From healthcare apps, to mobile devices, to utilities, services are collecting and aggregating customer data across many different types of connected devices. Many mobile apps and services rely on a consumer’s location information. As more mobile apps connect to the Internet to send and receive location data, the FTC, legislators, privacy advocates, and others have identified location information as a particularly sensitive category of data. A recent study conducted by Carnegie Mellon University contained shocking revelations about the frequency with which location information is gathered and transmitted to companies through their mobile apps. At the same time, the recent settlement with in-store retail customer tracking provider Nomi highlights the FTC’s increased scrutiny of data gathering practices and disclosures of mobile application developers.
It is no secret that retailers could derive significant business intelligence from the real-time moments through stores. This is one of the areas around which companies innovate around customers’ private information. For example, Nomi Technologies, a company whose technology allows retailers to track consumers’ movements through their stores, made headlines when it agreed to settle Federal Trade Commission charges that it misled consumers about opting out of their tracking services. This is not why you want to have your company’s innovations in the news.
Business counsel both inside and outside of companies developing applications that leverage mobile geolocation data of consumers and employees should be aware of the many issues that are developing around this area such as: How is geolocation information gathered and how does data flow from device, to app to, third party? How is it shared and used in mobile advertising? When is consent required and how should stakeholders obtain such consent?
On Sept. 10, 2015, as part of the Mining Data and Privacy: A Primer Continuing Legal Education presentation moderated by the ISBA Intellectual Property committee, I presented the topic:
ISBA Privacy CLE – “Special Areas”: “Discover the security and privacy issues that have arisen in a number of special areas – HIPAA, COPPA, special state laws and regulations that govern online privacy, protection of personal data in court filings.”
Media Creation & Consumption is Challenging Traditional Legal Notions.
At a time when #media creation & consumption has transformed, two recent cases, both involving Fox News Network on opposite sides of the “fair use” defense to copyright infringement, highlights the evolving and dynamic legal challenges facing business and content creators. In each case, Fox News loses on Summary Judgment.
Photographs, Fair Use & Social Media
The first case, North Jersey Media Group, Inc. v. Jeanine Pirro and Fox News Network, LLC, involves what many recognize as the “now iconic photograph of the firefighters raising the American flag on the ruins of the World Trade Center on September 11, 2001.” The photograph – which bears a striking resemblance to Joe Rosenthal’s World War II photograph of the Iwo Jima flag-raising – has become a similarly striking symbol of American patriotism.
That similarity was not lost on a production assistant for a Fox News program “Justice with Judge Jeanine” who posted the two images, unaltered, on the show’s Facebook Page, along with the phrase “#neverforget,” allegedly to commemorate the twelfth anniversary of the attack.
The case is noteworthy for its analysis of the “fair use” defense in a social media context. While the Copyright Act grants authors certain exclusive rights, including the rights to reproduce the copyrighted work and to distribute those copies to the public (17 U.S.C. § 106(1), (3)) one often quoted and widely misunderstood limit to those rights is the doctrine of “fair use,” which allows the public to draw upon copyrighted materials without the permission of the copyright holder in certain circumstances. The fair use doctrine is an after-the-fact defense to infringement, not a pre-emptive justification to use another’s work without permission.
Educated in journalism and media studies, the production assistant acknowledged that she understood a copyright to be something that is owned by someone else although she had no training in copyright law either in college or during her tenure at Fox News. She had been working at Fox News for approximately three years, had previously sought legal advice regarding use of photographs on the broadcast, but never in connection with posting images to the program’s Facebook page.
The key take-away for businesses and digital marketers alike is the need for vigilance when using third-party content on social media. Employee education and training on what copyright protects, what it doesn’t, and how it works may help prevent your business form facing a similar situation.
Media Monitoring, Digital Content & Copyright Fair Use
The second case, Fox News Network, LLC v. TVEyes, Inc., involves a company that monitors and records all broadcasts by more than 1,400 television and radio stations twenty-four hours per day, seven days per week. This content is indexed and organized in a searchable database that allows subscribers to search terms, determine when, where, and how those search terms have been used, and obtain transcripts and video clips of the portions of the television show that used the search term.
Fox News Network, LLC sued to enjoin TVEyes from copying and distributing clips of Fox News programs. TVEyes asserted that its system and services are permitted under the doctrine of “fair use.”
The court found that TVEyes service was a fair use. Unlike other services that simply “crawl” the Internet, culling existing content available to anyone willing to perform enough searches to gather it, the indexing and excerpting of news articles, where the printed word conveys the same meaning no matter the forum or medium in which it is viewed, the service provided by TVEyes is transformative. By indexing and excerpting all content appearing in television, every hour of the day and every day of the week, month, and year, TVEyes provides a service that no content provider provides. Subscribers to TVEyes gain access, not only to the news that is presented, but to the presentations themselves, as colored, processed, and criticized by commentators, and as abridged, modified, and enlarged by news broadcasts.
The key take away for technology companies that rely on content is what the court says about features of the Services (as opposed to the technology itself, e.g. the software/platform): the issue of fair use is for the full extent of the service, TVEyes provides features that allow subscribers to save, archive, download, email, and share clips of Fox News’ television programs. The parties have not presented sufficient evidence showing that these features either are integral to the transformative purpose of indexing and providing clips and snippets of transcript to subscribers, or threatening to Fox News’ derivative businesses.”
In other words, evidence that certain features are essential to the use of a service, may be sufficient to show how the features (service) exist above- and-beyond what stale or static content can show.
You Don’t Have to Muddle Through
When it comes to understating evolving technology legal risks, your business can’t simply muddle through. The professionals at the Adler Law Group can help you adopt conduct risk assessments, provide employee training and methodologies for approaching these challenges by setting objectives, determining scope, allocating resources, and developing practices that will efficiently and effective manage risks, while keeping pace with the business.
You can almost feel it, like a power-line buzz in the air. If 2014 was the year that consumers and legislators woke up to the real threat to privacy and information security, 2015 may be the year that sees a shift in both enforcement and penalties.
On February 5, Anthem, Inc., the country’s second-largest health insurer by market value announced a security breach resulting in unauthorized access to tens of millions of current and former customer and employee accounts, Bloomberg reports.
Of particular concern is that the compromised data included social security numbers and birth dates, etc. Very different than having a credit card number stolen.
Last week, a group of 10 state attorneys general (AGs) sent a letter chastising Anthem for the length of time it took to notify the public of the breach. The letter was written on behalf of Arkansas, Connecticut, Illinois, Kentucky, Maine, Mississippi, Nebraska, Nevada, Pennsylvania and Rhode Island.
Some observers have commented that current encryption technology can limit the amount of data that even “authorized users” can view at one time, making it more difficult to compromise massive amounts of data.
In this situation, the breach occurred through misuse of an authorized user’s credentials, so encryption alone would not have worked. While most companies give universal access to data to some employees (senior level or IT), for the encryption approach to work, no one person or set of credentials should allow access to all data.
In the end, the new “best practices” approach may be a combination of encryption plus controls to limit the amount of data that any one set of credentials can access.
When it comes to addressing data privacy risks, it is often difficult to determine whether you should slow down, change course, signal for help, or simply muddle through. Often, teams tasked with managing privacy need to quickly identify potential issues, assess the risk, and implement controls to steer clear of unneeded exposure. The privacy professionals at the Adler Law Group can help you adopt Privacy Impact Assessments – or similar tools – and standardize a methodology for approaching these challenges by setting objectives, determining scope, allocating resources, and developing practices that will efficiently and effective manage privacy, while keeping pace with the business. For a free consultation, call us at (866) 734-2568, send and email to email@example.com or visit our web site www.adler-law.com.
Data Privacy Day was started in 2007 in response to widespread lack of understanding about how personal data was being protected. Today, 91% of adults “agree” or “strongly agree” that consumers have lost control over how personal information is collected and used by companies, according to a recent Pew Research Center Survey.
Data is one of the natural resources of the 21st century. It should be treated like all other precious resources. Understanding, responsibility, and accountability are key. Ubiquitous Internet connections, unprecedented processing power and speed combined with staggeringly large databases have the ability to help both the private and public sectors. However, there is a growing split between the benefits of data-driven activities and perceptions of decreased privacy rights needs to be addressed. There is a balance that needs to be found between the responsibility of governments and that of businesses in ensuring an adequate level of protection to citizens and consumers, while supporting technological innovation.
The purpose of Data Privacy Day is raise awareness among digital citizens and empower them with understanding how their data is being collected, stored and consumed. Often, that starts with being educated about the privacy policies of online companies and web properties.
The National Cyber Security Alliance (NCSA) officially kicked off today’s Data Privacy Day events with a broadcast from George Washington University Law School featuring Federal Trade Commissioner Maureen Ohlhausen and privacy and security experts from industry and government.
Whether you are a consumer, an application developer, a technology platform provider, consultant, or enterprise that relies on the collection, analysis and commercialization of data (who doesn’t these days) Adler Law Group can help you navigate this emerging area by 1) assessing and prioritizing privacy risks, 2) creating a baseline understanding of data assets, data flows and contractual commitments, 3) developing internal Privacy Polciies and processes, and 4) creating and delivering training programs for executives and employees that increases awareness and mitigate risk.
To find out more about how the Adler Law Group can help your business identify risk and issues related to intellectual property ownership, corporation or LLC formation, or just assess risk associated with your business, contact us for a free, no-obligation consultation by emailing David @ adler-law.com, visiting our web site www.adler-law.com, or calling toll free to (866) 734-2568.
The case of Clarity Software, LLC v. Financial Independence Group, LLC is a great example the serious, negative consequences to intellectual property ownership when business owners and legal counsel fail to ensure that tasks are completed.
The short version is that the creator of computer software, Vincent Heck, sold the copyright in his software to settle a debt to a creditor, Eric Wallace, who intended to form Clarity Software, LLC to own and distribute the software. The lawsuit was for infringement of the copyright in the software.
As they say, “the devil is in the details.” In this case, the detail that became a devil, and ultimately prevented Wallace from enforcing a copyright in the software, was the fact that Clarity Software, LLC was never properly formed and therefore lacked standing to sue for infringement.
Forgive me for employing yet another trite phrase, but “truth is often stranger than fiction.” The Defendant proved that a veritable comedy of errors had occurred resulting in no record of the formation, including 1) the Department of State of Pennsylvania losing the certificate of organization, along with all records of the submission and filing of the certificate of organization, 2) the Plaintiff’s bank (PNC Bank) losing its copy certificate of organization provided when Wallace opened a bank account (even though PNC Bank still had the signature card completed when the account was opened), and 3) Wallace, himself a former President of the Pennsylvania Institute of Certified Public Accountants, losing his copy of the certificate of organization and all records of his communications with his attorney.
Defendant successfully moved for summary judgment based on its argument that Plaintiff did not own the copyright at issue in the litigation since it was not properly organized as a Pennsylvania limited liability company and never acquired valid ownership of the copyright.
Hat tip to Pamela Chestek and her blog, Property Intangible, where she first wrote about this case October 13, 2014. The opinion and order can be found here: Clarity Software, LLC v. Financial Independence Group, LLC, No. 2:12-cv-1609-MRH (W.D. Pa. Sept. 30, 2014).
To find out more about how the Adler Law Group can help your business identify risk and issues related to intellectual property ownership, corporation or LLC formation, or just assess risk associated with your business, contact us for a free, no-obligation consultation by emailing David @ adler-law.com, visiting out web site www.adler-law.com, or calling toll free to (866) 734-2568..
One of the most important functions of a contract is to reduce uncertainties and mitigate risks. That is why almost all professional or personal services contracts contain “limitations of liability” provisions. Although they may seem like densely-worded, “boilerplate” provisions, and often overlooked, these provisions broadly affect a party’s ability to bring a claim, show liability, and prove damages that can be recovered.
A limitation of liability clause is a provision in a contract that limits the amount of exposure a company faces in the event a lawsuit is filed or another claim is made. As a preliminary observation, it is important to note that enforcement of limitation of liability provisions vary from state to state. The general rule in contract law is that in the commercial context, many states have found these clauses to be a mere shifting of the risk and enforce them as written.
Limitations of Liability generally address two areas of concern. First, the types of claims that may be barred. Second, the amount or scope of liability for claims that are not barred.
Limiting The Type Of Claim
A typical limitation of liability clause may look something like this:
“IN NO EVENT SHALL A PARTY OR ITS DIRECTORS, OFFICERS, EMPLOYEES, OR AGENTS, BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY, OR INDIRECT DAMAGES, INCLUDING BUT NOT LIMITED TO ANY DAMAGES FOR LOST PROFITS. IN NO EVENT SHALL THE TOTAL LIABILITY OF A PARTY EXCEED THE AMOUNTS PAID BY CLIENT, IF ANY, FOR THE SERVICES.”
This clause limits the types of damages that may be claimed, prohibiting claims for:
Consequential damages (damages resulting naturally, but not necessarily, from the defendant’s wrongful conduct, BUT they must be foreseeable and directly traceable to the breach)
Incidental damages (includes costs incurred in a reasonable effort, whether successful or not, to avoid loss, or in arranging or attempting to arrange a substitute transaction)
Specialdamages (often treated the same as “consequential” by courts, “special” damages have been defined as those that arise from special circumstances known by the parties at the time the contract was made)
Punitivedamages (damages that may be awarded which compensate a party for the exceptional losses suffered due to egregious conduct; a way of punishing the wrongful conduct and/or preventing future, similar conduct)
Exemplary damages (See “Punitive damages”)
Indirectdamages (See “Consequential damages”)
Lost Profits (Cases in New York (and elsewhere) have a held that a clause excluding “consequential damages” may no longer be enough to bar “lost profits” claims; therefore, consider including more specific provisions in contracts- if parties want to exclude lost profits for breach of contract, a clause specifically excluding “lost profits” should be included.)
Lost profits that do not directly flow from a breach are consequential damages, and thus typically excluded by a limitation of liability clause like that above. But lost profits can be considered general damages (and thus recoverable) where the non-breaching party bargained for those profits, and where the profits are a direct and probable result of the breach.
Limiting The Amount Of The Claim
If found to be enforceable, a limitation of liability clause can “cap” the amount of potential damages to which a party is exposed. The limit may apply to all claims arising during the course of the contract, or it may apply only to certain types of claims. Limitation of liability clauses typically limit the liability to one of the following amounts: (i) the compensation and fees paid under the contract; (ii) an sum of money agreed in advance; (iii) available insurance coverage; or (iv) a combination of the above.
Parties can and typically do agree in their contract that liability is capped at some dollar amount. If liability exists and if damages can be proved, then the aggrieved party recovers those damages, but only up to the agreed cap. Sometimes these are mutual; other times they are one-sided. Sometimes the cap is a fixed sum (e.g., “the amounts paid for the services” or “$100,000”). Other times, the parties may choose to tie the cap to the type of harm, (e.g. personal injury, property damage, violations of confidentiality obligations).
However, sometimes that parties may agree that certain types of harm should not be limited. These “exceptions” put the parties in the same position they would have occupied if there was no limitation of liability provision in effect. For example:
exposure for violations of intellectual property (copyright, trademark, trade secret, patent) or proprietary rights (right of publicity, right of privacy, contractually-defined proprietary information)
in the event of an obligation to indemnity and defend for 1) breach of intellectual property representations, and/or 2) third party intellectual property or proprietary rights
in the event of an obligation to indemnify because a party didn’t have the right to provide data or information
in the event of an obligation to indemnify and defend for non-compliance with data security standards
exposure for violations of confidentiality obligations
personal injury or property damage due to negligent acts or omissions
Businesses that rely upon limitation of liability clauses should periodically reexamine those clauses. Questions that you should be asking include: “what’s my maximum recovery if the other party breaches,” and “what’s my maximum liability if I breach?”
These are only effective if enforceable, that’s why drafting is key. According to many courts, following certain drafting guidelines will help reduce the likelihood that a limitation of liability clause will not be enforced. Such guidelines include:
Make the clause conspicuous: set the clause in bold face print or underline or otherwise place the clause apart from the rest of the text on the page on which it appears so that the other party is aware of its existence.
Make the language clear and concise: make sure that the clause is concise and unambiguous as it relates to the contract as a whole.
Identify specific risks: be specific in identifying the types of damages you think should be excluded.
Negotiate the clause: discuss the clause with the party that is signing the agreement and negotiate if there is a discrepancy.
Retain drafts of revisions: keep drafts of any revisions made to the limitation of liability clause so that you have proof that the clause was negotiated.
Add language stating that these damages are not recoverable even if they were, or should have been, foreseeable or known by the breaching party.
Recite that the limitation of liability clause is an agreed benefit of the bargain, and that it remains in effect even if any remedy under the contract fails of its essential purpose.
Consider including a liquidated damages clause for specific breaches, which would replace a damages claim.
DISCLAIMER: THIS IS NOT LEGAL ADVICE. Please consult qualified attorney to discuss your specific situation.
If you are concerned about how to tighten your contracts, we may be able to help. We can review your contracts, your business practices, and advise on whether there is room for improvement.
Please contact us for a no-fee, no-obligation consultation. (866) 734-2568 David [at] adler-law.com
One of the most important tools to protect your business – your ideas, customer relationships and talent pool – is your written contract. A solid contract is the foundation for a reliable relationship for you, your customers and your employees. More importantly, it helps to prevent misunderstandings and false expectations that can lead to a breakdown in your customer relationship, jeopardize the project and result in litigation.
Many companies start with a model or “form” contract adapted from forms available online or drafted when the business first started. As businesses develop over time, you may have revised your contracts, adding a little here, removing a little there. Maybe you read an article about an important case in your industry and decided to add some text from the contract discussed in the court’s legal opinion. In many cases, over time, the agreements become “Franken-contracts” an odd amalgamation of trade lingo, inconsistent terms and even contradictory conditions. At best these are ambiguous and confusing to read. At worst, they become unenforceable.
At some point, you should review, revise and generally “tighten” existing contracts. You should have your lawyer review them to make sure that there are no mistakes, ambiguities or omissions that could cost you or your customers. I urge clients to have their contract forms reviewed on an annual basis. Depending on changes in the law, changes in the industry or changes in your own business, this process should only take a few hours.
The following are six things to consider as you review your existing contract forms and business practices.
First, are you using a written contract? Simply having a written agreement in place will help prevent the often difficult, time-consuming and expensive dispute that comes down to a “he said / she said” situation.
Second, make sure that the key terms of your contract are consistent and understandable. Pricing and payment terms, clear descriptions of the services to be performed or the goods to be delivered, as well as due dates and acceptance criteria will go a long way toward preventing breach of contract claims. More importantly, ambiguous and internally-contradictory terms may expose you to fraud claims or claims under an unfair business practices act. These types of claims are typically much more difficult and more expensive to defend against.
Third, create a mechanism for changes in your contract. Circumstances change. When they do, make sure that you document them and that your customer initials and dates any additions or changes to the contract after it is signed.
Fourth, don’t overlook intellectual property (“IP”) rights, Many business relationships involve collaborative sharing or development of knowledge, skills and protectable IP assets such as copyrights, trademarks, patents and trade secrets. Intangible assets are often the most important drivers of revenue creation and value. Overlooking creation, ownership and control of IP rights may result in the loss of these assets.
Fifth, ensure that your contracts are up-to-date with respect to local laws and industry regulations. Recent developments in technology, e.g., BYOD, Social Media, Mobile commerce, and online privacy had produced a raft of state, federal and industry specific laws, rules and regulations. Do you regularly update your forms to make sure they comply with changes to local laws?
Sixth, understand your “escape” options. Not every relationship is meant to last forever. Your contracts should have clear and concise terms for ending the relationship such as failure to perform, failure to pay or adverse business conditions.
To find out more about how the Adler Law Group can help you tighten your contracts, or even draft new ones, contact us for a free, no-obligation consultation.
Technology Continues to Test The Bounds of Copyright Law
The Internet is an unprecedented source of disruption. From retail services (e.g. Amazon) to media and entertainment, almost every industry has been forced to rethink its business model due to the accessibility, ubiquity and democratizing force of the Internet. Aereo was positioned to disrupt the traditional media distribution model by giving consumers greater control over what were otherwise “free” over-the-air transmissions.
The Aereo service was premised on the idea that consumers should be able to watch and record over-the-air broadcast television programming via the Internet. Major broadcast networks that owned the content made accessible through Aereo challenged the model on the grounds that Aereo was violating the exclusive “public performance” right guaranteed by the Copyright Act.
Copyright law provides copyright owners six exclusive rights. One of those rights is the exclusive right to publicly perform the copyrighted work. Because this right is a statutory construct, one must look to the statute to determine its meaning. To “perform” and to perform “publicly” means “to transmit or otherwise communicate a performance or display the work to a place … or to the public, by means of any device or process, whether the members of the public capable of receiving the performance or display receive it in the same place or in separate places and at the same time or at different times.”
While many reacted by asking whether the case would stifle innovation and have a chilling effect on start-ups, this case does highlight the increasing tension between technological advances and copyright law.
From a practical standpoint, one need not be alarmed about the impact of the decision on most types of innovation. For one thing, the Court went to some lengths to craft a reasonably narrow decision, which applies only to broadcast TV retransmitted over the Internet.
As with any type of innovation, there are different types of risk. On the one hand, there is technology risk: the risk that whatever technology is necessary for some business plan simply won’t work. On the other hand, there is legal risk, highlighted by the Aereo decision: the risk that the entrepreneur’s interpretation of some act or case law won’t ultimately prevail. That’s what happened to Aereo.
As an IP lawyer, I am somewhat perplexed. It is hard for me to understand why Aereo made such a bold move. However, at least the district court agreed with Aereo’s interpretation.