Why Didn’t Clio Notify Users of Data Aggregation? Turns Out It Did

I wrote yesterday about the announcement by Clio at its conference earlier this week of its new Legal Trends initiative. Clio will aggregate and anonymize data moving through its system to produce an annual Legal Trends Report and to provide its customers with insights into billing and financial benchmarks.

The announcement generated a bit of discussion on Twitter, including the question raised by some of why Clio never notified its users that it would be aggregating their data in this way.

Turns out it did. Twice.

The first time was two years ago. In August 2014, Clio amended its terms of service to state the following:

2.12 Subscriber grants to Themis a non-exclusive, royalty free right during Subscriber’s use of the Service, to use the Confidential Information for the sole purpose of performing Themis’ obligations under the Agreement in accordance with the terms of the Agreement. Such rights shall include permission for Themis to generate and publish aggregate, anonymized reports on system usage and Content trends and type, provided they do not conflict with Section 4.1. 

I’ve italicized the pertinent language. The Section 4.1 it references says:

4.1 Each party agrees to treat all Confidential Information as confidential and not to use or disclose such Confidential Information except as necessary to perform its obligations under this Agreement.

According to Joshua Lenon, Clio’s lawyer in residence, Clio sent a notice of this change in its TOS on Aug. 25, 2014, to the 51,000 administrators using its system. These are the users who have administrative-level access to set their firms’ access policies.

The second time was this week. One express purpose of announcing this initiative in advance of producing the first Legal Trends Report was to give users notice and an opportunity to opt out, Lenon says. Those who opt out will not have any of their data included in the aggregate reporting.

On its opt-out page, Clio explains the steps it is taking to preserve the anonymity of this data:

  • No personally identifiable information is extracted or used.
  • No client file information is ever available or accessed.
  • Data that is extracted is aggregated and anonymized.
  • Only the 18 default practice areas in Clio are used – all custom practice area labels are aggregated into “other” prior to being published.
  • Geolocation data is only reported at the country and state levels.
  • We collect this information to publish trends and to improve our service and user experience.

“We are not touching client files at all as part of looking at this data,” Lenon says. “We are looking at functional usage data — things we are required to access for us to function.”

He analogizes this form of anonymous data collection to the circumstances discussed in a New York State Bar Association ethics opinion involving the use of email services such as Gmail that scan email to generate advertising. As long as no humans are reviewing the emails, a lawyer may ethically use such a service, the opinion said.

“People need to understand the strict barriers that Clio has to abide by in doing this analysis,” Lenon says. “We are committed to keeping information defined as content as confidential.”

Clio is not unique in performing this kind of aggregation and benchmarking. As I noted in my post yesterday, both Thomson Reuters and LexisNexis similarly aggregate law firm billing data through their products Peer Monitor and LexisNexis Counsel Benchmarking, as I discussed in this 2014 ABA Journal article.

Posted in:
Updated:
  • Anonymous data aggregation will, by default, always gets a bad rap. Even if the company had the best of intentions and high standards of transparency. When the stories break, the biggest story is always going to be one about user outrage.