The Legal Implications of Social Networking Part Three: Data Security
In 2011, InfoLawGroup began its “Legal Implications” series for social media by posting Part One (The Basics) and Part Two (Privacy). Well, after 4th quarter year-end madness and a few holidays Part Three is ready to go. In this post, we explore how security concerns and legal risk arise and interact in the social media environment. Again, the intended audience for this blogpost are organizations seeking to leverage social media, and understand and address the risks associated with its use.
As might be expected criminals view social media networks as fertile ground for committing fraud. There are three main security-related issues that pose potential security-related legal risk. First, to the extent that employees are accessing and using social media sites from company computers (or increasingly from personal computer devices connected to company networks or storing sensitive company data), malware, phishing and social engineering attacks could result in security breaches and legal liability. Second, spoofing and impersonation attacks on social networks could pose legal risks. In this case, the risk includes fake fan pages or fraudulent social media personas that appear to be legitimately operated. Third, information leakage is a risk in the social media context that could result in an adverse business and legal impact when confidential information is compromised.
Continue Reading...Twitter Followers = Trade Secrets?
Phonedog v. Kravitz, currently pending in the Northern District of California, raises unprecedented issues regarding social media. Is a list of Twitter followers protected as trade secret under California law? What is the value of a Twitter follower? $2.50 per month? I discussed these questions today with Fox News.
Privacy Hot Topics for 2012
As 2011 has come to a close, many of us are thinking about what 2012 will bring. With regard to privacy, there are numerous key issues to choose from (and I am sure many privacy professionals would add to this list) – but from a corporate compliance standpoint, here are my top five picks for hot topics to address in 2012:
Continue Reading...A Handful of 2012 Privacy & Security Predictions
Even though 2011 was an extremely active year on the information security and privacy fronts – with a blizzard of proposed legislation, near weekly front page data breaches and the continued full leap into the cloud with its securities issues – I predict that 2012 events across the privacy and data security landscape will make 2011 look like a walk in the park. A handful of thoughts on what 2012 may hold:
Continue Reading...FTC Seeks Public Comments on Facial Recognition Technology
Although Christmas, the holiday season and the end of year break are on most people's minds, the FTC soldiers on. Right before Christmas it announced that it's seeking public comments on facial recognition technology, the latest bete noire to hit the privacy stage in some circles. The deadline for filing a public comment is January 31, 2012 and directions for electronic filing of comments are available at https://ftcpublic.commentworks.com/ftc/facialrecognition, while those favoring paper-based comments can find directions at the bottom of the press release at http://www.ftc.gov/opa/2011/12/facefacts.shtm.
Continue Reading...Contracting for Cloud Computing Services
The Knowledge Group/The Knowledge Congress Live Webcast Series, a leading producer of regulatory focused webcasts, has announced that InfoLawGroup attorney, Richard Santalesa, will be speaking at the Knowledge Congress’ webcast entitled: “Contracting for Cloud Computing Services: What You Need to Know” scheduled for February 14, 2012 from 12:00 PM to 2:00 PM ET.
For more details and to register for this event, please visit the event homepage: http://www.knowledgecongress.org/event_2012_Cloud_Computing.html
InfoLawGroup and ACE USA Social Media Risk Podcast
InfoLawGroup attorneys recently joined risk management professionals from the ACE USA, the U.S.-based retail operating division of the ACE Group, to record a companion podcast to our whitepaper “Social Media: The Business Benefits May be Enormous, But Can the Risks – Reputational, Legal, Operational – be Mitigated?”
The free podcast is available for download at http://infolawgroup.com/files/ACESocialMediaRisks.mp3 or through ACE at http://traffic.libsyn.com/lubetkin/ACESocialMediaRisks.mp3
The white paper was co-authored by Toby Merrill, VP, ACE Professional Risk, Kenneth Latham, VP, ACE Professional Risk, InfoLawGroup Partner David Navetta, Esq., CIPP, and InfoLawGroup Senior Counsel, Richard Santalesa, Esq.
InfoLawGroup Senior Counsel To Brief Risk Management Executives
Richard Santalesa will be briefing senior executives with responsibility for risk management this Wednesday, Dec 14th, at a Symantec & Conventus event in Minneapolis. Registration is still open and additional information registration is available here.
The topic: 2011 has been heralded as the year of the security breach. But what does that mean for you and your organization?
Nitro, Duqu, Stuxnet are threats that made the headlines but what is the potential impact to our organization? You have read about these threats, but what do you do about it?
- What are the realities of these new threats?
- What are the legal ramifications of being impacted by one of these threats?
- How will this impact you and your organization?
Joining Attorney Santalesa is Tim Gallo, Senior Technical Product Manager, DeepSight & Security Intelligence Group (S*I*G) Symantec Corporation.
Continue Reading...W3C Publishes Draft "Do-Not-Track" Standards
After a flurry of "Do-Not-Track" announcements and proposals early this year by the IETF, CDT, Microsoft and Mozilla, in response to the FTC's release of its December 2010 draft privacy framework, which we covered in detail, the W3C's Tracking Protection Working Group recently released the second draft of its Do-Not-Track standards in two parts: a Tracking Preference Expression (DNT) and a Tracking Compliance and Scope Specification.
Continue Reading...Location, Location, Location
Tanya Forsheit recently appeared on Fox to discuss the Supreme Court’s evaluation of GPS surveillance under the Fourth Amendment in US v. Jones. The case raises important issues regarding technology, aggregation of data, and privacy expectations with respect to location information.
Google+ Pages Allow Linking, but Not Hosting Promotions
Google+ just opened itself up for businesses and now allows entities to set up company Google+ pages. With this launch, Google announced a number of policies dictating what page owners can and cannot do on their Google+ page, including its “Contest and Promotion Policies.” These new policies outright prohibit anyone from running “contests, sweepstakes, offers, coupons or other such promotions” ("Promotions") directly on their Google+ Page. The policies, however, specifically allow linking to Promotions being hosted elsewhere - on a company's own site and, presumably, third party social networking sites - but only as long as the Promotion does not conflict with other Google+ policies, including the Google+ Privacy Policy, the User Conduct and Content Policy and the Google+ Pages Additional Terms of Service. These policies prohibit various actions that a company may want to take in connection with a Promotion, including, "aggressively" adding users to circles and displaying third party advertising on a Google+ page. Also, any applications linked to on a Google+ page must comply with the Google+ Platform Development Policies. The Google+ Contest and Promotion Policies also contain a laundry list of indemnities in favor of Google for any claims associated with a Promotion linked to on your company's Google+ page, even though it cannot be hosted on the page.
33rd Annual PMA Marketing Law Conference
This week, Jamie Rubin and Heather Nolan from the InfoLawGroup will speak at the industry’s leading marketing law conference, hosted by the Promotion Marketing Association. The 33rd Annual Marketing Law Conference will take place this Tuesday and Wednesday, November 15-16, at the Downtown Chicago Marriott/Magnificent Mile in Chicago, Illinois. Jamie Rubin will speak on a panel discussing “Using Current Technologies to Jumpstart Legally Compliant Promotions” in a Wednesday afternoon session. Heather Nolan will present a roundtable discussion about “Best Practices for Virtual Marketing, Blogs and Testimonials” on Wednesday morning. Registration is still available here.
Digital Advertising Alliance Releases Principles for Multi-Site Data
On November 7th, the Digital Advertising Alliance (“DAA”), the self-regulatory coalition comprised of the largest media and marketing associations in the U.S., including the American Association of Advertising Agencies, the Association of National Advertisers, the American Advertising Federation, the Direct Marketing Association, the Interactive Advertising Bureau and the Network Advertising Initiative (NAI), announced Principles for Multi-Site Data (“Principles”). The Principles are intended to expand the scope of the DAA’s Self-Regulatory Principles for Online Behavioral Advertising (“OBA Principles”), which were released in 2009 and implemented in early 2010.
Continue Reading...FTC Takes on Super Cookies
On November 8, 2011, the Federal Trade Commission announced that an online advertiser, ScanScout, agreed to settle FTC charges that it deceptively used "Flash" cookies (also known as super cookies) to track consumers online.
As explained by Wired, unlike traditional browser cookies, Flash cookies are not controlled by privacy controls in a Web browser. That means that even if a user adjusts browser settings to clear the computer of tracking objects, Flash cookies most likely will remain.
Continue Reading...NLRB Holds "Facebook" Firing Justified on Alternative Grounds, but Finds Policy Unlawful
As we have discussed on our blog, the National Labor Relations Board (NLRB) has continued a campaign of enforcement actions against employers who, according to the NLRB, have unlawfully terminated employees for discussing working conditions on social media. As we reported, in the first of such “Facebook” enforcement actions to come before an NLRB administrative judge, the employer was ordered to reinstate five employees and to pay back their wages.
On September 28, 2011, in the second “Facebook” case to reach an NLRB administrative judge, an employer was found to have been justified in terminating an employee car salesman for Facebook postings that mocked the employer and did not concern working conditions.
Continue Reading...
