Since last we visited, your humble Publisher has moved on to the Law Offices of Richard J. Bortnick, where I am Managing Director (very European, if I do say so myself). A number of dedicated readers and friends (you know who you are) have asked what had become of me and why my old email address was no longer effective.

The answer my friend  (apologies to Peter, Paul and Mary) is the Law Offices of Richard J. Bortnick. At the risk of having this viewed as attorney advertising, I will stop there other than to say I also will be signing as a free agent with a Consulting Firm to be named later (but not much later).

So, please feel free to contact me if you want to catch up, engage in intellectual banter (with the exception of Philadelphia sports, where the banter will all be negative) or have some worthwhile humor you’d like to pass along (although it can’t be as good as the material I get from my good friend Jeff). My new email address is rjbortnick@comcast.net (at least for the short term… stay tuned on that too).

Its good to be back. And thanks for all of your kind wishes.

Rick

   Send article as PDF   

The measure of effectiveness of a CEO and its executive board has always been the degree to which the business is achieving its purpose. Whether in Canada, the U.S., Europe or Asia, an executive board’s purpose should be to increase shareholder value, a purpose that is best accomplished by serving the needs of various stakeholders. Somewhere in the pyramid of stakeholders is the consumer or client, whose likes, favorites, and preferences must be met with quality personalized products and services that deliver high competitive value. In an interconnected global knowledge economy, this has meant listening to what consumers are saying online through social media platforms like Facebook and Twitter, and engaging in two-way conversations to respond in real-time to consumer demands.

Read the rest of this entry »

On January 2, 2013 The Department of Health and Human Services (“HHS”) announced that it had entered into a Resolution Agreement with Hospice of North Idaho (“HONI”) to settle alleged HIPAA violations resulting from the theft of an unencrypted laptop computer containing the electronic personal health information of 441 patients.  This is the first HHS settlement involving the breach of protected health information (“PHI”) involving fewer than 500 individuals. 

After being notified by HONI of the stolen laptop, the HHS Office Civil Rights (“OCR”) conducted an investigation and concluded the following: 

• HONI did not conduct an accurate and thorough risk analysis as required by the HIPAA Security Rule, especially with respect to an evaluation of the likelihood and impact of potential risks to the confidentiality of electronic PHI maintained in and transmitted by portable devices.  
• HONI did not have in place police or procedures to address the security of PHI stored or transmitted in portable electronic devices. 

 In entering into the Resolution Agreement, HONI agreed to pay $50,000 and enter into two-year corrective action plan with HHS.  A copy of the Resolution Agreement can be found at:  http://www.hhs.gov.privacy/hipaa/enforcement/examples/honi-agreement.pdf.

 Although this case is unique in that it is the first settlement by HHS of a data breach involving fewer than 500 individuals, the facts that gave rise to the action by HHS are all too familiar.  The breach resulted from the theft of an unencrypted laptop and HHS was troubled by the provider’s alleged lack of a risk analysis and appropriate policies and procedures to protect PHI stored in or transmitted by portable electronic devices.  In this era of increased HIPAA enforcement, covered entities and business associates must remain vigilant in their HIPAA compliance efforts.  This includes, without limitation, (i) conducting thorough risk assessments, (ii) developing and updating robust HIPAA policies and procedures, and (iii) conducting ongoing HIPAA training and awareness programs with all staff.   In essence, affected entities must create what OCR has often referred to as a “culture of compliance.”  Moreover, emphasis should be placed on the use and safeguards of portable electronic devices, which, as in this case, are frequently at the center of a data breach.

   Send article as PDF   

The recent decision The Queen v. Cole by the Supreme Court of Canada touches upon interesting issues regarding information privacy in the digital age.

The facts are simple. An information technologist working at the same high school as Mr. Cole, a teacher, remotely accessed Cole’s history of internet access and one of his drives and found a hidden file which contained nude photographs of a student. The photographs and internet file were copied onto a disc and given to the police, which determined that a search warrant was unnecessary. Cole was subsequently charged with possession of child pornography and fraudulently obtaining data from another computer hard drive. The trial judge excluded the computer material under Sections 8 and 24(2) of the Charter. In overturning the decision, the summary conviction appeal court found no breach of Section 8. This decision was set aside by the Ontario Court of Appeal, which concluded that the evidence of the disc containing the temporary internet files and the laptop computer and its mirror image was excluded. A 6-1 majority ruling by the Supreme Court concluded that the police infringed upon Cole’s rights but upheld the Court of Appeals’ finding that the evidence should not have been excluded from trial.

Read the rest of this entry »

We would like to thank our colleague, Jordan Fox for his invaluable assistance in researching and drafting this article. Jordan is an associate in Cozen O’Connor’s Commercial Litigation Department in Philadelphia and can be reached at jfox@cozen.com. In turn, Tom Wilkinson currently serves as President of the Pennsylvania Bar Association and is co-editor of the Pennsylvania Ethics Handbook, a comprehensive review of the rules of conduct governing lawyers, with extensive citations to case decisions and ethics opinions addressing all aspects of lawyer-client relationships. Tom can be reached at twilkinson@cozen.com.

Thanks guys!

Rick

As users constantly update their Facebook and other social networking profiles, they may be unwittingly doing something else as well: creating a cache of evidence for a future adversary to use against them in discovery and at trial.  Trial courts have increasingly allowed parties to discover the private portions of social networking sites when doing so would likely lead to the disclosure of admissible evidence.[1]  In the common scenario, a party observes information on the public portion of their adversary’s profiles that tends to undercut that adversary’s claims—such as pictures of a plaintiff skiing after claiming to have devastating injuries—and present such information to the court as the “factual predicate” that establishes the potential relevance of the private profile.[2]  While most courts will not allow a party to simply conduct a “fishing expedition” into their adversary’s private digital lives, nor will they declare such information categorically undiscoverable.[3]

Read the rest of this entry »

For those captivated by recent events in astronomy, parallels can be drawn between the recent landing of NASA’s rover Curiosity on planet Mars and the public discourse on data security in Canada. With the distinction that one is effectively equipped with the right budget and tools to achieve its actual objective, both have come a very long way, both have managed to blaze through layers of clouds, both seek to secure ingredients essential to life, and both are now aimlessly wandering about unchartered territories.

A decisive factor in Barrack Obama’s 2008 political campaign was the extensive use of individual, thin sliced consumer data to send highly tailored messages to gain political support. Within 13 years, Google has become the most valuable brand in the world through the aggregation of vast amounts of data including search data, or data held in Gmail accounts. This information is then used to create an advertising cruise missile, which is much more efficient than the old method of pattern bombing.

Read the rest of this entry »

Whether discussing data encryption, network security, or internal data privacy management practices and policies, the most sophisticated IT security protocols, the most learned team of specialists, and the most compliant of data management practices and policies cannot escape, prevent, or remedy what many businesses and organizations have rightly labeled as the root cause of data security failures: human error. While they tend to possess greater network security than smaller organizations, the risk of human error should be of particular a concern to medium and large size organizations whose internal controls over data and employees are inevitably diluted by their size and numbers.

Read the rest of this entry »

Recent unauthorized access to British Columbia Institute of Technology’s computer network, which contained personal medical information of approximately 12,680 individuals, is yet another reminder of risks of exposure to data breaches. That none of the data on BCIT’s computer network was compromised or misused is reflective of a low-profile non-hacker intrusion, and of the ease with which computer networks can be infiltrated. Indeed, a sophisticated hacker would know better than to leave massive amounts of data, rightly labeled by some as the “oil” of the 21^st century, uncompromised. More curious than uncompromised data, however, is BCIT’s notification in the absence of an actual data breach, and mandatory breach notification provisions under B.C. privacy law.

Read the rest of this entry »

The following article was co-written with my colleague Gary Klinger for a Cozen O’Connor client Alert. Gary turned it around in one-day. Then I got it… Hence the delay.

Please let us know if you would like to be added to the Alert e-blast list and receive articles on a variety of cutting-edge professional liability and general liability topics.  Also, be sure to see the Dark Knight Rises. The ending was perfect.

Rick

In a landmark decision, the First Circuit Court of Appeals held in Patco Construction Company, Inc. v. People’s United Bank, No. 11-2031 (1st Cir. July 3, 2012)  that People’s United Bank (d/b/a Ocean Bank) was required to reimburse its customer, PATCO Construction Co., for approximately $580,000 which had been stolen from PATCO’S bank account.  In so doing, the Court reversed the decision of the United States District Court for the District of Maine which had granted summary judgment in the bank’s favor.

The dispute arose when Ocean Bank authorized six fraudulent withdrawals over seven days from an online account held by PATCO.  While the bank’s security system flagged each one of the transactions as “high risk” because they were inconsistent with the timing, value, and geographic location of PATCO’s regular payment orders, the bank’s security system did not notify PATCO of this information and allowed the payments to go through. In light of this omission, PATCO sued, alleging that Ocean Bank should bear responsibility for the loss because its security system was not “commercially reasonable” under the Uniform Commercial Code, as codified under Maine Law.

Read the rest of this entry »

A quick google search will reveal thousands of hundreds of thousands of hits for the term cyberstalking. Indeed, as of today, there are over 900,000 posts where the word is used. Perhaps not surprisingly, many of the listings involve teen cyberbullying and child protection issues. There are also large numbers of celebrities who are cyberstalked or otherwise harassed. Beyond juveniles and celebrities, the most frequently stalked demographic are 18-32 year old females, a cohort to which some of our own bloggers (and co-publishers) belong. Curiously, reports indicate that more and more women are also the cyberstalkers, not just the victims. Anecdotal stories suggest many of these women are married but unhappy with their lives.

Read the rest of this entry »

Jeremy Bentham used to refer to the common law as the “dog law”. As he explains it, “whenever your dog does anything you want to break him of, you wait till he does it, and then beat him for it. This is the way you make laws for your dog: and this is the way the judges make law for you and me.” . 

Insofar as the tort of invasion of privacy in Canada is concerned, Jeremy Bentham was arguably right. Aside from the province of Quebec, which is governed by a civil law system, and a few other provinces in Canada which have benefited from a statutorily enacted tort of invasion of privacy, lower Courts have been divided over the existence of a free-standing tort of invasion of privacy at common law. The recent decision Jones v. Tsige (2012) by the Ontario Court of Appeal is the first to confirm that what used to be an embryonic tort of invasion of privacy is now alive and well in Canada

Read the rest of this entry »

The US and Australia have a longstanding agreement to back each other up in case of physical enemy attack, but now have moved that agreement to the arena of cyber-attack as well. With Australia’s history of cyber-attacks well known, such as an attack two years ago that brought down Australia’s Parliament’s website, the country cannot afford to ignore cyber security any longer.

Read the rest of this entry »

The cyber-attacks recently launched by six individuals from the group Anonymous, an international hacktivist collective, against 13 Quebec government and police websites are but a fleeting glimpse of a much broader problem associated with the cyber world, most of which remains largely unseen. Succinctly stated, the cyber-attacks were a response to the Quebec Liberal party’s constitutionally questionable Bill 78 that was recently passed as a response to the student crisis sparked three months ago over the government’s planned 75% tuition increase. That six individual were arrested by law enforcement agencies and charged with mischief, conspiracy, and unlawful use of a computer should hardly be reassuring.

Read the rest of this entry »

Thanks to my colleague Mike Schmidt, who published the following post on his own blog, Social Media Employment Law Blog.

Rick

It is amazing how fast a legislative body can act when it wants to. Just last week, Governor Martin O’Malley of Maryland signed the country’s first law restricting employers’ ability to demand social media account information from applicants and employees. Maryland was the first to propose this type of law, and is now the first to enact it.

The Maryland law takes effect on October 12, 2012, and contains the following highlights:

Read the rest of this entry »

On May 8, 2012, the New York Court of Appeals issued a ruling that merely viewing child pornography on the internet is not a criminal act under the New York Penal Code. The People v. James D. Kent, Index 70, NYLJ 1202552838004, at *1 (Ct. of App., Decided May 8, 2012). The rationale behind the decision of the state’s highest court bears discussion on a much broader scale due to its potential bearing on the legal definitions of procurement, possession and control of digital property.

The key question under consideration was the evidentiary significance of temporary internet files (or cache files) that are automatically created and stored on a the hard drive of a computer while the user is browsing the internet. The Appellate Court concluded that the act of viewing a web image alone does not, absent other proof, constitute either possession or procurement.

Read the rest of this entry »

The following article was first published by our colleague Michael Schmidt on his blog, Social Media Employment Law Blog. It is part of our continuing effort to keep Cyberinquirer readers on top of decisions relevant to Social Media in the context of litigation. Thanks for the reprint, Mike.

Two weeks ago, I discussed the California case of PhoneDog v. Kravitz, where an employee, who used a company Twitter account as part of his job duties, left the company and continued to use the same Twitter account and tweet to the same followers. The (former) employee claimed that he had the right to continue tweeting, and PhoneDog responded that he was barking up the wrong tree (best I could do at the moment). As I mentioned in my last post, the court had denied the employee’s attempt to dismiss the entire case at inception, and allowed the company to amend its complaint to provide more specificity on some of its claims. Time for an update.

Read the rest of this entry »

The following article, written by my colleague Nicole Moody, first appeared in the Chicago Daily Law Bulletin. Thanks to Nicole for allowing us to republish it here.

Rick Bortnick

Many of us have been there. Sipping our morning coffee, signing into our Facebook accounts, waiting to see what notifications will greet us. We are intrigued to see that we have a friend request.  Who could it be? An acquaintance from the past? A new colleague who we met at work? Whoever it is, we know that by accepting the request we will be granted access into this individual’s life and will know more about them in five minutes than we would know in a lifetime of small talk.

Due to the use of usernames and passwords, there is a belief that information shared on Facebook is confidential unless publicly shared. However, courts around the country are now addressing just how private this information really is.

In cases nationwide, litigants are asking courts to grant unfettered access to other parties’ Facebook or other social media accounts. Inevitably, in the age of status updates and hashtags, poking and friending, the lines between public and private information have become blurred. This trend has become increasingly prevalent in the insurance industry as insurance companies have realized the usefulness of social media in litigation. 

Read the rest of this entry »

The following article was first published by our colleague Michael Schmidt on his blog, Social Media Employment Law Blog. It is part of our continuing effort to keep Cyberinquirer readers on top of decisions relevant to Social Media in the context of litigation. Thanks for the reprint, Mike.

What would you do if your employee continued to use your company’s Twitter account after he stopped working for you?

What if your (former) employee claimed that he, not your company, actually owned the rights to the Twitter followers?

Ever thought about it?

I have posted several times about how social media has not created new causes of action, but rather has provided a new application for traditional claims. One of the areas that I surmised would develop in time was the interplay between social media and post-employment competition and trade secret rights. According to two new decisions, that time has apparently come.

In PhoneDog v. Kravitz (Northern District of California), the company gave its employee (Kravitz) use of a Twitter account as part of his employment. Kravitz tweeted information to promote the company’s services, and generated approximately 17,000 followers. Kravitz left the company, and, while he changed the account “handle”, he continued to use the same account to tweet to the same followers. PhoneDog sued Kravitz for continuing to use the Twitter account, claiming that the “compilation of subscribers and the password used to access the account” constituted company trade secrets. Valuing each of the 17,000 followers at $2.50, the company sought damages of $340,000 for “stealing” each of those followers for 8 months.

Read the rest of this entry »

The following article first appeared on Mike Schmidt’s Cozen O’Connor blog, socialmediaemploymentlawblog.com. Thanks to Mike for allowing us to republish it as a follow-up to our December 2, 2011 post, Keep Your Friends Close, But Your Facebook Posts Closer, which addresses a Pennsylvania trial court’s ruling that ”plaintiff’s Facebook information is discoverable, provided the defendant has a good faith basis for seeking the material,” and our October 16, 2011 post, Facebook: Everything You Want to Know and More… Just a Discovery Request Away, where we comment on how easy it actually is to obtain information posted on Facebook.

Needless to say, the discoverability of social media posts is an important issue for litigants on both sides of the “v” and will continue to be the subject of fiercely-litigated motion practice. We will monitor the issue and post updates as courts across the country rule on this imporant, oftentimes substantively dispositive, issue.

Rick Bortnick

One of the high-profile battles being fought in the social media world continues to be over the ability of one party in a lawsuit to compel the other party to produce messages, posts, pictures, and other “private” things done over a social networking site like Facebook.   The trend continues to reveal that courts are willing to compel disclosure in the right circumstances, and the most recent decision issued by a New York appellate court is no different.

In Patterson v. Turner Construction Company (New York Supreme Court, Appellate Division, First Department, October 27, 2011), the plaintiff sued for personal injury damages that included physical and psychological injuries that he claims to have suffered.   During the lawsuit, the defendant asked the court to direct the plaintiff to provide an authorization allowing defendant to obtain “all of plaintiff’s Facebook records compiled after the incident alleged in the complaint, including any records previously deleted or archived[.]”   The plaintiff, obviously, fought that request.

Read the rest of this entry »

As regular Cyberinquirer readers know, on October 12, 2011, the SEC’s Division of Corporate Finance published “suggested” Guidance on public companies’ disclosures of their cyber risks and exposures. I published a personal perspective on the implications of the Guidance in an October 29, 2011 post (here). Since then, our friend John Doernberg of William Gallagher Associates in Boston has written an excellent, thoughtful article which adopts a more technical approach. As many of you may know, John is a Vice President at William Gallagher and focuses on privacy, information security and risk management issues. Before becoming an insurance broker in 1995, John practiced law at leading firms in New York and Boston. The following article first appeared at John’s own site, http://blog.wgains.com/?s=Doernberg, and is being republished here with his permission. Thanks John!

Rick Bortnick

Increased corporate reliance on computer networks and electronic data has brought a corresponding increase in risks associated with breaches of their security. Such breaches have become more frequent and severe. With these Guidelines, the Division has indicated that public companies and their advisors should focus greater attention on how disclosure obligations under the federal securities laws may be affected by the potential financial and operational impact of cybersecurity breaches.

The Guidelines note that cybersecurity breaches (generically referred to as cyber incidents) can be malicious (cyber-attacks) or unintentional. The Guidelines provide something of a rogue’s gallery of cyber malice: the gaining of unauthorized access to steal or corrupt sensitive data or to disrupt operations, denial of service attacks, sophisticated electronic circumvention of network security, and social engineering techniques such as phishing to extract passwords or other information that will enable the gaining of access.

Read the rest of this entry »

“Facebook helps you connect and share with the people in your life.” That is the Facebook mantra, as displayed on its homepage, and the opening line of a recent – and extremely thorough! – Pennsylvania trial court decision regarding the discoverability of a plaintiff’s relevant Facebook information. The court’s conclusion: a plaintiff’s Facebook information is discoverable, provided the defendant has a good faith basis for seeking the material, because there is no confidential social networking privilege under Pennsylvania law and because the Stored Communications Act only applies to internet service providers. The take-away for Facebook users: be careful what you post – it’s not as “private” as you think!

Read the rest of this entry »

With the help of our readers, Cyberinquirer has again been named as one of LexisNexis’s Top Insurance blogs 0f 2011. We are obviously flattered, particularly in view of the quality of the other blogs selected to this august list.  It shows that people are reading what we have to say. And that, perhaps, they are interested in what we have to say. We sure hope that to be the case. We love thinking, reading and talking about tech, privacy and cyber related issues (yeah, admittedly we’re geeks).  And we hope that you, our readers, gain from our insights, even if you don’t always agree with them.

So now that we’ve been recognized by LexisNexis for the second straight period, maybe some of you, our readers, will be more comfortable authoring a piece we can post. Remember, this blog is open to all relevant, responsible submissions, be they articles, commentaries, or just comments on something we have said that strikes a chord.  If you’ve got something to say that may be of interest to others in the community, email it to me at rbortnick@cozen.com and I will get back with you promptly. We strive to publish fresh, interesting content on a regular  basis, but its not always easy, as we do maintain law practices. And have other commitments. So flip your authored pieces. We’d actually appreciate it.

Needless to say, we couldn’t have done this on our own. So the honor is not just for us, but for you too. Thanks.

   Send article as PDF   

Its not often that worlds collide or that interests converge into one amorphous epiphany. But that’s exactly what happened to me recently, when the Division of Corporate Finance (DCF) of the U.S. Securities and Exchange Commission (SEC) issued a Disclosure Guidance identifying the types of information public companies should consider disclosing about cyber risks and events that could impact their financial statements. Now, the DCF has cautioned that the Disclosure Guidance only represents its own views and “is not a rule, regulation, or statement of the Securities and Exchange Commission.” The DCF also emphasizes right up front that ”the Commission has neither approved nor disapproved its content.” Yeah, right. YOU be an officer or director or officer of a company that does not “comply” with the DCF’s  ”recommendations.”

Read the rest of this entry »

I recently attended a CLE that had a panel of social media experts who were discussing the role of Facebook, Twitter and MySpace in litigation. During a lull in the question and answer session, the Facebook attorney quipped: “you know, Facebook has already given you everything that you’ve ask for…” Immediately, the audience lifted their heads from their Blackberries and newspapers and started paying attention after this cryptic remark.

Read the rest of this entry »

I. Overview

Canada’s privacy regime can be described as a web of legislation at both the federal and provincial/territorial level. Some commentators express concern that this web has become tangled, lacks uniformity and actually undermines the predictability and consistency that, in their view, would exist under a single (federal) privacy regime. Canada has two primary privacy statutes: the Privacy Act and the Personal Information Protection and Electronic Documents Act (“PIPEDA”). The Privacy Act, R.S.C. 1985, c. P-21 (Can.), took effect on July 1, 1983, and imposed certain privacy rights obligations on approximately 250 federal government departments and agencies by limiting the use and disclosure of personal information. The Privacy Act also gives individuals the right to access and, if necessary, correct personal information held by governmental organizations subject to the Act.

Read the rest of this entry »

I.                    Introduction

The Internet facilitates the widespread and instantaneous flow of information across international borders.  While the advent of this method of transnational communication has truly created a “global economy,” at the same time, it has engendered problems for companies and their insurers which seek to assess risk and implement information safeguards, particularly in the face of divergent data privacy laws which vary from region to region or may not even exist in certain jurisdictions.  The Asia-Pacific region typifies such a lack of uniformity.  At the same time, the emerging economies in this rapidly growing part of the world have generated promising targets for computer hackers. 

75% of Asia-Pacific enterprises have experienced cyber attacks in the past 12 months.  Perhaps not surprisingly, a 2010 study by Symantec reported that almost half of all Asia-Pacific-based businesses (and 67% in Singapore) ranked cyber risk and information security as their top concern—more so than natural disasters, terrorism, and traditional crime combined.  Cyber attacks and data breaches are on the radar of CEOs and risk managers for good reason: the average cost for a large company to remediate a data breach in Australia increased to nearly $2 million in 2010, which is slightly up from 2009.  See Ponemon Institute/Symantec 2010 Annual Study: Australian Cost of a Data Breach (May 2011).  Notwithstanding the prevalence of such attacks, it is far more likely that a cyber security program is managed as a part of a company’s traditional business risks, with traditional coverages being contorted to cover various components of cyber risk (i.e. property loss, liability to third-parties, business interruption, etc.), rather than by way of a dedicated cyber-specific insurance program.  Still, in light of recent developments, it is virtually certain that companies soon will begin looking to transfer such risk via more efficient and targeted technology insurance forms and policies.   

Read the rest of this entry »

First published on September 22, 2011 at e-Discovery Law Review
Monetary sanctions, attorneys fees, and adverse inference jury instructions are the more common type of sanctions imposed on litigants for the spoliation of evidence, or not producing relevant documents. Recently, however, a court has increased the severity and impact of sanctions by applying them not only to current litigation, but also to a party’s future litigation, with the effects lingering for years to come.

The Underlying Suit

“Any competent electronic discovery effort would have located this email.” These words were written in an opinion by a United States District Judge in the Eastern District of Texas in Green v. Blitz U.S.A., Inc., No. 2:07-CV-372 (E.D. Tex., Mar. 1, 2011) Green involved a product liability suit in which the requirement of a flame arrester was in dispute. The jury returned a defense verdict, and the plaintiff collected a low settlement amount as part of a high-low settlement agreement. During discovery in a subsequent case with the same defendant and plaintiff’s counsel, counsel learned of documents that were not produced in Green. The plaintiff then filed a motion for sanctions against the defendant in Green and a motion to re-open the Green case. While the court denied the motion to re-open because the statute of limitations had expired, the court did impose sanctions for the discovery abuse.

Read the rest of this entry »

The protracted copyright infringement class action by freelance writers seeking compensation for pieces published without authorization in various online databases has hit another roadblock.

In re Literary Works in Electronic Databases Copyright Litigation involves claims for infringement of works as to some of which the copyrights are registered and the vast majority are unregistered. This detail – the registered/non-registered distinction – keeps stymieing resolution of the case. In 2007, after the parties had spent years negotiating a settlement and gaining district court approval, the Second Circuit threw out the settlement, holding that the district court lacked subject matter jurisdiction to approve the settlement because many of the claims to be resolved were based on unregistered works, and registration is a jurisdictional predicate to a copyright infringement suit. The Supreme Court finally reversed in 2010, and the parties went back to the district court and again gained approval of the settlement.

Read the rest of this entry »

The ABA has issued a formal ethics opinion that provides guidance to lawyers whose clients use an employer’s email account to send or receive email from counsel.  In Formal Opinion 11-459, the Standing Committee on Ethics and Professional Responsibility urges lawyers to warn their clients that the confidentiality of electronic communications may be jeopardized if the employer or other third party, such as a hotel or library, has the potential to access email or other correspondence hosted on the third party’s computer system.

When clients use an employer’s computer, smartphone or other telecommunications device, or an employer’s email account, the employer may be able to obtain access to the communications and take advantage of that opportunity in various contexts, such as when the client is engaged in an employment dispute or when the employer is responding to a subpoena or document discovery in litigation.

Read the rest of this entry »

A recent Ninth Circuit opinion on class certification demonstrates both the potentially fact-intensive nature of class action “typicality” issues and the importance of substantive law in determining whether common issues predominate over individual issues.

In Stearns v. Ticketmaster Corp., the Ninth Circuit Court of Appeals reviewed several decisions denying class certification to various plaintiffs challenging an allegedly deceptive internet scheme involving Ticketmaster and its one-time affiliate, Entertainment Publications, Inc. (“EPI”). At issue is a link on Ticketmaster’s website to EPI’s Entertainment Rewards program, which allows members paying a monthly fee to download printable coupons.

Read the rest of this entry »

The Clerk for the U.S. District Court for the Eastern District of Pennsylvania recently ruled that there is a heavy presumption that prevailing parties may recover certain e-discovery costs under 28 U.S.C. § 1920. Federal Rule of Civil Procedure 54(d)(1) allows prevailing parties to submit bills of costs for certain expenses, enumerated in 28 U.S.C. § 1920, for taxation by the Clerk against the non-prevailing parties. For example, that statute provides for the taxation of costs related to obtaining copies of transcripts and printing. More significantly, the statute provides for the taxation of “[f]ees for exemplification and the cost of making copies of any materials where the copies are necessarily obtained for use in the case.” 28 U.S.C. § 1920(4). While the term “exemplification” is undefined, federal district clerks have traditionally awarded, as exemplification and copying costs, those costs related to the production of paper documents, photographs, models, maps, blow-ups, charts, and diagrams.

Read the rest of this entry »

In a recent decision, a Pennsylvania trial court concluded that no privilege exists to prevent access to non-public social website information of personal injury claimants. Rather, the “paramount ideal” of pursuing truth favors liberal discovery of relevant information on social media sites.

In Zimmerman v. Weis Markets, No. CV-09-1535 (C.P. Northumberland Cty., May 19, 2011), the court rejected a personal injury plaintiff’s objections to providing non-public portions of plaintiff’s Facebook and MySpace pages, after the defendant demonstrated that the public portions of those pages included recent photographs and comments that appeared to contradict the plaintiff’s claims of physical and emotional distress. The court agreed with the rationale stated in other recent cases holding that an individual who voluntarily posts photos and information on social networking sites does so with the intention of sharing, and thus cannot later claim any expectation of privacy. The court noted that the privacy policies of Facebook and MySpace disclose that any information posted may become publicly available at the user’s own risk.

Read the rest of this entry »

Just as lawyers now routinely conduct due diligence on opposing parties’ social media pages. some lawyers also are monitoring postings by jurors on social media sites.

In a recent ethics opinion issued by the New York County Lawyers’ Association Committee on Professional Ethics (No. 743, 5/18/11), the committee concluded that an attorney may review jurors’ postings on publicly available social networking sites during trial. But they must not “friend” or “tweet” jurors, subscribe to their Twitter accounts, or otherwise contact them, either directly or through others.

Read the rest of this entry »

It has become common practice for lawyers to mine social media pages of parties and witnesses for discovery purposes. The posts and photos may show a party to be lying about the extent of his or her claimed injury or disability, or they could undermine or support other claims. Facebook and other social media sites also have become fertile ground for cutting edge ethical questions posed to state Bar ethics committees.

In a recent ethics opinion issued by the San Diego County Bar Association, a lawyer asked if it was proper to “friend” request high-ranking employees of a company the lawyer was suing on behalf of a former employee pursuing a wrongful discharge case. The lawyer believed that these high-ranking employees were dissatisfied with the company and likely had been posting negative information on their social media pages that were accessible only to those persons who had been accepted as “friends”.

Read the rest of this entry »

Faced with revitalizing a deteriorated economy, formulating a national budget, and the aftermath of Osama Bin Laden’s death, President Barack Obama has his hands full. Yet, in the midst of all the issues commanding the White House’s attention, the Obama Administration somehow has found time to address the threats to our nation’s cyber security.

According to Business Insurance, on Thursday, May 12, 2011, the Obama Administration proposed cyber security legislation to improve protection for individuals and the federal government’s computer and network systems. The proposed legislation would address national data breach reporting by creating simpler and standardized reporting requirements for the 47 states that contain such requirements. The proposal would also synchronize penalties for computer crimes with other crimes. Additionally, the government, through the Department of Homeland Security, would become directly involved in assisting the industry as well as state and local governments in policing and enforcing cyber security. The proposed legislation encourages the state and local governments to share information with the Department of Homeland Security about cyber threats or related incidents by providing them with immunity for doing so.  
 
Read the rest of this entry »

On January 20, 2011, a federal class action lawsuit was filed against MySpace in the United States District Court for the Eastern District of New York. If successful, this new lawsuit could have dramatic implications for social networking sites and their users. Either way, it provides another opportunity to make a couple of privacy-related points for employers.

The MySpace lawsuit was filed on behalf of all former and current users of MySpace, who seek damages for the alleged improper and voluntary disclosure of personal and private information and data in response to foreign court search warrants without the knowledge or authorization of the MySpace users. The class alleges that search warrants issued by state judges for certain information have no force and effect when they are issued to MySpace’s California headquarters from other states, but that MySpace nevertheless provided responsive information and data voluntarily.

Read the rest of this entry »

Whether you own a website where you allow blogs and comments to be posted, or if you are the blogger/poster, listen up. 

For those of you who haven’t heard of Righthaven LLC, they are to the blogging world what editors are to the Law Review world…cite-checking and anti-plagiarism “proponents” (let’s call ‘em that, for argument’s sake).  Righthaven’s been making quite a splash and has gained popularity among news chains since its coming into existence in the spring of 2010.  According to David Kravets’ article, “Righthaven Expands Troll Operation With Newspaper Giant”[1], Righthaven has filed over 180 lawsuits and has settled over 70 of them already.  Its major suppliers of copyrighted material include Stephens Media (owners of Las Vegas Review-Journal), MediaNews Group (owners of San Jose Mercury News and the Denver Post), and WEHCO Media (owners of Arkansas Democrat-Gazette and Chattanooga Times Free Fress), to name a few.[2] Owned by Net Sortie Systems LLC and SI Content Monitor LLC, Righthaven is the brain-child of Las Vegas-based IP attorney, Steven Gibson.[3] Righthaven’s clients assign their rights in the content to Righthaven, who then sues for copyright infringement.[4] 

In order to analyze the problems faced by the parties to such lawsuits, we’ll have to discuss the U.S. Copyright Act, as well as the Digital Millennium Copyright Act (“DMCA”).

Read the rest of this entry »

We have all heard a story about some unfortunate personal injury lawyer who forgot to remind his client that ‘what happens in Vegas stays on YouTube’. Personal injury and family lawyers are becoming highly attuned to the crucial role that social media websites can play in civil litigation.

Yet when it comes to cases involving property damage, it appears that lawyers and other subrogation professionals have overlooked the potential utility of these sites in advancing their case. This post highlights some important ways in which YouTube can play a role in a subrogated claim for property damage.

1.   A Search Engine for Video Evidence

YouTube is the second largest search engine in the world. As of March, 2010, twenty-four hours of video was being uploaded to YouTube every minute. To put this in perspective, consider that more video is uploaded to YouTube in 60 days than all three major news networks have created in 60 years. [1] What does this mean? If you have a property damage claim, stop for a minute and think about whether it was an event that was likely to warrant a second glance. Were there flames? An explosion? Did a massive wall of water sweep over the property, obliterating all before it? In that case, it is likely that someone not only had taken that second glance, but pulled out his or her cell phone, recorded a video clip, and posted it on YouTube. Check it out. Simply enter the loss date, location and a one-word description into YouTube’s search engine and you may discover valuable evidence that can provide crucial insights into the loss.

Read the rest of this entry »

A “trend” is generally defined as a general course, drift or prevailing tendency.   In the battle between the potential privacy rights of a social networking site user and the desire of a lawsuit party to have full access to the private portions of that user’s profile, the trend favoring full and unfettered access has become clearer with a decision just issued by the Pennsylvania Court of Common Pleas in the case of McMillen v. Hummingbird Speedway, Inc.

In McMillen, the plaintiff was injured during a stock car race, and sued for damages after being rear-ended during a cooling down lap.   He alleged significant physical injuries and overall loss of general health and vitality, as well as an “inability to enjoy certain pleasures of life.” During the lawsuit, the defendants requested that plaintiff identify the name of all sites to which he belonged, and to identify his user name(s), login name(s), and passwords. Plaintiff responded by stating that he belonged to Facebook and MySpace, but he refused to give the other requested information based on confidentiality and privacy grounds.

Read the rest of this entry »

There have been a recent flurry of blog posts and media stories warning internet users about the potential dangers of posting their whereabouts on social networking sites, as such personal information is being used by opportunists to facilitate crimes. For example, just in the last month, three men in Nashua, New Hampshire allegedly used information they obtained from users’ Facebook status updates to learn when the users would not be home and thereupon broke into their vacant and vulnerable residences. Although Facebook has denied any link between its site and the crimes, the Nashua police believe that detailed information about the posters’ travel plans provided the thieves with sufficient information to know when the homes would be unoccupied.

Of course, the incidence of such crimes has not been widely disseminated through traditional media sources, such as newspapers, radio and television. As such, most Americans are unaware of this increasing phenomena. At the same time, internet users are more widely and more frequently publishing their personal information, including their travel and vacation plans, on social networking and other public sites. Moreover, beyond the routine “tweets” and run-of-the-mill social networking status updates, new applications for cellular phones and PDAs are being created to facilitate geographical updates. These applications such as “Foursquare,” “Gowalla” and “Facebook Places,” enable users to instantly identify their current physical location on the profiles they have created on social networking sites. Needless to say, allowing geographical information to freely be disclosed to the public can provide opportunists with even more accurate information about the whereabouts of their victims and their distance from an unoccupied and vulnerable residence.

Read the rest of this entry »

Data security breaches pose a serious threat to a corporation’s financial stability as well as to its credibility in the marketplace. Most notably, the 2007 TJX data security breach, where 45 million credit card and debit card numbers were stolen, cost the company over $4 billion. For many corporations, the solution is to purchase a cyber liability insurance policy, which provides insurance coverage in the event of such a breach.

The risk of data security breaches has also affected students of universities throughout the nation. In June of last year, Cornell University officials informed 45,000 members of the school’s community that their personal information, including their names and social security numbers, was stolen after a University-owned laptop was stolen. Due to such breaches, college officials nationwide have begun purchasing cyber liability insurance policies to offset the financial burdens of a data security breach.

Read the rest of this entry »

Fifty years ago, a superhero leaped tall buildings in a single bound and used x-ray vision to catch evil criminals.   Today, some of the world’s most threatening criminals are computer hackers.  Superman may not be able to save us from cataclysmic cyber attacks, but we can rest a little easier knowing seven cyber guardians are holding keys to one of society’s most valuable commodities—the internet.  

ICAAN, the Internet Corporation for Assigned Names and Numbers, has provided “keys” to the internet to seven members of the global community. As discussed in prior posts, ICAAN is a non-profit watchdog group that helped establish Domain Name System Security Extensions,  or DNSSEC.   The DNSSEC—which just became enabled this year— is a critical security technology that lies at the core of the internet’s global addressing system.  It protects the very heart of the internet by ensuring that users reach the intended web address.

Read the rest of this entry »

Google, Facebook, Twitter, Foursquare—millions of Americans, including myself, depend on these cyber sites as their gateway to information and communication in the outside world.  What we may not realize, or choose to ignore for convenience’s sake, is that this gateway lies on a two-way street. The information that we seek using websites such as Google and what we communicate on Facebook and Twitter provide companies with vital data to better market their products to us.  This use of information is referred to as “data mining. ”

An example of data mining can be seen in the advertisements that pop up on the side of your Facebook home page.  Such ads are often relevant to the information posted on your “Profile” page, such as advertisements promoting products from your college alma mater. 

At the outset, data mining seems like a win-win situation for both the consumer and the seller—the consumer is marketed with a product in which they are seemingly interested and the company has utilized its advertising budget in an informed, cost-effective manner.  At the same time, however, the threat of an invasion of privacy is real and has the attention of members of Congress and federal officials to create legislation regulating the way in which, and the extent to which, our personal information is shared with third parties. 

Read the rest of this entry »

Your employee is being paid millions of dollars each year to perform his job. Right in the middle of today’s tasks, as he is about to receive instruction from his supervisor, your employee takes out his cell phone and posts a “tweet” on his feelings about his performance to all of his friends who have signed up to follow his twitter board. Would you have a problem with that?

At least two employers did. News surfaced last week that Eric Mangini, head coach of the NFL’s Cleveland Browns, has threatened to fine players for tweeting about events at training camp, and particularly during team meetings. This on the heels of the well-publicized action taken last year by the NBA’s Milwaukee Bucks. In that case, Bucks forward Charlie Villanueva apparently posted a message to his Twitter feed from his cell phone when he went into the locker room at halftime of a basketball game against the Boston Celtics. According to reports, the tweet that was posted from Villanueva’s “CV31” screen name read: “In da locker room, snuck to post my twitt. We’re playing the Celtics, tie ball game at da half. Coach wants more toughness. I gotta step up.”

Read the rest of this entry »

One of the difficult things to predict with regard to the use of social media in the employment setting continues to be the extent to which traditional legal claims apply equally to new social media outlets.   We continue to advise employers that it is imperative to ensure that care is also taken to create policies and train employees on the use of social media in and out of the office setting, and not to let the informality and ease of the Internet lull employers into a false sense of security.   On July 22, 2010, a New York Supreme Court Judge applied the tort of defamation to statements on Facebook in a case that offers an important message to employers.

The case of Finkel v. Dauber (New York Supreme Court, Nassau County) centered on statements posted by a Facebook group known as “90 Cents Short of a Dollar.” Plaintiff alleged that she was defamed by the group’s postings that stated “unbeknownst to many, [plaintiff] acquired AIDS while on a cruise to Africa” and then “persisted to screw a baboon which caused the epidemic to spread.”   The postings further defamed plaintiff, she alleged, by stating “[w]hile in Africa she was seen fucking a horse.”   And other intelligent banter.

Read the rest of this entry »

On July 23, 2010, the United States Court of Appeals for the Eighth Circuit issued an important decision in Eyeblaster, Inc. v. Federal Ins. Co., 2010, U.S. App. LEXIS 15152, No. Civ. A. 08-3640, finding concurrent coverage under both a General Liability (“CGL”) insurance policy and a separate Information and Network Technology Errors and Omissions Liability (“E&O”) policy in circumstances where an online marketing company installed software on a consumer’s computer system, allegedly corrupting the computer’s software operating system.

Eyeblaster Inc. (“Eyeblaster”), the policyholder, is a company that creates, delivers and manages online interactive advertising. For the period December 5, 2006, to December 5, 2007, it was insured under two concurrent policies issued by Federal Insurance Company (“Federal”): (1) a CGL policy covering occurrences which cause damage to tangible property, and (2) an E&O policy which covered claims for financial loss caused by a wrongful act in connection with a product’s failure to perform its intended function or serve its intended purpose, resulting in damage to intangible property. As to the latter policy, intangible property included software, data and other electronic information. Both policies were “duty to defend” forms.

Read the rest of this entry »

Interviewing for your first job as a teenager is as exciting as it is intimidating. Thoughts of what to do with your first paycheck consume your mind as you rehearse your best “do-you-want-fries-with-that” smile. The interview proceeds flawlessly and you start to count the dollar signs as you await the job offer. But imagine your surprise when you are informed that you did not get the job because your background check revealed that you are over $75,000 in debt and five years behind in your child support payments for your eleven year old child…a terrifying thought considering you are only 16 years old.

Adults aren’t the only victims of identity theft. Child identity theft is an increasing and understated crime. A child’s Social Security Number (“SSN”) is the perfect target, as the theft typically goes undetected until years after the crime has taken place. Indeed, the crime might not be discovered until the rightful owner/victim uses his or her SSN for the first time years later. This revelation often occurs when the victim applies for his or her first job or financial aid before college.

The scheme works as follows: businesses are using various techniques to search the Internet for dormant SSNs. These numbers often belong to long-term inmates, dead people or children. Obtaining them is not as difficult as one may think, as SSNs are distributed systematically depending on age, geographical location and when the number is issued. Once it has been determined that no one is actively using the number to obtain credit, the numbers are offered for sale.

Read the rest of this entry »

“A lawyer is never entirely comfortable with a friendly divorce, anymore than a good mortician wants to finish his job and then have the patient sit up on the table.”  Jean Kerr

A new company out of Dallas, DivorceApps.com, is selling applications aimed at helping people navigate the legal waters of divorce. A Texas family lawyer, Michelle May O’Neil, started the company in March of this year. Two apps currently are for sale on iphones at a cost of $9.99 USD.  Applications that are currently available online are described as follows:

(1) Cost and Prep Application: A system that 1) tracks the information that will be required either by legal counsel or the other side of the case and 2) helps the user track the costs of divorce. For example, the “Divorce Cost” portion of the application provides a scroll down list of categories that enables the user to gain a better understanding of the costs of divorce. The “Scroll Down” component of the application allows the user to scroll through the categories of information to determine the documents and information that will be applicable to their case.

(2) Estate Divider Application: The “Estate Divider” is a system that purports to allow a user to work through the overall division of their Estate. The user can:

Read the rest of this entry »

His name is Ghyslain Raza, but you may know of him as “Star Wars Kid”, a portly 15-year-old student at a Quebec private high school who had filmed himself wielding a mock light saber, pretending to be a Star Wars character in combat. The two-minute video was supposed to be private, but he left it lying around at his school where three students, who did not know the teenager, came across the video, posted it on the Internet on April 14, 2003, adding a message inviting people to make insulting remarks about the clip.

Unfortunately for him, it wasn’t just his friends who found the footage so amusing. The video went ‘viral’. One Web log that posted the video was allegedly downloaded 1.1 million times, and by October 2004 one Internet site dedicated to the video had recorded 76 million visits. According to UK marketing firm The Viral Factory, it became the most downloaded video of 2006. So mortified was the teenager that he dropped out of school and finished the semester at a psychiatric ward. According to the student, “It was simply unbearable, totally. It was impossible to attend class.”  More than 35 other revised versions of the video clip, created by other people, have found their way to the Internet, with additional sound and visual effects.

This is an extreme but far from unique example of the devastation wrought by cyber-bullying, the term given to internet conduct in which students harass other students by e-mail and on the internet. Given the potentially devastating consequences of cyberbullying, should schools have the power to discipline their students engaging in this form of harmful conduct?

A major issue confronting school boards is that cyberbullying usually does not take place at school, although its effects can later reverberate among students during school hours. Students may post offensive material from home, or other times outside of school hours, but the targets are fellow classmates. Is it appropriate for a school board to discipline a student for posting such material simply because the postings are being accessed by other students at school or target other students?  At the same time, with power comes responsibility – if school boards have the power to discipline students for their behavior outside of school, are schools then to be mandated with the responsibility to essentially monitor and censor the world-wide web? Just how far should a school board’s jurisdiction extend regarding inappropriate off-school student e-conduct?

Read the rest of this entry »

A man and a lion were arguing about who was best, each one seeking evidence in support of his claim. They came to a tombstone on which a man was shown in the act of strangling a lion, and the man offered this picture as evidence. The lion replied, “It was a man who painted this; if a lion had painted it, you would instead see a lion strangling a man. But let’s look at some real evidence instead.” The lion then brought the man to the amphitheater and showed him so he could see with his own eyes just how a lion strangles a man. The lion then concluded, “A pretty picture is not proof: Facts are the only real evidence!”

The moral of the story has indeed changed since the times of Aesop, at least in today’s courtroom. Social networking websites such as Facebook, MySpace, and Twitter invite attorneys and their clients into a lion’s den of pictures and postings, creating a haven for evidentiary consequences that can be unexpected obstacles if attorneys are unprepared to counter them.

INTRODUCTION

With claims such as “Facebook is a great place to keep in touch with friends,” “Using Twitter is going to change the way you [stay] in touch,” and “MySpace lets you meet your friends’ friends,” social networking websites are, admittedly, enticing. This article surveys recent evidentiary issues involving these sites across multiple practice areas and counsels how to avoid some of the adverse rulings discussed herein.

Read the rest of this entry »