Friday, August 26, 2011
Judge Stays Facebook Law
Just found out that a Judge has stayed Missouri's "Facebook law" stating that the law acts to chills teachers’ speech. I have not seen the opinion yet but hope to provide analysis as soon as it is released. bit.ly/nCxAN9
Friday, August 19, 2011
Missouri's Social Media Law -- Update
Missouri's Teacher's union has just filed a 1st Am. suit seeking to overturn Missouri's new Facebook Law. A copy of the MSTA petition to invalidate the Mo FB law can be found at bit.ly/pOKavy
The MSTA issued the following statement with respect to their suit seeking to overturn Missouri's FB Law: “Many of our members are concerned about the unintended consequences of this law, including their ability to monitor their own children’s online activities,” said MSTA Legal Counsel, Gail McCray. “It's vague and more importantly, we believe it violates the constitutional rights of educators.”
The MSTA issued the following statement with respect to their suit seeking to overturn Missouri's FB Law: “Many of our members are concerned about the unintended consequences of this law, including their ability to monitor their own children’s online activities,” said MSTA Legal Counsel, Gail McCray. “It's vague and more importantly, we believe it violates the constitutional rights of educators.”
Sunday, August 14, 2011
Social Media Law: Who should be drafting your State's laws, (or your Company's policy)?
As social media begins to enter its adolescence it is not surprising that we are beginning to see legislation specifically directed at interaction on social media, the platforms themselves, and their rapidly expanding use in many varying areas of our life. One of those laws which has engendered a wide range of debate is Missouri Senate Bill No. 54 which was unanimously approved by the Senate on April 7, and recently signed into law by Governor Nixon. The legislation will go into effect August 28.
I've deliberately held off writing about Missouri's new law until now because I was curious to see what the initial reaction would be. Not unexpectedly (although I expect some in the Missouri legislature did not foresee this amount of uproar over what they thought was a child protection bill) this law has proven to be controversial. While I have not spoken to the bill's author, Sen. Jane Cunningham, I have little doubt that her efforts in passing the "Amy Hestir Studen Protection Act" were well meaning. Sen. Cunningham's website touts that she has "fought for this legislation for our children for five years" and that "this legislation is vital to protect our children from sexual predators in our schools" While one could debate whether the law actually serves to accomplish its stated goal(over 75% of child abuse actually occurs at home, not by educators)(2009 Childwelfare Public Fact Sheet ), or whether it potentially stifles the learning environment, I believe Sen. Cunningham's well meaning attempt to protect children may provide a glimpse of the challenges that the future regulation of social media will face.
Initially, it should be stated that the legislative process (and the court system for that matter) is somewhat ill-equipped to handle the rapidly changing world of social media. As Sen. Cunningham's statement indicates, she had been working on this legislation for over five years. At that time, Facebook had been open to the general public for less than a year and Twitter had only recently launched. When she initially envisioned the legislation, Sen. Cunningham could not have hoped to foresee the cultural impact that these services would have. Laws that attempt to address social media should keep this reality in mind.
In considering the ramifications of Missouri's law, it is helpful to consider the bill itself. The applicable text of Senate Bill 54 is relatively short and reads as follows:
1. Every school district shall, by January 1, 2012, promulgate a written policy concerning teacher-student communication and employee-student communication. Such policy shall contain at least the following elements:
(1) Appropriate oral and nonverbal personal communication, which may be combined with or included in any policy on sexual harassment; and
(2) Appropriate use of electronic media such as text messaging and internet sites for both instructional and personal purposes, with an element concerning use of social networking sites no less stringent than the provisions of subsections 2, 3, and 4 of this section.
I've deliberately held off writing about Missouri's new law until now because I was curious to see what the initial reaction would be. Not unexpectedly (although I expect some in the Missouri legislature did not foresee this amount of uproar over what they thought was a child protection bill) this law has proven to be controversial. While I have not spoken to the bill's author, Sen. Jane Cunningham, I have little doubt that her efforts in passing the "Amy Hestir Studen Protection Act" were well meaning. Sen. Cunningham's website touts that she has "fought for this legislation for our children for five years" and that "this legislation is vital to protect our children from sexual predators in our schools" While one could debate whether the law actually serves to accomplish its stated goal(over 75% of child abuse actually occurs at home, not by educators)(2009 Childwelfare Public Fact Sheet ), or whether it potentially stifles the learning environment, I believe Sen. Cunningham's well meaning attempt to protect children may provide a glimpse of the challenges that the future regulation of social media will face.
Initially, it should be stated that the legislative process (and the court system for that matter) is somewhat ill-equipped to handle the rapidly changing world of social media. As Sen. Cunningham's statement indicates, she had been working on this legislation for over five years. At that time, Facebook had been open to the general public for less than a year and Twitter had only recently launched. When she initially envisioned the legislation, Sen. Cunningham could not have hoped to foresee the cultural impact that these services would have. Laws that attempt to address social media should keep this reality in mind.
In considering the ramifications of Missouri's law, it is helpful to consider the bill itself. The applicable text of Senate Bill 54 is relatively short and reads as follows:
1. Every school district shall, by January 1, 2012, promulgate a written policy concerning teacher-student communication and employee-student communication. Such policy shall contain at least the following elements:
(1) Appropriate oral and nonverbal personal communication, which may be combined with or included in any policy on sexual harassment; and
(2) Appropriate use of electronic media such as text messaging and internet sites for both instructional and personal purposes, with an element concerning use of social networking sites no less stringent than the provisions of subsections 2, 3, and 4 of this section.
2. As used in this section, the following terms shall mean:
(1) "Exclusive access", the information on the website is available only to the owner (teacher) and user (student) by mutual explicit consent and where third parties have no access to the information on the website absent an explicit consent agreement with the owner (teacher);
RSMo 162.069
While I commend Sen. Cunningham for the bill's recognition that social media policies are an integral part of any organization's social media efforts, I believe that the law should serve as a warning to those of us who practice in the social medial sphere (and also to those who seek to write laws related to social media in the future) that many of our current legislators are not be experienced in social media and may not realize the ultimate ramifications of the laws they propose.
Social media, chat rooms, blogs, and instant messaging are no longer the realm of tech aficionados and teenagers. These channels now provide a means for efficient, and often enhanced, communication to a broad array of individuals and industries. From the mass communicative capabilities of Twitter to the relatively focused "circles" available at Google+, social media has the potential to provide heretofore unknown educational and commercial opportunities. Laws that ban and/or strictly limit the use of social media serve to stifle those opportunities.
While defenders of this law have stated that its intent is not to prohibit the use of Facebook by educators, its seemingly broad, and under defined terms will likely serve to have that effect. By proclaiming that no teacher shall use an internet site unless such sight is available to school administrators and legal guardians, and that no teacher shall use a nonwork related site which allows exclusive access with a student, by its express terms, the law appears to foreclose many social media applications. Almost all sites "allow" exclusive communications, whether by direct message, chat, or other means. Without further clarification, the law as currently written, will likely deter many educators from taking advantage of social media's potentially enormous educational value.
Those who regularly participate in social media understand the benefits that it can provide, some of which we are only now beginning to appreciate. Companies are using social media to interact with their customers through forms of direct marketing and advertising which was previously impossible. Educators (when not stifled by overly restrictive laws) are forming collaborative groups both with other teachers and also with students which allow all to interact in real time in on-line after-class discussions. Customers are able to provide direct feedback, and receive personalized responses. Students have (or had) the opportunity to ask that question (that they were afraid to ask in class) through a medium in which they were more comfortable. When drafting laws, or social media policies, the vast potential of social media should be considered just as thoroughly as any potential pitfalls.
Because these areas are rapidly changing, and because legislators, or those drafting policies for your organization, may not be as familiar with social media, it is vitally important to engage those fluent in the medium when drafting rules that will effect social media. Include members of your marketing, advertising, and public relations staff in your discussions, and be sure to seek out members of your organization that are active, both personally and professionally, on social media. These are the people who will understand the actual ramifications of the policies that your are proposing and may also be able to provide you with more efficient and effective means to accomplish your goals without stifling social media's benefits. If the people who are writing your policies, (or your State's legislation) aren't actively engaged in social media, they may not see the potential benefits that overly restrictive policies can preclude.
Let me know what you think.
Craig Moore
(2) "Former student", any person who was at one time a student at the school at which the teacher is employed and who is eighteen years of age or less and who has not graduated;
(3) "Nonwork-related internet site", any internet website or web page used by a teacher primarily for personal purposes and not for educational purposes;
(4) "Work-related internet site", any internet website or web pages used by a teacher for educational purposes.
3. No teacher shall establish, maintain, or use a work-related internet site unless such site is available to school administrators and the child's legal custodian, physical custodian, or legal guardian.
4. No teacher shall establish, maintain, or use a nonwork-related internet site which allows exclusive access with a current or former student. Nothing in this subsection shall be construed as prohibiting a teacher from establishing a nonwork related internet site, provided the site is used in accordance with this section.
5. Every school district shall, by July 1, 2012, include in its teacher and employee training, a component that provides up-to-date and reliable information on identifying signs of sexual abuse in children and danger signals of potentially abusive relationships between children and adults. The training shall emphasize the importance of mandatory reporting of abuse under section 210.115 including the obligation of mandated reporters to report suspected abuse by other mandated reporters, and how to establish an atmosphere of trust so that students feel their school has concerned adults with whom they feel comfortable discussing matters related to abuse.
RSMo 162.069
While I commend Sen. Cunningham for the bill's recognition that social media policies are an integral part of any organization's social media efforts, I believe that the law should serve as a warning to those of us who practice in the social medial sphere (and also to those who seek to write laws related to social media in the future) that many of our current legislators are not be experienced in social media and may not realize the ultimate ramifications of the laws they propose.
Social media, chat rooms, blogs, and instant messaging are no longer the realm of tech aficionados and teenagers. These channels now provide a means for efficient, and often enhanced, communication to a broad array of individuals and industries. From the mass communicative capabilities of Twitter to the relatively focused "circles" available at Google+, social media has the potential to provide heretofore unknown educational and commercial opportunities. Laws that ban and/or strictly limit the use of social media serve to stifle those opportunities.
While defenders of this law have stated that its intent is not to prohibit the use of Facebook by educators, its seemingly broad, and under defined terms will likely serve to have that effect. By proclaiming that no teacher shall use an internet site unless such sight is available to school administrators and legal guardians, and that no teacher shall use a nonwork related site which allows exclusive access with a student, by its express terms, the law appears to foreclose many social media applications. Almost all sites "allow" exclusive communications, whether by direct message, chat, or other means. Without further clarification, the law as currently written, will likely deter many educators from taking advantage of social media's potentially enormous educational value.
Those who regularly participate in social media understand the benefits that it can provide, some of which we are only now beginning to appreciate. Companies are using social media to interact with their customers through forms of direct marketing and advertising which was previously impossible. Educators (when not stifled by overly restrictive laws) are forming collaborative groups both with other teachers and also with students which allow all to interact in real time in on-line after-class discussions. Customers are able to provide direct feedback, and receive personalized responses. Students have (or had) the opportunity to ask that question (that they were afraid to ask in class) through a medium in which they were more comfortable. When drafting laws, or social media policies, the vast potential of social media should be considered just as thoroughly as any potential pitfalls.
Because these areas are rapidly changing, and because legislators, or those drafting policies for your organization, may not be as familiar with social media, it is vitally important to engage those fluent in the medium when drafting rules that will effect social media. Include members of your marketing, advertising, and public relations staff in your discussions, and be sure to seek out members of your organization that are active, both personally and professionally, on social media. These are the people who will understand the actual ramifications of the policies that your are proposing and may also be able to provide you with more efficient and effective means to accomplish your goals without stifling social media's benefits. If the people who are writing your policies, (or your State's legislation) aren't actively engaged in social media, they may not see the potential benefits that overly restrictive policies can preclude.
Let me know what you think.
Craig Moore
Friday, June 17, 2011
So you have a social media policy....Now what?
So your company has a Facebook page, Twitter feed, and even a YouTube channel...your employees, (and customers) are using social media and you recognize that it has important long term implications to your business. Hoping to stay ahead of the curve and avoid problems that you might not even know exist, you decide that you need a social media policy. In drafting your policy, you work with counsel to draft a tailored policy that addresses your company's specific market, sales force, and culture. In short, you've done everything you're supposed to do and you think you are ahead of the game in protecting your company.
Now what?
Unfortunately, simply having a well crafted social media policy does not solve all your potential social media problems. In fact, while you've made a good start, you are really just half way there. Without training, even the best crafted and perfectly tailored social media policy will not be as effective as it could be. Much like a bike that you never learn to ride, even the best policy will not protect you if it is not implemented effectively.
In implementing and training upon your social media policy there are many different aspects to consider.
Initially, it can be helpful to provide some very basic use and privacy setting training, not only for your staff that will be using social media on your behalf, but for your entire company. Often instances of inappropriate, embarrassing, or actionable social media mishaps occur when people accidentally post something in the wrong area or send a message to the wrong person, or inadvertently share a post with the world which is meant only for a select few. Making sure that your employees are trained and understand the basic privacy settings of social media sites, and also that they understand how their posts can and will be viewed by others (both their social media friends, and the public at large) is a great first step in protecting your people, and your business.
Next, it may also be helpful to provide specialized training to different segments of your work force. While it may not be necessary to make sure that all of your support staff or manufacturing lines are versed in the latest aspects of FTC communication guidelines, you may want to make sure that your marketing, sales, and social media team know how traditional advertising, marketing, and sales laws are being applied to social media and what the pitfalls are that may be particularly applicable to your industry. Similarly, while upper management may or may not need to be reminded not to post things which could place the company in an unflattering light, they may need to be reminded how even seemingly innocent statements (e.g. "Earnings are coming out this week and we're all so excited") could implicate SEC rules or how statements to or communications with competitors could raise suspicion in certain circumstances (e.g. antitrust or unfair trade practices). It is good to remember that everyone at your company, from the night janitor to the C.E.O., has the potential to be a representative of your company via social media...its always best to train accordingly.
Finally, another important aspect of social media training that is often overlooked is reminding employees how policies or agreements already in place can be effected by social media. Agreements relating to non-compete and non-solicit provisions of employment agreements are often potentially implicated by an employee's use of social media, both while employed at your company and after separation. If you have properly trained your employees on your expectations and their responsibilities under the policy, not only will you hopefully avoid inadvertent missteps, but you may also provide yourself with valuable ammunition if faced with a former employee who is feigning ignorance of the implications of the technology in a court battle. If you can establish that former employees were trained on what would violate these agreements before such a violation ever occurs, it may prove invaluable. Similarly, efforts to ensure that trade secret and confidential customer information remains protected by providing your employees the means to understand how to do so on social media serve not only to protect you now, but also if that information ever comes into question in the future.
While these general suggestions cannot hope to detail every potentially necessary or advisable aspect of social media training for your company, I do hope they provide a window into the areas where you can start.
Let me know what you think.
(TWISML PS: Happy Father's day to all the Dads out there this weekend, and a special personal thank you to my Dad, Frank Moore. After having three children of my own I know that there can be no greater gift to a father than to see his kids happy...Dad, I just wanted to let you know that I am, and that I couldn't have asked for a better Dad. Happy Father's Day.)
Now what?
Unfortunately, simply having a well crafted social media policy does not solve all your potential social media problems. In fact, while you've made a good start, you are really just half way there. Without training, even the best crafted and perfectly tailored social media policy will not be as effective as it could be. Much like a bike that you never learn to ride, even the best policy will not protect you if it is not implemented effectively.
In implementing and training upon your social media policy there are many different aspects to consider.
Initially, it can be helpful to provide some very basic use and privacy setting training, not only for your staff that will be using social media on your behalf, but for your entire company. Often instances of inappropriate, embarrassing, or actionable social media mishaps occur when people accidentally post something in the wrong area or send a message to the wrong person, or inadvertently share a post with the world which is meant only for a select few. Making sure that your employees are trained and understand the basic privacy settings of social media sites, and also that they understand how their posts can and will be viewed by others (both their social media friends, and the public at large) is a great first step in protecting your people, and your business.
Next, it may also be helpful to provide specialized training to different segments of your work force. While it may not be necessary to make sure that all of your support staff or manufacturing lines are versed in the latest aspects of FTC communication guidelines, you may want to make sure that your marketing, sales, and social media team know how traditional advertising, marketing, and sales laws are being applied to social media and what the pitfalls are that may be particularly applicable to your industry. Similarly, while upper management may or may not need to be reminded not to post things which could place the company in an unflattering light, they may need to be reminded how even seemingly innocent statements (e.g. "Earnings are coming out this week and we're all so excited") could implicate SEC rules or how statements to or communications with competitors could raise suspicion in certain circumstances (e.g. antitrust or unfair trade practices). It is good to remember that everyone at your company, from the night janitor to the C.E.O., has the potential to be a representative of your company via social media...its always best to train accordingly.
Finally, another important aspect of social media training that is often overlooked is reminding employees how policies or agreements already in place can be effected by social media. Agreements relating to non-compete and non-solicit provisions of employment agreements are often potentially implicated by an employee's use of social media, both while employed at your company and after separation. If you have properly trained your employees on your expectations and their responsibilities under the policy, not only will you hopefully avoid inadvertent missteps, but you may also provide yourself with valuable ammunition if faced with a former employee who is feigning ignorance of the implications of the technology in a court battle. If you can establish that former employees were trained on what would violate these agreements before such a violation ever occurs, it may prove invaluable. Similarly, efforts to ensure that trade secret and confidential customer information remains protected by providing your employees the means to understand how to do so on social media serve not only to protect you now, but also if that information ever comes into question in the future.
While these general suggestions cannot hope to detail every potentially necessary or advisable aspect of social media training for your company, I do hope they provide a window into the areas where you can start.
Let me know what you think.
(TWISML PS: Happy Father's day to all the Dads out there this weekend, and a special personal thank you to my Dad, Frank Moore. After having three children of my own I know that there can be no greater gift to a father than to see his kids happy...Dad, I just wanted to let you know that I am, and that I couldn't have asked for a better Dad. Happy Father's Day.)
Monday, May 23, 2011
Just because its "ok", doesn't make it legal.
In reviewing the social media legal headlines over the past few weeks (sorry for the week long hiatus, my oldest son is "graduating" from kindergarten and end of year festivities have been never ending...I'll try hard to meet my weekly deadline but things like that will always take precedence) I am reminded of an old maxim of my Grandmother's: "Just because its legal, doesn't make it right."
While this was not one of her favorites (those were usually reserved for things that were "colder than..." "battier than..." or "crookeder than...") it was one that I, as an aspiring attorney, tended to hear quite often. This rang true even more so once I entered law school and would attempt to explain to her the differences between what you "knew" and what you "could prove." What you "could prove" never mattered much to Grandma, she was always concerned more with what "was right." Interestingly, my experience with the jury system has born out that her idea of what was "right" was much closer to what a jury is concerned with than what my law school professors had to say about what you could prove...but that's a different blog.
Earlier this month, Facebook updated its promotional guidelines (Facebook Promotional Guidelines) to remove its blanket prohibitions on promotions for tobacco, dairy, gambling, firearms, prescription drugs, and gasoline. In addition, marketers may also now require purchase for entry and target those below age 18 or that live in previously restricted countries.
These changes have obvious implications for those brands that were previously prohibited from promoting their products via the world's largest social network, and likely has my friends in the marketing industry salivating over the opportunity to expand their client's influence and engagement in this arena. However, to paraphrase Grandma..."Just because its alright with Facebook, doesn't make it legal."
Companies and brand managers, as well as marketing and advertising professionals, should remember that the availability of this new arena does not necessarily make sweepstakes and promotions for these (or any other type of products) necessarily "legal" just because Facebook doesn't prohibit them. Instead, what these changes mean is that Facebook will no longer attempt to be the arbiter of these issues. While these promotions may now be "alright" with Facebook, companies hoping to take advantage of this new opportunity must remember that Facebook's members are worldwide, and the catchy promotion, or amazing sweepstakes that you are rolling out may not be as acceptable under the laws of certain jurisdictions.
While your gaming, tobacco, or firearm promotion may be perfectly acceptable, and completely compliant under the laws of Missouri (or whichever jurisdiction you reside) it may not be under the laws of Utah, California, Saudi Arabia, or China. Depending upon where your target market resides, and the size of your national or international operations, the laws of these jurisdictions must also be considered if you hope to avoid potential legal issues. (Additionally, this is yet another reminder how easily international legal issues can arise through the use of social media....while you may have never considered doing business in the UAE or the Ukraine, social media has the potential to take your company just one click away from these jurisdictions....it is important to consider the ramifications).
The implications of these changes reiterate the importance of coordinating your marketing and legal departments. While marketing may (rightfully) be seeking to expand your business into social media in an attempt to take advantage of the unique opportunities that the medium provides, and legal may (also rightfully) be concerned about the relatively unplowed social media landscape, these departments can co-exist. Having your legal and marketing teams on the same page, with each group understanding the benefits, and concerns that each of them see in social media is vital to your success in this rapidly growing arena. If you haven't yet, its time to make sure that they are all on the same page.
Let me know what you think.
P.S. I want to take a second and send thoughts and prayers out to my friends in the Joplin, Missouri area. The storms that have devastated that region are simply indescribable and nothing that anyone can say can really do anything to take away the devastation. Be safe, and know that we are with you.
While this was not one of her favorites (those were usually reserved for things that were "colder than..." "battier than..." or "crookeder than...") it was one that I, as an aspiring attorney, tended to hear quite often. This rang true even more so once I entered law school and would attempt to explain to her the differences between what you "knew" and what you "could prove." What you "could prove" never mattered much to Grandma, she was always concerned more with what "was right." Interestingly, my experience with the jury system has born out that her idea of what was "right" was much closer to what a jury is concerned with than what my law school professors had to say about what you could prove...but that's a different blog.
Earlier this month, Facebook updated its promotional guidelines (Facebook Promotional Guidelines) to remove its blanket prohibitions on promotions for tobacco, dairy, gambling, firearms, prescription drugs, and gasoline. In addition, marketers may also now require purchase for entry and target those below age 18 or that live in previously restricted countries.
These changes have obvious implications for those brands that were previously prohibited from promoting their products via the world's largest social network, and likely has my friends in the marketing industry salivating over the opportunity to expand their client's influence and engagement in this arena. However, to paraphrase Grandma..."Just because its alright with Facebook, doesn't make it legal."
Companies and brand managers, as well as marketing and advertising professionals, should remember that the availability of this new arena does not necessarily make sweepstakes and promotions for these (or any other type of products) necessarily "legal" just because Facebook doesn't prohibit them. Instead, what these changes mean is that Facebook will no longer attempt to be the arbiter of these issues. While these promotions may now be "alright" with Facebook, companies hoping to take advantage of this new opportunity must remember that Facebook's members are worldwide, and the catchy promotion, or amazing sweepstakes that you are rolling out may not be as acceptable under the laws of certain jurisdictions.
While your gaming, tobacco, or firearm promotion may be perfectly acceptable, and completely compliant under the laws of Missouri (or whichever jurisdiction you reside) it may not be under the laws of Utah, California, Saudi Arabia, or China. Depending upon where your target market resides, and the size of your national or international operations, the laws of these jurisdictions must also be considered if you hope to avoid potential legal issues. (Additionally, this is yet another reminder how easily international legal issues can arise through the use of social media....while you may have never considered doing business in the UAE or the Ukraine, social media has the potential to take your company just one click away from these jurisdictions....it is important to consider the ramifications).
The implications of these changes reiterate the importance of coordinating your marketing and legal departments. While marketing may (rightfully) be seeking to expand your business into social media in an attempt to take advantage of the unique opportunities that the medium provides, and legal may (also rightfully) be concerned about the relatively unplowed social media landscape, these departments can co-exist. Having your legal and marketing teams on the same page, with each group understanding the benefits, and concerns that each of them see in social media is vital to your success in this rapidly growing arena. If you haven't yet, its time to make sure that they are all on the same page.
Let me know what you think.
P.S. I want to take a second and send thoughts and prayers out to my friends in the Joplin, Missouri area. The storms that have devastated that region are simply indescribable and nothing that anyone can say can really do anything to take away the devastation. Be safe, and know that we are with you.
Tuesday, May 10, 2011
Does your social media campaign expose you to liablity?
Over the past few years there has been no bigger area of growth for the marketing industry than the realm of social media. Facebook, Twitter, and Linkedin have exploded from what was virtually a non-existent market just a few short years ago, into a significant portion of many advertising campaigns. Indeed, over two billion dollars were spent advertising on line last year and it is predicted that this will quadruple to over 8 billion by 2015. (Media Life: Behind the Huge Growth of Social Media). This explosive growth has not gone unnoticed by businesses and thousands have rushed to join the social media world. From Fortune 50 companies, to small family run shops, business of all shapes and sizes are adopting social media as an effective means to reach their target customer.
While this social media explosion has provided an amazing opportunity for customer connection and engagement, there are legal issues that must be considered. Although Facebook accounts are officially available to only those over the age of 12, studies indicate that the use among pre-teens reaches into the millions. (Consumer Reports estimates approximately 7.5 million children under age 13 use facebook). This use by minors may have the potential to expose unwary businesses to some very unexpected liability.
When users sign up for Facebook, their profile displays personally identifying information including their name, photo, school, employer, birthday, hometown and relationship status. Users are also able to further customize their profile by including specific references to personal likes and dislikes such as movies, books, music and other areas of interest. This information provides Facebook a unique ability to offer advertisers a chance to direct their advertisements to a very specific demographic, but when the information relates to minors, it may also present potential problems.
Just last week, a unique issue arose in the United States District Court for the Eastern District of New York which should have Facebook, and all businesses with a presence in social media, reviewing their programs and policies. On May 3, 2011, Scott Nastro, on behalf of his child, J.N., brought a class action suit against Facebook in a matter styled Nastro v. Facebook, Inc., 11-cv-2128, (E.D. N.Y). In this action, plaintiffs allege that Facebook misappropriated the names and likenesses of children for promotional purposes without seeking the required consent from the child's parent or guardian.
Specifically, plaintiffs alleged that Facebook, through its "Social Ads" feature, misappropriates the name and likeness of minors, for commercial advantage, without the consent of the minors parents. Started in 2007, Social Ads is an innovative program which essentially provides Facebook the ability to use an individual Facebook users preferences as an endorsement. Through Social Ads, Facebook users are allowed to see which of their friends has "endorsed" a particular brand or product by displaying the names and likenesses of a user's Facebook friends who have interacted with the ad or the advertiser's brand page. Thus, when a user "likes" a Facebook page, the user's action is recorded on the page along with the users name and likeness. Similarly, when a user "likes" a brand or responds to an event, a message is displayed to their Facebook Friend's home page feed, announcing this action. Because Facebook does not provide an "opt out" to allow a user to prevent their name and likeness from appearing on a page they have liked, users are automatically "endorsers" of any page they like on Facebook. The plaintiffs' suit seeks to recover for these "endorements" by minors which occur without the necessary consent of their parents. While obviously of concern to Facebook, Inc., this proposed class action, could also have major national implications.
Many corporations with Facebook fan pages include areas for their fans to submit many different types of content. This suit is a reminder that even innocently constructed programs likely need review from counsel. From the submission of photos and videos, to the simple ability to add a users name and likness to a list of those "liking" a page, social media's ability to allow users to engage with a company's page may have consequenses that were unheard of just a few years ago. While your markeing department or agency can construct amazing campaigns through social media, make sure they are vetted for potential pitfalls such as those faced by Facebook in Nastro.
Let me know what you think.
While this social media explosion has provided an amazing opportunity for customer connection and engagement, there are legal issues that must be considered. Although Facebook accounts are officially available to only those over the age of 12, studies indicate that the use among pre-teens reaches into the millions. (Consumer Reports estimates approximately 7.5 million children under age 13 use facebook). This use by minors may have the potential to expose unwary businesses to some very unexpected liability.
When users sign up for Facebook, their profile displays personally identifying information including their name, photo, school, employer, birthday, hometown and relationship status. Users are also able to further customize their profile by including specific references to personal likes and dislikes such as movies, books, music and other areas of interest. This information provides Facebook a unique ability to offer advertisers a chance to direct their advertisements to a very specific demographic, but when the information relates to minors, it may also present potential problems.
Just last week, a unique issue arose in the United States District Court for the Eastern District of New York which should have Facebook, and all businesses with a presence in social media, reviewing their programs and policies. On May 3, 2011, Scott Nastro, on behalf of his child, J.N., brought a class action suit against Facebook in a matter styled Nastro v. Facebook, Inc., 11-cv-2128, (E.D. N.Y). In this action, plaintiffs allege that Facebook misappropriated the names and likenesses of children for promotional purposes without seeking the required consent from the child's parent or guardian.
Specifically, plaintiffs alleged that Facebook, through its "Social Ads" feature, misappropriates the name and likeness of minors, for commercial advantage, without the consent of the minors parents. Started in 2007, Social Ads is an innovative program which essentially provides Facebook the ability to use an individual Facebook users preferences as an endorsement. Through Social Ads, Facebook users are allowed to see which of their friends has "endorsed" a particular brand or product by displaying the names and likenesses of a user's Facebook friends who have interacted with the ad or the advertiser's brand page. Thus, when a user "likes" a Facebook page, the user's action is recorded on the page along with the users name and likeness. Similarly, when a user "likes" a brand or responds to an event, a message is displayed to their Facebook Friend's home page feed, announcing this action. Because Facebook does not provide an "opt out" to allow a user to prevent their name and likeness from appearing on a page they have liked, users are automatically "endorsers" of any page they like on Facebook. The plaintiffs' suit seeks to recover for these "endorements" by minors which occur without the necessary consent of their parents. While obviously of concern to Facebook, Inc., this proposed class action, could also have major national implications.
Many corporations with Facebook fan pages include areas for their fans to submit many different types of content. This suit is a reminder that even innocently constructed programs likely need review from counsel. From the submission of photos and videos, to the simple ability to add a users name and likness to a list of those "liking" a page, social media's ability to allow users to engage with a company's page may have consequenses that were unheard of just a few years ago. While your markeing department or agency can construct amazing campaigns through social media, make sure they are vetted for potential pitfalls such as those faced by Facebook in Nastro.
Let me know what you think.
Monday, May 2, 2011
Can non-traditional "influencers" legally affect your clients?
Last week I had the opportunity to attend an interesting event presented by @infuz and @stltweets entitled:
The State of Online Influence: Social Reach in St. Louis.
The stated intent of the event was to "put a magnifying glass" on the concept of influence by exploring its roots and the challenges of harnessing it. The event featured presentations and discussions by local Social Media influencers Matt Ridings (@techguerilla), Mayor Francis Slay (@MayorSlay), Jason Fiehler (@jasonfiehler), Brad Hogenmiller (@Javastl), Robert Littal (@BlkSportsOnline), Chris Reimer (@RizzoTees); and Todd Jordan (@Tojosan) and centered upon how Social Media is presenting a unique opportunity for new voices to be heard, and also allowing those in business and politics to have a better, more direct, and more timely mode of communication with their clients and constituents. The climax of the evening was the unveiling of STL Index (@stlindex), which is being billed as a data-centric approach to measuring online influence in St. Louis.
While in many respects the event could be considered a marketing driven "coming out party" for STL Index, there were a couple legal take aways that I thought worth noting.
First, at the end of the day, social media, social marketing, and social networking is still at its heart, networking. Though the presentations were outstanding, the speakers well informed, and the panelists (and audience via twitter posts projected on the screen) entertaining, what made the event successful was the ability for the attendees to meet in person, engage, and converse about their shared interest in social media. While many, if not most, of this crowd had "met" online, via Twitter, Facebook, or one of the dozens of other Social Media sights which each of them frequent, those relationships were expanded and solidified by taking their online communications offline and in person.
Businesses venturing into social media can learn from this. It is simply no longer "enough" to have a Facebook page, or tweet your press releases. The real secret of social media is engagement. If you are not willing to take that step, you won't get as much out of the medium as you should. While my marketing roots believes this wholeheartedly, my legal side understands that this does introduce some challenges and potential risks. When your company, employees, and customers actively engage in social media, you almost inherently lose some control over your brand and message. This lack of control is often sufficiently offset by the tremendous benefits that social media can provide to ensure that you want to be in the space, but there is no reason that you shouldn't take every step you can to also protect your business. Social Media Policies specifically tailored to your company; Training all employees on the proper uses of Social Media and how improper uses can have adverse personal and professional consequences; and coordination between human resources, marketing, and legal to ensure that all are on the same page and working together to make sure your business is protected are just some of the ways to help protect your organization.
Second, for those in the business community, what may be of particular interest, (and some concern) is that these new "influencers" are not necessarily those who we have traditionally considered to be influential. Indeed, out of the STL Top 100 list, I think it is fair to say that there are many more bloggers and marketing types than there are politicians and CEOs. Many of the people you find on this list are more likely to be in your HR department, or a member of your team who bloggs on a topic completely unrelated to your business. Despite these nontraditional roles, these influencers have committed followings, and reach an enormous number of people, however, they are not necessarily traditional spokespeople and that may need to be addressed. Businesses hoping to utilize social media should be aware of this, and ideally, should try to tap their own internal influencers in helping with their social media strategy. Again, this requires thought, and developing policies which address these ever changing areas.
For those practicing in the social media law sphere, keep these non-traditional influencers in mind when developing policies and assisting your clients. While they may have an enormous potential to help your clients' business, they may not be versed in important areas of the law, and that could have consequences. Make sure your clients don't get caught up in avoidable problems.
Finally, I'd like to give a shout out today to our military leaders, special operations forces, and our President. Job well done.
Let me know what you think.
The State of Online Influence: Social Reach in St. Louis.
The stated intent of the event was to "put a magnifying glass" on the concept of influence by exploring its roots and the challenges of harnessing it. The event featured presentations and discussions by local Social Media influencers Matt Ridings (@techguerilla), Mayor Francis Slay (@MayorSlay), Jason Fiehler (@jasonfiehler), Brad Hogenmiller (@Javastl), Robert Littal (@BlkSportsOnline), Chris Reimer (@RizzoTees); and Todd Jordan (@Tojosan) and centered upon how Social Media is presenting a unique opportunity for new voices to be heard, and also allowing those in business and politics to have a better, more direct, and more timely mode of communication with their clients and constituents. The climax of the evening was the unveiling of STL Index (@stlindex), which is being billed as a data-centric approach to measuring online influence in St. Louis.
While in many respects the event could be considered a marketing driven "coming out party" for STL Index, there were a couple legal take aways that I thought worth noting.
First, at the end of the day, social media, social marketing, and social networking is still at its heart, networking. Though the presentations were outstanding, the speakers well informed, and the panelists (and audience via twitter posts projected on the screen) entertaining, what made the event successful was the ability for the attendees to meet in person, engage, and converse about their shared interest in social media. While many, if not most, of this crowd had "met" online, via Twitter, Facebook, or one of the dozens of other Social Media sights which each of them frequent, those relationships were expanded and solidified by taking their online communications offline and in person.
Businesses venturing into social media can learn from this. It is simply no longer "enough" to have a Facebook page, or tweet your press releases. The real secret of social media is engagement. If you are not willing to take that step, you won't get as much out of the medium as you should. While my marketing roots believes this wholeheartedly, my legal side understands that this does introduce some challenges and potential risks. When your company, employees, and customers actively engage in social media, you almost inherently lose some control over your brand and message. This lack of control is often sufficiently offset by the tremendous benefits that social media can provide to ensure that you want to be in the space, but there is no reason that you shouldn't take every step you can to also protect your business. Social Media Policies specifically tailored to your company; Training all employees on the proper uses of Social Media and how improper uses can have adverse personal and professional consequences; and coordination between human resources, marketing, and legal to ensure that all are on the same page and working together to make sure your business is protected are just some of the ways to help protect your organization.
Second, for those in the business community, what may be of particular interest, (and some concern) is that these new "influencers" are not necessarily those who we have traditionally considered to be influential. Indeed, out of the STL Top 100 list, I think it is fair to say that there are many more bloggers and marketing types than there are politicians and CEOs. Many of the people you find on this list are more likely to be in your HR department, or a member of your team who bloggs on a topic completely unrelated to your business. Despite these nontraditional roles, these influencers have committed followings, and reach an enormous number of people, however, they are not necessarily traditional spokespeople and that may need to be addressed. Businesses hoping to utilize social media should be aware of this, and ideally, should try to tap their own internal influencers in helping with their social media strategy. Again, this requires thought, and developing policies which address these ever changing areas.
For those practicing in the social media law sphere, keep these non-traditional influencers in mind when developing policies and assisting your clients. While they may have an enormous potential to help your clients' business, they may not be versed in important areas of the law, and that could have consequences. Make sure your clients don't get caught up in avoidable problems.
Finally, I'd like to give a shout out today to our military leaders, special operations forces, and our President. Job well done.
Let me know what you think.
Monday, April 25, 2011
TWISML Hat tip: The Now Revolution @ambercadabra and @jaybaer
I wanted to take this take a moment to send out a TWISML Hat tip to the authors of The Now Revolution, Amber Naslund (@ambercadabra) and Jay Baer (@jaybaer).
Amber and Jay were in St. Louis last week as guests of the Social Media Club of St. Louis (@smcstl) and were here to promote their new book: The Now Reviolution: 7 Shifts to make your business smarter, faster, and more social.
I had the unique opportunity to see Amber and Jay each individually speak about their book and also was in attendance at their joint presentation to the Social Media Club. (A special thank you to @standingpr, @at_law, and @lumiereplace for the invites to these great events). I also had the chance to catch a Cardinals game with Amber and I have to say that I came away impressed.
Amber and Jay have written a unique book which recognizes that Social Media isn't a job, and doesn't focus on Facebook, Twitter, Linkedin or any particular site. What Amber and Jay have done is attempt to help businesses understand that the real secret sauce behind social media is that it allows you to better understand, serve, and communicate with your customers. That's what's really important. Those companies that grasp this fundamental truth have a leg up on their competition.
Amber and Jay were in St. Louis last week as guests of the Social Media Club of St. Louis (@smcstl) and were here to promote their new book: The Now Reviolution: 7 Shifts to make your business smarter, faster, and more social.
I had the unique opportunity to see Amber and Jay each individually speak about their book and also was in attendance at their joint presentation to the Social Media Club. (A special thank you to @standingpr, @at_law, and @lumiereplace for the invites to these great events). I also had the chance to catch a Cardinals game with Amber and I have to say that I came away impressed.
Amber and Jay have written a unique book which recognizes that Social Media isn't a job, and doesn't focus on Facebook, Twitter, Linkedin or any particular site. What Amber and Jay have done is attempt to help businesses understand that the real secret sauce behind social media is that it allows you to better understand, serve, and communicate with your customers. That's what's really important. Those companies that grasp this fundamental truth have a leg up on their competition.
Social Media Posts: What do you do with a "bad" post?
Businesses that are considering using social media often spend an inordinate amount of time worrying about what can go wrong. From the disgruntled customer, to the misguided employee, to the inarticulate spokesperson, there are indeed many things that can go "wrong" when using social media, however, the mere possibility that something could go wrong does not mean your company should go running for the exits.
In truth, things can go "wrong" in almost any area of your business and the mere fact that it occurs on social media has little to do with the media itself. When an employee goes AWOL and posts inappropriate or unflattering content, it has been said that "you don't have a social media problem, you have a hiring problem." Similarly, staying off of social media due to concerns that a customer may say something unflattering is really akin to stating that your business is unwilling to address complaints. (Thanks to Amber Naslund and Jay Baer authors of The Now Revolution, and a TWISML Hat tip preview). In reality, these issues are human resource and customer service problems which every business must address in one form or another. Social media just serves to magnify the problems.
An interesting area where these issues find an interplay with the law is what you do with "bad" posts once they are out there. While at first, it may seem reflexive to delete the post (if you are able), in many instances it might not be that simple.
A recent tragic case arising out of a dorm room incident at Rutgers University has brought about some potentially significant developments in this area of social media law. The case out of Rutgers arose when Dharun Ravi allegedly videoed his roommate Tyler Clementi's relationship with another student via webcam and distributed a link to that webcam via social media. After Clementi learned that his relationship had been broadcast he tragically took his own life. Charges were initially brought against Mr. Ravi alleging counts related to invasion of privacy. While these facts are tragic, what is particularly interesting when considering the application to social media law is that Ravi was also recently charged with tampering with evidence. (For a more detailed account of the incident, see article by Beth DeFalco of the AP Roommate charged with hate crime in N.J. Suicide).
While on its face, this case may seem unrelated to a business' use of social media, the tampering with evidence charges may provide a window into future developments. As with the evidence in this criminal case, a business that knows civil litigation is likely to arise has a duty to refrain from destroying relevant evidence. While, initially, it may seem perfectly reasonable for a business to delete offensive posts, or remove client complaints, this duty to preserve evidence makes it advisable to consider whether the post potentially relates to a larger legal issue.
Although these evidentiary considerations present potential problems, they do not mean that troublesome posts must be left up indefinitely. Even though the law directly relating to this kind of material is in many respects still being written, a business can provide itself with an added layer or protection through the use of a properly crafted social media policy. Addressing how your business will deal with this sort of material, setting up procedures on how to retain/store relevant posts, training employees on how to deal with these issues, and taking proper measures to ensure that you do not run afoul of the evidence tampering laws are all fairly easy ways to protect your business. As with many other legal issues, proper planning on the front end can help minor legal problems from developing in to major legal disasters.
Let me know what you think.
In truth, things can go "wrong" in almost any area of your business and the mere fact that it occurs on social media has little to do with the media itself. When an employee goes AWOL and posts inappropriate or unflattering content, it has been said that "you don't have a social media problem, you have a hiring problem." Similarly, staying off of social media due to concerns that a customer may say something unflattering is really akin to stating that your business is unwilling to address complaints. (Thanks to Amber Naslund and Jay Baer authors of The Now Revolution, and a TWISML Hat tip preview). In reality, these issues are human resource and customer service problems which every business must address in one form or another. Social media just serves to magnify the problems.
An interesting area where these issues find an interplay with the law is what you do with "bad" posts once they are out there. While at first, it may seem reflexive to delete the post (if you are able), in many instances it might not be that simple.
A recent tragic case arising out of a dorm room incident at Rutgers University has brought about some potentially significant developments in this area of social media law. The case out of Rutgers arose when Dharun Ravi allegedly videoed his roommate Tyler Clementi's relationship with another student via webcam and distributed a link to that webcam via social media. After Clementi learned that his relationship had been broadcast he tragically took his own life. Charges were initially brought against Mr. Ravi alleging counts related to invasion of privacy. While these facts are tragic, what is particularly interesting when considering the application to social media law is that Ravi was also recently charged with tampering with evidence. (For a more detailed account of the incident, see article by Beth DeFalco of the AP Roommate charged with hate crime in N.J. Suicide).
While on its face, this case may seem unrelated to a business' use of social media, the tampering with evidence charges may provide a window into future developments. As with the evidence in this criminal case, a business that knows civil litigation is likely to arise has a duty to refrain from destroying relevant evidence. While, initially, it may seem perfectly reasonable for a business to delete offensive posts, or remove client complaints, this duty to preserve evidence makes it advisable to consider whether the post potentially relates to a larger legal issue.
Although these evidentiary considerations present potential problems, they do not mean that troublesome posts must be left up indefinitely. Even though the law directly relating to this kind of material is in many respects still being written, a business can provide itself with an added layer or protection through the use of a properly crafted social media policy. Addressing how your business will deal with this sort of material, setting up procedures on how to retain/store relevant posts, training employees on how to deal with these issues, and taking proper measures to ensure that you do not run afoul of the evidence tampering laws are all fairly easy ways to protect your business. As with many other legal issues, proper planning on the front end can help minor legal problems from developing in to major legal disasters.
Let me know what you think.
Monday, April 18, 2011
Is Social Media information "valuable property"?
An interesting question was raised last week Claridge v. Rockyou, Inc. ((2011 WL 1361588 (N.D.Cal.)): Is the personally identifiable information ("PII") submitted to social media sights "valuable property"? Assuming the answer to this question is yes, an interesting corollary to the question, from a privacy perspective is: What are you doing to protect this valuable property? How your company answers both of these questions could have serious consequences.
THE CASE:
Here's what happened: RockYou develops and distributes applications and services for use on social media sites. Among the applications developed by RockYou are Gourmet Ranch and Zoo World. When customers sign up to use RockYou's applications, they are asked to provide an e-mail address, and registration password which RockYou stores. In certain instances, RockYou also requires customers to provide user names and password information necessary for accessing social media sites.
The Plaintiff, a registered account holder with RockYou, brought suit alleging that RockYou failed to secure and safeguard Plaintiffs PII, including email, passwords, and social media login credentials. Plaintiff alleged that while RockYou promised to safeguard user sensitive PII through a policy which stated that "RockYou! uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your information..." RockYou instead stored PII in clear or plain text which provided no encryption and easily allowed intruders to read and remove the information. Plaintiffs PII was therefore easily accessible to anyone with a minimal amount of hacking ability (of which this author has none).
Plaintiff alleged that instead of leaving the barn door open (to steal a phrase from Gourmet Ranch) RockYou could have followed any one of a number of commonly used methods of protecting PII.
While after reading the opinion, one wonders whether this initial security failure would have been enough to let the matter move forward, if Plaintiff's allegations are true, RockYou likely did not help itself when it delayed in responding to the warnings of a noted online security firm that there was a problem with its database. Specifically, the firm informed RockYou of a SQL injeciton flaw which would allow a hacker to introduce malicious code into a company's network. At some point it was alleged that at least one known hacker accessed the database and copied the email and social networking login credentials of approximately 32 million users.
Plaintiff alleged nine separate causes of action: 1) Violation of the Stored Communications Act 18 U.S.C. Section 2702; 2) Violation of California's Unfair Competition Law, Cal. Bus. & Prof. Code Section 17200; 3) Violation of California's computer Crime Law, Cal. Penal Code Section 502; 4) Violation of the California Consumer Legal Remedies Act, Cal. Civ. code Section 1750; 5) Breach of Contract; 6) Breach of implied covenant of good faith and fair dealing; 7) Breach of implied contracts; 8) negligence; and 9) negligence per se. The Court dismissed the majority of these claims, but allowed Plaintiff's breach of contract, implied contract, and negligence based counts to survive.
In allowing these counts to survive, the Court recognized the issue as whether the plaintiff had sufficiently alleged any actionable harm or concrete loss. Plaintiff's general allegations were that defendant's customers paid for its products and services by providing their PII, and that the PII constitutes valuable property that is exchanged not only for defendant's products and services, but also in exchange for defendant's promise to employ commercially reasonable methods to safeguard the PII that is exchanged. As a result, defendant's role in allegedly contributing to the breach of plaintiff's PII caused plaintiff to lose the ‘value’ of their PII, in the form of their breached personal data. See Claridge *4-5.
While the Court recognized that this theory was novel, it declined to hold as a matter of law that Plaintiff failed to allege an injury. Moreover, the Court specifically noted that the unauthorized disclosure of personal information via the Internet is itself relatively new, and likely to raise issues of law not yet settled by the courts. Finding that the Plaintiff's allegations of harm were sufficient to allege a generalized injury in fact, the case was allowed to move forward.
WHY IS THIS IMPORTANT?:The reason that I find this case particularly interesting is the potential messages that it sends to those companies who possess customer PII. While it is unquestionable that it is a good business practice to protect all client data, did RockYou open itself up to additional exposure by expressly promising to do so? Would the Court have found the same potential liability without the express provisions cited by the Plaintiff?(The breach of contract claim surely would have been more difficult to prove.) Would the claim have been different if RockYou had heeded the warnings of the security firm? What if it had basic protections that were nonetheless breached? An even more interesting question is whether the negligence claims would have been allowed to move forward even without the express promises of safety.
Another emerging issue which this case, and those that will surely follow behind it, could have an impact on is how the log on and user information for social media accounts is considered in the employee/employer environment. If this sort of PII is found to be valuable property does that have an effect upon who retains it when an employer/employee relationship ends? What about "personal" blogs which are directly business focused? Is the lined blurred?
Once again, its important to note that as this is still a rapidly developing area, many of these questions have not been definitively answered by the Courts. While they may not solve every problem, having policies and procedures can provide you with a leg up if and when the issue heads before a Court. (Imagine if RockYou had also had a line in their disclosures which said something along the lines of "PII Submitted to this site is NOT valuable property for the purposes of calculating legal damages...would that have helped?) The intersection of Privacy law and Social Media is sure to be a hot area for litigation for years to come.
Let me know what you think.
THE CASE:
Here's what happened: RockYou develops and distributes applications and services for use on social media sites. Among the applications developed by RockYou are Gourmet Ranch and Zoo World. When customers sign up to use RockYou's applications, they are asked to provide an e-mail address, and registration password which RockYou stores. In certain instances, RockYou also requires customers to provide user names and password information necessary for accessing social media sites.
The Plaintiff, a registered account holder with RockYou, brought suit alleging that RockYou failed to secure and safeguard Plaintiffs PII, including email, passwords, and social media login credentials. Plaintiff alleged that while RockYou promised to safeguard user sensitive PII through a policy which stated that "RockYou! uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your information..." RockYou instead stored PII in clear or plain text which provided no encryption and easily allowed intruders to read and remove the information. Plaintiffs PII was therefore easily accessible to anyone with a minimal amount of hacking ability (of which this author has none).
Plaintiff alleged that instead of leaving the barn door open (to steal a phrase from Gourmet Ranch) RockYou could have followed any one of a number of commonly used methods of protecting PII.
While after reading the opinion, one wonders whether this initial security failure would have been enough to let the matter move forward, if Plaintiff's allegations are true, RockYou likely did not help itself when it delayed in responding to the warnings of a noted online security firm that there was a problem with its database. Specifically, the firm informed RockYou of a SQL injeciton flaw which would allow a hacker to introduce malicious code into a company's network. At some point it was alleged that at least one known hacker accessed the database and copied the email and social networking login credentials of approximately 32 million users.
Plaintiff alleged nine separate causes of action: 1) Violation of the Stored Communications Act 18 U.S.C. Section 2702; 2) Violation of California's Unfair Competition Law, Cal. Bus. & Prof. Code Section 17200; 3) Violation of California's computer Crime Law, Cal. Penal Code Section 502; 4) Violation of the California Consumer Legal Remedies Act, Cal. Civ. code Section 1750; 5) Breach of Contract; 6) Breach of implied covenant of good faith and fair dealing; 7) Breach of implied contracts; 8) negligence; and 9) negligence per se. The Court dismissed the majority of these claims, but allowed Plaintiff's breach of contract, implied contract, and negligence based counts to survive.
In allowing these counts to survive, the Court recognized the issue as whether the plaintiff had sufficiently alleged any actionable harm or concrete loss. Plaintiff's general allegations were that defendant's customers paid for its products and services by providing their PII, and that the PII constitutes valuable property that is exchanged not only for defendant's products and services, but also in exchange for defendant's promise to employ commercially reasonable methods to safeguard the PII that is exchanged. As a result, defendant's role in allegedly contributing to the breach of plaintiff's PII caused plaintiff to lose the ‘value’ of their PII, in the form of their breached personal data. See Claridge *4-5.
While the Court recognized that this theory was novel, it declined to hold as a matter of law that Plaintiff failed to allege an injury. Moreover, the Court specifically noted that the unauthorized disclosure of personal information via the Internet is itself relatively new, and likely to raise issues of law not yet settled by the courts. Finding that the Plaintiff's allegations of harm were sufficient to allege a generalized injury in fact, the case was allowed to move forward.
WHY IS THIS IMPORTANT?:The reason that I find this case particularly interesting is the potential messages that it sends to those companies who possess customer PII. While it is unquestionable that it is a good business practice to protect all client data, did RockYou open itself up to additional exposure by expressly promising to do so? Would the Court have found the same potential liability without the express provisions cited by the Plaintiff?(The breach of contract claim surely would have been more difficult to prove.) Would the claim have been different if RockYou had heeded the warnings of the security firm? What if it had basic protections that were nonetheless breached? An even more interesting question is whether the negligence claims would have been allowed to move forward even without the express promises of safety.
Another emerging issue which this case, and those that will surely follow behind it, could have an impact on is how the log on and user information for social media accounts is considered in the employee/employer environment. If this sort of PII is found to be valuable property does that have an effect upon who retains it when an employer/employee relationship ends? What about "personal" blogs which are directly business focused? Is the lined blurred?
Once again, its important to note that as this is still a rapidly developing area, many of these questions have not been definitively answered by the Courts. While they may not solve every problem, having policies and procedures can provide you with a leg up if and when the issue heads before a Court. (Imagine if RockYou had also had a line in their disclosures which said something along the lines of "PII Submitted to this site is NOT valuable property for the purposes of calculating legal damages...would that have helped?) The intersection of Privacy law and Social Media is sure to be a hot area for litigation for years to come.
Let me know what you think.
Monday, April 11, 2011
TWISML Hat tip: Eric Goldman (@ericgoldman)
Wanted to throw out a hat tip to Eric Goldman (@ericgoldman) and his Technology & Marketing Law Blog (http://blog.ericgoldman.org/), for his April 9, 2001 post on People v. Welte (2011 WL 1331900). In Welte the Court considered whether communications with those on a public Facebook friends list violated a no contact order or could be considered stalking.
Just one more reminder as to why its important to know and understand your privacy settings.
Just one more reminder as to why its important to know and understand your privacy settings.
Be careful what you ask for...you just might get it.
It continues to be readily apparent that companies are struggling to find exactly where the line should be drawn between appropriate social media policy enforcement and the rights of workers under the NLRA.
On April 6, social media legal circles were all a 'twitter' upon the announcement that the NLRB will issue a complaint against Thompson Reuters due to its "discussion" with an employee after what Reuters believed was a questionable Twitter post. While it is believed that this is the first NLRB action related to Twitter, it comes right on the heals of the settlement of the claim related to the firing of Dawnmarie Souza by American Medial Response of Connecticut, for statements made about her supervisor on Facebook. As the Souza case was settled prior to the entry of a formal decision, this case presents one of the first opportunities for a formal line in the sand to be drawn with respect to the proper enforcement of Social Media policies and an employee's rights to criticize an employer through social media.
Here, Reuters, in what appears to have been an attempt to start a positive conversation on how Reuters could make itself "the best place to work," asked employees for comments via Twitter on what it could do to improve. Taking the opportunity presented, Reuters environmental reporter Deborah Zabrenko (@dzabarenko) tweeted that "One way to make this the best place to work is to deal honestly with Guild members."
Soon after posting the tweet, Ms. Zabarenko received a call, at home, informing her that her post had violated a Reuters policy that employees were not to say anything publicly that could damage the reputation of Reuters. Ms. Zabarenko raised the issue of intimidation and the NLRB is now suing Reuters for violation of a workers right to discuss working conditions (which, ironically is exactly what Reuters asked its workers to do when it asked for suggestions on how to make Reuters the best place to work).
While I'm not an NLRA, or employment law expert, this does strike me as an interesting case. The issues presented in the Facebook/Souza claim (calling supervisor the equivalent of a mental patient) seemed much farther removed from legitimate criticism of the working environment than those present here. Although I won't pretend to predict the ultimate outcome of the claim, it provides another example of how social media continues to vex even those companies that are trying to take advantage of the medium.
In some respects, I have to commend Reuters for using social media to ask the question: "How can we make this the best place to work," as that is exactly the kind of conversation that can be constructive via social media, but in using social media, you have to be prepared for answers that you sometimes don't like. This is not to say that employees have a free reign with their social media comments, they don't, and sometimes what you say can and should have repercussions, but knowing what sort of statements are actionable is essential. What is important is that your company have a well thought out social media policy which considers these issues before they become legal problems, and that those enforcing your social media policy know and understand the ramifications of their actions in enforcing the policy.
On April 6, social media legal circles were all a 'twitter' upon the announcement that the NLRB will issue a complaint against Thompson Reuters due to its "discussion" with an employee after what Reuters believed was a questionable Twitter post. While it is believed that this is the first NLRB action related to Twitter, it comes right on the heals of the settlement of the claim related to the firing of Dawnmarie Souza by American Medial Response of Connecticut, for statements made about her supervisor on Facebook. As the Souza case was settled prior to the entry of a formal decision, this case presents one of the first opportunities for a formal line in the sand to be drawn with respect to the proper enforcement of Social Media policies and an employee's rights to criticize an employer through social media.
Here, Reuters, in what appears to have been an attempt to start a positive conversation on how Reuters could make itself "the best place to work," asked employees for comments via Twitter on what it could do to improve. Taking the opportunity presented, Reuters environmental reporter Deborah Zabrenko (@dzabarenko) tweeted that "One way to make this the best place to work is to deal honestly with Guild members."
Soon after posting the tweet, Ms. Zabarenko received a call, at home, informing her that her post had violated a Reuters policy that employees were not to say anything publicly that could damage the reputation of Reuters. Ms. Zabarenko raised the issue of intimidation and the NLRB is now suing Reuters for violation of a workers right to discuss working conditions (which, ironically is exactly what Reuters asked its workers to do when it asked for suggestions on how to make Reuters the best place to work).
While I'm not an NLRA, or employment law expert, this does strike me as an interesting case. The issues presented in the Facebook/Souza claim (calling supervisor the equivalent of a mental patient) seemed much farther removed from legitimate criticism of the working environment than those present here. Although I won't pretend to predict the ultimate outcome of the claim, it provides another example of how social media continues to vex even those companies that are trying to take advantage of the medium.
In some respects, I have to commend Reuters for using social media to ask the question: "How can we make this the best place to work," as that is exactly the kind of conversation that can be constructive via social media, but in using social media, you have to be prepared for answers that you sometimes don't like. This is not to say that employees have a free reign with their social media comments, they don't, and sometimes what you say can and should have repercussions, but knowing what sort of statements are actionable is essential. What is important is that your company have a well thought out social media policy which considers these issues before they become legal problems, and that those enforcing your social media policy know and understand the ramifications of their actions in enforcing the policy.
Wednesday, April 6, 2011
This week in Social Media Law: The Title
As I think about it more I guess a little background to the title of this blog may be in order.
Growing up a baseball addict in the age before the internet and ESPN's constant highlight shows (Harry Caray and Steve Stone were my constant companions after school throughout the 80s....those 3:05 start times at Wrigley before the lights were my favorite), I had one program that I couldn't miss on a weekly basis. This Week in Baseball. Mel Allen's distinctive voice brought tales of the American League and the rest of baseball that I rarely had an opportunity to follow, and generally provided a good overview of what had happend in my favorite sport the week before.
That's what I hope to be able to provide for the world of Social Media Law in this blog.
No doubt, there will be developments that merit more timely posts, and sometimes I'll just feel like throwing something out there for discussion, but I hope that on a weekly basis, every Monday, I'll be able to provide a good overview of the week that was in Social Media Law.
If there are areas of the law related to social media that you would like to see covered, topics that you find interesting, issues that you think could present problems to individuals, companies, or lawyers as they plod their way through what I think will be a very exciting area of the law over the coming years, or just something in Social Media that makes you say "How about that!"(Allen's signature call) please share...I'm happy to do the research and provide a place for the conversation to take place, I may not always agree with everything that's out there, but I'm interested in the conversation.
Let me know what you think.
Growing up a baseball addict in the age before the internet and ESPN's constant highlight shows (Harry Caray and Steve Stone were my constant companions after school throughout the 80s....those 3:05 start times at Wrigley before the lights were my favorite), I had one program that I couldn't miss on a weekly basis. This Week in Baseball. Mel Allen's distinctive voice brought tales of the American League and the rest of baseball that I rarely had an opportunity to follow, and generally provided a good overview of what had happend in my favorite sport the week before.
That's what I hope to be able to provide for the world of Social Media Law in this blog.
No doubt, there will be developments that merit more timely posts, and sometimes I'll just feel like throwing something out there for discussion, but I hope that on a weekly basis, every Monday, I'll be able to provide a good overview of the week that was in Social Media Law.
If there are areas of the law related to social media that you would like to see covered, topics that you find interesting, issues that you think could present problems to individuals, companies, or lawyers as they plod their way through what I think will be a very exciting area of the law over the coming years, or just something in Social Media that makes you say "How about that!"(Allen's signature call) please share...I'm happy to do the research and provide a place for the conversation to take place, I may not always agree with everything that's out there, but I'm interested in the conversation.
Let me know what you think.
Monday, April 4, 2011
Impersonating an employee: New and exciting ways businesses are getting into trouble via social media
A recent case out of Chicago, Illinois (Maremont v. Susan Fredman Design Group, 2011 WL 902444, 3-15-2011) exemplifies how businesses are struggling to adapt to the legal issues presented through their use of social media. While on its face, the issue at the heart of this case may seem obvious, in practice there can be many very difficult issues...is your company ready?
In Maremont, Jill Maremont, an employee of SFDG was an active participant in social media, blogging and posting in her own name, on topics directly related to her employment at SFDG. Through her efforts, Maremont developed a sizable following and those posts inured to the benefit of SFDG. She accessed social media sites through SFDG computers, which stored her passwords.
In September of 2009, Maremont was in an accident which left her incapacitated for an extended period of time, in her absence, employees of SFDG made numerous social media postings promoting SFDG on her behalf, without her permission. Upon discovering this activity, Maremont requested that SFDG refrain from using her accounts. SFDG continued these posts despite Maremont's requests. Maremont brought claims alleging violation of the Lanham Act (false endoresment); Illinois' Right to Publicity Act, and Common Law Right to Privacy claims. Her claims under the Lanham Act and Illinois' Right to Privacy Act, have survived Summary Judgment, and the opinion gives at least some indication that a more specifically pled privacy claim may also have had some traction.
The ultimate resolution of these claims is still to be determined, however, their advancement should give pause to companies whose employees use their own followings on social media to promote company business activities. Could you be exposed to similar claims? Would you loose important aspects of your businesses' promotional strategy if certain employees left? How do you protect your company?
While each situation is different, a strong, and business specific, social media policy can help provide you protection. In those instances where substantial company followings and promotion are developed through social media, it is especially important that your policy make clear who owns the accounts being used, who has a right to post on the accounts, and that your company has the right control the accounts, regardless of the content input of employees. These protections can help avoid expensive legal battles if a dispute arises. There are also ways in which policies can make explicitly clear that intellectual property created related to the business of your company during the course of employment is owned by the company. Again, avoiding problems, before they arise, is one of the most important functions of a properly drafted social media policy.
Up next: consideration of the CAN-SPAM Act's application to social media. Can Facebook, Twitter, and Linked-In postings be "spam" under the definition of the Act?
In Maremont, Jill Maremont, an employee of SFDG was an active participant in social media, blogging and posting in her own name, on topics directly related to her employment at SFDG. Through her efforts, Maremont developed a sizable following and those posts inured to the benefit of SFDG. She accessed social media sites through SFDG computers, which stored her passwords.
In September of 2009, Maremont was in an accident which left her incapacitated for an extended period of time, in her absence, employees of SFDG made numerous social media postings promoting SFDG on her behalf, without her permission. Upon discovering this activity, Maremont requested that SFDG refrain from using her accounts. SFDG continued these posts despite Maremont's requests. Maremont brought claims alleging violation of the Lanham Act (false endoresment); Illinois' Right to Publicity Act, and Common Law Right to Privacy claims. Her claims under the Lanham Act and Illinois' Right to Privacy Act, have survived Summary Judgment, and the opinion gives at least some indication that a more specifically pled privacy claim may also have had some traction.
The ultimate resolution of these claims is still to be determined, however, their advancement should give pause to companies whose employees use their own followings on social media to promote company business activities. Could you be exposed to similar claims? Would you loose important aspects of your businesses' promotional strategy if certain employees left? How do you protect your company?
While each situation is different, a strong, and business specific, social media policy can help provide you protection. In those instances where substantial company followings and promotion are developed through social media, it is especially important that your policy make clear who owns the accounts being used, who has a right to post on the accounts, and that your company has the right control the accounts, regardless of the content input of employees. These protections can help avoid expensive legal battles if a dispute arises. There are also ways in which policies can make explicitly clear that intellectual property created related to the business of your company during the course of employment is owned by the company. Again, avoiding problems, before they arise, is one of the most important functions of a properly drafted social media policy.
Up next: consideration of the CAN-SPAM Act's application to social media. Can Facebook, Twitter, and Linked-In postings be "spam" under the definition of the Act?
Thursday, March 31, 2011
The beginning
I guess every blog has to have a start, and this is mine. Sitting in the DFW Airport, drinking a Guinness, watching opening day baseball, looking forward to getting home and seeing my family, and thinking about where the last 2 years has taken me.
About 2 years ago (September 2008) I started exploring the world of Social Media Law. It began in a strange way, there were two hurricanes in St. Louis in a week period, (Ike and Gustav) the second caused a flood at my home, knocked out my phone and computer (and blackberry), left me with 2 feet of water in my living room and I had no means of communication. Stranded at my in-laws that evening (and having a court appearance scheduled for the next morning) I had to find a way to contact some of the attorneys at my office, at home, on a Sunday night to let them (and the Court) know that I would not be in. I knew a couple of them had Facebook accounts...so I signed up.
3 months later, I had reconnected with hundreds of old friends, and saw Social Media as a pretty amazing way to keep in touch with people and hopefully develop my own personal network...but then it got bigger. As Facebook, Twitter, Linked-In, and then Four Square, Gowalla, and the other sites began to grow, I saw a unique opportunity in the law developing. What was essentially an entirely new area of our world was opening up, and growing....fast.
Just a few months later I presented my first CLE (continuing legal education) on Social Media to my firm (Armstrong Teasdale LLP). Soon thereafter a colleague of mine and I were asked to present on Social Media to the local bar association....fast forward 18 more months and I've given presentations all across the country, developed some amazing friendships and embarked on a new practice area that really didn't exist not long ago.
My law firm, allowed me and several others to start what we believe was the first Social Media Practice group in the country, if not the country, at least in Missouri. We've assisted clients with social media polices, training, and generally just provided what we believe is the beginning of an introduction into the growing world of social media law.
I hope this blog allows me to share some of what we've learned, provides a good space for people interested in the law, social media (and occasionally baseball and politics) to bounce ideas off of each other and hopefully learn something in the process. I will try to keep on top of the case law that develops related to social media (next post will be about an interesting case that just came out of Chicago last week) and I hope to be a source to those who are interested in the area. If you hear of something, are interested in the area, or just want to talk baseball, I look forward to talking to you.
About 2 years ago (September 2008) I started exploring the world of Social Media Law. It began in a strange way, there were two hurricanes in St. Louis in a week period, (Ike and Gustav) the second caused a flood at my home, knocked out my phone and computer (and blackberry), left me with 2 feet of water in my living room and I had no means of communication. Stranded at my in-laws that evening (and having a court appearance scheduled for the next morning) I had to find a way to contact some of the attorneys at my office, at home, on a Sunday night to let them (and the Court) know that I would not be in. I knew a couple of them had Facebook accounts...so I signed up.
3 months later, I had reconnected with hundreds of old friends, and saw Social Media as a pretty amazing way to keep in touch with people and hopefully develop my own personal network...but then it got bigger. As Facebook, Twitter, Linked-In, and then Four Square, Gowalla, and the other sites began to grow, I saw a unique opportunity in the law developing. What was essentially an entirely new area of our world was opening up, and growing....fast.
Just a few months later I presented my first CLE (continuing legal education) on Social Media to my firm (Armstrong Teasdale LLP). Soon thereafter a colleague of mine and I were asked to present on Social Media to the local bar association....fast forward 18 more months and I've given presentations all across the country, developed some amazing friendships and embarked on a new practice area that really didn't exist not long ago.
My law firm, allowed me and several others to start what we believe was the first Social Media Practice group in the country, if not the country, at least in Missouri. We've assisted clients with social media polices, training, and generally just provided what we believe is the beginning of an introduction into the growing world of social media law.
I hope this blog allows me to share some of what we've learned, provides a good space for people interested in the law, social media (and occasionally baseball and politics) to bounce ideas off of each other and hopefully learn something in the process. I will try to keep on top of the case law that develops related to social media (next post will be about an interesting case that just came out of Chicago last week) and I hope to be a source to those who are interested in the area. If you hear of something, are interested in the area, or just want to talk baseball, I look forward to talking to you.
Subscribe to:
Posts (Atom)