Cookies for Your Firm?

By Ellen Freedman, CLM

Cookies are a misunderstood computer tool. Now, before your eyes begin to glaze over at the thought of reading another technical article, let me assure you my article will be in plain English, not technobabble, and relatively brief. Be prepared to amaze your niece, nephew, or grandchild with your newfound technical savvy!

Most people don’t really know what a cookie is. There’s been much hype and fear about cookies. Some users have disabled acceptance of cookies on their computers, fearing that allowing cookies on their hard drive will compromise their security. When they do that, they unfortunately find that many websites they visit won’t function properly. Other users regularly delete all cookies. When they do that, return visits to sites often require completing fill–in forms all over again. And law firms with websites are reluctant to use cookies in their design. There’s been so much hype about cookies that my eighty-year-old mother asked whether she should modify her Internet Explorer to block cookies. I was totally amazed that the concept of cookies had even hit her radar screen. Just what are cookies, and what is the truth about them?

With respect to computers, a cookie is a piece of data held by an intermediary device. In the case of surfing the web, the intermediary device is your computer. So what does that mean? A cookie simply stores information supplied by you when visiting a site on your computer, and the site reads it back later. The cookie can only be used to save and recall information. A cookie cannot extract information from cookies belonging to other sites, and it cannot read or interact with other data on your hard drive. Cookies are just a little file of text information stored on your computer. If you use Internet Explorer, the file is stored in the Windows/Cookies directory. If you use Netscape Navigator, the file is stored in the Users folder. Think of a cookie as an electronic post-it note for the website you visited, which will be reread when you return.

Why do websites use cookies? Well, the file transfer protocol (known as HTTP) that moves surfers and information around the world wide web is essentially blind. In other words, you are a stranger to a website every time you access a new page. No matter how much information you supply on a previous page or on a prior visit, without the use of cookies a site can’t distinguish someone who has spent hours on the site from someone who has just arrived. Nor can it tell if you are visiting for the first or hundredth time. Nor can the site remember anything about your preferences.

Preferences are very important to users, because it allows them to make a site responsive to their needs. Imagine a salesperson who can’t remember the name of his best customers, or how those customers like to pay, or even whether or not they’ve already paid. That would not be a very successful salesperson. Imagine a lawyer who could not remember clients by name, or what their matters were about. That would certainly not be a successful lawyer. Without cookies on a site, the situation is similar. Every time you transfer from one page on the site to another, you’re a new, unknown visitor without preferences if there isn’t a cookie providing essential information about you. Obviously, an e-commerce site cannot be successful without this mechanism for recognizing users as they move from one page to another.

There are a couple of alternatives to cookies. One is called hidden fields, and the other URL state data. (Okay, that’s it for technical terms.) Neither works as flawlessly as cookies for ease of use, performance, flexibility, and reliability. So the industry has pretty much standardized on cookies.

Yes, it’s true that at least one banner advertising network used cookies to track and compile extensive data about the user’s activities on any of their sites, in order to supply targeted banner ads based on user’s interests. Although the use of the information was solely to deliver customized advertising on those sites, users found this practice so unacceptable that the network was forced to provide a free method to disable its tracking mechanism. Ironically, that method is also a cookie.

Many computer experts assert you are at greater risk handing your credit card to a waiter than you are when you accept a cookie from a respectable website. In fact, respectable sites will keep any potentially sensitive information about users, such as address, telephone, email address, and credit card and purchasing information, in a firewall-protected secure server database, separate from the web server, and place only a pointer or ID number in the cookie. Can these firewalls be penetrated? Sure, just like your office fileserver’s security can be compromised. A determined and talented hacker can get into just about anything, including government-restricted files.

Should your law firm website use cookies? Well, consider that cookies greatly improve the quality of a user’s visit to your site. You can store information in a cookie that will let you deliver a better, more personalized experience the next time the visitor comes to your site. If you’ve ever visited sites where you can organize the appearance of the home page you visit to contain only those areas that are of interest to you, you know the advantage of cookies. Imagine doing that for visitors to your site by generating dynamic pages that highlight topics of interest to them, and even welcome them back by name. Say a client or potential client returns to your site for information on employment law. With the use of cookies your firm can provide a dynamically generated customized home page that advises of new content in that area, and puts links directly to it on the home page they see when returning to your site.

If you do decide to add cookies to your firm’s website, you should include a disclosure statement with specific information about how the site uses cookies. You might state something like “Our website utilizes cookies in order to provide a better experience. We do not collect personal information without your knowledge and permission, nor do we resell or distribute any visitor data, including information that may be collected during your visit. If you have any questions about our policy, please contact our Webmaster.”

Cookies are not dangerous or evil. You should not be afraid of cookies. However, if you are short of computer disk space, do regularly delete your old cookies for sites you rarely visit. And consider whether adding cookies to your own law firm’s website may enhance the experience for visitors. If that sounds like something you want to make part of your website, talk to your web designer. Code for cookies is readily available on the Internet.

Ellen Freedman, CLM, is the law practice management coordinator for the Pennsylvania Bar Association, and president of Freedman Consulting, Inc. Ellen is one of only approximately 42 in the nation to have achieved the designation of certified legal manager through the Association of Legal Administrators. She is a frequent author and speaker on law firm management and technology. Ellen can be reached by email at

An earlier version of this article appeared in the Pennsylvania Bar News.

Back to Top