Whose Social Media Account Is It Anyway?

As a result of the rapid shift in marketing from unilateral one-to-many communications, to the multilateral, many-to-many or many-to-one conversations enabled by Social Media, employees and employers are struggling to manage accounts that are used for both work and personal purposes.

This new phenomenon has benefits, but it also creates a number of legal challenges. For employees, it may result in greater efficiency, more opportunities for authentic customers engagement and the ability to stay on top of the most current grands and business issues. For employers, it presents opportunity to reap substantial benefits from lower communications and customer support costs. For in-house counsel, it raises a host of legal and practical issues with few easy solutions and significant liability and regulatory risks.

First, there are hardware issues. Smartphones, tablets and other personal electronics often have social networking capabilities built in. in addition, they contain contain both personal and business data. Because these devices are always on and always connected, they are more than just personal property. They have become essential business tools. For both sides of the workplace equation, employers and employees must understand where the privacy lines fall between personal versus work-related information.

Second, there are data issues. Employers must balance their needs to monitor employee usage, employees’ privacy concerns, and the risk of liability for theft or exposure of data if a device is lost or stolen, or from lack of proper safeguards on account usage. For in-house counsel tasked with drafting policies to address these risks, , Prior to implementation of any policy, the legal team needs to educate front line employees and management on reasonable expectations of privacy and security and the harms that the organization seeks to prevent.

Lastly, recent cases such as the Cristou v. Beatport litigation, highlight the struggle to define and control the beginning and end of employee social media accounts, ownership and protection of intellectual property and the post termination risks that arise from the absence of appropriate policies.

As we prepare to start a new year, the time is ripe to establish security and privacy policies governing creation, maintenance and use of employees’ social media accounts for work functions. In-house counsel must lead the charge to educate, inform and train employees about privacy, security and evidence-recovery implications associated with use of social media.

Advertisements

How Do You Respond To & Prevent Social Media Spam

I’m surprised at how often I receive commercial bulk email messages that are not compliant with the Federal CAN SPAM act.The two biggest mistakes I see are 1) no physical address and 2) no opt-out/unsubscribe mechanism.

Image representing Twitter as depicted in Crun...
Image via CrunchBase

Another common mistake is a “blind” bulk email address list like “Undisclosed-Recipients@email.com.”  Not only do I NOT know which address this received the offensive message, there usually isn’t even a proper return address for me to send an “Unsubscribe” message.

With the popularity of social media, you’ve  probably received a Twitter promotion for iPhones, special deals, free downloads, etc. While it’s easy to dismiss poorly-written tweets from obvious spammers, when someone replies to you on Twitter, says “must read, check it out” and the topic is clearly the kind of thing you read and share it’s more difficult to tell. Often, these are from legitimate accounts where a human has taken the time to compose and send the message.

In light of the growing use of electronic mail (“email”) messages for advertising, marketing, corporate communications and customer service, is essential to have some familiarity with the Federal “Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003” also known as the CAN SPAM Act (the “Act”) The Act provides the parameters of its application, explicit prohibitions, requirements for transmission of legally compliant email messages including the “Opt-Out” mechanism and vicarious liability.  Generally speaking, the Act was written to prohibit the fraudulent, deceptive, predatory and abusive practices that threaten to undermine the success and effectiveness of commercial email and email marketing.

Congress drafted the Act to impose limitations and penalties on the transmission of unsolicited commercial email messages. Unlike some state initiatives, the Act is an “opt-out” law. Put another way, for most purposes permission of the e-mail recipient is not required. However, once an email recipient has indicated a desire to opt-out or no longer receive such messages, failure to comply with the recipient’s request may subject both the sender and the person or entity on whose behalf the message was sent to severe penalties.

Frequently asked question about the Act include:

1)    To Whom Does The Act Apply? The Act applies to any person or entity that sends email.

2)    What Activities Are Prohibited By The Act? The Act is primarily concerned with explicitly  prohibiting certain predatory and abusive commercial email practices.

3)    What Are The Requirements For Sending Email Messages? Section 5(a) of the Act sets requires the inclusion non-misleading information regarding: (a) transmission, (b) subject, (c) email address, (d) Opt-out and physical address, and (e) clear and conspicuous language identifying sexually-oriented messages.

4)    Who Can Be Liable for Violations? The Act applies to both the party actually sending the commercial email messages and those who procure their services.

Discussion

The primary substantive provisions of the Act can be divided into three parts found in Section 4, Section 5 and Section 6. Section 4 of the Act addresses “predatory and abusive” practices prohibited by the Act. Section 5 details the requirements for transmission of messages that comply with the Act. Section 6 details the requirements for transmission and identification of sexually-oriented messages. Section 6 is not discussed in this article.

Section 4 of the Act lists specific “predatory and abusive” practices prohibited by the Act.  In short, the Act specifically prohibits: (i) accessing a computer without authorization for the purpose of initiating transmission of multiple commercial email messages, (ii) transmission of multiple commercial email messages with the intent to deceive or mislead recipients, (iii) transmission of multiple commercial email messages with materially false header information, (iv) registration of email accounts or domain names using information that materially falsifies the identity of the actual registrant, and (v) false representations regarding the registration of Internet Protocol addresses used to initiate multiple commercial email messages.

The second relevant part, set forth in Section 5 of the Act, details the requirements for transmission of messages that comply with the Act. Subject to certain limitations discussed below, the Act requires that email messages contain: (i) transmission information that is not materially false or misleading, (ii) subject information that is not materially false or misleading, (iii) a return address or comparable mechanism for opt-out purposes, (iv) identifier, Opt-out and physical address, and (v) clear and conspicuous language identifying sexually-oriented messages as such. (Note, this last requirement is not discussed. See above.) Lastly, the Act implicates both commercial email transmission service providers as well as those who procure their services.

To Whom Does The Act Apply?

The Act applies to any person or entity that sends email. The Act specifically regulates “commercial electronic mail messages,” defined as any email message “the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” However, the Act specifically excludes from this definition “transactional or relationship messages.” A “transactional or relationship message” falls within one of five categories of messages:

  1. communications that facilitate, complete or confirm a commercial transaction previously agreed to by the recipient;
  2. communications that provide warranty or other product information with respect to a product or service previously used or purchased by the recipient;
  3. notifications with respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship;
  4. information directly related to an employment relationship or related benefit plan in which the recipient is currently involved; and
  5. communications to deliver goods or services, including product updates or upgrades, under the terms of a transaction previously agreed to by the recipient.(Emphasis added.)

The purpose for the distinction between “commercial electronic mail messages” and “transactional or relationship messages” is to exempt certain types of communications from compliance with all the message transmission requirements of the Act. As should be clear from the list above, the Act distinguishes the types of communications based on the relationship between the sender and recipient rather than on the character of the message. Put another way, so long as the communication is related to some type of existing business relationship, it is not a “commercial electronic mail message.”

What Activities Are Prohibited By The Act?

Section 4 of the Act is primarily concerned with prohibiting certain predatory and abusive commercial email practices. Section 4(a) amends Chapter 47 of Title 18 of the United States Code by adding Section 1037 which specifies the offenses that constitute “fraud and related activity in connection with email.” An offense is committed by anyone who directly or indirectly, knowingly:

  1. accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer,
  2. uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,
  3. materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,
  4. registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, or
  5. falsely represents oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses, and intentionally initiates the transmission of multiple commercial electronic mail messages from such addresses.

Clearly, Section 4 is primarily concerned with preventing practices whereby the sender intentionally, either through outright fraud or other deception, conceals its true identity or the true commercial character of the message.

What Are The Requirements For Sending Email Messages?

            Section 5(a) of the Act sets forth certain other protections for the users of commercial email.

Accurate Transmission Information. Among the affirmative requirements of Section 5(a), Section 5(a)(1) prohibits sending either a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading. Unlike the general prohibition against sending messages with materially false header information under Section 4, in addition to having technically accurate transmission information, the sender is prohibited from having used false pretense or other deceptive means to acquire such information (e.g. email accounts, domain names and IP addresses). Furthermore, the “from” line must “accurately identify the person transmitting the message.” Lastly, the sender must accurately identify the computers used to originate, relay or retransmit the message.

Note, the following only apply to commercial electronic mail messages:

Accurate Subject Information. Messages must have accurate subject information. Subject information would not be accurate if a “person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that a subject heading of the message would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message.”[8]

Inclusion of Opt-out Mechanism. Messages MUST contain a functioning return email address or other Internet-based mechanism (e.g. hyperlink), that is clearly and conspicuously displayed that enables a  recipient to submit a request to opt-out of future email messages from the sender whose email address was contained in the message. The opt-out mechanism (whether email address or hyperlink, etc.) must remain functional for at least thirty (30) days after the transmission of the original message.

            Removal After Objection. If a recipient makes a request using the opt-out mechanism, the sender shall not transmit any further messages to the recipient, more than ten (10) business days after the receipt of such request, if such message would fall within the scope of the request. A third-party acting on behalf of the sender shall not transmit or assist others to transmit, any further messages to the recipient, more than ten (10) business days after the receipt of such request, if such third party knows or should know of the recipient’s objection. Lastly, the sender and any third party who knows that the recipient has made such a request, shall not sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient for any purpose other than compliance with the Act or other provision of law.

Inclusion of Identifier, Opt-out & Physical Address. Every message must clearly and conspicuously: (i) identify the message as an advertisement or solicitation; (ii) provide notice of the opportunity to opt-out of future communications; and (iii) provide a valid physical postal address of the sender. However, the notice that a message is an advertisement or solicitation does not apply where the recipient has given prior affirmative consent to receive the message.

Related Activities Proscribed.

Other prohibitions in the Act concern unethical or unscrupulous practices that tend to coincide with deceptive or abusive email. Several common methods for generating email distribution lists have also been proscribed. The Act prohibits certain unethical practices such as:

  • hijacking another email server to send or relay messages;
  • “harvesting” email addresses that appear on others’ Web sites;
  • randomly generating email addresses;
  • knowingly linking an email ad to a fraudulently registered domain; and
  • participating in other offenses such as fraud, identity theft, etc.

Who Can Be Liable for Violations?

The Act applies to both the party actually sending the commercial email messages and those who procure their services.[9] One cannot “outsource” its “spam” and thereby avoid liability under the Act. One may be held accountable if the email service employed isn’t actually using a legally-compiled or permission-based list. Under some parts of the Act one may be held liable for employing a third party to distribute the messages “with actual knowledge, or by consciously avoiding knowing, whether such [third party] is engaging or will engage, in a pattern or practice that violates this Act.”

CONCLUSION

The Act was written to prohibit the fraudulent, deceptive, predatory and abusive practices that threaten to undermine the success and effectiveness of commercial email and email marketing. Since Bacon’s uses email to communicate with employees, vendors, existing and prospective customers, Bacon’s is clearly subject to the Act. The Act focuses on enumerating proscribed activities rather than affirmative obligations to make it easier for legitimate, honest businesses to comply with the Act. The Act distinguishes communications based on a previously existing relationship between the sender and the recipient from those communications that are prospective in nature. Generally, email messages not based on a pre-existing relationship are subject to greater affirmative requirements.

Compliance Guidelines.

  1. Be Aware of the Requirements for Transmitting Messages.
  2. Require Compliance by Clients.
  3. Monitor Distribution by Affiliates.

Social Media Legal News Roundup

Into the data jungle – in association with Huron Legal
The Lawyer
Technological developments such as cloud computing, social networking and mobile apps mean EU law is no longer fit for purpose. The EU claims current laws often conflict and cost businesses a total of nearly £2bn a year.

Saudi Arabia considers law against insulting Islam
Bangladesh News 24 hours
JEDDAH, Saudi Arabia, July 16 (bdnews24.com/Reuters) – Saudi Arabia is studying new regulations to criminalise insulting Islam, including in social media, and the law could carry heavy penalties, a Saudi paper said on Sunday.

Mind the missteps in online job dance
Lawyers Weekly
With some background check firms specializing in social media searches (U.S.-based Social Intelligence Corp. for one), how do third-party recruiters use social media when screening or finding clients for law firms in Canada?

Saudi Arabia looking to criminalize Islam insults on social media
Bikya Masr
DUBAI: The Saudi Arabia government is looking to ensure users on social media networking sites do not insult Islam or the Prophet Mohamed, al-Watan newspaper reported on Sunday, citing officials who said a new law could bring “heavy” penalties.

Watching the detectives: the case for restricting access to your social media data
Delimiter
That debate tells us something about how Australians and the media conceptualise privacy and business-government relationships in a world where mobile phones and social network services such as Facebook are ubiquitous.

10 Tactics for Integrating Photographs into Content Marketing
Business 2 Community
Acquire digital rights for images. Remember when using images, especially photographs, your legal team is your best friend. Ensure that you’ve got the right to use the photos by incorporating outtakes and additional shots for social media.

Syracuse Neighborhood Watch plans to increase social media outreach
CNYcentral.com
New program coordinator plans more email, social media contact. … CNY Biz Central – Legal. Helpful advice about finding the right attorney for your legal needs. CNY Biz Central. Get information from our team.

Reasonable Expectations of Privacy in the Digital Age
Mondaq News Alerts (registration)
In this digital age of smart phones, global positioning systems, cloud computing, and social networking, determining what constitutes private information and what lengths our legal system will go to protect it is increasingly challenging.

Sale Of Digg Reminder Of Potential Risks To Facebook And Other Social Media …
Seeking Alpha
In 2011, social media watchers may recall reading in Bloomberg that Myspace, which had been purchased by News Corporation (NWS) for $580 million in 2005 had reportedly been sold for just $35 million to private investors, including Justin Timberlake. In …

Your Social Media Tweeting & Posting Legal Rights. TV … – YouTube
Find out how legally liable you are for your Twitter Tweets and Facebook postings.

Learn more about me here: www.ecommerceattorney.com and follow me here

World Social Media Legal News Roundup

Law professor says social media can pose legal problems in Courtroom
Winnipeg Free Press
SASKATOON – The dean of law at the University of Saskatchewan says using social media can have negative consequences in the Courtroom – Business – Winnipeg Free Press.

Eight Ways Your Employee Social-Media Policy May Violate Federal law
AdAge.com (blog)
All employees have certain rights under federal law that social-media policies can’t restrict.

New Law to Force Identification of Trolls Set to be Unveiled
Technorati
Home / Social Media / Articles / New Law to Force Identification of Troll. … is behind the attacks on them online without having to resort to expensive legal action.

A blue wave of change Cleveland County law enforcers join move toward social media alerts
Norman Transcript
Lauri Stevens, a social media strategist at LAwS Communications, a Boston-area company, said law enforcement agencies nationwide are beginning to embrace social media.

Social media helped, hurt in hunt for suspect in triple shooting
Washington Post
Social media at times was a help, other times a hindrance in the search and eventual arrest of a suspect in the triple fatal shooting at an Alabama apartment complex.

Use social media, but use it responsibly, UAE conference hears
gulfnews.com
He said, “We do not monitor social media networks. People have the freedom to speak within the legal framework. There is no law specifically for twitter, but …

Police: Street gangs embrace social media, too
Kansas.com
Beard gave a presentation on gangs, the Internet and social media at last week’s Midwest Law Enforcement Conference on Gangs and Drugs, held in Wichita.

And…don’t forget to check out my presentation on the Law & Social Data panel at #TechWeek Chicago 2012.

The past few years have witnessed an explosion of legal and regulatory activity involving social and other new media. This session will examine several key areas, including copyright, trademark and related intellectual property concerns; defamation, obscenity and related liability; false advertising and marketing restrictions; gaming; data privacy issues presented by social media; and impacts of social media on employees and the workplace. Attendees will learn how to identify legal risks and issues before they become full-scale emergencies and how to develop appropriate policies and guidelines covering social media activity.

If you can’t make it, check out the Slideshare presentation here.

Social Media & The Law: Recent Developments in Privacy, Security & Media

Statute Puts Online Libraries and Other Service Providers at Risk
Kansas City infoZine

A New Washington State Law Intends to Make Online Service Providers Criminally Liable For Online Postings. The Electronic Frontier Foundation (EFF) is representing the Internet Archive in order to block the enforcement of SB 6251, a law aimed at combating advertisements for underage sex workers but with vague and overbroad language that is squarely in conflict with federal law.

NLRB General Counsel Issues Further Guidance on Social Media
National Labor Relations Board (“NLRB”) is closely scrutinizing employer social media policies.

Legal issues in the media
Social Media Legal, Regulatory & Compliance: Risks & Issues Social Media Slideshare presentation.

Putting the Consumer Privacy Bill of Rights into Practice
Providing transparency in how consumer data is handled by mobile applications – this is the first topic for the National Telecommunications and Information…

US lawmakers propose digital bill of rights to safeguard privacy …
Two US lawmakers have proposed a digital bill of rights to safeguard consumer privacy rights and ensure internet freedom.

Stakeholders to Discuss Consumer Privacy Bill of Rights
The National Telecommunications and Information Administration (NTIA) will convene stakeholders July 12, 2012 in Washington, DC to develop a privacy code of conduct.

David M. Adler Speaking on Law & Social Data Panel at Chicago TechWeek 2012

Chicago is a new kind of technology hub, and the Techweek Conference is a new type of technology conference.

The Techweek 2012 Conference showcases the technology renaissance evolving in Chicago and the midwest. June 22-26, 2012

Law & Social Data
The past few years have witnessed an explosion of legal and regulatory activity involving social and other new media. This session will examine several key areas, including copyright, trademark and related intellectual property concerns; defamation, obscenity and related liability; false advertising and marketing restrictions; gaming; data privacy issues presented by social media; and impacts of social media on employees and the workplace. Attendees will learn how to identify legal risks and issues before they become full-scale emergencies and how to develop appropriate policies and guidelines covering social media activity.

Sunday June 24, 2012 3:00pm – 3:45pm @ 3 – 8 A/B (222 Merchandise Mart Plaza, Chicago, IL)

Socail Media, Search & Mobile Issues Discussed at ISSMM.org’s Converge2012

The Future Of Social Is Moving From Mere Participation To Analysis & Strategic Initiatives

I had the opportunity to attend and participate in Converge 2012 run by the Institute for Social, Search & Mobile Marketing. The theme was mastering the Business of Social Media. The Conference had a great selection of speakers (yours truly included) and topics that really resonated with the audience. I hope to summarize here some of the take-aways I learned at this conference.

Business Is Now Social

The last few years have seen an unprecedented shift in the adoption of social platforms for businesses to reach and interact with customers. What started as a “dipping our toes into the water” excerise has now matured into jumping in with both feet. Not surprisingly, the first few presentations of the conference focused on the effect of so much participation: greater focus on ROI. The presentations covered a lot of ground, but here are the key take aways from Day 1:

  • Businesses that fail to integrate the social channels may not exist in five years
  • Analytics are maturing in terms of both measurement tools and metrics
  • Better analytics are driving innovation by putting companies ahead of emerging issues instead of simply reacting to them
  • Creating a Social Media culture must come from the top and flow down
  • The growth of mobile platforms Is blurring the line between online and in-store experiences because of anywhere/anytime andpersonalized access

Day 1 concluded with the panel presentation in which I participated “Social Media “Venture Heaven” Money is flooding into social media, It’s time to understand why.” Key take-aways from this panel include the followig Data about the growth in Mobile:

  • As of May, 2012, mobile comprises 10% of Internet traffic, up from just 4% less than a year and a half ago
  • Mobile = ~8% of ecommerce
  • Monetization growing rapidly 79% is Apps, 21% is from ads
  • There has been a rapid increase in time spent relative money spent on ads; TV is roughly at parity while Mobile ad spend is about 1/10 of that
  • Drivers of growth in Mobile:
    • Devices
    • Platforms
    • Improved user interfaces
    • Sharing
    • More emphasis on design aestheticS

In a world of ubiquitous fast Internet,  mass blogging and micro-blogging, minute-by-minute status updates and customer complaints and recommendations, businesses need to focus on tailoring their product for their customers desires, rather that merely tolerating customer requests. Whatever device/platform customers use most will get the most attention from developers, accessory makers and potential new customers.