Showing posts with label Social Media Law. Show all posts
Showing posts with label Social Media Law. Show all posts
Friday, August 26, 2011
Judge Stays Facebook Law
Just found out that a Judge has stayed Missouri's "Facebook law" stating that the law acts to chills teachers’ speech. I have not seen the opinion yet but hope to provide analysis as soon as it is released. bit.ly/nCxAN9
Friday, August 19, 2011
Missouri's Social Media Law -- Update
Missouri's Teacher's union has just filed a 1st Am. suit seeking to overturn Missouri's new Facebook Law. A copy of the MSTA petition to invalidate the Mo FB law can be found at bit.ly/pOKavy
The MSTA issued the following statement with respect to their suit seeking to overturn Missouri's FB Law: “Many of our members are concerned about the unintended consequences of this law, including their ability to monitor their own children’s online activities,” said MSTA Legal Counsel, Gail McCray. “It's vague and more importantly, we believe it violates the constitutional rights of educators.”
The MSTA issued the following statement with respect to their suit seeking to overturn Missouri's FB Law: “Many of our members are concerned about the unintended consequences of this law, including their ability to monitor their own children’s online activities,” said MSTA Legal Counsel, Gail McCray. “It's vague and more importantly, we believe it violates the constitutional rights of educators.”
Sunday, August 14, 2011
Social Media Law: Who should be drafting your State's laws, (or your Company's policy)?
As social media begins to enter its adolescence it is not surprising that we are beginning to see legislation specifically directed at interaction on social media, the platforms themselves, and their rapidly expanding use in many varying areas of our life. One of those laws which has engendered a wide range of debate is Missouri Senate Bill No. 54 which was unanimously approved by the Senate on April 7, and recently signed into law by Governor Nixon. The legislation will go into effect August 28.
I've deliberately held off writing about Missouri's new law until now because I was curious to see what the initial reaction would be. Not unexpectedly (although I expect some in the Missouri legislature did not foresee this amount of uproar over what they thought was a child protection bill) this law has proven to be controversial. While I have not spoken to the bill's author, Sen. Jane Cunningham, I have little doubt that her efforts in passing the "Amy Hestir Studen Protection Act" were well meaning. Sen. Cunningham's website touts that she has "fought for this legislation for our children for five years" and that "this legislation is vital to protect our children from sexual predators in our schools" While one could debate whether the law actually serves to accomplish its stated goal(over 75% of child abuse actually occurs at home, not by educators)(2009 Childwelfare Public Fact Sheet ), or whether it potentially stifles the learning environment, I believe Sen. Cunningham's well meaning attempt to protect children may provide a glimpse of the challenges that the future regulation of social media will face.
Initially, it should be stated that the legislative process (and the court system for that matter) is somewhat ill-equipped to handle the rapidly changing world of social media. As Sen. Cunningham's statement indicates, she had been working on this legislation for over five years. At that time, Facebook had been open to the general public for less than a year and Twitter had only recently launched. When she initially envisioned the legislation, Sen. Cunningham could not have hoped to foresee the cultural impact that these services would have. Laws that attempt to address social media should keep this reality in mind.
In considering the ramifications of Missouri's law, it is helpful to consider the bill itself. The applicable text of Senate Bill 54 is relatively short and reads as follows:
1. Every school district shall, by January 1, 2012, promulgate a written policy concerning teacher-student communication and employee-student communication. Such policy shall contain at least the following elements:
(1) Appropriate oral and nonverbal personal communication, which may be combined with or included in any policy on sexual harassment; and
(2) Appropriate use of electronic media such as text messaging and internet sites for both instructional and personal purposes, with an element concerning use of social networking sites no less stringent than the provisions of subsections 2, 3, and 4 of this section.
I've deliberately held off writing about Missouri's new law until now because I was curious to see what the initial reaction would be. Not unexpectedly (although I expect some in the Missouri legislature did not foresee this amount of uproar over what they thought was a child protection bill) this law has proven to be controversial. While I have not spoken to the bill's author, Sen. Jane Cunningham, I have little doubt that her efforts in passing the "Amy Hestir Studen Protection Act" were well meaning. Sen. Cunningham's website touts that she has "fought for this legislation for our children for five years" and that "this legislation is vital to protect our children from sexual predators in our schools" While one could debate whether the law actually serves to accomplish its stated goal(over 75% of child abuse actually occurs at home, not by educators)(2009 Childwelfare Public Fact Sheet ), or whether it potentially stifles the learning environment, I believe Sen. Cunningham's well meaning attempt to protect children may provide a glimpse of the challenges that the future regulation of social media will face.
Initially, it should be stated that the legislative process (and the court system for that matter) is somewhat ill-equipped to handle the rapidly changing world of social media. As Sen. Cunningham's statement indicates, she had been working on this legislation for over five years. At that time, Facebook had been open to the general public for less than a year and Twitter had only recently launched. When she initially envisioned the legislation, Sen. Cunningham could not have hoped to foresee the cultural impact that these services would have. Laws that attempt to address social media should keep this reality in mind.
In considering the ramifications of Missouri's law, it is helpful to consider the bill itself. The applicable text of Senate Bill 54 is relatively short and reads as follows:
1. Every school district shall, by January 1, 2012, promulgate a written policy concerning teacher-student communication and employee-student communication. Such policy shall contain at least the following elements:
(1) Appropriate oral and nonverbal personal communication, which may be combined with or included in any policy on sexual harassment; and
(2) Appropriate use of electronic media such as text messaging and internet sites for both instructional and personal purposes, with an element concerning use of social networking sites no less stringent than the provisions of subsections 2, 3, and 4 of this section.
2. As used in this section, the following terms shall mean:
(1) "Exclusive access", the information on the website is available only to the owner (teacher) and user (student) by mutual explicit consent and where third parties have no access to the information on the website absent an explicit consent agreement with the owner (teacher);
RSMo 162.069
While I commend Sen. Cunningham for the bill's recognition that social media policies are an integral part of any organization's social media efforts, I believe that the law should serve as a warning to those of us who practice in the social medial sphere (and also to those who seek to write laws related to social media in the future) that many of our current legislators are not be experienced in social media and may not realize the ultimate ramifications of the laws they propose.
Social media, chat rooms, blogs, and instant messaging are no longer the realm of tech aficionados and teenagers. These channels now provide a means for efficient, and often enhanced, communication to a broad array of individuals and industries. From the mass communicative capabilities of Twitter to the relatively focused "circles" available at Google+, social media has the potential to provide heretofore unknown educational and commercial opportunities. Laws that ban and/or strictly limit the use of social media serve to stifle those opportunities.
While defenders of this law have stated that its intent is not to prohibit the use of Facebook by educators, its seemingly broad, and under defined terms will likely serve to have that effect. By proclaiming that no teacher shall use an internet site unless such sight is available to school administrators and legal guardians, and that no teacher shall use a nonwork related site which allows exclusive access with a student, by its express terms, the law appears to foreclose many social media applications. Almost all sites "allow" exclusive communications, whether by direct message, chat, or other means. Without further clarification, the law as currently written, will likely deter many educators from taking advantage of social media's potentially enormous educational value.
Those who regularly participate in social media understand the benefits that it can provide, some of which we are only now beginning to appreciate. Companies are using social media to interact with their customers through forms of direct marketing and advertising which was previously impossible. Educators (when not stifled by overly restrictive laws) are forming collaborative groups both with other teachers and also with students which allow all to interact in real time in on-line after-class discussions. Customers are able to provide direct feedback, and receive personalized responses. Students have (or had) the opportunity to ask that question (that they were afraid to ask in class) through a medium in which they were more comfortable. When drafting laws, or social media policies, the vast potential of social media should be considered just as thoroughly as any potential pitfalls.
Because these areas are rapidly changing, and because legislators, or those drafting policies for your organization, may not be as familiar with social media, it is vitally important to engage those fluent in the medium when drafting rules that will effect social media. Include members of your marketing, advertising, and public relations staff in your discussions, and be sure to seek out members of your organization that are active, both personally and professionally, on social media. These are the people who will understand the actual ramifications of the policies that your are proposing and may also be able to provide you with more efficient and effective means to accomplish your goals without stifling social media's benefits. If the people who are writing your policies, (or your State's legislation) aren't actively engaged in social media, they may not see the potential benefits that overly restrictive policies can preclude.
Let me know what you think.
Craig Moore
(2) "Former student", any person who was at one time a student at the school at which the teacher is employed and who is eighteen years of age or less and who has not graduated;
(3) "Nonwork-related internet site", any internet website or web page used by a teacher primarily for personal purposes and not for educational purposes;
(4) "Work-related internet site", any internet website or web pages used by a teacher for educational purposes.
3. No teacher shall establish, maintain, or use a work-related internet site unless such site is available to school administrators and the child's legal custodian, physical custodian, or legal guardian.
4. No teacher shall establish, maintain, or use a nonwork-related internet site which allows exclusive access with a current or former student. Nothing in this subsection shall be construed as prohibiting a teacher from establishing a nonwork related internet site, provided the site is used in accordance with this section.
5. Every school district shall, by July 1, 2012, include in its teacher and employee training, a component that provides up-to-date and reliable information on identifying signs of sexual abuse in children and danger signals of potentially abusive relationships between children and adults. The training shall emphasize the importance of mandatory reporting of abuse under section 210.115 including the obligation of mandated reporters to report suspected abuse by other mandated reporters, and how to establish an atmosphere of trust so that students feel their school has concerned adults with whom they feel comfortable discussing matters related to abuse.
RSMo 162.069
While I commend Sen. Cunningham for the bill's recognition that social media policies are an integral part of any organization's social media efforts, I believe that the law should serve as a warning to those of us who practice in the social medial sphere (and also to those who seek to write laws related to social media in the future) that many of our current legislators are not be experienced in social media and may not realize the ultimate ramifications of the laws they propose.
Social media, chat rooms, blogs, and instant messaging are no longer the realm of tech aficionados and teenagers. These channels now provide a means for efficient, and often enhanced, communication to a broad array of individuals and industries. From the mass communicative capabilities of Twitter to the relatively focused "circles" available at Google+, social media has the potential to provide heretofore unknown educational and commercial opportunities. Laws that ban and/or strictly limit the use of social media serve to stifle those opportunities.
While defenders of this law have stated that its intent is not to prohibit the use of Facebook by educators, its seemingly broad, and under defined terms will likely serve to have that effect. By proclaiming that no teacher shall use an internet site unless such sight is available to school administrators and legal guardians, and that no teacher shall use a nonwork related site which allows exclusive access with a student, by its express terms, the law appears to foreclose many social media applications. Almost all sites "allow" exclusive communications, whether by direct message, chat, or other means. Without further clarification, the law as currently written, will likely deter many educators from taking advantage of social media's potentially enormous educational value.
Those who regularly participate in social media understand the benefits that it can provide, some of which we are only now beginning to appreciate. Companies are using social media to interact with their customers through forms of direct marketing and advertising which was previously impossible. Educators (when not stifled by overly restrictive laws) are forming collaborative groups both with other teachers and also with students which allow all to interact in real time in on-line after-class discussions. Customers are able to provide direct feedback, and receive personalized responses. Students have (or had) the opportunity to ask that question (that they were afraid to ask in class) through a medium in which they were more comfortable. When drafting laws, or social media policies, the vast potential of social media should be considered just as thoroughly as any potential pitfalls.
Because these areas are rapidly changing, and because legislators, or those drafting policies for your organization, may not be as familiar with social media, it is vitally important to engage those fluent in the medium when drafting rules that will effect social media. Include members of your marketing, advertising, and public relations staff in your discussions, and be sure to seek out members of your organization that are active, both personally and professionally, on social media. These are the people who will understand the actual ramifications of the policies that your are proposing and may also be able to provide you with more efficient and effective means to accomplish your goals without stifling social media's benefits. If the people who are writing your policies, (or your State's legislation) aren't actively engaged in social media, they may not see the potential benefits that overly restrictive policies can preclude.
Let me know what you think.
Craig Moore
Monday, April 25, 2011
Social Media Posts: What do you do with a "bad" post?
Businesses that are considering using social media often spend an inordinate amount of time worrying about what can go wrong. From the disgruntled customer, to the misguided employee, to the inarticulate spokesperson, there are indeed many things that can go "wrong" when using social media, however, the mere possibility that something could go wrong does not mean your company should go running for the exits.
In truth, things can go "wrong" in almost any area of your business and the mere fact that it occurs on social media has little to do with the media itself. When an employee goes AWOL and posts inappropriate or unflattering content, it has been said that "you don't have a social media problem, you have a hiring problem." Similarly, staying off of social media due to concerns that a customer may say something unflattering is really akin to stating that your business is unwilling to address complaints. (Thanks to Amber Naslund and Jay Baer authors of The Now Revolution, and a TWISML Hat tip preview). In reality, these issues are human resource and customer service problems which every business must address in one form or another. Social media just serves to magnify the problems.
An interesting area where these issues find an interplay with the law is what you do with "bad" posts once they are out there. While at first, it may seem reflexive to delete the post (if you are able), in many instances it might not be that simple.
A recent tragic case arising out of a dorm room incident at Rutgers University has brought about some potentially significant developments in this area of social media law. The case out of Rutgers arose when Dharun Ravi allegedly videoed his roommate Tyler Clementi's relationship with another student via webcam and distributed a link to that webcam via social media. After Clementi learned that his relationship had been broadcast he tragically took his own life. Charges were initially brought against Mr. Ravi alleging counts related to invasion of privacy. While these facts are tragic, what is particularly interesting when considering the application to social media law is that Ravi was also recently charged with tampering with evidence. (For a more detailed account of the incident, see article by Beth DeFalco of the AP Roommate charged with hate crime in N.J. Suicide).
While on its face, this case may seem unrelated to a business' use of social media, the tampering with evidence charges may provide a window into future developments. As with the evidence in this criminal case, a business that knows civil litigation is likely to arise has a duty to refrain from destroying relevant evidence. While, initially, it may seem perfectly reasonable for a business to delete offensive posts, or remove client complaints, this duty to preserve evidence makes it advisable to consider whether the post potentially relates to a larger legal issue.
Although these evidentiary considerations present potential problems, they do not mean that troublesome posts must be left up indefinitely. Even though the law directly relating to this kind of material is in many respects still being written, a business can provide itself with an added layer or protection through the use of a properly crafted social media policy. Addressing how your business will deal with this sort of material, setting up procedures on how to retain/store relevant posts, training employees on how to deal with these issues, and taking proper measures to ensure that you do not run afoul of the evidence tampering laws are all fairly easy ways to protect your business. As with many other legal issues, proper planning on the front end can help minor legal problems from developing in to major legal disasters.
Let me know what you think.
In truth, things can go "wrong" in almost any area of your business and the mere fact that it occurs on social media has little to do with the media itself. When an employee goes AWOL and posts inappropriate or unflattering content, it has been said that "you don't have a social media problem, you have a hiring problem." Similarly, staying off of social media due to concerns that a customer may say something unflattering is really akin to stating that your business is unwilling to address complaints. (Thanks to Amber Naslund and Jay Baer authors of The Now Revolution, and a TWISML Hat tip preview). In reality, these issues are human resource and customer service problems which every business must address in one form or another. Social media just serves to magnify the problems.
An interesting area where these issues find an interplay with the law is what you do with "bad" posts once they are out there. While at first, it may seem reflexive to delete the post (if you are able), in many instances it might not be that simple.
A recent tragic case arising out of a dorm room incident at Rutgers University has brought about some potentially significant developments in this area of social media law. The case out of Rutgers arose when Dharun Ravi allegedly videoed his roommate Tyler Clementi's relationship with another student via webcam and distributed a link to that webcam via social media. After Clementi learned that his relationship had been broadcast he tragically took his own life. Charges were initially brought against Mr. Ravi alleging counts related to invasion of privacy. While these facts are tragic, what is particularly interesting when considering the application to social media law is that Ravi was also recently charged with tampering with evidence. (For a more detailed account of the incident, see article by Beth DeFalco of the AP Roommate charged with hate crime in N.J. Suicide).
While on its face, this case may seem unrelated to a business' use of social media, the tampering with evidence charges may provide a window into future developments. As with the evidence in this criminal case, a business that knows civil litigation is likely to arise has a duty to refrain from destroying relevant evidence. While, initially, it may seem perfectly reasonable for a business to delete offensive posts, or remove client complaints, this duty to preserve evidence makes it advisable to consider whether the post potentially relates to a larger legal issue.
Although these evidentiary considerations present potential problems, they do not mean that troublesome posts must be left up indefinitely. Even though the law directly relating to this kind of material is in many respects still being written, a business can provide itself with an added layer or protection through the use of a properly crafted social media policy. Addressing how your business will deal with this sort of material, setting up procedures on how to retain/store relevant posts, training employees on how to deal with these issues, and taking proper measures to ensure that you do not run afoul of the evidence tampering laws are all fairly easy ways to protect your business. As with many other legal issues, proper planning on the front end can help minor legal problems from developing in to major legal disasters.
Let me know what you think.
Monday, April 18, 2011
Is Social Media information "valuable property"?
An interesting question was raised last week Claridge v. Rockyou, Inc. ((2011 WL 1361588 (N.D.Cal.)): Is the personally identifiable information ("PII") submitted to social media sights "valuable property"? Assuming the answer to this question is yes, an interesting corollary to the question, from a privacy perspective is: What are you doing to protect this valuable property? How your company answers both of these questions could have serious consequences.
THE CASE:
Here's what happened: RockYou develops and distributes applications and services for use on social media sites. Among the applications developed by RockYou are Gourmet Ranch and Zoo World. When customers sign up to use RockYou's applications, they are asked to provide an e-mail address, and registration password which RockYou stores. In certain instances, RockYou also requires customers to provide user names and password information necessary for accessing social media sites.
The Plaintiff, a registered account holder with RockYou, brought suit alleging that RockYou failed to secure and safeguard Plaintiffs PII, including email, passwords, and social media login credentials. Plaintiff alleged that while RockYou promised to safeguard user sensitive PII through a policy which stated that "RockYou! uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your information..." RockYou instead stored PII in clear or plain text which provided no encryption and easily allowed intruders to read and remove the information. Plaintiffs PII was therefore easily accessible to anyone with a minimal amount of hacking ability (of which this author has none).
Plaintiff alleged that instead of leaving the barn door open (to steal a phrase from Gourmet Ranch) RockYou could have followed any one of a number of commonly used methods of protecting PII.
While after reading the opinion, one wonders whether this initial security failure would have been enough to let the matter move forward, if Plaintiff's allegations are true, RockYou likely did not help itself when it delayed in responding to the warnings of a noted online security firm that there was a problem with its database. Specifically, the firm informed RockYou of a SQL injeciton flaw which would allow a hacker to introduce malicious code into a company's network. At some point it was alleged that at least one known hacker accessed the database and copied the email and social networking login credentials of approximately 32 million users.
Plaintiff alleged nine separate causes of action: 1) Violation of the Stored Communications Act 18 U.S.C. Section 2702; 2) Violation of California's Unfair Competition Law, Cal. Bus. & Prof. Code Section 17200; 3) Violation of California's computer Crime Law, Cal. Penal Code Section 502; 4) Violation of the California Consumer Legal Remedies Act, Cal. Civ. code Section 1750; 5) Breach of Contract; 6) Breach of implied covenant of good faith and fair dealing; 7) Breach of implied contracts; 8) negligence; and 9) negligence per se. The Court dismissed the majority of these claims, but allowed Plaintiff's breach of contract, implied contract, and negligence based counts to survive.
In allowing these counts to survive, the Court recognized the issue as whether the plaintiff had sufficiently alleged any actionable harm or concrete loss. Plaintiff's general allegations were that defendant's customers paid for its products and services by providing their PII, and that the PII constitutes valuable property that is exchanged not only for defendant's products and services, but also in exchange for defendant's promise to employ commercially reasonable methods to safeguard the PII that is exchanged. As a result, defendant's role in allegedly contributing to the breach of plaintiff's PII caused plaintiff to lose the ‘value’ of their PII, in the form of their breached personal data. See Claridge *4-5.
While the Court recognized that this theory was novel, it declined to hold as a matter of law that Plaintiff failed to allege an injury. Moreover, the Court specifically noted that the unauthorized disclosure of personal information via the Internet is itself relatively new, and likely to raise issues of law not yet settled by the courts. Finding that the Plaintiff's allegations of harm were sufficient to allege a generalized injury in fact, the case was allowed to move forward.
WHY IS THIS IMPORTANT?:The reason that I find this case particularly interesting is the potential messages that it sends to those companies who possess customer PII. While it is unquestionable that it is a good business practice to protect all client data, did RockYou open itself up to additional exposure by expressly promising to do so? Would the Court have found the same potential liability without the express provisions cited by the Plaintiff?(The breach of contract claim surely would have been more difficult to prove.) Would the claim have been different if RockYou had heeded the warnings of the security firm? What if it had basic protections that were nonetheless breached? An even more interesting question is whether the negligence claims would have been allowed to move forward even without the express promises of safety.
Another emerging issue which this case, and those that will surely follow behind it, could have an impact on is how the log on and user information for social media accounts is considered in the employee/employer environment. If this sort of PII is found to be valuable property does that have an effect upon who retains it when an employer/employee relationship ends? What about "personal" blogs which are directly business focused? Is the lined blurred?
Once again, its important to note that as this is still a rapidly developing area, many of these questions have not been definitively answered by the Courts. While they may not solve every problem, having policies and procedures can provide you with a leg up if and when the issue heads before a Court. (Imagine if RockYou had also had a line in their disclosures which said something along the lines of "PII Submitted to this site is NOT valuable property for the purposes of calculating legal damages...would that have helped?) The intersection of Privacy law and Social Media is sure to be a hot area for litigation for years to come.
Let me know what you think.
THE CASE:
Here's what happened: RockYou develops and distributes applications and services for use on social media sites. Among the applications developed by RockYou are Gourmet Ranch and Zoo World. When customers sign up to use RockYou's applications, they are asked to provide an e-mail address, and registration password which RockYou stores. In certain instances, RockYou also requires customers to provide user names and password information necessary for accessing social media sites.
The Plaintiff, a registered account holder with RockYou, brought suit alleging that RockYou failed to secure and safeguard Plaintiffs PII, including email, passwords, and social media login credentials. Plaintiff alleged that while RockYou promised to safeguard user sensitive PII through a policy which stated that "RockYou! uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your information..." RockYou instead stored PII in clear or plain text which provided no encryption and easily allowed intruders to read and remove the information. Plaintiffs PII was therefore easily accessible to anyone with a minimal amount of hacking ability (of which this author has none).
Plaintiff alleged that instead of leaving the barn door open (to steal a phrase from Gourmet Ranch) RockYou could have followed any one of a number of commonly used methods of protecting PII.
While after reading the opinion, one wonders whether this initial security failure would have been enough to let the matter move forward, if Plaintiff's allegations are true, RockYou likely did not help itself when it delayed in responding to the warnings of a noted online security firm that there was a problem with its database. Specifically, the firm informed RockYou of a SQL injeciton flaw which would allow a hacker to introduce malicious code into a company's network. At some point it was alleged that at least one known hacker accessed the database and copied the email and social networking login credentials of approximately 32 million users.
Plaintiff alleged nine separate causes of action: 1) Violation of the Stored Communications Act 18 U.S.C. Section 2702; 2) Violation of California's Unfair Competition Law, Cal. Bus. & Prof. Code Section 17200; 3) Violation of California's computer Crime Law, Cal. Penal Code Section 502; 4) Violation of the California Consumer Legal Remedies Act, Cal. Civ. code Section 1750; 5) Breach of Contract; 6) Breach of implied covenant of good faith and fair dealing; 7) Breach of implied contracts; 8) negligence; and 9) negligence per se. The Court dismissed the majority of these claims, but allowed Plaintiff's breach of contract, implied contract, and negligence based counts to survive.
In allowing these counts to survive, the Court recognized the issue as whether the plaintiff had sufficiently alleged any actionable harm or concrete loss. Plaintiff's general allegations were that defendant's customers paid for its products and services by providing their PII, and that the PII constitutes valuable property that is exchanged not only for defendant's products and services, but also in exchange for defendant's promise to employ commercially reasonable methods to safeguard the PII that is exchanged. As a result, defendant's role in allegedly contributing to the breach of plaintiff's PII caused plaintiff to lose the ‘value’ of their PII, in the form of their breached personal data. See Claridge *4-5.
While the Court recognized that this theory was novel, it declined to hold as a matter of law that Plaintiff failed to allege an injury. Moreover, the Court specifically noted that the unauthorized disclosure of personal information via the Internet is itself relatively new, and likely to raise issues of law not yet settled by the courts. Finding that the Plaintiff's allegations of harm were sufficient to allege a generalized injury in fact, the case was allowed to move forward.
WHY IS THIS IMPORTANT?:The reason that I find this case particularly interesting is the potential messages that it sends to those companies who possess customer PII. While it is unquestionable that it is a good business practice to protect all client data, did RockYou open itself up to additional exposure by expressly promising to do so? Would the Court have found the same potential liability without the express provisions cited by the Plaintiff?(The breach of contract claim surely would have been more difficult to prove.) Would the claim have been different if RockYou had heeded the warnings of the security firm? What if it had basic protections that were nonetheless breached? An even more interesting question is whether the negligence claims would have been allowed to move forward even without the express promises of safety.
Another emerging issue which this case, and those that will surely follow behind it, could have an impact on is how the log on and user information for social media accounts is considered in the employee/employer environment. If this sort of PII is found to be valuable property does that have an effect upon who retains it when an employer/employee relationship ends? What about "personal" blogs which are directly business focused? Is the lined blurred?
Once again, its important to note that as this is still a rapidly developing area, many of these questions have not been definitively answered by the Courts. While they may not solve every problem, having policies and procedures can provide you with a leg up if and when the issue heads before a Court. (Imagine if RockYou had also had a line in their disclosures which said something along the lines of "PII Submitted to this site is NOT valuable property for the purposes of calculating legal damages...would that have helped?) The intersection of Privacy law and Social Media is sure to be a hot area for litigation for years to come.
Let me know what you think.
Monday, April 11, 2011
Be careful what you ask for...you just might get it.
It continues to be readily apparent that companies are struggling to find exactly where the line should be drawn between appropriate social media policy enforcement and the rights of workers under the NLRA.
On April 6, social media legal circles were all a 'twitter' upon the announcement that the NLRB will issue a complaint against Thompson Reuters due to its "discussion" with an employee after what Reuters believed was a questionable Twitter post. While it is believed that this is the first NLRB action related to Twitter, it comes right on the heals of the settlement of the claim related to the firing of Dawnmarie Souza by American Medial Response of Connecticut, for statements made about her supervisor on Facebook. As the Souza case was settled prior to the entry of a formal decision, this case presents one of the first opportunities for a formal line in the sand to be drawn with respect to the proper enforcement of Social Media policies and an employee's rights to criticize an employer through social media.
Here, Reuters, in what appears to have been an attempt to start a positive conversation on how Reuters could make itself "the best place to work," asked employees for comments via Twitter on what it could do to improve. Taking the opportunity presented, Reuters environmental reporter Deborah Zabrenko (@dzabarenko) tweeted that "One way to make this the best place to work is to deal honestly with Guild members."
Soon after posting the tweet, Ms. Zabarenko received a call, at home, informing her that her post had violated a Reuters policy that employees were not to say anything publicly that could damage the reputation of Reuters. Ms. Zabarenko raised the issue of intimidation and the NLRB is now suing Reuters for violation of a workers right to discuss working conditions (which, ironically is exactly what Reuters asked its workers to do when it asked for suggestions on how to make Reuters the best place to work).
While I'm not an NLRA, or employment law expert, this does strike me as an interesting case. The issues presented in the Facebook/Souza claim (calling supervisor the equivalent of a mental patient) seemed much farther removed from legitimate criticism of the working environment than those present here. Although I won't pretend to predict the ultimate outcome of the claim, it provides another example of how social media continues to vex even those companies that are trying to take advantage of the medium.
In some respects, I have to commend Reuters for using social media to ask the question: "How can we make this the best place to work," as that is exactly the kind of conversation that can be constructive via social media, but in using social media, you have to be prepared for answers that you sometimes don't like. This is not to say that employees have a free reign with their social media comments, they don't, and sometimes what you say can and should have repercussions, but knowing what sort of statements are actionable is essential. What is important is that your company have a well thought out social media policy which considers these issues before they become legal problems, and that those enforcing your social media policy know and understand the ramifications of their actions in enforcing the policy.
On April 6, social media legal circles were all a 'twitter' upon the announcement that the NLRB will issue a complaint against Thompson Reuters due to its "discussion" with an employee after what Reuters believed was a questionable Twitter post. While it is believed that this is the first NLRB action related to Twitter, it comes right on the heals of the settlement of the claim related to the firing of Dawnmarie Souza by American Medial Response of Connecticut, for statements made about her supervisor on Facebook. As the Souza case was settled prior to the entry of a formal decision, this case presents one of the first opportunities for a formal line in the sand to be drawn with respect to the proper enforcement of Social Media policies and an employee's rights to criticize an employer through social media.
Here, Reuters, in what appears to have been an attempt to start a positive conversation on how Reuters could make itself "the best place to work," asked employees for comments via Twitter on what it could do to improve. Taking the opportunity presented, Reuters environmental reporter Deborah Zabrenko (@dzabarenko) tweeted that "One way to make this the best place to work is to deal honestly with Guild members."
Soon after posting the tweet, Ms. Zabarenko received a call, at home, informing her that her post had violated a Reuters policy that employees were not to say anything publicly that could damage the reputation of Reuters. Ms. Zabarenko raised the issue of intimidation and the NLRB is now suing Reuters for violation of a workers right to discuss working conditions (which, ironically is exactly what Reuters asked its workers to do when it asked for suggestions on how to make Reuters the best place to work).
While I'm not an NLRA, or employment law expert, this does strike me as an interesting case. The issues presented in the Facebook/Souza claim (calling supervisor the equivalent of a mental patient) seemed much farther removed from legitimate criticism of the working environment than those present here. Although I won't pretend to predict the ultimate outcome of the claim, it provides another example of how social media continues to vex even those companies that are trying to take advantage of the medium.
In some respects, I have to commend Reuters for using social media to ask the question: "How can we make this the best place to work," as that is exactly the kind of conversation that can be constructive via social media, but in using social media, you have to be prepared for answers that you sometimes don't like. This is not to say that employees have a free reign with their social media comments, they don't, and sometimes what you say can and should have repercussions, but knowing what sort of statements are actionable is essential. What is important is that your company have a well thought out social media policy which considers these issues before they become legal problems, and that those enforcing your social media policy know and understand the ramifications of their actions in enforcing the policy.
Wednesday, April 6, 2011
This week in Social Media Law: The Title
As I think about it more I guess a little background to the title of this blog may be in order.
Growing up a baseball addict in the age before the internet and ESPN's constant highlight shows (Harry Caray and Steve Stone were my constant companions after school throughout the 80s....those 3:05 start times at Wrigley before the lights were my favorite), I had one program that I couldn't miss on a weekly basis. This Week in Baseball. Mel Allen's distinctive voice brought tales of the American League and the rest of baseball that I rarely had an opportunity to follow, and generally provided a good overview of what had happend in my favorite sport the week before.
That's what I hope to be able to provide for the world of Social Media Law in this blog.
No doubt, there will be developments that merit more timely posts, and sometimes I'll just feel like throwing something out there for discussion, but I hope that on a weekly basis, every Monday, I'll be able to provide a good overview of the week that was in Social Media Law.
If there are areas of the law related to social media that you would like to see covered, topics that you find interesting, issues that you think could present problems to individuals, companies, or lawyers as they plod their way through what I think will be a very exciting area of the law over the coming years, or just something in Social Media that makes you say "How about that!"(Allen's signature call) please share...I'm happy to do the research and provide a place for the conversation to take place, I may not always agree with everything that's out there, but I'm interested in the conversation.
Let me know what you think.
Growing up a baseball addict in the age before the internet and ESPN's constant highlight shows (Harry Caray and Steve Stone were my constant companions after school throughout the 80s....those 3:05 start times at Wrigley before the lights were my favorite), I had one program that I couldn't miss on a weekly basis. This Week in Baseball. Mel Allen's distinctive voice brought tales of the American League and the rest of baseball that I rarely had an opportunity to follow, and generally provided a good overview of what had happend in my favorite sport the week before.
That's what I hope to be able to provide for the world of Social Media Law in this blog.
No doubt, there will be developments that merit more timely posts, and sometimes I'll just feel like throwing something out there for discussion, but I hope that on a weekly basis, every Monday, I'll be able to provide a good overview of the week that was in Social Media Law.
If there are areas of the law related to social media that you would like to see covered, topics that you find interesting, issues that you think could present problems to individuals, companies, or lawyers as they plod their way through what I think will be a very exciting area of the law over the coming years, or just something in Social Media that makes you say "How about that!"(Allen's signature call) please share...I'm happy to do the research and provide a place for the conversation to take place, I may not always agree with everything that's out there, but I'm interested in the conversation.
Let me know what you think.
Monday, April 4, 2011
Impersonating an employee: New and exciting ways businesses are getting into trouble via social media
A recent case out of Chicago, Illinois (Maremont v. Susan Fredman Design Group, 2011 WL 902444, 3-15-2011) exemplifies how businesses are struggling to adapt to the legal issues presented through their use of social media. While on its face, the issue at the heart of this case may seem obvious, in practice there can be many very difficult issues...is your company ready?
In Maremont, Jill Maremont, an employee of SFDG was an active participant in social media, blogging and posting in her own name, on topics directly related to her employment at SFDG. Through her efforts, Maremont developed a sizable following and those posts inured to the benefit of SFDG. She accessed social media sites through SFDG computers, which stored her passwords.
In September of 2009, Maremont was in an accident which left her incapacitated for an extended period of time, in her absence, employees of SFDG made numerous social media postings promoting SFDG on her behalf, without her permission. Upon discovering this activity, Maremont requested that SFDG refrain from using her accounts. SFDG continued these posts despite Maremont's requests. Maremont brought claims alleging violation of the Lanham Act (false endoresment); Illinois' Right to Publicity Act, and Common Law Right to Privacy claims. Her claims under the Lanham Act and Illinois' Right to Privacy Act, have survived Summary Judgment, and the opinion gives at least some indication that a more specifically pled privacy claim may also have had some traction.
The ultimate resolution of these claims is still to be determined, however, their advancement should give pause to companies whose employees use their own followings on social media to promote company business activities. Could you be exposed to similar claims? Would you loose important aspects of your businesses' promotional strategy if certain employees left? How do you protect your company?
While each situation is different, a strong, and business specific, social media policy can help provide you protection. In those instances where substantial company followings and promotion are developed through social media, it is especially important that your policy make clear who owns the accounts being used, who has a right to post on the accounts, and that your company has the right control the accounts, regardless of the content input of employees. These protections can help avoid expensive legal battles if a dispute arises. There are also ways in which policies can make explicitly clear that intellectual property created related to the business of your company during the course of employment is owned by the company. Again, avoiding problems, before they arise, is one of the most important functions of a properly drafted social media policy.
Up next: consideration of the CAN-SPAM Act's application to social media. Can Facebook, Twitter, and Linked-In postings be "spam" under the definition of the Act?
In Maremont, Jill Maremont, an employee of SFDG was an active participant in social media, blogging and posting in her own name, on topics directly related to her employment at SFDG. Through her efforts, Maremont developed a sizable following and those posts inured to the benefit of SFDG. She accessed social media sites through SFDG computers, which stored her passwords.
In September of 2009, Maremont was in an accident which left her incapacitated for an extended period of time, in her absence, employees of SFDG made numerous social media postings promoting SFDG on her behalf, without her permission. Upon discovering this activity, Maremont requested that SFDG refrain from using her accounts. SFDG continued these posts despite Maremont's requests. Maremont brought claims alleging violation of the Lanham Act (false endoresment); Illinois' Right to Publicity Act, and Common Law Right to Privacy claims. Her claims under the Lanham Act and Illinois' Right to Privacy Act, have survived Summary Judgment, and the opinion gives at least some indication that a more specifically pled privacy claim may also have had some traction.
The ultimate resolution of these claims is still to be determined, however, their advancement should give pause to companies whose employees use their own followings on social media to promote company business activities. Could you be exposed to similar claims? Would you loose important aspects of your businesses' promotional strategy if certain employees left? How do you protect your company?
While each situation is different, a strong, and business specific, social media policy can help provide you protection. In those instances where substantial company followings and promotion are developed through social media, it is especially important that your policy make clear who owns the accounts being used, who has a right to post on the accounts, and that your company has the right control the accounts, regardless of the content input of employees. These protections can help avoid expensive legal battles if a dispute arises. There are also ways in which policies can make explicitly clear that intellectual property created related to the business of your company during the course of employment is owned by the company. Again, avoiding problems, before they arise, is one of the most important functions of a properly drafted social media policy.
Up next: consideration of the CAN-SPAM Act's application to social media. Can Facebook, Twitter, and Linked-In postings be "spam" under the definition of the Act?
Thursday, March 31, 2011
The beginning
I guess every blog has to have a start, and this is mine. Sitting in the DFW Airport, drinking a Guinness, watching opening day baseball, looking forward to getting home and seeing my family, and thinking about where the last 2 years has taken me.
About 2 years ago (September 2008) I started exploring the world of Social Media Law. It began in a strange way, there were two hurricanes in St. Louis in a week period, (Ike and Gustav) the second caused a flood at my home, knocked out my phone and computer (and blackberry), left me with 2 feet of water in my living room and I had no means of communication. Stranded at my in-laws that evening (and having a court appearance scheduled for the next morning) I had to find a way to contact some of the attorneys at my office, at home, on a Sunday night to let them (and the Court) know that I would not be in. I knew a couple of them had Facebook accounts...so I signed up.
3 months later, I had reconnected with hundreds of old friends, and saw Social Media as a pretty amazing way to keep in touch with people and hopefully develop my own personal network...but then it got bigger. As Facebook, Twitter, Linked-In, and then Four Square, Gowalla, and the other sites began to grow, I saw a unique opportunity in the law developing. What was essentially an entirely new area of our world was opening up, and growing....fast.
Just a few months later I presented my first CLE (continuing legal education) on Social Media to my firm (Armstrong Teasdale LLP). Soon thereafter a colleague of mine and I were asked to present on Social Media to the local bar association....fast forward 18 more months and I've given presentations all across the country, developed some amazing friendships and embarked on a new practice area that really didn't exist not long ago.
My law firm, allowed me and several others to start what we believe was the first Social Media Practice group in the country, if not the country, at least in Missouri. We've assisted clients with social media polices, training, and generally just provided what we believe is the beginning of an introduction into the growing world of social media law.
I hope this blog allows me to share some of what we've learned, provides a good space for people interested in the law, social media (and occasionally baseball and politics) to bounce ideas off of each other and hopefully learn something in the process. I will try to keep on top of the case law that develops related to social media (next post will be about an interesting case that just came out of Chicago last week) and I hope to be a source to those who are interested in the area. If you hear of something, are interested in the area, or just want to talk baseball, I look forward to talking to you.
About 2 years ago (September 2008) I started exploring the world of Social Media Law. It began in a strange way, there were two hurricanes in St. Louis in a week period, (Ike and Gustav) the second caused a flood at my home, knocked out my phone and computer (and blackberry), left me with 2 feet of water in my living room and I had no means of communication. Stranded at my in-laws that evening (and having a court appearance scheduled for the next morning) I had to find a way to contact some of the attorneys at my office, at home, on a Sunday night to let them (and the Court) know that I would not be in. I knew a couple of them had Facebook accounts...so I signed up.
3 months later, I had reconnected with hundreds of old friends, and saw Social Media as a pretty amazing way to keep in touch with people and hopefully develop my own personal network...but then it got bigger. As Facebook, Twitter, Linked-In, and then Four Square, Gowalla, and the other sites began to grow, I saw a unique opportunity in the law developing. What was essentially an entirely new area of our world was opening up, and growing....fast.
Just a few months later I presented my first CLE (continuing legal education) on Social Media to my firm (Armstrong Teasdale LLP). Soon thereafter a colleague of mine and I were asked to present on Social Media to the local bar association....fast forward 18 more months and I've given presentations all across the country, developed some amazing friendships and embarked on a new practice area that really didn't exist not long ago.
My law firm, allowed me and several others to start what we believe was the first Social Media Practice group in the country, if not the country, at least in Missouri. We've assisted clients with social media polices, training, and generally just provided what we believe is the beginning of an introduction into the growing world of social media law.
I hope this blog allows me to share some of what we've learned, provides a good space for people interested in the law, social media (and occasionally baseball and politics) to bounce ideas off of each other and hopefully learn something in the process. I will try to keep on top of the case law that develops related to social media (next post will be about an interesting case that just came out of Chicago last week) and I hope to be a source to those who are interested in the area. If you hear of something, are interested in the area, or just want to talk baseball, I look forward to talking to you.
Subscribe to:
Posts (Atom)