Oklahoma and Louisiana join Wisconsin and Tennessee in recent laws restricting access to applicants’ and employees’ personal online content by prospective and current employers. Adoption of Social Media platforms continues to grow as do new legal and business risks arise as well as state legislatures provide new rules, regulations and guidance. As state by state compliance requirements develop, businesses need to review frequently overlooked elements of key social media guidance, such as how to approach specific areas like Monitoring, Content Approval, Training and Information Security.

This latest round of bandwagon-jumping follows efforts by most other states that have addressed the issue. The key take-away is that business need to take a state-by-state approach to social media legal compliance.

Generally, most of these types of laws prohibit employers from requesting or requiring that applicants or employees disclose a username, password, or other means of authentication for their online accounts.

Employers should be on the lookout for laws that address whether an applicant or employee must accept a “friend” request, change privacy settings to permit access by the employer, or otherwise divulge personal online content.

Another area of concern is the definition of “personal,” “social media” and “account. ” these definitions vary and often cover far more than common notions of social media.

Some laws apply to any online account, including e-mail, instant messaging and media-sharing accounts. Some laws address the scope of use such as “exclusively for personal communications” as opposed to “business purposes of the employer” or “business-related communications.” This carve-out further narrows the scope of the Oklahoma and Louisiana laws.

While these laws generally prohibit adverse actions based based on a refusal to provide user name, password or other authentication information, each law should be scrutinized for broader prohibitions, such as those against penalizing or threatening to penalize an employee or applicant for refusing such requests.

Technology continues to evolve and so does the legal and regulatory environment. Businesses need to continually assess and address the risks created by new laws and new uses of tech in the workplace.

Contact us for a free consultation to learn what we can do to help your business navigate the ever-changing regulatory minefield. What you don’t know can hurt you. We are here to help you avoid getting hurt.

Contracts for Interior Design Professionals

This crash course on legal contracts is designed for interior designers who are drafting a contract for the first time or wanting to make an existing one airtight.

There’s a reason you became a designer, and it probably didn’t have anything to do with lawyers and contracts.

You’re the expert in color, fabric, floor plans, and furniture schemes, not intellectual property and arbitration provisions. If you’re already confused, don’t fret. This crash course is designed for those drafting a contract for the first time or wanting to make an existing one airtight. Led by David Adler, an actual lawyer who understands the ins and outs of the design industry, this workshop will cover the clauses you need to protect yourself in the unfortunate event that something doesn’t work out as planned. Clients can be difficult enough. Don’t let legal trouble slow you down.

In this class, you will learn how to:

  • Define what you are doing for your client, as well as NOT doing for them
  • Make sure you get paid on time and in full
  • Protect yourself against outside factors that may affect cost and ability to complete a project
  • Give yourself a way to get out of your contract if things aren’t working

By the end of class, you will have:

  • A basic understanding of key contract terms and the reasons as to why they are there
  • A basic client agreement that you can use or customize

The Instructor, David Adler, is an attorney, nationally-recognized speaker, and founder of a boutique law practice focused on serving the needs of creative professionals in the areas of intellectual property, media, and entertainment law. He provides advice on choosing business structures, protecting creative concepts and ideas through copyright, trademark, related intellectual property laws and contracts, and structuring professional relationships. He has 17 years experience practicing law, including drafting and negotiating complex contracts and licenses with Fortune 500 companies, advising on securities laws (fundraising) and corporate governance, prosecuting and defending trademark applications, registrations, oppositions, and cancellations before the US Patent & Trademark Office (USPTO), and managing outside counsel. Currently recognized as an Illinois SuperLawyer® in the areas of Media and Entertainment Law, he was also a “Rising Star” for three years prior. He received his law degree from DePaul University College of Law in 1997 and a double BA in English and History from Indiana University in Bloomington, Indiana. Outside the practice of law, David is an Adjunct Professor of Music Law at DePaul College of Law, formerly chaired the Chicago Bar Association’s Media and Entertainment Law Committee, and is currently a member of the Illinois State Bar Association Intellectual Property Committee.

Do you work with start-up companies and need a basic understanding of the various intellectual property issues that can arise?

I will be co-presenting in this online seminar that will help you:

  • understand the trademark and copyright problems your client may encounter with branding;
  • learn how to protect your client’s branding once established;
  • familiarize your practice with patents, including what they protect, timing, and strategies to prevent inadvertent loss of patent rights before filing the application;
  • understand trade secrets and the importance of non-disclosure and confidentiality agreements;
  • recognize intellectual property issues relating to technology, including open source code and the cloud;
  • establish a proactive approach toward intellectual property ownership between cofounders, employees, and vendors; understand business names, domain names, promotional issues, and website content concerns.

The program qualifies for 1.5 hours MCLE credit.

I would like to personally invite you to attend the upcoming Law Ed program titled, “Identifying Intellectual Property Issues in Start-Ups,” which I will be co-presenting via live webcast on Tuesday, May 27th.

Presented by the ISBA Business Advice and Financial Planning Section

Co-Sponsored by the ISBA Intellectual Property Section

Privacy Law Update: California “Do Not Track” 

Two California laws went into effect at the beginning of the year that  require additional notifications to consumers.  The California Online Privacy Protection Act (“CalOPPA”) requires that web sites, mobile apps and other online services available to California residents (in reality anyone with a web site that may be accessed by a CA resident) post a privacy policy that gives notice to consumers regarding behavioral or interest-based advertising practices (“OBA”).

Disclosures must explain:
1. If a web site operator allows other parties to use tracking technologies in connection with the site or service to collect certain user data over time and across sites and services; and
2. How it responds to browser “do not track” signals or other mechanisms designed to give consumers choice as to the collection of certain of their data over time and across sites and services

In addition, the “California Shine the Light Act” requires that companies (except non-profits and businesses with less than 20 employees) collecting broadly defined personal information from California consumers on or offline either: (a) give consumers a choice as to the sharing of that information with third parties (including affiliates) for direct marketing purposes; or (b) provide notice of, and maintain, a method by which consumers can annually obtain information on the categories of information disclosed the names and addresses of the recipients of that data, and a description of the recipients’ business.

If an e-commerce service offers tangible goods or services, or vouchers for them, to California consumers, it must give certain notices to consumers, including how they can file a complaint with the CA Department of Consumer Affairs.

Are you  concerned about how to disclose how your service responds to “Do Not Track” signals or similar tools and settings, and whether third parties are permitted to collect personally identifiable information about consumer online activities over time and across different websites when a consumer uses that online service? We may be able to help. We can review your policies, your information gathering and sharing practices, and advise on whether there is room for improvement.

Please contact us for a no-fee consultation.

On October 2, 2013, I will be attending the Decoration & Design Building Fall Market where I am giving a presentatIon on protecting original furniture & textile designs. Those in attendance share a belief that style and design matter.

As designers and purveyors of good taste, you may spend months developing a concept, selecting materials, agonizing over the exact curve of the arm of a chair. Manufacturers may refine the design, invest in tooling to build it, promote it, and get it to market. Merchandise buyers may spend months reading, researching, attending events such as this to obtain and fill your showrooms and catalogue with ineffable elements of style. This is original, authentic design. Authentic designs—pieces produced by designers or their authorized manufacturers—are investments.

Therein lies the problem for today’s furniture designers and retailers. It takes intellectual and financial capital to conceive, create and produce good design. Yet, today’s consumer driven, price-focused economy is making it more and more difficult for a designer to protect and profit from the investment of this intellectual capital.

This presentation will focus on why certain designs are protectable, how to protect them, and how to defend against knock-offs.

English: A customer signing the at A Stone's T...

English: A customer signing the at A Stone’s Throw Jewelers in . (Photo credit: Wikipedia)

Fifield v. Premier Dealer Services, Inc.

BACKGROUND

The plaintiff in this declaratory judgment action had been employed by a subsidiary of an insurance company that marketed finance and insurance products to the automotive industry. After a sale of that business, plaintiff’s employment was terminated, but he was offered employment conditioned upon his acceptance of an “Employee Confidentiality and Inventions Agreement” (the agreement) which included non-solicitation and non-compete provisions. The agreement states in pertinent part:

“Employee agrees that for a period of two (2) years from the date Employee’s employment terminates for any reason, Employee will not, directly or indirectly, within any of the 50 states of the United States, for the purposes of providing products or services in competition with the Company (i) solicit any customers, dealers, agents, reinsurers, PARCs, and/or producers to cease their relationship with the Company *** or (ii) interfere with or damage any relationship between the Company and customers, dealers, agents, reinsurers , PARCs, and/or producers *** or (iii) *** accept business of any former customers, dealers, agents, reinsurers, PARCs, and/or producers with whom the Company had a business relationship within the previous twelve (12) months prior to Employee’s termination.”

Plaintiff successfully negotiated with Premier a provision that the restrictive covenants would NOT apply if he was terminated without cause during the first year of his employment (the first-year provision). Three months later, plaintiff resigned, began working for a competitor and sued to have the restrictive covenants held unenforceable stating that plaintiff had no access to confidential and proprietary information. The trial court held that the restrictive Covenants were unenforceable for lack of “consideration” – a legal term of art that generally means a bargained-for exchange of value. The appeals court affirmed.

ANALYSIS

Defendant argued that the non-solicitation and non-compete provisions were enforceable because the offer of employment was adequate consideration, there was a mutual exchange of promises (employment in exchange for restrictions), and the covenants were pre-employment, not post- employment. Defendant further argued that “the purpose of Illinois law regarding restrictive covenants is to protect against the illusory benefit of at-will employment” which was “nullified by the inclusion of the first-year [non-enforcement] provision in the agreement.”

Plaintiff countered with the argument that the provisions in the agreement are unenforceable because Illinois law requires employment to continue for a substantial period of time and that “Illinois courts have repeatedly held that two years of continued employment is adequate consideration to support a restrictive covenant…regardless of whether an employee is terminated or decides to resign on his own.”

The appellate court agreed with plaintiff citing Brown & Brown, Inc. v. Mudron, 379 Ill. App. 3d 724, 728 (2008) which held that the promise of continued employment in the context of post-employment restrictive covenants may be an illusory benefit where the employment is at-will. “Illinois courts have held that continued employment for two years or more constitutes adequate consideration. Id. at 728-29.”

TAKE AWAYS

The Fifield decisions has already generated a great deal of discussion from corporate board rooms to legal blogs. Unfortunately for businesses and their lawyers, the case leaves many unanswered questions.

For example, the court does not discuss whether the outcome would have been different if the employee were a high-level executive with immediate access to a wide range of highly sensitive confidential and proprietary information. At best,mother court simply mentions the plaintiff’s allegations that he had no access to such information.

Another area of uncertainty impacts start-up and early stage businesses. Very young businesses are often highly dynamic and early employees have access to a broad swath of the company’s Intangible assets such as business and revenue models, marketing plans, computer software and hardware and prospective customers, regardless of whether they serve a customer service function or “C-suite” executive function. The requirement that an employee have two years continued employment before a restrictive covenant becomes enforceable ignores the very real dynamic of start-up companies.

Lastly, an important question that went unanswered is whether the employer can offer some other “consideration” besides two years continued employment. For example, is there a pure monetary consideration that would support enforcement of the covenant? What if the covenant only lasted as long as the period of the departing employee’s employment?

NEXT STEPS

If you have restrictive covenants in your agreements with employees, it is strongly recommended that you meet with your lawyer to discuss the impact of this case on these agreements and your business. At the very least, you should carefully review your non-compete and non-solicitation agreements to see if they are supported by adequate consideration. If you have questions or concerns, or just don’t know how to begin, feel free to contact the lawyers at Leavens, Strand, Glover & Adler for a free, in-person or over-the-phone consultation. You can also email the author here: dadler@lsglegal.com.

Over the last few years privacy, and the lack of comprehensive protection, have made numerous headlines. From overly inquisitive mobile applications that fail to disclose how cell photo data is accessed and shared (Path) to handset manufacturers failures to properly inculcate privacy in the design and manufacturing process (HTC) to security lapses at government databases resulting in exposure of sensitive personal information (South Carolina), consumers, regulators and legislators are waking up to privacy issues.

Recent developments highlight the trend in Privacy

In the U.S. we lack a single comprehensive privacy law, although many state and federal laws address various aspects of collecting, storing and sharing personal information. In the absence of a single, over-arching, mandate, legislators and regulators are stepping into fill at perceived need.

GPS, Location & Privacy

The Geolocation Privacy and Surveillance (GPS) Act addresses use of location data by law enforcement. The bill (not yet law) requires police to obtain a warrant based on probable cause whenever it seeks “location information.” Unfortunately, the term “location information” is very broadly defined, does not distinguish requests for access based on the level of precision, time period, or whether the information is for past or future conduct.

Proposed Federal Privacy Standards

Two bills introduced this year aim to create a baseline level of privacy protection at the federal level. John Kerry (D-MA) and Sen. John McCain (R-AZ) introduced S. 799, the Commercial Privacy Bill of Rights Act of 2011, to create a regulatory framework for the comprehensive protection of personal data for individuals, enforceable by the Federal Trade Commission (FTC). Similarly, Rep. Cliff Stearns (R-FL) is promoting a Consumer Privacy Protection Act (H.R.1528), directed at consumers and focused on restricting the sale or disclosure of personal information.

FTC Protects Privacy Under Mantle of Consumer Protection

As a result of alleged data security failures that led to three data breaches at Wyndham hotels in less than two years, the Federal Trade Commission filed suit against hospitality company Wyndham Worldwide Corporation. The case against Wyndham is part of the FTC’s ongoing efforts to make sure that companies live up to the promises they make about privacy and data security.

Wyndham’s web site privacy policy claimed that, “We recognize the importance of protecting the privacy of individual-specific (personally identifiable) information collected about guests, callers to our central reservation centers, visitors to our Web sites, and members participating in our Loyalty Program …”

The FTC complaint alleges that Wyndham failed to maintain adequate and industry standard security measures by storing credit-card information in unencrypted format, allowing servers to remain unpatched, and failing to use firewalls.

The FTC alleges that these failures led to fraudulent charges on consumers’ accounts, millions of dollars in fraud loss, and the export of hundreds of thousands of consumers’ payment card account information to an Internet domain address registered in Russia.

Most notably, the lawsuit will test whether the Federal Trade Commission has the jurisdiction to compel companies to provide a certain level of cybersecurity in order to safeguard consumer personal information.

Privacy Remains Top Concern

Many companies across many industries, financial services, higher education and healthcare, just to name a few, are facing a wide range of security and privacy concerns, scrambling to implement A defensible security framework and demonstrate compliance. It’s alarming, considering the significant consequences associated with not complying.

Organizations can lose contracts, customers and their reputation. That could put some out of business.

Compliance Preparation & Best Practices

Large organizations can spend many months and millions of dollars on compliance. Your business need not go to such extremes. To prevent getting caught by surprise and to prepare for the compliance journey, I’ve listed below some suggested best practices.

Periodic risk assessments. Evaluate potential damage and disruption caused by unauthorized access, use, disclosure, modification, or destruction of data or systems.

Policies and procedures. Incorporate procedures for detecting, reporting, and responding to security incidents, as well as business continuity plans.

Standardize. Set standards of acceptable information security for networks, facilities, and information systems.

Train Employees. Awareness training for employees, contractors, and other users of information systems is critical. Articulate the security risks associated with activities and define users’ responsibility for complying with policies and procedures.

Test & Evaluate. Periodic assessment of the effectiveness of information security policies, procedures, practices, and controls helps determine weak spots. At a minimum they should be conducted annually, according to Ford.

Respond & Repair. Have a pre-defined process for planning, implementing, evaluating, and documenting remedial actions designed to address legal, PR, HR and related risks in the event of a breach.

THIS IS NOT LEGAL ADVICE. The procedures outlined above are merely suggestions and there is no guarantee that implementation will reduce risk or mitigate liability.

Please contact Leavens, Strand, Glover & Adler at 866-734-2568 for a free consultation to learn how LSGA can help meet your specific needs.

Follow

Get every new post delivered to your Inbox.

Join 3,228 other followers

%d bloggers like this: