Oklahoma and Louisiana join Wisconsin and Tennessee in recent laws restricting access to applicants’ and employees’ personal online content by prospective and current employers. Adoption of Social Media platforms continues to grow as do new legal and business risks arise as well as state legislatures provide new rules, regulations and guidance. As state by state compliance requirements develop, businesses need to review frequently overlooked elements of key social media guidance, such as how to approach specific areas like Monitoring, Content Approval, Training and Information Security.

This latest round of bandwagon-jumping follows efforts by most other states that have addressed the issue. The key take-away is that business need to take a state-by-state approach to social media legal compliance.

Generally, most of these types of laws prohibit employers from requesting or requiring that applicants or employees disclose a username, password, or other means of authentication for their online accounts.

Employers should be on the lookout for laws that address whether an applicant or employee must accept a “friend” request, change privacy settings to permit access by the employer, or otherwise divulge personal online content.

Another area of concern is the definition of “personal,” “social media” and “account. ” these definitions vary and often cover far more than common notions of social media.

Some laws apply to any online account, including e-mail, instant messaging and media-sharing accounts. Some laws address the scope of use such as “exclusively for personal communications” as opposed to “business purposes of the employer” or “business-related communications.” This carve-out further narrows the scope of the Oklahoma and Louisiana laws.

While these laws generally prohibit adverse actions based based on a refusal to provide user name, password or other authentication information, each law should be scrutinized for broader prohibitions, such as those against penalizing or threatening to penalize an employee or applicant for refusing such requests.

Technology continues to evolve and so does the legal and regulatory environment. Businesses need to continually assess and address the risks created by new laws and new uses of tech in the workplace.

Contact us for a free consultation to learn what we can do to help your business navigate the ever-changing regulatory minefield. What you don’t know can hurt you. We are here to help you avoid getting hurt.

Enacted by Congress in 1986, the Computer Fraud and Abuse Act (CFAA) builds upon existing computer fraud law (18 U.S.C. § 1030). Initially, the CFAA was intended to limit federal jurisdiction to cases “with a compelling federal interest-i.e., where computers of the federal government or certain financial institutions are involved or where the crime itself is interstate in nature.” Notably, the CFAA criminalized certain computer-related acts such as distribution of malicious software code, propagating denial of service attacks as well as trafficking in passwords and similar items. Recently, the CFAA has gained prominence as a bludgeon used to prosecute a wide-range of activities, some broadly labelled “hacking” and other stretching the boundaries of “unauthorized” computer access.

Two recently introduced bills, one by Representative Zoe Lofgren (D-CA) in the House and one by Senator Ron Wyden (D-OR) in the Senate aim to amend the CFAA in hopes of ameliorating application of the CFAA to claims of breach of terms of service, employment agreements. Additionally, with the nickname “Aaron’s Law,” they also seek to limit what some see as the CFAA’s tendency to allow for overzealous prosecution that they claim characterized Aaron Swartz’s case.

In short the bills would amend the meaning of “exceeds authorized access,” changing it to “access without authorization,” which is defined to mean:

“to obtain information on a protected computer”;
“that the accesser lacks authorization to obtain”; and
“by knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized individuals from obtaining that information.”

For a well-documented discussion of the application and boundaries of the CFAA, check out the Electronic Frontier Foundations Legal Treatise on civil and criminal cases involving the Computer Fraud and Abuse Act here.

As businesses become ever more dependent on digital assets and systems, a working knowledge of the legal and regulatory framework that defines and protects those assets is paramount.

If you or your executive teams has questions about securing and protecting digital assets, please feel free to contact David M. Adler for a free consultation. LSGA advises a wide range of businesses on creating, protecting and leveraging digital assets as well as computer, data and information security and privacy.

Please tweet, comment on, and forward is article!

David M. Adler | Leavens, Strand, Glover & Adler, LLC
203 North LaSalle Street, Suite 2550
Chicago, Illinois 60601
Direct: (866) 734-2568
Direct Fax: (312) 275-7534
http://www.lsglegal.com
http://www.ecommerceattorney.com

*2012 Illinois Super Lawyer http://bit.ly/gFfpAt

Twitter: http://twitter.com/#!/adlerlaw
LinkedIn: http://linkedin.com/in/adlerlaw

As a result of the rapid shift in marketing from unilateral one-to-many communications, to the multilateral, many-to-many or many-to-one conversations enabled by Social Media, employees and employers are struggling to manage accounts that are used for both work and personal purposes.

This new phenomenon has benefits, but it also creates a number of legal challenges. For employees, it may result in greater efficiency, more opportunities for authentic customers engagement and the ability to stay on top of the most current grands and business issues. For employers, it presents opportunity to reap substantial benefits from lower communications and customer support costs. For in-house counsel, it raises a host of legal and practical issues with few easy solutions and significant liability and regulatory risks.

First, there are hardware issues. Smartphones, tablets and other personal electronics often have social networking capabilities built in. in addition, they contain contain both personal and business data. Because these devices are always on and always connected, they are more than just personal property. They have become essential business tools. For both sides of the workplace equation, employers and employees must understand where the privacy lines fall between personal versus work-related information.

Second, there are data issues. Employers must balance their needs to monitor employee usage, employees’ privacy concerns, and the risk of liability for theft or exposure of data if a device is lost or stolen, or from lack of proper safeguards on account usage. For in-house counsel tasked with drafting policies to address these risks, , Prior to implementation of any policy, the legal team needs to educate front line employees and management on reasonable expectations of privacy and security and the harms that the organization seeks to prevent.

Lastly, recent cases such as the Cristou v. Beatport litigation, highlight the struggle to define and control the beginning and end of employee social media accounts, ownership and protection of intellectual property and the post termination risks that arise from the absence of appropriate policies.

As we prepare to start a new year, the time is ripe to establish security and privacy policies governing creation, maintenance and use of employees’ social media accounts for work functions. In-house counsel must lead the charge to educate, inform and train employees about privacy, security and evidence-recovery implications associated with use of social media.

Mobile carriers, app developers, and other technology stakeholders will meet with the U.S. National Telecommunications and Information Agency on July 12 to discuss privacy standards for mobile use. The focus of the discussion will be the privacy practices of mobile apps and their transparency.

Applications will be the main focus on July 12 when enforcement begins. The initial series of meetings will decide on rights, obligations and enforcement of online and mobile device security under President Obama’s virtual “Privacy Bill of Rights”.

The U.S. Department of Commerce’s National Communications and Telecommunication Administration (NTIA) has made the decision that it is now time to put the president’s Privacy Bill of Rights into effect. In order to get started, they have sent an invitation to all of the “privacy stakeholders” in order to “generate robust input” in the creation of the very first transparency code of conduct for consumer data collection and use.

The White House and Congress hopes that this discussion will eventually lead to a privacy bill of rights. July’s meeting will be webcast for the public.

Gartner Predicts Huge Rise in Monitoring of Employees’ Social Media Use
PCWorld

New technologies and services are enabling the growth in employee monitoring, but companies will need to closely manage their monitoring efforts for ethical and legal issues, Andrew Walls, research vice president at Gartner, wrote in the report.

The Legal Ambiguities of Social Media
Human Resource Executive Online

Employers continue to look for guidance on issues related to the evolving use of social media by employees. Creating an appropriate policy remains difficult, but the authors offer some expert advice that may help.

Social Media Changing the Face of Criminal Justice
HispanicBusiness.com

The Virginia State Bar tracks ethical issues concerning how attorneys communicate by and glean evidence from social media, said James McCauley, ethics counsel for the state bar.

DISH® Announces Topic for 2012 “Best in Class” eDiscovery Legal Research
Sacramento Bee

This year, law students will be challenged to address the question of “Under what standard should a court subject an employee’s non-business personal computing activities (eg, social media, documents stored on a personal computer, and/or personal email)?

The Case for Facebook
The Atlantic

Consider this a skeptic’s guide to the bull case for the social network. Facebook just had modern history’s worst IPO and it’s down again today by some percentage that will be quoted endlessly. Yet Facebook is still the world’s largest social media platform.
The Atlantic

Religious freedom issues at heart of HHS lawsuits, legal scholars say
Catholic News Service

(CNS) — The mass media have done the public a disservice by consistently referring to health reform law regulations so narrowly as the “contraceptive mandate,” because it leads people to think the regulations are a matter of interest only to Catholics.

Firms expected to cyberstalk for security
ZDNet Australia

The research and advisory organisation recently published a report into conducting digital surveillance ethically and legally, and found that 60 per cent of corporations will be monitoring social media channels for security breaches and incidents.

Most Corporations Will Spy On Employees By 2015: Research
TechWeekEurope UK

The majority of corporations are expected to monitor their employees’ social media interaction by 2015, suggests research by Gartner, published today. This practice could be increasingly adopted to prevent security breaches and incidents.

Russia’s VKontakte delays IPO after Facebook debacle
Reuters

By John Bowker | MOSCOW (Reuters) – Russian social network VKontakte says it won’t risk going ahead with its planned initial public offering fearing a repeat of the botched Facebook float which left US regulators red-faced.

Got a story? A Question? Please comment. Please follow me on Twitter here: @adlerlaw

Follow

Get every new post delivered to your Inbox.

Join 3,228 other followers

%d bloggers like this: