Ping Service
Feedback Forms

Cyber, Privacy and Technology Best Practices and Reputational Harm: Why Legal Professionals Need a Lawyer’s Advice, Counsel and Privileges


Lawyers, like other professionals, often have access to their clients’ personal and financial details. At the same time, they may possess comparable information about their clients’ clients (such as when a lawyer represents a healthcare company). As a result, lawyers are at risk for being sued if and when something happens to that information – such as when a laptop or cell phone is misplaced or stolen or a hacker breaches a law firm or client’s systems and accesses the client’s personally identifiable, health care, and/or confidential information.
The most prudent way to avoid such lawsuits and minimize their impact is to create and implement cyber, privacy and technology (“CPT”) best practices before something goes wrong. In most cases, this would include best practices training and education as well as the purchase of dedicated CPT-specific insurance. This article discusses why lawyers are at risk, how to create and implement best practices, and the advantages of CBT insurance coverage rather than (mistakenly) relying on professional errors and omissions and/or general liability coverage in the event of a CPT incident.

Executive Summary

An attorney’s reputation is his and her lifeblood. Indeed, reputation translates to the bottom line. For better or worse.
And, of course, reputation is, in large part, predicated on the quality, timeliness and cost-effectiveness of the services being provided. So too, it is incumbent that an attorney avoid negative commentary (or embarrassing revelations) through the pervasive and ubiquitous medium of social media. As a corollary, attorneys, like others, must be sensitive to the loss of customer goodwill, whether measured by turnover, client retention or other intangible assets.

Regardless of whether your clients are the Fortune 500, middle-market companies or small entrepreneurs, an attorneys’ clients – and by extension, the attorney himself and herself (to the extent the attorney holds personal, health or commercial information) – are at risk of losing personally identifiable information (“PII”), personal health information (“PHI”) and/or confidential commercial information (“CCI”). It doesn’t matter whether the harm is attributable to malicious activity or simple employee or third-party negligence. It’s the effect that is the focus, not necessarily the cause (although that too factors into the analysis).

In many cases, the effect of a cyber incident could be devastating, if not fatal, to an attorney’s reputation. And, by extension, his or her practice’s economic viability.
It is almost axiomatic to say that “best practices” are among the most important strategies employed by attorneys and other professionals. Just as we counsel clients to use best practices with respect to their operations, so too, we, as professionals, should be well-trained on the scope and extent of best practices in the subject matter presented, including, in particular, CPT risks and exposures, which, to no surprise, are palpable and potentially devastating.

In the CPT context, among others, best practices counseling should be provided by an attorney. Unlike non-lawyers, attorneys bring with them the attorney-client privilege and work product protection. Although vendors and IT specialists can promote themselves as having the appropriate knowledge and training to teach and implement best practices, they do possess the critical protections afforded by the attorney-client relationship. In a relatively new space like CPT, where the law is uncertain and developing, the privileges become even more important, as many attorneys are just at the start of the learning curve.

To continue reading, please contact me at A complete copy will be emailed upon request. Cheers. Rick

PDF Creator    Send article as PDF   

The Posts have Come Back… To Cyberinquirer

Since last we visited, your humble Publisher has moved on to the Law Offices of Richard J. Bortnick, where I am Managing Director (very European, if I do say so myself). A number of dedicated readers and friends (you know who you are) have asked what had become of me and why my old email address was no longer effective.

The answer my friend (apologies to Peter, Paul and Mary) is the Law Offices of Richard J. Bortnick. At the risk of having this viewed as attorney advertising, I will stop there other than to say I also will be signing as a free agent with a Consulting Firm to be named later (but not much later).

So, please feel free to contact me if you want to catch up, engage in intellectual banter (with the exception of Philadelphia sports, where the banter will all be negative) or have some worthwhile humor you’d like to pass along (although it can’t be as good as the material I get from my good friend Jeff). My new email address is (at least for the short term… stay tuned on that too).

Its good to be back. And thanks for all of your kind wishes.


Create PDF    Send article as PDF   

Power to the People: Social Media Technologies Mediating Corporate Social Governance

The measure of effectiveness of a CEO and its executive board has always been the degree to which the business is achieving its purpose. Whether in Canada, the U.S., Europe or Asia, an executive board’s purpose should be to increase shareholder value, a purpose that is best accomplished by serving the needs of various stakeholders. Somewhere in the pyramid of stakeholders is the consumer or client, whose likes, favorites, and preferences must be met with quality personalized products and services that deliver high competitive value. In an interconnected global knowledge economy, this has meant listening to what consumers are saying online through social media platforms like Facebook and Twitter, and engaging in two-way conversations to respond in real-time to consumer demands.

Read the rest of this entry »

Access to Insured’s Social Media Accounts: No Friend Request Necessary

The following article, written by my colleague Nicole Moody, first appeared in the Chicago Daily Law Bulletin. Thanks to Nicole for allowing us to republish it here.

Rick Bortnick

Many of us have been there. Sipping our morning coffee, signing into our Facebook accounts, waiting to see what notifications will greet us. We are intrigued to see that we have a friend request. Who could it be? An acquaintance from the past? A new colleague who we met at work? Whoever it is, we know that by accepting the request we will be granted access into this individual’s life and will know more about them in five minutes than we would know in a lifetime of small talk.

Due to the use of usernames and passwords, there is a belief that information shared on Facebook is confidential unless publicly shared. However, courts around the country are now addressing just how private this information really is.

In cases nationwide, litigants are asking courts to grant unfettered access to other parties’ Facebook or other social media accounts. Inevitably, in the age of status updates and hashtags, poking and friending, the lines between public and private information have become blurred. This trend has become increasingly prevalent in the insurance industry as insurance companies have realized the usefulness of social media in litigation.

Read the rest of this entry »

Cyberinquirer Named As One of LexisNexis’s Top Insurance Blogs of 2011

With the help of our readers, Cyberinquirer has again been named as one of LexisNexis’s Top Insurance blogs 0f 2011. We are obviously flattered, particularly in view of the quality of the other blogs selected to this august list. It shows that people are reading what we have to say. And that, perhaps, they are interested in what we have to say. We sure hope that to be the case. We love thinking, reading and talking about tech, privacy and cyber related issues (yeah, admittedly we’re geeks). And we hope that you, our readers, gain from our insights, even if you don’t always agree with them.

So now that we’ve been recognized by LexisNexis for the second straight period, maybe some of you, our readers, will be more comfortable authoring a piece we can post. Remember, this blog is open to all relevant, responsible submissions, be they articles, commentaries, or just comments on something we have said that strikes a chord. If you’ve got something to say that may be of interest to others in the community, email it to me at and I will get back with you promptly. We strive to publish fresh, interesting content on a regular basis, but its not always easy, as we do maintain law practices. And have other commitments. So flip your authored pieces. We’d actually appreciate it.

Needless to say, we couldn’t have done this on our own. So the honor is not just for us, but for you too. Thanks.

Free PDF    Send article as PDF   

Bloggers Beware: Righthaven’s got its eye on you…

Whether you own a website where you allow blogs and comments to be posted, or if you are the blogger/poster, listen up.

For those of you who haven’t heard of Righthaven LLC, they are to the blogging world what editors are to the Law Review world…cite-checking and anti-plagiarism “proponents” (let’s call ‘em that, for argument’s sake). Righthaven’s been making quite a splash and has gained popularity among news chains since its coming into existence in the spring of 2010. According to David Kravets’ article, “Righthaven Expands Troll Operation With Newspaper Giant[1], Righthaven has filed over 180 lawsuits and has settled over 70 of them already. Its major suppliers of copyrighted material include Stephens Media (owners of Las Vegas Review-Journal), MediaNews Group (owners of San Jose Mercury News and the Denver Post), and WEHCO Media (owners of Arkansas Democrat-Gazette and Chattanooga Times Free Fress), to name a few.[2] Owned by Net Sortie Systems LLC and SI Content Monitor LLC, Righthaven is the brain-child of Las Vegas-based IP attorney, Steven Gibson.[3] Righthaven’s clients assign their rights in the content to Righthaven, who then sues for copyright infringement.[4]

In order to analyze the problems faced by the parties to such lawsuits, we’ll have to discuss the U.S. Copyright Act, as well as the Digital Millennium Copyright Act (“DMCA”).

Read the rest of this entry »

It’s All About YouTube: How Social Media Can Make or Break Your Subrogated Action

We have all heard a story about some unfortunate personal injury lawyer who forgot to remind his client that ‘what happens in Vegas stays on YouTube’. Personal injury and family lawyers are becoming highly attuned to the crucial role that social media websites can play in civil litigation.

Yet when it comes to cases involving property damage, it appears that lawyers and other subrogation professionals have overlooked the potential utility of these sites in advancing their case. This post highlights some important ways in which YouTube can play a role in a subrogated claim for property damage.

1. A Search Engine for Video Evidence

YouTube is the second largest search engine in the world. As of March, 2010, twenty-four hours of video was being uploaded to YouTube every minute. To put this in perspective, consider that more video is uploaded to YouTube in 60 days than all three major news networks have created in 60 years. [1] What does this mean? If you have a property damage claim, stop for a minute and think about whether it was an event that was likely to warrant a second glance. Were there flames? An explosion? Did a massive wall of water sweep over the property, obliterating all before it? In that case, it is likely that someone not only had taken that second glance, but pulled out his or her cell phone, recorded a video clip, and posted it on YouTube. Check it out. Simply enter the loss date, location and a one-word description into YouTube’s search engine and you may discover valuable evidence that can provide crucial insights into the loss.

Read the rest of this entry »

Pulling the Plug on Cyberbullies: Should Schools be Responsible for Sticks and Stones Thrown in Cyberspace?

His name is Ghyslain Raza, but you may know of him as “Star Wars Kid”, a portly 15-year-old student at a Quebec private high school who had filmed himself wielding a mock light saber, pretending to be a Star Wars character in combat. The two-minute video was supposed to be private, but he left it lying around at his school where three students, who did not know the teenager, came across the video, posted it on the Internet on April 14, 2003, adding a message inviting people to make insulting remarks about the clip.

Unfortunately for him, it wasn’t just his friends who found the footage so amusing. The video went ‘viral’. One Web log that posted the video was allegedly downloaded 1.1 million times, and by October 2004 one Internet site dedicated to the video had recorded 76 million visits. According to UK marketing firm The Viral Factory, it became the most downloaded video of 2006. So mortified was the teenager that he dropped out of school and finished the semester at a psychiatric ward. According to the student, “It was simply unbearable, totally. It was impossible to attend class.” More than 35 other revised versions of the video clip, created by other people, have found their way to the Internet, with additional sound and visual effects.

This is an extreme but far from unique example of the devastation wrought by cyber-bullying, the term given to internet conduct in which students harass other students by e-mail and on the internet. Given the potentially devastating consequences of cyberbullying, should schools have the power to discipline their students engaging in this form of harmful conduct?

A major issue confronting school boards is that cyberbullying usually does not take place at school, although its effects can later reverberate among students during school hours. Students may post offensive material from home, or other times outside of school hours, but the targets are fellow classmates. Is it appropriate for a school board to discipline a student for posting such material simply because the postings are being accessed by other students at school or target other students? At the same time, with power comes responsibility – if school boards have the power to discipline students for their behavior outside of school, are schools then to be mandated with the responsibility to essentially monitor and censor the world-wide web? Just how far should a school board’s jurisdiction extend regarding inappropriate off-school student e-conduct?

Read the rest of this entry »

But I’m Innocent, I Swear! This Website Proves It!

Who would have thought a comment as innocent as “Just walked into work at Cozen O’Connor-Toronto…so much work to get done” could potentially cause you so much trouble?

I came across an article this weekend by Tracy Staedter, titled “I’m Not Home: Please Rob Me”. Ready to become paranoid? Read the article – it’s short and to the point. Ever send out Evites? How about prior tweets, MySpace posts, etc. inviting people to your place and including an address? Bingo! Better pack up and move quick!

The website causing havoc is Check it out…make sure you aren’t on the site…then check again after every time you tweet, post, etc. Do you have the time to constantly check? Probably not. Should you? Probably. It may make you paranoid, but then again, shouldn’t you be? But should the creators of the website be blamed – legally, morally, ethically? Should they be held accountable for what you put out into the public realm? Can you sue for violation of your privacy rights? Do you really have an expectation of privacy in any of those posts? In an age where MySpace, Friendster and other social networking sites regularly have their records subpoenaed, why should anyone think that anything they post will be “private”? What piqued my curiosity even more was how this website could apply in the criminal or tort law application. Can this website be used to substantiate or corroborate an accused’s alibi – “Your Honor, look! I have proof that I wasn’t in the city when the crime occurred…I tweeted that I would be in Los Angeles!” Look, my knowledge of Canadian (or U.S., for that matter) Criminal Law/Procedure does not extend further than the 800 or so pages of textbooks I read while in law school. But surely this website can be put to more use than just what the creators intended. So long as a proper foundation is laid, and the purported evidence is relevant, it may be admitted, right? Something to definitely consider as a defense attorney.

The creators of the website claim the site is supposed to help us…to open our eyes to the evil out in the world. Call me crazy, but perhaps a simple email addressed to me would have been more appreciated…though it leaves one wondering if such a logical course of action would have been as effective.

Fax Online    Send article as PDF   

Where Does Internet Defamation Occur? An Interesting Jurisdictional Issue

j0439359The issue of defamation on the internet is an interesting one because, perhaps contrary to intuition, the tort of defamation is generally considered to occur in the location where defamatory material is accessed, rather than where it is published. Dow Jones & Company v. Gutnick, a 2002 decision of the High Court of Australia, was the first case to reach a final court that considered the nature of defamation on the Internet. Dow Jones, a US company, allegedly defamed an Australian businessman in an article on the Internet. Dow Jones argued that the suit should be heard in the US, not Australia, because that is where the article was uploaded. They argued that the Internet, being such a revolutionary development in communications, deserved a new legal response; that the High Court should develop a global theory of defamation liability. The High Court declined to do so, holding that long-established principles of Anglo-Australian defamation law were applicable to online defamation. Canada appears to have followed suit.

The consequence is that regardless of whether online defamatory material has been posted and hosted in the United States, case law developments with respect to internet defamation in foreign jurisdictions may be quite relevant in determining the liability of a U.S. resident for posting defamatory content.

For a good review of the Dow Jones case, see A Result Contrary to Intuition: Defamation on the Internet and the High Court of Australia.

PDF Converter    Send article as PDF   

Hyperlink to Libel: Can You Be Held Liable?

click hereIn actions for libel and slander, “publication” refers to the communication of defamatory material to a third person. Does hyperlinking to a website containing defamatory material amount to publication of that material in the eyes of the law?

This was the issue that was recently considered by the B.C. Court of Appeal in the case of Crookes v. Newton, the first case at the appellate level in Canada to consider whether the creation of a hyperlink to a site that contains defamatory material can make the creator liable for the defamatory material. The plaintiff, Mr. Crookes, claimed that he was defamed in various articles that first appeared on the Internet in 2005. The defendant, Mr. Newton, put up a post on his website under the heading “Free Speech in Canada”, and inserted hyperlinks to webpages that contained the defamatory articles. Significantly, Mr. Newton did not reproduce any of the content from the articles, nor did he comment on them in any way. The relevant post excerpt (hyperlinks omitted) is as follows:

Under new developments, thanks to the lawsuit, I’ve just met Michael Pilling, who runs Based in Toronto, he, too, is being sued for defamation. This time by politician Wayne Crookes. We’ve decided to pool some of our resources to focus more attention on the appalling state of Canada’s ancient and decrepit defamation laws and tomorrow, p2pnet will run a post from Mike [Pilling] on his troubles. He and I will also be releasing a joint press statement in the very near future.

When Mr. Crookes learned of the post, he asked Mr. Newton to remove the hyperlinks, but Mr. Newton refused. Mr. Crookes then sued Mr. Newton, taking the position that by creating the hyperlinks, Mr. Newton became a publisher of the impugned articles found at the hyperlinked websites. Mr. Newton brought a motion for summary judgment, arguing that that Mr. Crookes could not prove that the hyperlinks were brought to the attention of a third party and therefore “published”. Mr. Crookes was able to prove that Mr. Newton’s site had been accessed 1,788 times, but he could not prove whether any visitors to the site had ever clicked on the hyperlinks leading to the webpages containing the defamatory articles.

Mr. Crookes argued that there should be an automatic presumption of publication of the hyperlinked articles – such a presumption exists with respect to defamatory content in newspapers or broadcasts to the general public through the operation of ss. 2 and 12(2) of British Columbia’s Libel and Slander Act which provides:

s. 2. Defamatory words in a broadcast are deemed to be published and to constitute libel.

s. 12(2). The publication of a printed copy of a newspaper is proof, in the absence of evidence to the contrary, of the publication of the printed copy.

The Court refused to apply such a presumption, holding that since there is no such statutory provision in Canada providing for the presumed publication of communication distributed through the internet, it should be up to the Legislature, rather than the courts, to create such a presumption. Nor would the majority of the Court infer publication from the fact that Mr. Newton’s site had received 1,788 “hits”. Justice Saunders, speaking for the majority, noted that there was no evidence adduced with respect the volume of “hits” here compared to the norm, the usual behavior of internet readers or “surfers” or the jurisdiction in which they resided. As a result, there was insufficient information on which to infer that the hyperlinks had been accessed at all, let alone by Canadian viewers.

The court concluded that the mere fact that Mr. Newton hyperlinked the impugned sites did not make him a publisher of the material found at the hyperlinked sites. The Court referred to the 2005 case of Carter v. B.C. Federation of Foster Parents Assn., where it had held that a reference to a website in a printed newsletter, where there was no element of control by the defendant over that website, did not amount to publication of the defamatory material found at that site. In that case, a group of defendants had prepared a written newsletter which contained an internet address for an internet chat room which posted defamatory material, with the comment that “more news” could be found at that address. The Trial judge found that the reference in the written newsletter did not in the circumstances amount to publication by the Federation of the defamatory materials found at that site.

In this case, Mr. Newton advised that he saw the hyperlinks “as the equivalent of a footnote or biographical reference”, and the majority of the Court of Appeal agreed. The majority of the court found that there was no substantial difference between referring to a web address in a written article and a mere hyperlink; both required a decision on the part of the reader to access another website, and both required the reader to take a distinct action. Further, in this day of rapidly changing technology, the court was not persuaded that it would take any less effort to access a hyperlink than a web address in an article. Thus, according to the majority, if it is apparent from the context in which the hyperlink is used that it is being used merely as a biographical or similarly limited reference to an original source, without in any way actively encouraging or recommending to the readers that they access that source, then this would not amount to publication. However, the footnote analogy is not a complete answer to the question. If a hyperlink served as an invitation or encouragement to view an impugned site, or in some way adopted a portion of its contents, the hyperlink could be defamatory. For example, a statement that “The truth about [Person X] is found here, where “here” is hyperlinked to defamatory content may be sufficient to constitute defamation. Thus, the issue of whether a hyperlink promulgates defamatory content will require a contextual, fact-specific analysis.

(Of course, therein lies the rub. The majority of the Court did not see encouragement in Mr. Newton’s post, likening the links to a footnote for a reader or card index in a library. The dissenting judge was of the view that the context of the post served as an inducement to readers to click on the hyperlink).

PDF Printer    Send article as PDF