeem the prize.

​$10,000 is a cheap price for all of the benefits the company will receive from this move:

  1. Great publicity. Who doesn’t want to get insurance from a company like that? And now ​their name is plastered across the internet.
  2. Great for court. Can you imagine going to court against this company about the language of their policies? “Your honor, I would like to point out that my client incentivized people to thoroughly read their contracts – always.”
  3. Goodwill from current customers. Even the customers who didn’t capitalize on the offer will have to feel good about their current insurance company. The company feels more honest, and people will be less inclined to shop around for options.
  4. Encourages transparency. Moves like this, and the benefits that flow from them, contribute to the honest practice of law and to the trust relationship between companies and their customers.

Given the costs of marketing, customer retention, and litigation, $10,000 seems a small price to pay for all that Tin Leg was able to accomplish.

If you’re looking to run your own contest or sweepstakes, make sure to follow good practices! Social Media Contests and Sweepstakes.

Original story here.

You are currently viewing A Google Cybersecurity Solution for Everyone

A Google Cybersecurity Solution for Everyone

Alphabet owned company, Chronicle, just announced a new product offering – Backstory

The small Google affiliate promises affordable pricing based on the number of employees that a company has rather than the amount of data used. Depending on what those figures end up being – it could have a big impact on the state of cybersecurity regulation.

The FTC is the de facto enforcer of cybersecurity standards among businesses, and they have moving goalposts regarding the adequacy of a company’s cybersecurity practices:

“From the outset, the FTC has recognized that there is no such thing as perfect security, and that security is a continuing process of detecting risks and adjusting one’s security program and defenses.  For that reason, the touchstone of the FTC’s approach to data security has been reasonableness—that is, a company’s data security measures must be reasonable in light of the volume and sensitivity of information the company holds, the size and complexity of the company’s operations, the cost of the tools that are available to address vulnerabilities, and other factors.  Moreover, the FTC’s cases focus on whether the company has undertaken a reasonable process to secure data.”

Taken with the possibility of affordable cybersecurity solutions based on company size, smaller ventures no longer have the reasonableness standard to hide behind when they engage in poor cybersecurity hygiene. Even though the standard remains the same, this means “more” regulation.

Even if the potential lower costs means adding an extra expense, it’s really a big win for consumers and businesses alike. Consumers can feel more confident in sharing their data with businesses (which is often part of a company’s business model), and companies can rest easier knowing that they no longer have to be the ones who let customer data leak for lack of trying.

You are currently viewing The Problem of Algorithmic Bias

The Problem of Algorithmic Bias

When thinking about what it is to be biased, people tend to think of someone living in the backwoods, brooding over how “They took our jobs,” and cherry-picking statistics to self-validate their own prejudices against people of other colors, creeds, and backgrounds. Well, that’s stereotyping and shame on you for doing it. 

Bias is overlaying one’s assumptions and simplifications on top of a complex and nuanced person, idea, system, or thing (1)Bias is part of the human condition, it’s how we function (2). Imagine trying to grasp every subtlety of any given situation at all times: it’s inefficient, impractical, and socially awkward. As functioning adults, and sometimes professionals, we are expected to just know things. Asking questions can feel imposing and embarrassing. That’s just how it is. We as humans are simply uncomfortable with acknowledging uncertainty. Bias is inherent and unending, and its minimization should always be pursued.

Bias is already a problem. There was already so much inherent bias in the way that individuals were living their lives that the law had to be changed (several times) in order to try to mitigate the effects of biases (3). However, as bad as it is, what’s the worst thing that can happen when an individual factors an implicit or even explicit bias into their decision? You think, “Wow, what an asshole.” What if that person is representative of, say, a particular restaurant in a community? You avoid that restaurant, and maybe you have a bad time the first and only visit you make to the restaurant. What if the person is representative of an entire town, state, or country? Suddenly the problem is no longer a negligible and easily avoided nuisance.

The problem with algorithmic bias is the difficulty in detecting it and its cold scalability (4). Even those who actively challenge their own biases can accidentally implement their own biases, and when you’re dealing with products that can be downloaded at the touch of a button and delivered to millions of people instantly, suddenly the scale of that minor problem becomes immeasurable. The problematic program scoops up data and spits it out like pulp from a mill. But despite all best intentions, we’re all subject to the law.

There are two main problems of law with bias. One problem is a priori and one is a posteriori. The experience of believing in the basic essence of a thing being universal to the plurality of instances of that sort of thing requires no applicable experience for the negative implications to be apparent — if one is operating on biases when approaching a person or situation, one is missing the richness of the entirety of the situation or person’s character. If one is experiencing a bias, one has already diminished the fullness of an experience. The a posteriori problem follows from the search for the a priori problem. The a posteriori problem is one of direct impact on the subject of the bias, as well as the indirect effects which are far more difficult to define. The indirect effect is the ripple effect, the thumb on the scale. The direct impact of bias is the imbalance created by the effect on the subject, the indirect impact is the affirmation of the initial bias.


  1. http://www.dictionary.com/browse/bias
  2. https://www.boston.com/news/science/2013/02/05/everyone-is-biased-harvard-professors-work-reveals-we-barely-know-our-own-minds
    1. https://www.psychologytoday.com/blog/the-media-psychology-effect/201604/mris-reveal-unconscious-bias-in-the-brain
    2. http://neuroscience.uth.tmc.edu/s4/chapter06.html
  3. https://www.law.cornell.edu/constitution/amendmentxiv
    1. https://www.law.cornell.edu/constitution/amendmentxix
  4. https://www.theatlantic.com/technology/archive/2016/04/the-underlying-bias-of-facial-recognition-systems/476991/