A Learning Moment For Those Not Using Lean Thinking
Recent email problems highlight how a bit of process can help us avoid failure
The recent spate of email failures reminds me of the general counsel’s lament: if my company would just get sued in a major lawsuit, management would understand why we need to do what I say. Sometimes, out of frustration, general counsel wish for bad things so that others in their company will see how important it is to take proactive measures. Of course, they don’t really want the bad thing to happen, it would just make change management easier.
Law firms are not of the same ilk as their clients. Most law firms like to live on the edge, daring the fates. This may sound odd (aren’t law firms the classic conservative institutions?), but if we take a peek at what law firms fail to do, you will see how law firms love to live dangerously.
To many lawyers, it seems like the law firm where they work is stifling them with procedures. Join any organization and you sacrifice personal flexibility to organizational preferences. If that organization happens to be a law firm, lawyers see administrative procedures taking over their lives.
The procedures are understandable even though they may be undesirable. Everyone must submit their billable hours by a certain date and in a specific way. Travel expenses must be tracked and assigned to the proper client. Documents must be accessible on the main system (loosely honored). When you live in a society, personal freedom gives way to societal needs.
When it comes to practicing law, however, firms are hands-off. Each lawyer practices in whatever way they prefer. I recently described the situation as the Wild West. Transaction lawyers each do deals in their own way. Litigators handle cases in their own way. If variety is the spice of life, then law firms are the modern spice rack. This leads to the strange problem of law firms setting their lawyers up to fail. And fail they do, time and time again.
Anyplace people love to talk about lawyer failures has been filled in the past few months with some spectacular lawyer failures, all involving email. There was, of course, the Ty Cobb exchange with an email prankster who was baiting Cobb to say something stupid. Cobb is White House special counsel who formerly was a partner in a major international law firm. He obliged the prankster and his lack of judgment was quickly made public for all to see.
Abbe Lowell, Jared Kushner’s lawyer, fell into the same trap — with the same prankster. The prankster sent Lowell an email from an email account that had Jared Kushner’s name in it. The email suggested Kushner was in the possession of adult content pictures and asked for advice. Lowell responded to the email, fortunately for her with a benign “call me.”
For Lowell, the story did not end there. When the Senate Intelligence Committee contacted Lowell to find out why Kushner had failed to disclose he used a personal email account for government business, Lowell sent the letter (by mistake) to the prankster. Twice burned.
For the law firm WilmerHale, the email problem was self-inflicted. A lawyer at the firm sent privileged documents belonging to the firm’s client, PepsiCo, to a reporter at the Wall Street Journal. The Journal published information in the documents. WilmerHale was left with making public apologies and, presumably, a rather unhappy client.
All of these stories share a common theme beyond email. They all could have been prevented if the organizations and individuals involved were a bit more process focused. In each instance, a few procedures would have saved these lawyers and firms from public embarrassment. This is where law firms and their lawyers prefer to live risky lives rather than rather than recognize the pain they inflict on themselves and clients is greater than the cost of being safe.
Lest you think process is for those who work on production lines, remember processes are central to your life. Fly on airplanes? Guess what would happen if pilots and air traffic controllers did not follow processes. Have surgery? Better hope the doctors and nurses follow some processes. Process is central to our daily lives.
“Process” is not a bad word. We follow processes every day to get through our lives. Take a few minutes to consider your morning “routine” and you will realize that it is a process. If you still think that is not the case, then answer this question: how often do you put your outer clothes on and then put your underwear on? Doesn’t happen, right (I am excluding the possibility that you are a budding rock star and doing so is your new fashion statement).
In many cases, we think of processes as habits. It is the way we have developed to do something. We do not record the process, keep metrics on it, or look for ways to improve it (though sometimes we do). It is just what we do.
Now, let’s go back to those email problems. What if, instead of saying to the lawyers “do whatever you do, but if it goes wrong you will be to blame,” the organizations involved had established processes for handling what were obviously highly sensitive communications. (I realize Ty Cobb was not working at his old law firm when his problem occurred, but let’s assume he would have carried the old process forward with him.)
Lowell received an email on a highly sensitive topic and responded to it without checking (we presume). Then, he sent his own email to that wrong address. What process could have helped Lowell avoid the embarrassment of responding to a phishing email and then using the wrong email address? At a process-oriented organization, we would map what happened (probably not the first occurrence in the firm). Then, we would look for ways to improve the process. I can’t turn this article into a process improvement event, but I can use some ideas gathered from prior events to show what process could bring to the problem.
The most obvious change would be: do not respond to sensitive emails by selecting “reply” and typing your response. Start a new email chain using a known, correct email address if you are going to send an email. We would hope that Lowell tried calling Kushner, could not reach him, and only then responded to the email. If not, we could add to the process “call, don’t hit reply.” Following a process with these two simple steps would have eliminated the first problem.
The second Lowell problem probably came through one of two routes. Either Lowell used the autofill feature when addressing his email to Kushner, or he picked the wrong email in his chain as the starting point for his attempted email to Kushner. Easy fixes: disable autofill and don’t use prior emails as starting points, begin with a fresh email.
Cobb’s email faux pas came from responding to an unknown email source. He did not know the person emailing him and he didn’t check. So much for lawyer caution. Process change: confirm email addresses before responding, especially on sensitive matters.
Let’s move to the most interesting email process failure: sending privileged documents to a reporter. In lean thinking, we do not blame the person for a process failure, we look to the process to see how the design enabled the failure to occur. I do not know what processes or procedures WilmerHale had in place to prevent this incident from happening. At a minimum, they need improving. If there were not any processes intended to minimize the chances that an email with sensitive information would be sent to the wrong person, then we can look to management and ask “why”?
What could be done from a process standpoint? Again, some quick ideas from past experiences come to mind. If the WilmerHale system has its email system set up to suggest recipient email addresses (the autofill feature I mentioned earlier), that feature could be turned off. We all have gotten caught sending an email to the address suggested by the email client only to find we jumped too fast. The first “Grady” it suggested was not the “Grady” intended as the recipient.
Privileged documents are very sensitive. These were available electronically, so they could have been locked in an electronic vault. The process could have required security steps before documents were sent or removed from the vault. For example, the “two signature” rule applied when I was working at a pharmaceutical company. To remove controlled substances from the physical vault (e.g., codeine) for use in manufacturing, the mixing technician and I (the quality control technician) had to both be present and participate in the procedure.
Why were the documents being emailed? If they were in a digital vault and someone at PepsiCo needed access, a separate procedure should have existed for accessing the vault. This is not highly technical stuff. Large law firms use deal rooms every day. The security procedures control who has access to the vault. Document cannot be removed from the vault unless specific authorization has been given to the person who wants to remove the documents.
The point of this story is not to design the processes and procedures any organization or person should have used. I also am not ignoring the tension that exists in each environment. Lawyers are trained as service professionals. They want to keep the client happy, so they want to move quickly to meet their client’s needs. Lawyers also face many demands, and time is money (that is the subject of another post), so lawyers feel the need for speed.
The point is this: law firms and other legal services organizations set their lawyers up for failure by letting the lawyers run ad hoc systems. They let them down by not developing processes and insisting lawyers follow them when process matters more than individual creativity. They expose their lawyers to potential liability, client embarrassment, and other nasty consequences. They do all this in the name of freedom and keeping professionals happy. They fail to recognize that technical illiteracy runs rampant in the profession.
Inconsistency among lawyers has not gone unnoticed. Clients see it in more than how lawyers handle emails, they see it in how lawyers handle the matters client entrust to them. Not only do they see it, but it is a reason some 60% of them cite for not giving work to law firms. Imagine a client had a 10-page contract. The client gave the contract to 10 lawyers in your firm (or law department, or legal aid office, or any other legal services provider you pick) and asked them to mark it up and give it back. The client would get 10 contracts, in 10 different time frames, with 10 sets of comments. Some comments would overlap, but many would not.
I tried this experiment once, but I only gave out five copies. What I got back was a mess. As the client, which version do you pick? Why did it take 10 different time periods to review? The questions go on and on. Many of the comments reflect style over substance. Why should clients have to sort through this inconsistent work product? How do you trust?
Reducing the lack of consistency problem is not that hard and yields tremendous benefits (like minimizing the chances of email problems). Work product improves in quality, turnaround times get shorter, efficiency improves, and clients benefit. These aren’t guesses about the benefits, they get documented every time we put processes in place. Yet, law firms continue to resist. Next time you hand a matter to an outside lawyer, ask what they did that day to improve consistency. If the answer is “nothing,” ask yourself why you like taking big risks with your lawyers.
Ken is a speaker and author on innovation, leadership, and on the future of people, process, and technology. On Medium, he is a “Top 50” author on innovation and leadership. You can follow him on Twitter, connect with him on LinkedIn, and follow him on Facebook.
