I am excited to announce that I will be speaking at the 2018 New York State Cyber Security Conference. My topic is Assessing and Responding to Cyber Legal Risk. The session description and biography will be featured on the Conference website at https://its.ny.gov/2018-nyscsc.
June 2018 marks the 21st Annual New York State Cyber Security Conference and 13th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. Hosted by the New York State Office of Information Technology Services, the University at Albany’s School of Business, and The New York State Forum, Inc., the event takes place June 5 and 6 in Albany, N.Y.
On September 25, 2017, I gave a presentation at Influencer Marketing Days in NY on how to avoid unnecessary legal risks when using Influencer Marketing.
Media consumption is moving from traditional outlets to other platforms. Explosive growth for social media and declining TV viewership means that advertising dollars are migrating with the eyeballs.
Due to popularity and reach of platforms like Instagram, Snapchat, YouTube and even a resurgent Twitter, brands are partnering with “influencers” to help the grow through views, impressions and “likes.” Online advertising is an active legal enforcement area and influencer marketing presents potential legal issues.
Since most lawsuits focus on consumer awareness (or lack thereof), legal compliance requires appropriate and adequate disclosures. The presentation focused on when disclosures are required and what constitutes adequate disclosure.
The draft EU-U.S. Privacy Shield “adequacy decision” includes the Privacy Shield Principles companies must follow. Suggested Best Practices for compliance with EU-U.S. Privacy Shield Principles include: evaluating disclosures about data collection and use to determine whether they are sufficiently clear and evident to consumers, and 2) giving strong consideration for implementation of a formal opt-in mechanism. European government trade regulators are concerned about whether consumers are being sufficiently informed about the nature and scale of data collection.
Ken graciously provided this great list of resources for the discussion:
As part of Adler Law Group’s Privacy & Information Security Practice, we continue to follow the developments in this area. We can help you review, enhance and adopt standardized contracts and implement methodologies for approaching these challenges by setting objectives, determining scope, allocating resources, and developing agreements that will efficiently and effective manage risks.
From healthcare apps, to mobile devices, to utilities, services are collecting and aggregating customer data across many different types of connected devices. Many mobile apps and services rely on a consumer’s location information. As more mobile apps connect to the Internet to send and receive location data, the FTC, legislators, privacy advocates, and others have identified location information as a particularly sensitive category of data. A recent study conducted by Carnegie Mellon University contained shocking revelations about the frequency with which location information is gathered and transmitted to companies through their mobile apps. At the same time, the recent settlement with in-store retail customer tracking provider Nomi highlights the FTC’s increased scrutiny of data gathering practices and disclosures of mobile application developers.
It is no secret that retailers could derive significant business intelligence from the real-time moments through stores. This is one of the areas around which companies innovate around customers’ private information. For example, Nomi Technologies, a company whose technology allows retailers to track consumers’ movements through their stores, made headlines when it agreed to settle Federal Trade Commission charges that it misled consumers about opting out of their tracking services. This is not why you want to have your company’s innovations in the news.
Business counsel both inside and outside of companies developing applications that leverage mobile geolocation data of consumers and employees should be aware of the many issues that are developing around this area such as: How is geolocation information gathered and how does data flow from device, to app to, third party? How is it shared and used in mobile advertising? When is consent required and how should stakeholders obtain such consent?
On Sept. 10, 2015, as part of the Mining Data and Privacy: A Primer Continuing Legal Education presentation moderated by the ISBA Intellectual Property committee, I presented the topic:
ISBA Privacy CLE – “Special Areas”: “Discover the security and privacy issues that have arisen in a number of special areas – HIPAA, COPPA, special state laws and regulations that govern online privacy, protection of personal data in court filings.”
Media Creation & Consumption is Challenging Traditional Legal Notions.
At a time when #media creation & consumption has transformed, two recent cases, both involving Fox News Network on opposite sides of the “fair use” defense to copyright infringement, highlights the evolving and dynamic legal challenges facing business and content creators. In each case, Fox News loses on Summary Judgment.
Photographs, Fair Use & Social Media
The first case, North Jersey Media Group, Inc. v. Jeanine Pirro and Fox News Network, LLC, involves what many recognize as the “now iconic photograph of the firefighters raising the American flag on the ruins of the World Trade Center on September 11, 2001.” The photograph – which bears a striking resemblance to Joe Rosenthal’s World War II photograph of the Iwo Jima flag-raising – has become a similarly striking symbol of American patriotism.
That similarity was not lost on a production assistant for a Fox News program “Justice with Judge Jeanine” who posted the two images, unaltered, on the show’s Facebook Page, along with the phrase “#neverforget,” allegedly to commemorate the twelfth anniversary of the attack.
The case is noteworthy for its analysis of the “fair use” defense in a social media context. While the Copyright Act grants authors certain exclusive rights, including the rights to reproduce the copyrighted work and to distribute those copies to the public (17 U.S.C. § 106(1), (3)) one often quoted and widely misunderstood limit to those rights is the doctrine of “fair use,” which allows the public to draw upon copyrighted materials without the permission of the copyright holder in certain circumstances. The fair use doctrine is an after-the-fact defense to infringement, not a pre-emptive justification to use another’s work without permission.
Educated in journalism and media studies, the production assistant acknowledged that she understood a copyright to be something that is owned by someone else although she had no training in copyright law either in college or during her tenure at Fox News. She had been working at Fox News for approximately three years, had previously sought legal advice regarding use of photographs on the broadcast, but never in connection with posting images to the program’s Facebook page.
The key take-away for businesses and digital marketers alike is the need for vigilance when using third-party content on social media. Employee education and training on what copyright protects, what it doesn’t, and how it works may help prevent your business form facing a similar situation.
Media Monitoring, Digital Content & Copyright Fair Use
The second case, Fox News Network, LLC v. TVEyes, Inc., involves a company that monitors and records all broadcasts by more than 1,400 television and radio stations twenty-four hours per day, seven days per week. This content is indexed and organized in a searchable database that allows subscribers to search terms, determine when, where, and how those search terms have been used, and obtain transcripts and video clips of the portions of the television show that used the search term.
Fox News Network, LLC sued to enjoin TVEyes from copying and distributing clips of Fox News programs. TVEyes asserted that its system and services are permitted under the doctrine of “fair use.”
The court found that TVEyes service was a fair use. Unlike other services that simply “crawl” the Internet, culling existing content available to anyone willing to perform enough searches to gather it, the indexing and excerpting of news articles, where the printed word conveys the same meaning no matter the forum or medium in which it is viewed, the service provided by TVEyes is transformative. By indexing and excerpting all content appearing in television, every hour of the day and every day of the week, month, and year, TVEyes provides a service that no content provider provides. Subscribers to TVEyes gain access, not only to the news that is presented, but to the presentations themselves, as colored, processed, and criticized by commentators, and as abridged, modified, and enlarged by news broadcasts.
The key take away for technology companies that rely on content is what the court says about features of the Services (as opposed to the technology itself, e.g. the software/platform): the issue of fair use is for the full extent of the service, TVEyes provides features that allow subscribers to save, archive, download, email, and share clips of Fox News’ television programs. The parties have not presented sufficient evidence showing that these features either are integral to the transformative purpose of indexing and providing clips and snippets of transcript to subscribers, or threatening to Fox News’ derivative businesses.”
In other words, evidence that certain features are essential to the use of a service, may be sufficient to show how the features (service) exist above- and-beyond what stale or static content can show.
You Don’t Have to Muddle Through
When it comes to understating evolving technology legal risks, your business can’t simply muddle through. The professionals at the Adler Law Group can help you adopt conduct risk assessments, provide employee training and methodologies for approaching these challenges by setting objectives, determining scope, allocating resources, and developing practices that will efficiently and effective manage risks, while keeping pace with the business.
You can almost feel it, like a power-line buzz in the air. If 2014 was the year that consumers and legislators woke up to the real threat to privacy and information security, 2015 may be the year that sees a shift in both enforcement and penalties.
On February 5, Anthem, Inc., the country’s second-largest health insurer by market value announced a security breach resulting in unauthorized access to tens of millions of current and former customer and employee accounts, Bloomberg reports.
Of particular concern is that the compromised data included social security numbers and birth dates, etc. Very different than having a credit card number stolen.
Last week, a group of 10 state attorneys general (AGs) sent a letter chastising Anthem for the length of time it took to notify the public of the breach. The letter was written on behalf of Arkansas, Connecticut, Illinois, Kentucky, Maine, Mississippi, Nebraska, Nevada, Pennsylvania and Rhode Island.
Some observers have commented that current encryption technology can limit the amount of data that even “authorized users” can view at one time, making it more difficult to compromise massive amounts of data.
In this situation, the breach occurred through misuse of an authorized user’s credentials, so encryption alone would not have worked. While most companies give universal access to data to some employees (senior level or IT), for the encryption approach to work, no one person or set of credentials should allow access to all data.
In the end, the new “best practices” approach may be a combination of encryption plus controls to limit the amount of data that any one set of credentials can access.
When it comes to addressing data privacy risks, it is often difficult to determine whether you should slow down, change course, signal for help, or simply muddle through. Often, teams tasked with managing privacy need to quickly identify potential issues, assess the risk, and implement controls to steer clear of unneeded exposure. The privacy professionals at the Adler Law Group can help you adopt Privacy Impact Assessments – or similar tools – and standardize a methodology for approaching these challenges by setting objectives, determining scope, allocating resources, and developing practices that will efficiently and effective manage privacy, while keeping pace with the business. For a free consultation, call us at (866) 734-2568, send and email to email@example.com or visit our web site www.adler-law.com.