AUSTIN, Texas — A divided House vote provides momentum for Texas employees who wish to shield personal text messages, email passwords under a bill backed by Democratic State Rep. Hellen Giddings and given preliminary approval Thursday.

Proponents say Texas workers need the same social media protections provided in several other states. The bill prohibits employers from asking job applicants or employees for passwords to access their Facebook, Twitter or other personal accounts. Opponents argue it will provide “safe harbor” for employees to steal proprietary information at the workplace through their personal accounts.

No specific penalties are spelled out for employers who would violate the law.

The Texas law is another reminder of the ongoing evolution of Social Media law and regulation as legislators and private businesses struggle to understand how these technologies affect everyone’s rights, obligations and remedies.

If you or your business is concerned about social media legal and regulatory compliance, contact David Adler at Leavens, Strand, Glover & Adler. 866-734-2568 dadler@lsglegal.com.

Image representing CloudFlare as depicted in C...

Image via CrunchBase

I just returned from RSAConference 2013 where I had the privilege and honor of giving a presentation of the legal risks caused by social media in the workplace. As a speaker-attendee, I had the priceless benefit of access to all the other speakers and programs held during the conference.

One such program I attended was “We Were Hacked: Here’s What You Should Know”. The speakers, Matthew Prince (@eastdakota) CEO of CloudFlare, and Mat Honan (@mat) writer for Wired Magazine, shared their common experience as targets of high profile hacks. Hearing the details from them first hand, including information from interviews with the hackers themselves, I learned how easy it is to be the victim of hacking and how it’s the little things that create exploitable seams in our information security barriers.

Rather than rewrite their stories, I thought I would share three simple lessons I learned that I’ve already implemented and you should too. Besides, Matt does a better job telling his own story which can be found here.

Here are the three things I learned about how you can protect yourself and others in your organization.

First, security attacks go after the “low hanging fruit” and that often means figuring out a way to exploit your personal email address. With so many web-based services and so much login information to remember, many of us use our personal email as our username for everything from the web sites on which we comment, to our online photo gallery, to our online banking service. Unfortunately, this is probably the address we use for password recovery if we forget. Given that our digital lives are easily mapped, hackers already have one piece of the two-piece login puzzle: they know your user name.

TIP NO. 1: Use a private, obscure email address for your more sensitive information.

Second, once a hacker has accessed your accounts, your computer and your files, the fun has just begun for them. As Matt Honan described, these often adolescent script kiddies simply don’t understand the value of your stored memories and other information. In his case, all the photos of his children were permanently deleted. Regardless of a hacker attack, stuff happens and you don’t want to lose everything because you we’re too lazy to back up.

TIP NO. 2: Back Up your digital life, early and often.

Third, today’s’ Internet is an interdependent ecosystem. Just because you or your organization takes security seriously, doesn’t mean that other do as well. Your internal systems are not enough. Like it or not, the seams of your security perimeter are intertwined and permeated by the services and systems of customers and vendors. For most consumers, the there is a Hobbesian choice of Security v. Convenience. Multiple login usernames and super long passwords are difficult to remember and tedious to use. As a result, most people choose the least secure means of authentication on the assumption that using astringent password is enough. Unfortunately, some people don’t even bothers with that. A recent ZoneAlarm study found that “password” was the fourth most commonly used password by consumers.

Google, Facebook and others have started using two-factor authentication. Two-factor authentication requires that one enter a code after entering the username/password combo. The code is sent via, text message, voice call or email. This greatly reduces the chances of unauthorized access because hackers would need to have your phone, in addition to your username/password combo.

TIP NO. 3: Whenever possible enable two-factor authentication.

Please understand that there is no “magic bullet” when it comes to Cybersecurity. Taking these precautions does not guarantee that you won’t be attached or that your account information won’t be accessed. However, these are important and easy steps that you can take to improve your personal data security.

Please comment and follow!

 

Illustration of Facebook mobile interface

Illustration of Facebook mobile interface (Photo credit: Wikipedia)

A recent New Jersey District Court case underscores the rise in tensions between employers and employees when it comes to Social Media Accounts. In Ehling v. Monmouth-Ocean Hospital Service Corp., the Court denied an employer’s motion to dismiss a former employee’s invasion of privacy claim that alleged a supervisor accessed the employee’s Facebook account. Ehling worked for Monmouth-Ocean Hospital Service Corporation (“MONOC”) and became Acting President of the local union for Professional Emergency Medical Services. Ehling alleged that MONOC began engaging in a pattern of retaliatory conduct against her eventually leading to termination of her employment.

Posting Limited to “Friends”

Ehling maintained an account on Facebook, but kept access to her wall post limited to Facebook “friends,” many of whom were coworkers, but none of whom were members of MONOC’s management. Ehling alleged that MONOC surreptitiously gained access to her Facebook account when a supervisor summoned a MONOC employee, who was a Facebook friend, and coerced, strong-armed, and/or threatened the employee to access his Facebook account in the supervisor’s presence for the purpose of viewing and copying Ehling’s posts.

Ehling alleged that MONOC then sent letters regarding a certain posting to the New Jersey Board of Nursing and the New Jersey Department of Health, Office of Emergency Medical Services as it was concerned that Plaintiff’s Facebook posting showed a disregard for patient safety. Ehling alleged the letters were malicious and meant to damage her professionally.

Accessing Wall Postings Alleged to be Common Law Invasion of Privacy

Ehling’s claim for common law invasion of privacy was premised on Defendants’ alleged unauthorized “access of her private Facebook postings” The Court denied MONOC’s motion to dismiss which argued that Ehliong did not have a reasonable expectation of privacy in her Facebook posting. The Court stated that Under New Jersey law, to state a claim for intrusion upon one’s seclusion or private affairs, a plaintiff must allege sufficient facts to demonstrate that (1) her solitude, seclusion, or private affairs were intentionally infringed upon, and that (2) this infringement would highly offend a reasonable person. See Bisbee v. John C. Conover Agency Inc., 186 N.J. Super. 335, 339 (App. Div. 1982). “[E]xpectations of privacy are established by general social norms” and must be objectively reasonable – a plaintiff’s subjective belief that something is private is irrelevant. White, 344 N.J. Super. 211, 223 (Ch. Div. 2001).

The Impact of Social Media on Privacy is Unsettled

The Court went on to make further observations on the impact of Social Media on Privacy:

“Privacy in social networking is an emerging, but underdeveloped, area of case law. See Robert Sprague, Invasion of the Social Networks: Blurring the Line between Personal Life and the Employment Relationship, 50 U. Louisville L. Rev. 1, 13 (2011) (discussing the undefined legal boundary between public and private communications on social  networking websites).

No Reasonable Expectation of Privacy

There appears to be some consistency in the case law on the two ends of the privacy spectrum. On one end of the spectrum, there are cases holding that there is no reasonable expectation of privacy for material posted to an unprotected website that anyone can view. See, e.g., United States v. Gines-Perez, 214 F.Supp.2d 205, 225 (D.P.R. 2002), rev’d on other grounds, 90 F. App’x 3 (1st Cir. 2004) (“[I]t it strikes the Court as obvious that a claim to privacy is unavailable to someone who places information on an indisputably, public medium, such as the Internet, without taking any measures to protect the information”); Yath v. Fairview Clinics, N.P., 767 N.W.2d 34, 44(Minn. Ct. App. 2009) (holding that privacy was lost when private information was posted on a publicly accessible Internet website and “[a]ccess to the publication was not restricted”).

Some Reasonable Expectation of Privacy

On the other end of the spectrum, there are cases holding that there is a reasonable expectation of privacy for individual, password-protected online communications. See, e.g., Stengart v. Loving Care Agency, Inc., 201 N.J. 300 (N.J. 2010) (employee could have reasonably expected that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private); Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, LLC, 587 F. Supp. 2d 548 (S.D.N.Y. 2008) (employee had a reasonable expectation of privacy in personal, password-protected e-mail messages stored on a third party’s server, although the employee had accessed that outside server while at work).

Legal Approaches Continue to Develop

The Court note that a consistent approach hasn’t yet developed. While most courts hold that a communication is not necessarily public just because it is accessible there is disagreement as to how far that theory extends. Some courts have adopted the rule that when one shares private information to one or more persons, there may still be a reasonable expectation that the recipients of the information will not disseminate it further. What is clear is that privacy determinations are made on a case-by-case basis, in light of all the facts presented.

Into the data jungle – in association with Huron Legal
The Lawyer
Technological developments such as cloud computing, social networking and mobile apps mean EU law is no longer fit for purpose. The EU claims current laws often conflict and cost businesses a total of nearly £2bn a year.

Saudi Arabia considers law against insulting Islam
Bangladesh News 24 hours
JEDDAH, Saudi Arabia, July 16 (bdnews24.com/Reuters) – Saudi Arabia is studying new regulations to criminalise insulting Islam, including in social media, and the law could carry heavy penalties, a Saudi paper said on Sunday.

Mind the missteps in online job dance
Lawyers Weekly
With some background check firms specializing in social media searches (U.S.-based Social Intelligence Corp. for one), how do third-party recruiters use social media when screening or finding clients for law firms in Canada?

Saudi Arabia looking to criminalize Islam insults on social media
Bikya Masr
DUBAI: The Saudi Arabia government is looking to ensure users on social media networking sites do not insult Islam or the Prophet Mohamed, al-Watan newspaper reported on Sunday, citing officials who said a new law could bring “heavy” penalties.

Watching the detectives: the case for restricting access to your social media data
Delimiter
That debate tells us something about how Australians and the media conceptualise privacy and business-government relationships in a world where mobile phones and social network services such as Facebook are ubiquitous.

10 Tactics for Integrating Photographs into Content Marketing
Business 2 Community
Acquire digital rights for images. Remember when using images, especially photographs, your legal team is your best friend. Ensure that you’ve got the right to use the photos by incorporating outtakes and additional shots for social media.

Syracuse Neighborhood Watch plans to increase social media outreach
CNYcentral.com
New program coordinator plans more email, social media contact. … CNY Biz Central – Legal. Helpful advice about finding the right attorney for your legal needs. CNY Biz Central. Get information from our team.

Reasonable Expectations of Privacy in the Digital Age
Mondaq News Alerts (registration)
In this digital age of smart phones, global positioning systems, cloud computing, and social networking, determining what constitutes private information and what lengths our legal system will go to protect it is increasingly challenging.

Sale Of Digg Reminder Of Potential Risks To Facebook And Other Social Media …
Seeking Alpha
In 2011, social media watchers may recall reading in Bloomberg that Myspace, which had been purchased by News Corporation (NWS) for $580 million in 2005 had reportedly been sold for just $35 million to private investors, including Justin Timberlake. In …

Your Social Media Tweeting & Posting Legal Rights. TV … – YouTube
Find out how legally liable you are for your Twitter Tweets and Facebook postings.

Learn more about me here: www.ecommerceattorney.com and follow me here

Here are some of the Social Media Legal headlines from around the world this week.

Pinterest hires Google’s former top lawyer
GMA News

Pinterest remains a hot social media property, registering major growth in recent months. Business Insider said investors just gave it another $50 million at a $1.5-billion valuation, and employees are leaving other Silicon Valley firms to join.

In the Arab World, Social Media Has Fast Developed into a Medium for the Masses
Knowledge@Wharton

A surprising outcome from a recent survey, that social media has an equalizing factor among men and women. They’ve got the same reaction to issues, for instance related to women.

Mobile App Lets You Document and Report Police Stop-and-Frisk Abuse
Mashable

The New York Civil Liberties Union is arming city residents and visitors with an app called Stop and Frisk Watch that records video, audio and GPS data.

FBI Highlights Social Media Risks

BllombergBNA

Last year, some users saw on their Facebook walls enticing posts offering video of Osama bin Laden’s capture. Those that clicked on the link and followed the provided directions ended up giving hackers access to their Facebook accounts; they were victims of a social media scam.

The Future Of Social Is Moving From Mere Participation To Analysis & Strategic Initiatives

I had the opportunity to attend and participate in Converge 2012 run by the Institute for Social, Search & Mobile Marketing. The theme was mastering the Business of Social Media. The Conference had a great selection of speakers (yours truly included) and topics that really resonated with the audience. I hope to summarize here some of the take-aways I learned at this conference.

Business Is Now Social

The last few years have seen an unprecedented shift in the adoption of social platforms for businesses to reach and interact with customers. What started as a “dipping our toes into the water” excerise has now matured into jumping in with both feet. Not surprisingly, the first few presentations of the conference focused on the effect of so much participation: greater focus on ROI. The presentations covered a lot of ground, but here are the key take aways from Day 1:

  • Businesses that fail to integrate the social channels may not exist in five years
  • Analytics are maturing in terms of both measurement tools and metrics
  • Better analytics are driving innovation by putting companies ahead of emerging issues instead of simply reacting to them
  • Creating a Social Media culture must come from the top and flow down
  • The growth of mobile platforms Is blurring the line between online and in-store experiences because of anywhere/anytime andpersonalized access

Day 1 concluded with the panel presentation in which I participated “Social Media “Venture Heaven” Money is flooding into social media, It’s time to understand why.” Key take-aways from this panel include the followig Data about the growth in Mobile:

  • As of May, 2012, mobile comprises 10% of Internet traffic, up from just 4% less than a year and a half ago
  • Mobile = ~8% of ecommerce
  • Monetization growing rapidly 79% is Apps, 21% is from ads
  • There has been a rapid increase in time spent relative money spent on ads; TV is roughly at parity while Mobile ad spend is about 1/10 of that
  • Drivers of growth in Mobile:
    • Devices
    • Platforms
    • Improved user interfaces
    • Sharing
    • More emphasis on design aestheticS

In a world of ubiquitous fast Internet,  mass blogging and micro-blogging, minute-by-minute status updates and customer complaints and recommendations, businesses need to focus on tailoring their product for their customers desires, rather that merely tolerating customer requests. Whatever device/platform customers use most will get the most attention from developers, accessory makers and potential new customers.

Facebook IPO: Why Your Data Is Worth $93 Billion
PCWorld

(See “Protect Our Data! A Digital Consumer Bill of Rights” and “A Bill of Rights for Facebook Users” for related discussion.) The temptation to exploit user data in ways that erode privacy will always be present. Just by joining Facebook, …

Twitter Joins Google, Apple, Microsoft, Others in ‘Do Not Track Effort’
eWeek

In addition, in February the White House proposed a “bill of rights” to protect consumer privacy online, including an easy way for users to tell Internet companies with one click whether they want their online activity to be tracked.

Twitter Allows ‘Do Not Track’ Privacy Feature
CMSWire

Howard A. Schmidt is returning to the private life, but the White House is still pushing for some kind of legislation in the Consumer Prvacy Bill of Rights fashion. While the Cyber Intelligence Sharing and Protection Act passed the House of …

EPIC Supports Geolocation Privacy Act, Suggests Improvement
JD Supra (press release)

Your decision to hold this hearing will help protect important privacy rights. The Electronic Privacy Information Center (“EPIC”) is a non-partisan public interest research organization established in 1994 to focus public attention on emerging privacy …
See all stories on this topic »

Follow

Get every new post delivered to your Inbox.

Join 3,228 other followers

%d bloggers like this: