Do you work with start-up companies and need a basic understanding of the various intellectual property issues that can arise?

I will be co-presenting in this online seminar that will help you:

  • understand the trademark and copyright problems your client may encounter with branding;
  • learn how to protect your client’s branding once established;
  • familiarize your practice with patents, including what they protect, timing, and strategies to prevent inadvertent loss of patent rights before filing the application;
  • understand trade secrets and the importance of non-disclosure and confidentiality agreements;
  • recognize intellectual property issues relating to technology, including open source code and the cloud;
  • establish a proactive approach toward intellectual property ownership between cofounders, employees, and vendors; understand business names, domain names, promotional issues, and website content concerns.

The program qualifies for 1.5 hours MCLE credit.

I would like to personally invite you to attend the upcoming Law Ed program titled, “Identifying Intellectual Property Issues in Start-Ups,” which I will be co-presenting via live webcast on Tuesday, May 27th.

Presented by the ISBA Business Advice and Financial Planning Section

Co-Sponsored by the ISBA Intellectual Property Section

Online marketing continues to evolve and affiliate marketing can be a great method of building brand awareness. Online marketers need to stay ahead of legal and regulatory compliance trends. This article looks at recent Federal Trade Commission (“FTC,” “Commission,” or “agency”) activity that impacts online marketing.

Given the lack of a comprehensive federal regulatory scheme, and the increasing awareness of deceptive marketing practices, it is not surprising that the FTC has ramped up enforcement efforts against entities not covered by existing, industry-specific federal regulations over the last decade. Notably, one company has defended itself against the FTC by challenging the FTC’s authority to pursue such broad enforcement.

Jurisdiction

The widely-watched case of FTC v. Wyndham Worldwide Corp is not just about Cybersecurity.

The Federal Trade Commission (FTC) has just won the first major round of its fight with Wyndham Hotels over data security. However, the importance of the case has more to do with the FTC’s jurisdiction, challenged when Wyndham moved to dismiss the FTC’s case. Affirming the FTC’s broad jurisdiction, the federal judge overseeing the controversy noted that the case highlights “a variety of thorny legal issues that Congress and the courts will continue to grapple with for the foreseeable future.”

Affiliate Marketing: A Roadmap for Compliance: Text Message Marketing

The Commission is cracking down on affiliate marketers that allegedly bombard consumers with unwanted text messages in an effort to steer these consumers towards deceptive websites falsely promising “free” gift cards.

For example, in eight different complaints filed in courts around the United States, the FTC charged 29 defendants with collectively sending more than 180 million unwanted text messages to consumers, many of whom had to pay for receiving the texts. The messages promised consumers free gifts or prizes, including gift cards worth $1,000 to major retailers such as Best Buy, Walmart and Target.

By now, many in the Affiliate Marketing industry are familiar with the Legacy Learning Systems case. In March, 2011 the FTC settled charges against Legacy — which sells instructional DVDs — that Legacy represented, directly or indirectly, expressly or by implication, reviews of their products were endorsements reflecting the opinions of ordinary consumers or independent reviewers, when many of the favorable endorsements were posted by affiliate marketers who received a commission from Legacy for sales they generated.

Regardless of the form of affiliate marketing – email campaigns or text message campaigns – there are a couple key take-aways here.

First, identify and disclose a material connection between a product user or endorser and any other party involved in promoting the product. A “material connection” is a relationship that affects the credibility of an endorsement and wouldn’t be reasonably expected by consumers. See our article about complying with the endorsement guides here.

Second, set up and maintain a system to monitor and review affiliates’ representations and disclosures to ensure compliance. For example, Legacy looked at its top 50 revenue-generating affiliates at least once a month, visiting their sites to review their representations and disclosures. It has to be done in a way designed not to disclose to the affiliates that they’re being monitored.

Third, understand he requirements for conducting legally-compliant text message marketing. The Telephone Consumer Protection Act (TCPA) makes it unlawful to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system or an artificial or prerecorded voice … to any telephone number assigned to a . . . cellular telephone service … or any service for which the called party is charged for the call. The prohibition on calls to cell phones applies to text messaging.

Privacy Law Update: California “Do Not Track” 

Two California laws went into effect at the beginning of the year that  require additional notifications to consumers.  The California Online Privacy Protection Act (“CalOPPA”) requires that web sites, mobile apps and other online services available to California residents (in reality anyone with a web site that may be accessed by a CA resident) post a privacy policy that gives notice to consumers regarding behavioral or interest-based advertising practices (“OBA”).

Disclosures must explain:
1. If a web site operator allows other parties to use tracking technologies in connection with the site or service to collect certain user data over time and across sites and services; and
2. How it responds to browser “do not track” signals or other mechanisms designed to give consumers choice as to the collection of certain of their data over time and across sites and services

In addition, the “California Shine the Light Act” requires that companies (except non-profits and businesses with less than 20 employees) collecting broadly defined personal information from California consumers on or offline either: (a) give consumers a choice as to the sharing of that information with third parties (including affiliates) for direct marketing purposes; or (b) provide notice of, and maintain, a method by which consumers can annually obtain information on the categories of information disclosed the names and addresses of the recipients of that data, and a description of the recipients’ business.

If an e-commerce service offers tangible goods or services, or vouchers for them, to California consumers, it must give certain notices to consumers, including how they can file a complaint with the CA Department of Consumer Affairs.

Are you  concerned about how to disclose how your service responds to “Do Not Track” signals or similar tools and settings, and whether third parties are permitted to collect personally identifiable information about consumer online activities over time and across different websites when a consumer uses that online service? We may be able to help. We can review your policies, your information gathering and sharing practices, and advise on whether there is room for improvement.

Please contact us for a no-fee consultation.

At the end of August, the California passed an amendment to the California Online Privacy Protection Act that will require commercial websites and services that collect personal data to disclose how they respond to Do Not Track signals from Web browsers.

AB 370, as introduced by California Assemblyman Al Muratsuchi, requires a business that discloses a customer’s personal information to a third party for direct marketing purposes to provide the customer, within 30 days after the customer’s request, as specified, in writing or by e-mail the names and addresses of the recipients of that information and specified details regarding the information disclosed.

This bill, available here, would declare the intent of the Legislature to enact legislation that would regulate online behavioral tracking of consumers.


A presentation on what goes into creating original designs and how these differ from copycats.

WHERE: Decoration & Design Building, J. Robert Scott Showroom, Suite 220

WHEN: Wednesday, October 2,2013 !2 p.m.

WHAT: From film to fashion, creative industries are taking steps to protect and promote original work. Designers and manufacturers need to know what steps they can take to protect their designs, their businesses, and their profits. The discussion will address issues related to how to protect original design (copyright & design patent) and the manufacturers (trademark, unfair competition).

WHO:

INTERIORS Magazine Editorial Director Michael Wollaeger

J. Robert Scott Founder Sally Sirkin Lewis

Designer Laura Kirar [Web Site]

Intellectual Property lawyer David Adler

Showroom reception to follow.

 

Download the full Fall Decoration & Design Building Market Brochure Here.

I’m surprised at how often I receive commercial bulk email messages that are not compliant with the Federal CAN SPAM act.The two biggest mistakes I see are 1) no physical address and 2) no opt-out/unsubscribe mechanism.

Image representing Twitter as depicted in Crun...

Image via CrunchBase

Another common mistake is a “blind” bulk email address list like “Undisclosed-Recipients@email.com.”  Not only do I NOT know which address this received the offensive message, there usually isn’t even a proper return address for me to send an “Unsubscribe” message.

With the popularity of social media, you’ve  probably received a Twitter promotion for iPhones, special deals, free downloads, etc. While it’s easy to dismiss poorly-written tweets from obvious spammers, when someone replies to you on Twitter, says “must read, check it out” and the topic is clearly the kind of thing you read and share it’s more difficult to tell. Often, these are from legitimate accounts where a human has taken the time to compose and send the message.

In light of the growing use of electronic mail (“email”) messages for advertising, marketing, corporate communications and customer service, is essential to have some familiarity with the Federal “Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003” also known as the CAN SPAM Act (the “Act”) The Act provides the parameters of its application, explicit prohibitions, requirements for transmission of legally compliant email messages including the “Opt-Out” mechanism and vicarious liability.  Generally speaking, the Act was written to prohibit the fraudulent, deceptive, predatory and abusive practices that threaten to undermine the success and effectiveness of commercial email and email marketing.

Congress drafted the Act to impose limitations and penalties on the transmission of unsolicited commercial email messages. Unlike some state initiatives, the Act is an “opt-out” law. Put another way, for most purposes permission of the e-mail recipient is not required. However, once an email recipient has indicated a desire to opt-out or no longer receive such messages, failure to comply with the recipient’s request may subject both the sender and the person or entity on whose behalf the message was sent to severe penalties.

Frequently asked question about the Act include:

1)    To Whom Does The Act Apply? The Act applies to any person or entity that sends email.

2)    What Activities Are Prohibited By The Act? The Act is primarily concerned with explicitly  prohibiting certain predatory and abusive commercial email practices.

3)    What Are The Requirements For Sending Email Messages? Section 5(a) of the Act sets requires the inclusion non-misleading information regarding: (a) transmission, (b) subject, (c) email address, (d) Opt-out and physical address, and (e) clear and conspicuous language identifying sexually-oriented messages.

4)    Who Can Be Liable for Violations? The Act applies to both the party actually sending the commercial email messages and those who procure their services.

Discussion

The primary substantive provisions of the Act can be divided into three parts found in Section 4, Section 5 and Section 6. Section 4 of the Act addresses “predatory and abusive” practices prohibited by the Act. Section 5 details the requirements for transmission of messages that comply with the Act. Section 6 details the requirements for transmission and identification of sexually-oriented messages. Section 6 is not discussed in this article.

Section 4 of the Act lists specific “predatory and abusive” practices prohibited by the Act.  In short, the Act specifically prohibits: (i) accessing a computer without authorization for the purpose of initiating transmission of multiple commercial email messages, (ii) transmission of multiple commercial email messages with the intent to deceive or mislead recipients, (iii) transmission of multiple commercial email messages with materially false header information, (iv) registration of email accounts or domain names using information that materially falsifies the identity of the actual registrant, and (v) false representations regarding the registration of Internet Protocol addresses used to initiate multiple commercial email messages.

The second relevant part, set forth in Section 5 of the Act, details the requirements for transmission of messages that comply with the Act. Subject to certain limitations discussed below, the Act requires that email messages contain: (i) transmission information that is not materially false or misleading, (ii) subject information that is not materially false or misleading, (iii) a return address or comparable mechanism for opt-out purposes, (iv) identifier, Opt-out and physical address, and (v) clear and conspicuous language identifying sexually-oriented messages as such. (Note, this last requirement is not discussed. See above.) Lastly, the Act implicates both commercial email transmission service providers as well as those who procure their services.

To Whom Does The Act Apply?

The Act applies to any person or entity that sends email. The Act specifically regulates “commercial electronic mail messages,” defined as any email message “the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” However, the Act specifically excludes from this definition “transactional or relationship messages.” A “transactional or relationship message” falls within one of five categories of messages:

  1. communications that facilitate, complete or confirm a commercial transaction previously agreed to by the recipient;
  2. communications that provide warranty or other product information with respect to a product or service previously used or purchased by the recipient;
  3. notifications with respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship;
  4. information directly related to an employment relationship or related benefit plan in which the recipient is currently involved; and
  5. communications to deliver goods or services, including product updates or upgrades, under the terms of a transaction previously agreed to by the recipient.(Emphasis added.)

The purpose for the distinction between “commercial electronic mail messages” and “transactional or relationship messages” is to exempt certain types of communications from compliance with all the message transmission requirements of the Act. As should be clear from the list above, the Act distinguishes the types of communications based on the relationship between the sender and recipient rather than on the character of the message. Put another way, so long as the communication is related to some type of existing business relationship, it is not a “commercial electronic mail message.”

What Activities Are Prohibited By The Act?

Section 4 of the Act is primarily concerned with prohibiting certain predatory and abusive commercial email practices. Section 4(a) amends Chapter 47 of Title 18 of the United States Code by adding Section 1037 which specifies the offenses that constitute “fraud and related activity in connection with email.” An offense is committed by anyone who directly or indirectly, knowingly:

  1. accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer,
  2. uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,
  3. materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,
  4. registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, or
  5. falsely represents oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses, and intentionally initiates the transmission of multiple commercial electronic mail messages from such addresses.

Clearly, Section 4 is primarily concerned with preventing practices whereby the sender intentionally, either through outright fraud or other deception, conceals its true identity or the true commercial character of the message.

What Are The Requirements For Sending Email Messages?

            Section 5(a) of the Act sets forth certain other protections for the users of commercial email.

Accurate Transmission Information. Among the affirmative requirements of Section 5(a), Section 5(a)(1) prohibits sending either a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading. Unlike the general prohibition against sending messages with materially false header information under Section 4, in addition to having technically accurate transmission information, the sender is prohibited from having used false pretense or other deceptive means to acquire such information (e.g. email accounts, domain names and IP addresses). Furthermore, the “from” line must “accurately identify the person transmitting the message.” Lastly, the sender must accurately identify the computers used to originate, relay or retransmit the message.

Note, the following only apply to commercial electronic mail messages:

Accurate Subject Information. Messages must have accurate subject information. Subject information would not be accurate if a “person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that a subject heading of the message would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message.”[8]

Inclusion of Opt-out Mechanism. Messages MUST contain a functioning return email address or other Internet-based mechanism (e.g. hyperlink), that is clearly and conspicuously displayed that enables a  recipient to submit a request to opt-out of future email messages from the sender whose email address was contained in the message. The opt-out mechanism (whether email address or hyperlink, etc.) must remain functional for at least thirty (30) days after the transmission of the original message.

            Removal After Objection. If a recipient makes a request using the opt-out mechanism, the sender shall not transmit any further messages to the recipient, more than ten (10) business days after the receipt of such request, if such message would fall within the scope of the request. A third-party acting on behalf of the sender shall not transmit or assist others to transmit, any further messages to the recipient, more than ten (10) business days after the receipt of such request, if such third party knows or should know of the recipient’s objection. Lastly, the sender and any third party who knows that the recipient has made such a request, shall not sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient for any purpose other than compliance with the Act or other provision of law.

Inclusion of Identifier, Opt-out & Physical Address. Every message must clearly and conspicuously: (i) identify the message as an advertisement or solicitation; (ii) provide notice of the opportunity to opt-out of future communications; and (iii) provide a valid physical postal address of the sender. However, the notice that a message is an advertisement or solicitation does not apply where the recipient has given prior affirmative consent to receive the message.

Related Activities Proscribed.

Other prohibitions in the Act concern unethical or unscrupulous practices that tend to coincide with deceptive or abusive email. Several common methods for generating email distribution lists have also been proscribed. The Act prohibits certain unethical practices such as:

  • hijacking another email server to send or relay messages;
  • “harvesting” email addresses that appear on others’ Web sites;
  • randomly generating email addresses;
  • knowingly linking an email ad to a fraudulently registered domain; and
  • participating in other offenses such as fraud, identity theft, etc.

Who Can Be Liable for Violations?

The Act applies to both the party actually sending the commercial email messages and those who procure their services.[9] One cannot “outsource” its “spam” and thereby avoid liability under the Act. One may be held accountable if the email service employed isn’t actually using a legally-compiled or permission-based list. Under some parts of the Act one may be held liable for employing a third party to distribute the messages “with actual knowledge, or by consciously avoiding knowing, whether such [third party] is engaging or will engage, in a pattern or practice that violates this Act.”

CONCLUSION

The Act was written to prohibit the fraudulent, deceptive, predatory and abusive practices that threaten to undermine the success and effectiveness of commercial email and email marketing. Since Bacon’s uses email to communicate with employees, vendors, existing and prospective customers, Bacon’s is clearly subject to the Act. The Act focuses on enumerating proscribed activities rather than affirmative obligations to make it easier for legitimate, honest businesses to comply with the Act. The Act distinguishes communications based on a previously existing relationship between the sender and the recipient from those communications that are prospective in nature. Generally, email messages not based on a pre-existing relationship are subject to greater affirmative requirements.

Compliance Guidelines.

  1. Be Aware of the Requirements for Transmitting Messages.
  2. Require Compliance by Clients.
  3. Monitor Distribution by Affiliates.

The Future Of Social Is Moving From Mere Participation To Analysis & Strategic Initiatives

I had the opportunity to attend and participate in Converge 2012 run by the Institute for Social, Search & Mobile Marketing. The theme was mastering the Business of Social Media. The Conference had a great selection of speakers (yours truly included) and topics that really resonated with the audience. I hope to summarize here some of the take-aways I learned at this conference.

Business Is Now Social

The last few years have seen an unprecedented shift in the adoption of social platforms for businesses to reach and interact with customers. What started as a “dipping our toes into the water” excerise has now matured into jumping in with both feet. Not surprisingly, the first few presentations of the conference focused on the effect of so much participation: greater focus on ROI. The presentations covered a lot of ground, but here are the key take aways from Day 1:

  • Businesses that fail to integrate the social channels may not exist in five years
  • Analytics are maturing in terms of both measurement tools and metrics
  • Better analytics are driving innovation by putting companies ahead of emerging issues instead of simply reacting to them
  • Creating a Social Media culture must come from the top and flow down
  • The growth of mobile platforms Is blurring the line between online and in-store experiences because of anywhere/anytime andpersonalized access

Day 1 concluded with the panel presentation in which I participated “Social Media “Venture Heaven” Money is flooding into social media, It’s time to understand why.” Key take-aways from this panel include the followig Data about the growth in Mobile:

  • As of May, 2012, mobile comprises 10% of Internet traffic, up from just 4% less than a year and a half ago
  • Mobile = ~8% of ecommerce
  • Monetization growing rapidly 79% is Apps, 21% is from ads
  • There has been a rapid increase in time spent relative money spent on ads; TV is roughly at parity while Mobile ad spend is about 1/10 of that
  • Drivers of growth in Mobile:
    • Devices
    • Platforms
    • Improved user interfaces
    • Sharing
    • More emphasis on design aestheticS

In a world of ubiquitous fast Internet,  mass blogging and micro-blogging, minute-by-minute status updates and customer complaints and recommendations, businesses need to focus on tailoring their product for their customers desires, rather that merely tolerating customer requests. Whatever device/platform customers use most will get the most attention from developers, accessory makers and potential new customers.

Israel’s Ban on Ultra-Thin Models

FASHION-SAFRICA-NIGERIA-BAKARE

FASHION-SAFRICA-NIGERIA-BAKARE (Photo credit: Bohan Shen_沈伯韩)

 

The Atlantic

By Talya Minsberg A new Israeli law prohibits fashion media and advertising from using Photoshop or models who fall below the World Health Organization’s standard for malnutrition. When a 14-year-old girl delivered a 25,000-signature petition this week to Seventeen asking them to curb their use of Photoshop, the magazine issued a press statement that congratulated the girl on her ambition but was conspicuously silent on changing their editorial practices.

An Impossible Conversation About the Met’s Spring 2012 Costume Institute Exhibit

Huffington Post (satire)

So, culturally and historically, the reason women care so much about fashion is that until very recently, we weren’t allowed professional, legal or vocal ways of expressing ourselves. Fashion was a way of articulating our feelings about ourselves.

Small Aussie fashion label turns George Lucas legal threat into ‘Star 
Dallas News Small Aussie fashion label turns George Lucas legal threat into ‘Star Wars‘ clothing deal.

AsianFashionLaw | Page 5
Fashion lawyers are legal experts too. Sometimes I feel as though people think I am in design studios all day twiddling my thumbs as I look at models wearing 
www.asianfashionlaw.com/page/5/

Adidas-India’s ex-MD slaps legal notice on company – Fashion United
The Adidas-saga in India seems to be taking a different turn. – Fashion India News, Network, Business Community, fashion industry, international, platform for 
www.fashionunited.in/…/adidas-indias-ex-md-slaps-legal-notic…

Free content is not without a cost.

As our lives have become more digitally enmeshed with content, immersive entertainment and devices, the economic bargain that makes it possible has gone largely unnoticed. Simply put, the collection, analysis and sharing of personal data is driving the digital economy. Mobile applications (Apps), digital content and entertainment – from TV shows to games – are available for “free” but subsidized by income from online ads that are customized using data about customers. Vendors, advertisers and platforms compete for “eyeballs” based, in part, on the quality of the information they possess about users to whom the ads are targeted.

Across this interconnected landscape of users, content providers and devices, the issue of online privacy has become a major talking point for app developers, marketers, consumers and legislators. Recently, a wide range of stakeholders, from large institutions to smaller developers, have been accused of mishandling personal data. As the volume of public debate has increased, legislators have introduced a raft privacy initiatives. The Obama administration has called for a Privacy Bill of Rights, an industry consortium of leading web sites and search engines has proposed its own privacy best practices and the Electronic Frontier Foundation has published a consumer-oriented Mobile User Privacy Bill of Rights.

Part 1 of this article looks at several recent and high-profile revelations about how personal information is collected and used, often without the user’s knowledge and consent. Part 2 discusses the legal risks faced by vendors that don’t take adequate precautions to protect consumer privacy and Part 3 concludes with strategies and tactics that help leverage the power of personalization while avoiding the pitfalls of privacy and data security.

1. The current state of information gathering

The scope of personal information gathered is unprecedented and largely unknown. For years, “free” web-based content has been available because of the implicit compromise between content providers and content consumers. Advances in technology have made it easier to track a user’s web browsing habits, mobile browsing habits, and even real-time geospatial location (check in apps and GPS). In the last few months, we have learned that some apps not only gather this mostly non-personally-identifiable data, but also upload a user’s address book contacts and even photos.

On Wednesday Feb. 2012, software Developer Arun Thampi “outed” Path, the purveyor of a self-titled journaling app, for sending users’ address book contents to the company. Path lets users share what they’re doing with a select group of friends and gives users the option to find friends on the app through contacts or other social networks. Thampi disclosed the clandestine data transfer in a blog post after discovering that his phone’s entire address book, including full names and e-mail addresses, was being sent to Path without his explicit consent. According to Path, this data was necessary to in order to quickly notify users when people they know join Path.

Not too long ago, Google earned itself a similar PR (and legal) black eye when it launched its social network, Google Buzz, in 2010 through its Gmail web-based email product. At launch, users were not informed that the identity of individuals they emailed most frequently would be made public by default. Google Buzz automatically disclosed the email addresses of a user’s contacts by default. Google settled with the FTC over allegations that Google used deceptive practices and violated its own privacy policies.

On Feb 17 2012, WSJ reported that Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked. The companies used special computer code that tricks Apple’s Safari Web-browsing software into letting them monitor many users. Safari, the most widely used browser on mobile devices, is designed to block such tracking by default.

A major topic for discussion just this week is the “Target Snafu.” As originally reported in the New York Times, Target used customer data and predictive analytics to determine that one of their customers was pregnant, and even her specific trimester. The girl’s father learned of the pregnancy when the retailer emailed her promotional material and coupons.

It used to take days or even weeks to gather, synthesize and extrapolate data about a customer’s buying habits and receptiveness to particular products or services. Now it takes milliseconds. A targeted ad can be sourced and served in the time it takes to hit “refresh” on a web browser. Companies are using massive amounts of data to predict what their customers are going to want next. More importantly, gathering that data is getting easier, cheaper and more ubiquitous as the source of that data moves from the desktop to mobile devices.

So where is the middle ground between privacy and targeted advertising? Is it spying simply because the user doesn’t know what data is being collected even though the user accepted a broad and ambiguous Terms of Use agreement? Is knowingly contributing data without boundaries sufficiently transparent?

Seal of the United States Federal Trade Commis...

Image via Wikipedia

For the past year and a half, I have been traveling to various conferences around the country to speak on Legal and Regulatory compliance in social media. In the beginning, case law and regulatory guidance was scarce and little information was available to provide businesses engaged in social media with a roadmap for Social Media Legal and Regulatory compliance. However, a lot has changed over the last year and a clear trend is emerging. Industry regulators are aware of the use – and abuse – of social media by their members. This article examines recent guidance provided by the Federal Trade Commission (FTC), the Food & Drug Administration (FDA), the National Labor Relations Board (NLRB), the Financial Industry Regulatory Authority (FINRA) and the Securities Exchange Commission (SEC).

Social Media in Marketing, Advertising & Commerce.

The FTC has a prime directive to protect consumers. In the social media sphere, the FTC has pursued this mandate by enforcing companies’ Terms of Use and privacy policies. In addition, the FTC has recently issued updated guidance for companies and individuals that review, promote, advertise or otherwise write about various products and services. In 2009, the FTC tackled its first social media case, an investigation involving Twitter. The focus of the FTC action was Twitter’s privacy policy that asserted A concern about safeguarding confidentiality of personally identifiable information and privacy settings designed to designate tweets as private.

The settlement, first announced in June 2010, resolved charges that Twitter deceived consumers and put their privacy at risk by failing to safeguard their personal information. Lapses in the Twitter’s data security allowed hackers to obtain unauthorized administrative control of Twitter, including both access to non-public user information and tweets that consumers had designated as private, and the ability to send out phony tweets from any account. Under the terms of the settlement, Twitter has hit ended and ongoing obligations concerning consumers and the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.

In a similar action, the FTC settled and investigation into Facebook,the leading social media platform/service. The social networking service agreed to settle Federal Trade Commission charges that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public. The settlement requires Facebook to take several steps to make sure it lives up to its promises in the future, including giving consumers clear and prominent notice and obtaining consumers’ express consent before their information is shared beyond the privacy settings they have established.

Read the FTC update here.

As recently as January 10, 2012, the FTC reached a settlement with UPromise, Inc., stemming from charges that the company – a membership reward service – allegedly used a web-browser toolbar to collect consumers’ personal information, without adequately disclosing the extent of personal information collected. The FTC found that the toolbar was collecting the names of all websites visited by its users as well as information entered into web pages by those users, including user names, passwords, credit card numbers, social security numbers and other financial and/or sensitive data. Furthermore, this data was transmitted in unencrypted, clear text that could be intercepted or viewed by third parties in a WiFi environment. The result? UPromise had to destroy all data it collected under the “Personalized Offers” feature of its “TurboSaver” toolbar in addition to other obligations related to data collection practices and consent to collection of personal information.

Other Industry Guidance.

In October 2009, the Federal Trade Commission released it’s updated “FTC’s Guides Concerning the Use of Endorsements and Testimonials in Advertising.” The updated Guides contain two notable areas of concern for marketers. First, the Guides removed the safe harbor for advertisements featuring a consumer’s experience with a product or service, the so-called “results not typical” disclosure. Second, the FTC Guides underscored the longstanding principle of disclosing “material connections” between advertisers and the consumers, experts, organizations, and celebrities providing reviews and endorsements of products and services.

For concise guidance on when, how and what to disclose, see my article here.

Social Media in the Healthcare & Pharmaceutical Industries.

Like other consumer-oriented industries, Pharmaceutical and Biotech firms are rapidly expanding their presence online. This growth over the past several years has not gone unnoticed as evidenced by FDA Warning Letters targeting marketing campaigns “broadcast” via websites and social media platforms. The FDA also provides more general guidance for the industry. Policy and guidance development for promotion of FDA-regulated medical products using the Internet and social media tools are available in the FDA’s Consumer-Directed Broadcast Advertisements Questions and Answers. While this document provides clear direction for traditional media broadcasting , it only skims the surface regarding web content.

Social Media in the Workplace.

Probably no other federal agency has been as active as the NLRB in recent months. The NLRB has a mandate to protect employees rights to organize and discuss working conditions without fear of reprisals from employers. On August 8, 2011, the Associate General Counsel for the NLRB released a memo entitled “Report of the Acting General Counsel Concerning Social Media Cases.The report began by analyzing a case of first impression: whether an Employer unlawfully discharged five employees who had posted comments on Facebook relating to allegations of poor job performance previously expressed by one of their coworkers.

On January 25, 2012, the NLRB released a second report describing social media cases handled by the NLRB. The “Operations Management Memo” available here, covers 14 cases, half of which involve questions about employer social media policies. Five of those policies were found to be unlawfully broad, one was lawful, and one was found to be lawful after it was revised.

The remaining cases involved discharges of employees after they posted comments to Facebook. Several discharges were found to be unlawful because they flowed from unlawful policies. But in one case, the discharge was upheld despite an unlawful policy because the employee’s posting was not work-related. The report underscores two main points made in an earlier compilation of cases: 1) policies should not sweep so broadly that they prohibit the kinds of activity protected by federal labor law, such as the discussion of wages or working conditions among employees; and 2) an employee’s comments on social media are generally not protected if they are mere gripes not made in relation to group activity among employees.

Social Media and the Financial Services Industry.

From the Madoff scandal, to the Occupy Wall Street Movement, to Mitt Romney’s tax returns, the financial services sector is accustomed to the scrutiny and ire of the public and government regulators. Therefore it is no surprise that on January 4, 2012, the SEC’s Office of Compliance Inspections and Examinations, in coordination with other SEC staff, including in the Division of Enforcement’s Asset Management Unit and the Division of Investment Management, issued its “Investment Adviser Use of Social Media” paper. The paper begins by observing that although “many firms have policies and procedures within their compliance programs” governing use of social media” there is wide “variation in the form and substance of the policies and procedures.” The staff noted that many firms have multiple overlapping procedures that apply to advertisements, client communications or electronic communications generally, which may or may not specifically include social media use. Such lack of specificity may cause confusion as to what procedures or standards apply to social media use.

The SEC paper suggests that the following factors are relevant to determining the effectiveness of a Social Media compliance program:

  • Usage Guidelines
  • Content Standards
  • Monitoring
  • Frequency of Monitoring
  • Approval of Content
  • Firm Resources
  • Criteria for Approving Participation
  • Training
  • Certification
  • Functionality of web sites and updates thereto
  • Personal/Professional sites
  • Information security
  • Enterprise-wide web site content cross collateralization

Similarly, the Financial Industry Regulatory Authority (FINRA) has issued guidance for secutires brokerage firms. According to its web site, FINRA “is the largest independent regulator for all securities firms doing business in the United States.” FINRA protects American investors by ensuring fairness and honesty in the securities industry. In January 2010, FINRA issued Regulatory Notice 10-06, providing guidance on the application of FINRA rules governing communications with the public to social media sites and reminding firms of the recordkeeping, suitability, supervision and content requirements for such communications. Since its publication, firms have raised additional questions regarding the application of the rules. Key take aways from FINRA’s guidance include the flowing:

  • Brokerages have supervisory and record keeping obligations based on the content of the communications – whether it is business related – and not the media
  • Broker-dealers must track and supervise messages that deal with business
  • Firms must have systems in place to supervise and retain interactions with customers, if they are made through personal mobile devices
  • A broker must get approval from the firm if she mentions her employer on a social media site
  • Pre-approval for instant messages, also known as “unscripted interactions’ in legalese, is not necessary as long as supervisors are informed after the fact

Conclusion.

Many professionals in regulated industries are eager to leverage social media to market and communicate with existing and prospective clients and to increase their visibility. However, participants must ensure compliance with all of the regulatory requirements and awareness of the risks associated with using various forms of social media. Hopefully, the guidance outlined above can serve as a good starting point for discussions about how best to use of social media as well as suggestions regarding factors that firms may wish to consider is helpful to firms in strengthening their compliance and risk management programs. We invite you to contact us with comments and requests about how we can help you educate your employees, prevent fraud, monitor risk, and promote compliance. We can be reached at lsglegal.com866-734-256, @adlerlaw and dadler@lsglegal.com.

Follow

Get every new post delivered to your Inbox.

Join 3,111 other followers

%d bloggers like this: