In May 2019, the song “Every Breath You Take” by the Police was recognized by BMI to be the most played song in radio history, played 15 million times. Although some have thought it a romantic ballad, Sting himself felt the song was “sinister” so much so that in 1988 a sociologist found it “nicely captures elements of the new surveillance.” He was referring to ankle monitors. Now, that’s not even a blip on the technology radar.

While 15 million plays is very impressive, it’s nothing compared to the number of people exposed to the even more sinister type of surveillance – that of cyber-thieves. For example, in 2014, 3 billion Yahoo users, 500 million Marriot customers and 412 million users of Adult Friend Finder, all had personal data stolen. (Though for “Friend Finder” there was likely more blackmail than identity theft.) For us, the risks are significantly higher as a single data breach can ruin your firm. But there are best practices. In 2015, as a result of over 50 legal actions against companies involved in data breaches, the FTC published some lessons we can learn:

Be a Minimalist

The FTC has a simple formula: Don’t collect information you do not need and if you do need it, hold it only as long as there is a legitimate need. For example, one retailer collected payment data at the point of sale. However, once the sale was consummated and transaction complete, it continued to retain it for 30 days. As you can guess, in that small window, hackers stole the data.

Be Exclusive

While outside attacks are most common, it is just as important to limit access internally. When choosing what data to retain, determine who actually needs access. Put differently, almost no one needs access to everything. While seemingly trite, it was news to Twitter. Yes, that Twitter, used for inopportune mental meanderings of politicians and celebrities. The FTC found Twitter actually allowed nearly all of its employees to have administrator rights, a situation that was exploited. Likewise, where your data is physical or later becomes physical through transmission or printing, limit who can send or print documents.

Be a Joiner

When it comes to security, don’t do it yourself. While it may seem counter-intuitive, going alone or with a lesser-known vendor may actually increase your danger. According to the FTC, the more widely known encryption processes are extensively tested against an array of cyber-security challenges. Proprietary or newer processes likely have not been tested as strenuously and may have easily exploited flaws, as the FTC found in its action against ValueClick. While bigger may not always be better, following the crowd is the better bet in cyber-security.

Be a Divider

Not every computer in your network needs to communicate with every other computer because it is in linked network portals where hackers begin their access. And, even if you segment your computers, further subdivide your database so that secured data is additionally segmented from network access, thereby requiring several layers of hacking to gain access. Even with that structure in place, ensure you monitor your network for suspicious activity. For example, one company without such monitors allowed a hacker to log in and install programs that collected that data for retrieval every few days. Easy money indeed.

Trust but Verify

For us, FDCPA compliance policy and procedures are taught as gospel. It should be no different with data security. Ensure your e-security protocols are written, updated and made mandatory. Moreover, because there is vicarious liability for data breaches caused by your vendors, mandate they comply with your firm’s security expectations and then audit them to that practice. In addition, do not limit your testing to FDCPA and FCRA. At our firm, our IT department not only educates on cyber security, we test on it. For example, fake emails with the sort of links hackers use are sent to staff to see if they can resist the urge to click and report the attempt. If they do, we give out a toy fish.

With so many areas of concern, Luddite attorneys like us may simply hope that our security is sufficient. But in a world where a single hacker using Starbucks’ Wi-Fi may have hacked a bank, data security is no different than malpractice insurance. As a solo artist, former Police singer and bassist, Sting, bemoaned walls in “Fortress Around Your Heart.” He’s less gloomy about a fortress around his hard drive.

Michael L. Starzec is a partner with Blitt and Gaines, P.C and is vicepresident of the Illinois Creditors Bar. He is a frequent speaker, writer and litigator on creditor’s rights.

If you were to ask me, a court-going litigator, to discuss tech breakthroughs, this would be a dull article. I would extol e-filing, as it allows me those final, final, final edits well after 5:00 p.m. Next, I would mention remote access allowing me to work, as I am now, while waiting for court. Finally, I treasure the ease of converting Word documents to PDF (and vice-versa). As it turns out, that last function is the heart of a revolution in efficiency.

Make Many Documents Few

No, we’re not talking about the first impression you make when you walk in the room. Optical Character Recognition, or OCR, is simply the electronic conversion of typed or printed text into machine coded text. This, in its most basic sense, is what Adobe or other PDF conversion programs do. However, this is OCR’s most basic function. OCR use has not only made e-filing simple and easy, but in its broader applications, it makes possible text-to-speech and text mining. That sounds like technobabble and it is but OCR has changed the most important aspects of a collection firm: court filings, compliance and payment processing.

Our firm undertook a major effort to “tag” documents, having our OCR technology recognize key words in forms and court orders to trigger later events. For example, once an order is scanned, we can run a search by county and specific order type (judgment/alias) and tell the system to undertake a certain task – have an alias summons printed for attorney approval, prepare a report for the client of all the judgments from Washington County, etc. Staff time is saved from manually reviewing and coding on each individual file. This also allows us to check results. If we go to court with 25 files and postcourt we run a report and find we only have 23 orders, we can easily determine which are missing and what happened.

At the same time, once the OCR has determined an alias needs to issue, it creates the PDF form, telling the system to pull the previously filed complaint to accompany the alias. Then, it combines it with other cases set in the same county on the same date, depositing them in a file folder for review and approval by attorneys. Gone is manual data entry and physical printing of pleadings. Yes, manual reviews by staff and final approval by attorneys takes place, but the heavy lifting of printing, collating and matching documents is largely gone.

Payment Processing Enhanced

The same system affected our payment processing. OCR changed how we look up, present, and process payments. By reducing manual data entry, we sped up payment processing and increased accuracy. We also utilize the inverse of OCR for monitoring compliance in our phone conversations with consumers. Speech-to-text call auditing allows for control reporting to ensure compliance with legal and client standards for better call experiences and reduced audit findings. In addition, it catches items not coded properly – the consumer claimed fraud but we coded as a dispute – One requires an affidavit and investigation, the other requires validation.

However, for any system of data automation to work, you have oversight and controls. The key to this process is control reporting. Our internal audit process verifies everything that should have printed and every payment received is properly credited. Hence a robust internal compliance procedure and team is key to ensuring an OCR based system works.

In effect, for lawyers, words now serve two different purposes. On the one hand to persuade and on the other to provide a mechanical framework to ease the workload on your office.

Michael L. Starzec is a partner with Blitt and Gaines, P.C and is vicepresident of the Illinois Creditors Bar. He is a frequent speaker, writer and litigator on creditor’s rights.

When my wife and I were in California, she insisted on taking a picture next to the sign outside Facebook’s HQ, a sign bearing the ubiquitous “Like” icon. There, I noticed that the reverse side of the sign bore the logo of Sun Microsystems. This confounded me. Is Zuckerberg that cheap? However, Zuckerberg purposefully did this when they took over Sun’s campus to remind employees what happens if you fail to innovate. In 1998, Sun was on top of the world. Two years later, Microsoft, Intel and Linux caught up with Sun and offered their comparative products at a cheaper price. Ten years later, the company that had called itself “the dot in .com” ceased even to be a dot on the map.

The same holds true in our industry: The FDCPA remained stuck in the 1970s, lacking only bellbottoms, pet rocks and a Bee Gees album to complete the look. Then, on May 22, 2019, the CFPB proposed rulemaking to finally address the 21st century.

Recognizing communication technology evolution has led to a consumer preference for email, texts or web portal communication, the CFPB proposed rules for the new communication modes. First is a “limited content message” that will not qualify as a communication under the FDCPA, so long as it does not communicate certain specific pieces of information that can be texted or emailed. Second, Cease and Desist requests will be specific to the form of communication. For example, a consumer can designate emails as their preferred communication means and limit all others. Third, the rules will allow use of emails and texts in debt collection, with certain limits, such as inclusion of instructions to opt-out of receiving emails or texts. Finally, the rules would set out procedures to protect debt collectors from liability for unintentional third-party communication when using emails or texts.

The proposed rules will allow the transmittal of required correspondences via email or text. In addition to a safe harbor initial demand letter form, a debt collector will be able to send that initial demand electronically. If sent in that manner, the Bureau will set forth requirements and allowances for debt collectors to provide prompts within the communication for disputes, validation and other features. Hence, the consumer could click on a link in your demand letter to dispute the debt, cease and desist or make a payment. To further protect debt collectors, the Bureau would create a model validation notice, clarify how to validate debts electronically and a safe harbor if the debt collector complies with certain steps when delivering validation notices within the body of an email, if that is the initial communication.

When Netscape Navigator was deemed David to Microsoft’s Goliath, Bill Gates is claimed to have said they had to “innovate or die.” That is no different here. The CFPB is proposing these rules and on their face, the changes are refreshing, they seek to balance the overreaching of the former CFPB chair and allow for our input. Now, given the relative fairness of the proposal, we could sit back and let the process play out. However, it is important that we stop being reactive and be part of the change. I can guarantee that our friends on the consumer side will loudly proclaim these proposed rules are bad for consumers. As we know, they really mean that the rules will be bad for business. This is a chance not simply to modernize communication but create black and white standards to protect us against the endless lawsuits that feast on the gray areas of the FDCPA. Let your voice be heard, whether on your own or through a national organization. Shape the future, don’t be shaped by it.

Michael L. Starzec is a partner with Blitt and Gaines, P.C and is vicepresident of the Illinois Creditors Bar. He is a frequent speaker, writer and litigator on creditor’s rights.

One of the most enduring scenes in Francis Ford Coppola’s “Patton,” is Patton’s speech whose purpose is clear: to motivate men to fight. The speech is really a collection of Patton’s most colorful quotes, woven together as an exhortation to perform well. For myself, I’ve never liked the rah-rah speech as I am pretty self-motivated. However, that is not a humble brag. You see, my dad lived through the Great Depression, spent his 18th birthday (June 6, 1944), at place called Normandy, then fought in Korea and Vietnam. Hence, if I ever told my dad about being unmotivated, suffice to say, there was not a ton of sympathy for esoteric angst over my desk-job travails.

With that upbringing, I found it hard to relate to an unmotivated employee who knew hard work likely meant better pay. Understanding their pay was not the sole motivation was a revelation: Patton’s one-size-fits-all motivation was appropriate because that’s how militaries work. As was noted in Peter Jackson’s recent World War I documentary, “They Shall Not Grow Old,” a soldier who complained about small boots was told: “It isn’t the boot that doesn’t fit you. It’s you who doesn’t fit the boot.” In today’s economy, that is not the answer.

Recognition

In collections, the bottom line is dollars making it easy to assume every aspect, including employees, is motivated by money. However, Harvard Business School found that perks, promotion and pay “don’t necessarily excite people to work smarter or harder. Instead, they prompt employees to do only the minimum required to get that next raise or job title.” Instead, studies by MIT, the London School of Economics, and Carnegie Mellon found that recognition from managers and peers results in employee motivation and retention.

Motivation and retention are intrinsically linked. When an employee leaves, there is recruiting, interviewing, training, resulting in reduced productivity for the manager who is interviewing then training as well as the new employee who will take time to get up to speed. All of this increases your operational costs. These findings are not the esoteric musings that did not impress my father: A Gallup study of 10,000 business units in 30 industries found that recognition leads to retention, increased employee effort and profitability.

Engagement

For us to organize with this mindset, the first step for me was personal engagement with new attorneys from the start. There you can determine aptitude, interest and ability in litigation, drafting, court appearances, organizational skills and willingness /confidence in public speaking. This allows us to focus on specific training and channeling the attorneys to their strengths. Additionally, we do not learn the attorney’s skill set but we get to know the person.

We also make an effort for spontaneous, departmental recognition. When a new associate wins their first trial or hearing, all the attorneys receive an email about the attorney’s accomplishment. Likewise, client or judicial compliments, effective handling of a difficult matter, or identification of a compliance issue are announced to their peers. Importantly, we ensure the other partners are aware: It is one thing to have your manager recognize you and another to have a partner do so.

Stay Connected

Finally, I try to stay connected with what my attorneys are doing: I attend volume court calls, review pleadings and placements – this lets me know what my team is juggling on daily basis. Consequently, I can make more informed decisions on time management and staffing while showing engagement. And it’s never a bad thing to occasionally bring coffee and some good donuts. Thus, it’s not the necessarily the Carrot and Stick approach because, as author Dan Pink noted: “Humans aren’t horses.”

Michael L. Starzec is a partner with Blitt and Gaines, P.C and is vicepresident of the Illinois Creditors Bar. He is a frequent speaker, writer and litigator on creditor’s rights.