Application of Legal Technology: Critical evaluation of some use cases 1

 

Technology is fast changing how industries operate today. The fast-paced innovations and their consequent applications in industry have led to a more rapid advancement in the operations, strategy, and management of these industries. The law sector has not been spared by the ravaging fire of technological innovations fast changing the playing fields of industries. It has introduced new regimes of data-driven decision making, legal analytics, prescriptive forecasting, and contract reviews, due diligence, automated client advisory services amidst a myriad of other use cases within the legal sphere. This has led to efficiency improvements, increased profitability, and quality improvements amongst others in the delivery of legal services to prospective clients. Critical to these improvements is Artificial Intelligence.

Marvin Minsky, in the MIT publication on Semantic Information processing, described Artificial intelligence as the science of making machines do that which would require intelligence if done by men. Thus, Artificial Intelligence (AI) seeks to enable machines to perform or act roles likable to humans. Others have also defined AI as a ‘big forest of academic and commercial work around the science and engineering of making intelligent machines, a combined definition by John McCarthy, who coined the term Artificial Intelligence and with the expertise of Michael Mills. The term AI is broadly used as an umbrella term to include all areas of technology with such applicability. It includes the fields of machine learning, natural language processing (NLP), expert systems, visions, speech, planning and robotics. However, as at today, just a few areas of AI are applicable to legal services and Law, namely machine learning, Natural language processing and expert systems.

The diagram below shows the various field of AI and their subbranches.

Figure 1: Branches of Artificial Intelligence

I will discuss how AI-powered solutions could be utilised to promote efficiency when resourcing is not an issue as well as which automation solutions could be adapted in conditions of limited resources. As stated above, the use of AI in law or delivery of legal services revolves around the fields of Machine Learning, Natural Language Processing, and Expert Systems. I will therefore discuss in depth, these technologies in their technical sense in general before I proceed to discuss the specific AI-powered solutions and their usage of these fields of AI technologies. These AI-powered solutions though proprietary rely on these technologies to design the base algorithms that resolve all queries fed into them within the legal service delivery space for insights, predictive outcomes, or analytics.

Artificial Intelligence has two approaches, namely, Rule Based approach and Learning Based approach. Rule Based AI systems utilize the use of a set of human-coded rules that output some pre-determined outcomes. Thus, it follows the ‘if-then’ coding statements format, thus if a specific action is executed, a certain desired output is required. Of importance to this approach to the developers are “a set of rules” and “a set of facts”, from which an intelligence model can be created. This framework approach makes the model immutable in its structure and unscalable in its application, as it can only perform specific assignments or tasks as programmed based on the set of rules and facts. 

Rhett D’Souza, in his article titled, “Symbolic AI vs. Non Symbolic AI, and everything between them”?, referred to it as Symbolic Artificial Intelligence, also known as Good Old Fashioned AI (GOFAI), which makes use of strings that represent real-world entities or concepts, that are stored manually or incrementally in a Knowledge Base (any appropriate data structure) and made available to the interfacing human being/machine as and when requested, as well as used to make intelligent conclusions and decisions based on the memorized facts and rules put together by propositional logic or first-order predicate calculus techniques. They are largely used in Expert/Knowledge systems, Contract builders and Chabot. It is critical to mention that for rule-based AI’s systems in law, a domain expert (a lawyer); a knowledge engineer and an end user are the key players.

The requirement of a domain expert is vital as based on the domain expert’s knowledge; rules will be curated based on facts to be applied to by the system to resolve a problem. It applies the principles of forward and backward chaining to answer what and why questions/problem, by referring to the knowledge base that contains information on the problem categories, usually from a repository of collated information from various domain experts. These knowledge bases are either factual or heuristic knowledge. It arguably gives a higher sense of level of competence, as well as accuracy and efficiency.

Machine learning is a form of AI that enables a system to learn from data rather than through explicit programming. Unlike Rule Based AI systems that rely on sets of facts and rules to solve a problem presented to it, Machine learning, which is a non-symbolic AI approach relies on the volumes of big data presented it, to learn itself and relearning necessary. It does iterative learnings from the big data set available to it, to improve itself and predict future outcomes. In its early stages, it trains itself from the enormous, big data available to form precise models based on the data. At the end of the training of the machine with the data, a machine learning model is designed that can take an input and based on the train model, provide an output. A typical example is the suggestive products of similar kind from websites after searching for some specific products. 

This they achieve via training the browsing history of a huge number of users as well as their purchasing data to make these suggestions to you. It is vital to note that these learnings of the data could be online or offline. With regards to the offline learning models, the models do not change real time. However, for the online learning models, the models change real time and continuously improves itself as new data is being fed to it, thus, it learns and re-learns itself to become better. The more the data, the more the near perfection of the model. Big data refers to generally, the large volumes of data with diverse sources of this data. The more the extreme volumes of data, the more accurate the model being trained.

Machine learning has three (3) subcategories namely supervised learning, unsupervised learning, and deep learning. In Supervised learning, the machines are trained using labelled data. Thus, via a set of established data, the machine learns itself and form patterns that could be applicable to an analytic process. Various categories of similar labelled data are established and used to train, based on the attributes of the labelled. Thus, supervised learning is a process of providing input data as well as correct output data to the machine learning model. The aim of a supervised learning algorithm is to find a mapping function to map the input variable (x) with the output variable (y). The labelled data maybe continuous, thus regressional or from a finite set of values described as classification. Using some examples, the algorithms are trained and later tested with a test data to help identify patterns within the subset that usually may be difficult to be seen within a large, big data. A model is over-fitting if it’s tuned for a particular training data and not applicable for any group of larger sets of unknown data. The accuracy of a model for its predictive outcomes may be ascertained by using unforeseen data for the test set.

Figure 2: An example of labelled data undergoing Model training

Unsupervised learning on the other hand, is applicable in problems with extremely large volumes of unlabelled data. It therefore makes use of algorithms capable of understanding these huge volumes of data sets and classifies them with respect to the patterns or clusters it finds, creating labels so they become supervised. This type of machine learning is primarily focused on clustering, a means of assembling similar object/data points as a grouping and those which are dissimilar in other clusters. Mostly used algorithms are k-means clustering algorithms and fuzzy k-means algorithms. Reinforced learning differs from the above as its not trained with sample data set, but through trial and error, it learns and after some series of positive decisions, it reinforces the process. Similar algorithm is used in self-driving cars.

Bernard Marr, in his article titled ‘What Is Deep Learning AI,' defined Deep Learning as a subset of machine learning where artificial neural networks, algorithms inspired by the human brain, learn from large amounts of data. The name deep learning stems from the fact that the neural networks have deep layers which enables its learning’s of data sets of diverse, unstructured, and inter-connected nature. Tasks are repeatedly executed, and its outcome tweaked to improve the outcome. It is estimated that over 2.6 quintillion bytes of big data are generated daily. This serves as a good resource unstructured, deep learning algorithms to learn the data.

In the next article, I will continue to discuss in depth, these technologies in their technical sense in general.

Author: Ing. Bernard Lemawu, BSc Elect Eng, MBA, LLB, LLM Cand. | Member, Institute of ICT Professionals Ghana

For comments, contact author ghwritesblog@gmail.com

Source: iipgh.org

Privacy Notices – what to look out for when you read

Let us begin with the right foundation to drive home the relevant education to guide organizations and provide insights to invigorate the well-informed. Privacy Policy and Privacy Notice are two different documents, but privacy policies have been used significantly to represent privacy notices. Both terms have been used interchangeably, but the difference is clear, and they serve different purposes. The difference is explained below.

Privacy policies are internal documents that tell your employees how to protect customer data whiles privacy notices are external documents that inform visitors, users of your system, and other stakeholders about how their data is used and the privacy rights they can exercise. So, technically, the term privacy policy on various websites, mobile apps, portals, etc. should read privacy notice–this is the external document on privacy you present to your stakeholders to read. The privacy policy is the internal document for internal use, and this may contain some critical or privileged information that is reserved for only employees of that organization.

Privacy Notice–what is it?

The privacy notice is a document you present to people who visit your website, download, and use your mobile apps, install your applications, subscribe to your products and services, use your portals, etc. This is the document used to explain to your audience how you collect their information and how they can opt-out. Most data privacy laws, acts, regulations, and directives require organizations (data controllers or processors) to provide a privacy notice.

The privacy notice tells your customers, regulators, and other stakeholders what your organization does with personal information. It answers questions about the types of personal data processed, the lawful basis for processing personal data, and the data being transferred to third parties. A privacy notice must also tell users how long the organization will store their data, the user’s rights to data collected, and the privacy team’s contact information. A privacy notice is sometimes referred to as a privacy statement or a fair processing statement.

Your Personal Responsibility

It is important to actively seek to always protect your privacy. Before you give any personal or identifiable information out, you need to learn and understand how the organization will use your personal information. It is a good personal practice to read an organization’s privacy notice before you fill out a form, install an app, subscribe to their service, use their products, or continue to browse their website. If you are unhappy with the privacy notice’s terms - or if you are told there is no written privacy notice, your best option is to STOP. At this point, it is best you consider looking for an alternate service provider that respects its customers enough to explain how it handles and protects their personal information.

A privacy policy should answer at least the following basic questions. Be deliberate to seek answers to these questions.

Q1: What personal information is collected?

What kinds of personal information does the organization collect from you? The mere statement that they collect personal data is not enough–you need to go in more depth. Another important thing to look out for when you read a privacy notice is the exact types of personal data that the organization collects or processes.

For example:

We request the processing of personal data of visitors, such as IP address, a cookie identifier, and email address (but only if visitors request information be sent by e-mail). We also collect non-personal data to learn how visitors found our website, what kind of device they are using, how long they stayed, which pages they visited, etc. This non-personal data is tied to a temporary identifier that is removed after the end of each browsing session.

Q2: How is the information collected?

Besides asking you to provide personal information either manually on a sheet of paper or via an online form, an organization may collect information "automatically" using cookies or other related technologies through its website, mobile apps, or other platforms. A cookie contains information on you that your browser saves and sends back to a website when you revisit it. Websites can use cookies to track your purchases and the different pages you visited or ads that you clicked on. Such information can create a more detailed profile on you that may be sold to marketers. Look for a description of the site's use of cookies or other tracking technology in its privacy policy.

Q3: Why is the information collected?

Does the personal information asked for seem appropriate to the transaction? For example, your name, home address, phone number, and credit card number may be necessary for making and shipping your purchase. Your household income and hobbies are not. Pay attention if a business asks for information beyond what is needed for the transaction. The purpose of the extra information should be clearly stated. Look for an opportunity to opt-out of, or say no to, giving the extra information. Consider going somewhere else if you can't complete the transaction without giving up personal information you think is unnecessary.

Q4: How is the information used?

A privacy notice should explain how the organization collecting the personal information intends to use it. Will it be used just to complete the transaction you requested? If additional uses are intended, you should be given the opportunity to opt-out of them. For example, if the company plans to use your information to market to you, you should be given an easy way to say no to this. You should get this opportunity right up front before you receive any unwanted email ads, telemarketing calls, or mail offers.

Q5: Who will have access to the information?

Does the company share your information with other companies? Government agencies, service providers, etc.? Does it share information with its affiliates or companies in the same "corporate family"? The privacy policy of a commercial website or online service that collects personal information on Accra consumers must list the categories of third-party persons or entities with whom that personal information may be shared.

Q6: What choices do you have?

Look for opportunities to opt-out of the use of your information for marketing and the sharing of your information with others. There should be an easy way to opt out, such as by calling a toll-free phone number or emailing.

Q7: Can you review or correct your personal information?

An organization may give you the opportunity to review or request changes to the personal information that it has collected from you. Look for instructions on how to do this. Many organizations allow a customer to review and request changes in the customer's own personal information. A company that collects personal information on its consumers must describe its process for giving consumers access to their own personal information, if it has such a process, in the privacy notice posted on the site.

Q8: What security measures are used to protect your personal information?

The privacy notice should give a general description of the security measures the organization uses to keep customers' and visitors' personal information safe. It should also cover security safeguards that the organization requires its business partners and vendors to use.

Websites requesting personal information should use Secure Socket Layers (SSL), the industry standard for protecting private information sent over the Internet. Good security also means using strong security measures, such as encryption, to protect personal information when it's stored on company computers. It includes technology and procedures to limit access to customers' personal information to only those who need it to perform their duties.

Q9: How long will the organization honour its privacy policy?

What is the effective date of the privacy policy? Does the policy state that the organization will honor its current policy in the future? Does it say that if they change the policy, they will notify customers and site visitors? Or, it says they will give customers and visitors a chance to opt-out of having their information used according to the terms of the new policy?

The privacy policy of a commercial website or online service that collects personal information on Accra consumers must include a policy effective date and information on how consumers will be notified of changes.

Q10: Who is accountable for the organization's privacy practices?

Someone in the organization should be responsible for its privacy policy and practices. Does the notice give you someone to contact with questions and concerns? Is there an easy way to contact the correct person by email or by a toll-free phone number?

Author: Emmanuel K. Gadasu

(Data Protection Officer, IIPGH and Data Privacy Consultant and Practitioner at Information Governance Solutions)

For comments, contact author ekgadasu@gmail.com or Mobile: +233-243913077

Source: iipgh.org

FAREWELL SPEECH IN HONOUR OF MR. DOGBE ADUKPO SELORMEY – OUTGOING REGIONAL DIRECTOR OF ELECTORAL COMMISSION, VOLTA REGION

In 2003, Mr. Dogbey Adukpo Selormey was transferred from Koforidua Municipal of the Electoral Commission as District Electoral Officer to Ketu South Municipal which was then a district. He conducted 2004 General Elections successfully and worked from 2003 to 2005.  Due to his hard work and commitment, he was promoted to higher level of Deputy Regional Director in September, 2005 and was transferred to the Regional Office as Deputy to the former Regional Director, Mr. Mohammed Adoquaye.

He worked assiduously and supervised various elections in the Region from 2005 as Deputy Regional Director. In 2014 January, he was transferred back to the Eastern Region as Regional Director. He worked successfully and supervised various electoral operational activities.

In 2016 March, Mr. Selormey was brought back to his home region as Regional Director when preparations towards another general elections were in progress. He willingly took the mantle from Madam Laurentia Kpatakpa who was then the Volta Regional Director and was due for retirement.

As he was not new to the Volta Region, he selflessly worked together with the entire staff of the Commission and all stakeholders in the Region and we had a successful 2016 general elections in the region.

Mr. Selrormey further supervised 2018 referendum which gave Oti an autonomous status as a region despite the usual electoral challenges, he remained focus until the referendum was over successfully. He also supervised 2019 Local Government Elections.

He again displayed his electoral expertise and supervised the 2020 general elections successfully by the support of his able Deputy Regional Director, Mr. Eric Dzakpasu who has now been promoted and given the mantle as Regional Director of the Volta Region.  A man who has tapped a lot from his predecessor and ever willing to continue from where Mr. Selormey left.

Mr. Selormey can be referred to as a friend rather than a boss.  His sense of humor cannot be over emphasized as he goes well with all and manner of persons that come into contact with him.  He is ever ready to help and advice any staff who encountered both official and social problem.

His outstanding quality as a person and a professional election administrator, his patience, humility, diligence and painstaking approach to details. He scrutinizes all letters and reports which are submitted to him to ensure that all the I’s are doted and T’s are crossed.

Apostol Paul, in epistle to the Philippians said in Philippians 4:13 “I can do all things through Christ which strengthened me”. That is exactly what worked well for Mr. Selormey throughout his working life.

Mr. Selormey, our dear and beloved outgoing Regional Director, the entire staff of the Electoral Commission wish to say Ayeekoo for a job well done, enjoy the fruit of your labour and dignity.

Even dough you retired from active service; you have not retired from our heart.

You made it by the grace of God, Congratulations! We hope you will enjoy your well-deserved time off.

Privacy in the Workplace

Privacy and Personal Information

The concept of privacy refers to our capacity to keep our private information to ourselves and to manage the consequences of disclosing it to others. Information that can be used to identify a person is considered personal information. For instance, names, addresses, phone numbers, email addresses, pictures, bank account information, tax file numbers, information about superannuation funds, information about a driver's license, and academic records. 

Sensitive personal information includes details about a person's health, sexual orientation, religious beliefs, criminal history, and professional or labor union memberships. A higher standard is imposed for the gathering and handling of sensitive personal information under most privacy legislations.

Workplace Privacy Concerns

The increased use of technology in the workplace has raised new privacy concerns for both employers and employees. The rapid advancement of workplace monitoring and surveillance technology has far outpaced the development of legislation to protect employees' privacy interests. While employee monitoring is not a new phenomenon, modern technology has provided employers with more advanced and effective methods of employee monitoring. 

As a result, electronic employee monitoring in the workplace has become far more common in recent years. Employers are not only collecting more data on their employees, but they are also collecting different types of data. An employer can now record every keystroke on the computer, every syllable that is spoken to a customer, and every second spent away from one's workstation. These enhanced monitoring capabilities do not come cheap: they compromise employee privacy.

Employers Concerns

Employers are understandably concerned about workplace threats such as theft, data security breaches, identity theft, pornographic viewing, inappropriate and/or offensive behavior, violence, drug use, and others. They strive to reduce these risks, which frequently necessitates monitoring employees at work. Employers may also be concerned about productivity losses caused by employees using office technology for personal reasons while on the job. 

Organizations must balance the company's legitimate business interests with employees' reasonable expectations of privacy. Employers have a legitimate interest in monitoring employee performance to ensure efficiency and productivity. However, employee surveillance frequently goes beyond legitimate management concerns and devolves into simple spying for no legitimate business reason. Employee electronic monitoring has seen the emergence of particularly intrusive and unprecedented levels of workplace surveillance.

Employees Privacy Expectation

People expect some privacy at work, even if they are on the premises of their employer and using the employer's equipment. It is natural to give up some privacy when working for someone. Employers require basic information about their employees to provide salary and other welfare benefits, as well as to ensure that work is completed efficiently and safely.

However, the possibilities for violating privacy are greater than ever before. Psychological tests, web-browsing records, video surveillance, keystroke monitoring, and genetic testing: the amount of information an employer can have on employees is limitless.

Employers can balance their "need to know" with their employees' right to privacy, if they ensure that they collect, use, and disclose personal information about their employees for appropriate purposes only.

Respecting Employees' Privacy

An employer's need for information should be balanced with an employee's right to privacy. For almost all personal information — including salary and benefits records, formal and informal personnel files, video or audio tapes, and records of web browsing, electronic mail, and keystrokes — the following basic rules help to establish and maintain that balance:

• The employer should explain why it collects personal information from employees, why it collects it, and what it does with it
• Personal information should normally be collected, used, or disclosed with the knowledge and consent of the employee
• The employer should only collect personal information that is necessary for its stated purpose and collect it fairly and lawfully
• The employer should normally use or disclose personal information only for the purposes for which it was collected and keep it only as long as it is needed for those purposes, unless it has the employee's consent to do otherwise, or is legally required to use or disclose it for other purposes
• Employees' personal information must be accurate, complete, and up to date
• Employees must have access to their personal information and the ability to challenge its accuracy and completeness

Employees' Privacy Rights v Employer's Right to Manage

Employers have legitimate needs for personally identifiable information about their employees. They must know who they are hiring. Performance issues must be addressed as well as ensure the physical safety of their workplace. They may also believe that electronic monitoring and other forms of surveillance are required to ensure productivity, prevent confidential information leaks, and prevent workplace harassment.

As a result, employers are sometimes forced to investigate private matters. However, they can limit the impact on personal privacy by keeping such instances to a minimum. The possibility that one employee may do something harmful does not warrant treating all employees as suspects. The dubious benefit of always knowing what every employee is doing on company time and equipment must be balanced against the cost — including the impact on employee morale and trust. Workplace harassment prevention is an important goal, but it is best accomplished through workforce training and sensitization, explicit anti-harassment policies, and appropriate remedial measures when harassment is reported or reasonably suspected, rather than by depriving everyone of their privacy rights.

Managing Privacy by Policies

Employers must at the very least inform their employees about how personal information will be collected, used, and disclosed. Employers should inform employees about how they manage their privacy through appropriate policies. Employees must be informed if they are subject to random or continuous surveillance. Employers should also ensure that information collected for one purpose is not used for another without the employee's permission. Employers should provide employees with access to personal information held about them, even if it is not required by law, so that they can verify and challenge its accuracy and completeness.

Employees Waive of Privacy Rights 

Employers may be inclined to inform employees or prospective employees that they have no expectation of privacy in the workplace — that losing privacy is a requirement of employment. It could be argued that any individual who agrees to work under these conditions has consented to the unlimited collection, use, and disclosure of their personal information.

Whether this is consent — clear, informed, voluntary consent - is questionable. With this approach, the general principle of collecting only the personal information needed for appropriate purposes is lost. A better alternative is to expressly request that employees consent to the explicit, limited, and justified collection, use, and disclosure of their personal information.

Organizational Privacy Culture

Practices like the ones described above are required by law in many workplaces, and employees have legal recourse to assert their rights. Employees may also have enforceable privacy rights under collective bargaining agreements.

However, good privacy practice is more than just avoiding complaints, grievances, or lawsuits. Whether privacy is protected by law or contract, cultivating a workplace culture that values and respects privacy boosts morale and mutual trust, and it makes good business sense.

Best Practice

The best practice for employers is to tell their employees about:

• what personal data or information do they collect
• the reasons for the collection 
• the parties they might share this information with
• the process employees can use to access their personal information 
• how to access, and correct their incorrect, out-of-date, or incomplete personal information 

Employers can include this information in their induction training, a workplace privacy policy, and other staff communications.

Author: Emmanuel K. Gadasu

(Data Protection Officer, IIPGH and Data Privacy Consultant and Practitioner at Information Governance Solutions)

For comments, contact author  ekgadasu@gmail.com or Mobile: +233-243913077

Credit: iipgh.org