Ping Service
Feedback Forms

The Dos and Don’ts of Navigating The Cloud: A Business Guide For Cloud Computing

Cloud computing is the storage of data on remote computer servers and the sharing and transmittal of such information by way of the internet. Use of the cloud enables both businesses and casual users to maintain as much or as little electronic data as they wish on a third party’s mainframes without the need for or the expense of having to buy and maintain their own hardware systems.

The cloud’s economic benefits are clear. Still, clouds can be a legal minefield for companies and their counsel. Data breaches, hosting of illegal content and inaccessibility of critical business information are just a few examples of turbulent situations cloud users can face.

Given the risks and potential rewards of the cloud, consider the following guide before entering into a cloud provider contract:

Read the rest of this entry »

Cyber, Privacy and Technology Best Practices and Reputational Harm: Why Legal Professionals Need a Lawyer’s Advice, Counsel and Privileges

BabyB_LPlate_improvedIntroduction

Lawyers, like other professionals, often have access to their clients’ personal and financial details. At the same time, they may possess comparable information about their clients’ clients (such as when a lawyer represents a healthcare company). As a result, lawyers are at risk for being sued if and when something happens to that information – such as when a laptop or cell phone is misplaced or stolen or a hacker breaches a law firm or client’s systems and accesses the client’s personally identifiable, health care, and/or confidential information.
The most prudent way to avoid such lawsuits and minimize their impact is to create and implement cyber, privacy and technology (“CPT”) best practices before something goes wrong. In most cases, this would include best practices training and education as well as the purchase of dedicated CPT-specific insurance. This article discusses why lawyers are at risk, how to create and implement best practices, and the advantages of CBT insurance coverage rather than (mistakenly) relying on professional errors and omissions and/or general liability coverage in the event of a CPT incident.

Executive Summary

An attorney’s reputation is his and her lifeblood. Indeed, reputation translates to the bottom line. For better or worse.
And, of course, reputation is, in large part, predicated on the quality, timeliness and cost-effectiveness of the services being provided. So too, it is incumbent that an attorney avoid negative commentary (or embarrassing revelations) through the pervasive and ubiquitous medium of social media. As a corollary, attorneys, like others, must be sensitive to the loss of customer goodwill, whether measured by turnover, client retention or other intangible assets.

Regardless of whether your clients are the Fortune 500, middle-market companies or small entrepreneurs, an attorneys’ clients – and by extension, the attorney himself and herself (to the extent the attorney holds personal, health or commercial information) – are at risk of losing personally identifiable information (“PII”), personal health information (“PHI”) and/or confidential commercial information (“CCI”). It doesn’t matter whether the harm is attributable to malicious activity or simple employee or third-party negligence. It’s the effect that is the focus, not necessarily the cause (although that too factors into the analysis).

In many cases, the effect of a cyber incident could be devastating, if not fatal, to an attorney’s reputation. And, by extension, his or her practice’s economic viability.
It is almost axiomatic to say that “best practices” are among the most important strategies employed by attorneys and other professionals. Just as we counsel clients to use best practices with respect to their operations, so too, we, as professionals, should be well-trained on the scope and extent of best practices in the subject matter presented, including, in particular, CPT risks and exposures, which, to no surprise, are palpable and potentially devastating.

In the CPT context, among others, best practices counseling should be provided by an attorney. Unlike non-lawyers, attorneys bring with them the attorney-client privilege and work product protection. Although vendors and IT specialists can promote themselves as having the appropriate knowledge and training to teach and implement best practices, they do possess the critical protections afforded by the attorney-client relationship. In a relatively new space like CPT, where the law is uncertain and developing, the privileges become even more important, as many attorneys are just at the start of the learning curve.

To continue reading, please contact me at rbortnick@cpmy.com. A complete copy will be emailed upon request. Cheers. Rick

PDF Printer    Send article as PDF   

Power to the People: Social Media Technologies Mediating Corporate Social Governance

The measure of effectiveness of a CEO and its executive board has always been the degree to which the business is achieving its purpose. Whether in Canada, the U.S., Europe or Asia, an executive board’s purpose should be to increase shareholder value, a purpose that is best accomplished by serving the needs of various stakeholders. Somewhere in the pyramid of stakeholders is the consumer or client, whose likes, favorites, and preferences must be met with quality personalized products and services that deliver high competitive value. In an interconnected global knowledge economy, this has meant listening to what consumers are saying online through social media platforms like Facebook and Twitter, and engaging in two-way conversations to respond in real-time to consumer demands.

Read the rest of this entry »

The Queen v. Cole: Privacy Protection for Employer-Issued Equipment in Canada

The recent decision The Queen v. Cole by the Supreme Court of Canada touches upon interesting issues regarding information privacy in the digital age.

The facts are simple. An information technologist working at the same high school as Mr. Cole, a teacher, remotely accessed Cole’s history of internet access and one of his drives and found a hidden file which contained nude photographs of a student. The photographs and internet file were copied onto a disc and given to the police, which determined that a search warrant was unnecessary. Cole was subsequently charged with possession of child pornography and fraudulently obtaining data from another computer hard drive. The trial judge excluded the computer material under Sections 8 and 24(2) of the Charter. In overturning the decision, the summary conviction appeal court found no breach of Section 8. This decision was set aside by the Ontario Court of Appeal, which concluded that the evidence of the disc containing the temporary internet files and the laptop computer and its mirror image was excluded. A 6-1 majority ruling by the Supreme Court concluded that the police infringed upon Cole’s rights but upheld the Court of Appeals’ finding that the evidence should not have been excluded from trial.

Read the rest of this entry »

Planet Mars, Curiosity, and Data Security

For those captivated by recent events in astronomy, parallels can be drawn between the recent landing of NASA’s rover Curiosity on planet Mars and the public discourse on data security in Canada. With the distinction that one is effectively equipped with the right budget and tools to achieve its actual objective, both have come a very long way, both have managed to blaze through layers of clouds, both seek to secure ingredients essential to life, and both are now aimlessly wandering about unchartered territories.

A decisive factor in Barrack Obama’s 2008 political campaign was the extensive use of individual, thin sliced consumer data to send highly tailored messages to gain political support. Within 13 years, Google has become the most valuable brand in the world through the aggregation of vast amounts of data including search data, or data held in Gmail accounts. This information is then used to create an advertising cruise missile, which is much more efficient than the old method of pattern bombing.

Read the rest of this entry »

Access to Insured’s Social Media Accounts: No Friend Request Necessary

The following article, written by my colleague Nicole Moody, first appeared in the Chicago Daily Law Bulletin. Thanks to Nicole for allowing us to republish it here.

Rick Bortnick

Many of us have been there. Sipping our morning coffee, signing into our Facebook accounts, waiting to see what notifications will greet us. We are intrigued to see that we have a friend request. Who could it be? An acquaintance from the past? A new colleague who we met at work? Whoever it is, we know that by accepting the request we will be granted access into this individual’s life and will know more about them in five minutes than we would know in a lifetime of small talk.

Due to the use of usernames and passwords, there is a belief that information shared on Facebook is confidential unless publicly shared. However, courts around the country are now addressing just how private this information really is.

In cases nationwide, litigants are asking courts to grant unfettered access to other parties’ Facebook or other social media accounts. Inevitably, in the age of status updates and hashtags, poking and friending, the lines between public and private information have become blurred. This trend has become increasingly prevalent in the insurance industry as insurance companies have realized the usefulness of social media in litigation.

Read the rest of this entry »

Keep Your Friends Close, But Your Facebook Posts Closer

“Facebook helps you connect and share with the people in your life.” That is the Facebook mantra, as displayed on its homepage, and the opening line of a recent – and extremely thorough! – Pennsylvania trial court decision regarding the discoverability of a plaintiff’s relevant Facebook information. The court’s conclusion: a plaintiff’s Facebook information is discoverable, provided the defendant has a good faith basis for seeking the material, because there is no confidential social networking privilege under Pennsylvania law and because the Stored Communications Act only applies to internet service providers. The take-away for Facebook users: be careful what you post – it’s not as “private” as you think!

Read the rest of this entry »

Cyberinquirer Named As One of LexisNexis’s Top Insurance Blogs of 2011

With the help of our readers, Cyberinquirer has again been named as one of LexisNexis’s Top Insurance blogs 0f 2011. We are obviously flattered, particularly in view of the quality of the other blogs selected to this august list. It shows that people are reading what we have to say. And that, perhaps, they are interested in what we have to say. We sure hope that to be the case. We love thinking, reading and talking about tech, privacy and cyber related issues (yeah, admittedly we’re geeks). And we hope that you, our readers, gain from our insights, even if you don’t always agree with them.

So now that we’ve been recognized by LexisNexis for the second straight period, maybe some of you, our readers, will be more comfortable authoring a piece we can post. Remember, this blog is open to all relevant, responsible submissions, be they articles, commentaries, or just comments on something we have said that strikes a chord. If you’ve got something to say that may be of interest to others in the community, email it to me at rbortnick@cozen.com and I will get back with you promptly. We strive to publish fresh, interesting content on a regular basis, but its not always easy, as we do maintain law practices. And have other commitments. So flip your authored pieces. We’d actually appreciate it.

Needless to say, we couldn’t have done this on our own. So the honor is not just for us, but for you too. Thanks.

Free PDF    Send article as PDF   

Facebook: Everything You Want To Know and More… Just a Discovery Request Away!

I recently attended a CLE that had a panel of social media experts who were discussing the role of Facebook, Twitter and MySpace in litigation. During a lull in the question and answer session, the Facebook attorney quipped: “you know, Facebook has already given you everything that you’ve ask for…” Immediately, the audience lifted their heads from their Blackberries and newspapers and started paying attention after this cryptic remark.

Read the rest of this entry »

It’s All About YouTube: How Social Media Can Make or Break Your Subrogated Action

We have all heard a story about some unfortunate personal injury lawyer who forgot to remind his client that ‘what happens in Vegas stays on YouTube’. Personal injury and family lawyers are becoming highly attuned to the crucial role that social media websites can play in civil litigation.

Yet when it comes to cases involving property damage, it appears that lawyers and other subrogation professionals have overlooked the potential utility of these sites in advancing their case. This post highlights some important ways in which YouTube can play a role in a subrogated claim for property damage.

1. A Search Engine for Video Evidence

YouTube is the second largest search engine in the world. As of March, 2010, twenty-four hours of video was being uploaded to YouTube every minute. To put this in perspective, consider that more video is uploaded to YouTube in 60 days than all three major news networks have created in 60 years. [1] What does this mean? If you have a property damage claim, stop for a minute and think about whether it was an event that was likely to warrant a second glance. Were there flames? An explosion? Did a massive wall of water sweep over the property, obliterating all before it? In that case, it is likely that someone not only had taken that second glance, but pulled out his or her cell phone, recorded a video clip, and posted it on YouTube. Check it out. Simply enter the loss date, location and a one-word description into YouTube’s search engine and you may discover valuable evidence that can provide crucial insights into the loss.

Read the rest of this entry »

Your “Status Update” May be Revealing More Than Your Status

There have been a recent flurry of blog posts and media stories warning internet users about the potential dangers of posting their whereabouts on social networking sites, as such personal information is being used by opportunists to facilitate crimes. For example, just in the last month, three men in Nashua, New Hampshire allegedly used information they obtained from users’ Facebook status updates to learn when the users would not be home and thereupon broke into their vacant and vulnerable residences. Although Facebook has denied any link between its site and the crimes, the Nashua police believe that detailed information about the posters’ travel plans provided the thieves with sufficient information to know when the homes would be unoccupied.

Of course, the incidence of such crimes has not been widely disseminated through traditional media sources, such as newspapers, radio and television. As such, most Americans are unaware of this increasing phenomena. At the same time, internet users are more widely and more frequently publishing their personal information, including their travel and vacation plans, on social networking and other public sites. Moreover, beyond the routine “tweets” and run-of-the-mill social networking status updates, new applications for cellular phones and PDAs are being created to facilitate geographical updates. These applications such as “Foursquare,” “Gowalla” and “Facebook Places,” enable users to instantly identify their current physical location on the profiles they have created on social networking sites. Needless to say, allowing geographical information to freely be disclosed to the public can provide opportunists with even more accurate information about the whereabouts of their victims and their distance from an unoccupied and vulnerable residence.

Read the rest of this entry »

Invasions of Privacy In The Cyber Sphere: Who’s Watching And What They Know About You

Google, Facebook, Twitter, Foursquare—millions of Americans, including myself, depend on these cyber sites as their gateway to information and communication in the outside world. What we may not realize, or choose to ignore for convenience’s sake, is that this gateway lies on a two-way street. The information that we seek using websites such as Google and what we communicate on Facebook and Twitter provide companies with vital data to better market their products to us. This use of information is referred to as “data mining. “

An example of data mining can be seen in the advertisements that pop up on the side of your Facebook home page. Such ads are often relevant to the information posted on your “Profile” page, such as advertisements promoting products from your college alma mater.

At the outset, data mining seems like a win-win situation for both the consumer and the seller—the consumer is marketed with a product in which they are seemingly interested and the company has utilized its advertising budget in an informed, cost-effective manner. At the same time, however, the threat of an invasion of privacy is real and has the attention of members of Congress and federal officials to create legislation regulating the way in which, and the extent to which, our personal information is shared with third parties.

Read the rest of this entry »

Pulling the Plug on Cyberbullies: Should Schools be Responsible for Sticks and Stones Thrown in Cyberspace?

His name is Ghyslain Raza, but you may know of him as “Star Wars Kid”, a portly 15-year-old student at a Quebec private high school who had filmed himself wielding a mock light saber, pretending to be a Star Wars character in combat. The two-minute video was supposed to be private, but he left it lying around at his school where three students, who did not know the teenager, came across the video, posted it on the Internet on April 14, 2003, adding a message inviting people to make insulting remarks about the clip.

Unfortunately for him, it wasn’t just his friends who found the footage so amusing. The video went ‘viral’. One Web log that posted the video was allegedly downloaded 1.1 million times, and by October 2004 one Internet site dedicated to the video had recorded 76 million visits. According to UK marketing firm The Viral Factory, it became the most downloaded video of 2006. So mortified was the teenager that he dropped out of school and finished the semester at a psychiatric ward. According to the student, “It was simply unbearable, totally. It was impossible to attend class.” More than 35 other revised versions of the video clip, created by other people, have found their way to the Internet, with additional sound and visual effects.

This is an extreme but far from unique example of the devastation wrought by cyber-bullying, the term given to internet conduct in which students harass other students by e-mail and on the internet. Given the potentially devastating consequences of cyberbullying, should schools have the power to discipline their students engaging in this form of harmful conduct?

A major issue confronting school boards is that cyberbullying usually does not take place at school, although its effects can later reverberate among students during school hours. Students may post offensive material from home, or other times outside of school hours, but the targets are fellow classmates. Is it appropriate for a school board to discipline a student for posting such material simply because the postings are being accessed by other students at school or target other students? At the same time, with power comes responsibility – if school boards have the power to discipline students for their behavior outside of school, are schools then to be mandated with the responsibility to essentially monitor and censor the world-wide web? Just how far should a school board’s jurisdiction extend regarding inappropriate off-school student e-conduct?

Read the rest of this entry »

Does the Internet Create Unfair Jury Trials?

Jurors are not supposed to look at media coverage of the case during a trial since their verdicts are supposed to based on the evidence presented in a trial, rather than media reports. But can they really resist taking a sneak peek on the Internet?

In February of 2010, the U.K.’s Ministry of Justice released a very interesting report, titled “Are Juries Fair?“, by Professor Cheryl Thomas. Among other things, the study examined jurors’ use of the Internet to look up information about their cases in both long, high profile cases and standard cases lasting less than two weeks, with little media coverage. The report found:

  • All jurors who looked for information about their case during the trial looked for it on the Internet, as opposed to television, newspapers or some other source. (Well, okay, so this one wasn’t exactly a big surprise…).
  • More jurors said they “saw” information on the Internet than admitted to “looking for it” on the Internet. Since they were doing something that a judge should have told them that they were not supposed to do, this may explain why jurors were more likely to say the saw reports on the Internet than said they looked for it. (See? Lawyers aren’t the only people in the courtroom who resort to semantics….). But just what are the figures?

Read the rest of this entry »

But I’m Innocent, I Swear! This Website Proves It!

Who would have thought a comment as innocent as “Just walked into work at Cozen O’Connor-Toronto…so much work to get done” could potentially cause you so much trouble?

I came across an article this weekend by Tracy Staedter, titled “I’m Not Home: Please Rob Me”. Ready to become paranoid? Read the article – it’s short and to the point. Ever send out Evites? How about prior tweets, MySpace posts, etc. inviting people to your place and including an address? Bingo! Better pack up and move quick!

The website causing havoc is www.PleaseRobMe.com. Check it out…make sure you aren’t on the site…then check again after every time you tweet, post, etc. Do you have the time to constantly check? Probably not. Should you? Probably. It may make you paranoid, but then again, shouldn’t you be? But should the creators of the website be blamed – legally, morally, ethically? Should they be held accountable for what you put out into the public realm? Can you sue for violation of your privacy rights? Do you really have an expectation of privacy in any of those posts? In an age where MySpace, Friendster and other social networking sites regularly have their records subpoenaed, why should anyone think that anything they post will be “private”? What piqued my curiosity even more was how this website could apply in the criminal or tort law application. Can this website be used to substantiate or corroborate an accused’s alibi – “Your Honor, look! I have proof that I wasn’t in the city when the crime occurred…I tweeted that I would be in Los Angeles!” Look, my knowledge of Canadian (or U.S., for that matter) Criminal Law/Procedure does not extend further than the 800 or so pages of textbooks I read while in law school. But surely this website can be put to more use than just what the creators intended. So long as a proper foundation is laid, and the purported evidence is relevant, it may be admitted, right? Something to definitely consider as a defense attorney.

The creators of the website claim the site is supposed to help us…to open our eyes to the evil out in the world. Call me crazy, but perhaps a simple email addressed to me would have been more appreciated…though it leaves one wondering if such a logical course of action would have been as effective.

PDF Creator    Send article as PDF   

Does The World Need A U.N. Sponsored Cyber Peace Treaty? One Diplomat Emphatically Says Yes… As the U.S. Gears Up For A Cyberwar

As the cyber war of words heats up between the U.S. and China, the rest of the world is taking notice….and proposing action.

Most recently, the head of the United Nations’ communication and technology agency, Secretary General Hamadoun Toure of the International Telecommunications Union, proposed a treaty whereby member countries agree not to precipitate a cyber attack against other member countries. “The framework would look like a peace treaty before a war,” he is reported to have said.

Secretary Toure’s proposal follows a series of concerns expressed at last month’s World Economic Forum in Davos-Klosters, Switzerland, including a harsh warning that cyber attacks could amount to a declaration of war. According to Secretary Toure, “[a] cyber war would be worse than a tsunami – a catastrophe.” Because of the potential devastating consequences of a cyber war, the Secretary strongly recommended that countries agree not to harbor cyber criminals and “commit themselves not to attack another.” Of course, nothing is quite as simple as that. For example, John Negroponte, the former director of U.S. intelligence, cautioned that intelligence agencies would “express reservations” about such a treaty. Given the breadth and scope of China’s, Russia’s and other countries’ intelligence operations and their reported limits on information disclosures, Mr. Negroponte’s remarks likely would be echoed by other nations.

Read the rest of this entry »

Cloud Computing: What Every Underwriter Should Know. And Why They Should Care. Now. Today. This Minute.

j0284068Emailing. Instant messaging. Texting. On-line gaming. Ten years ago, even five years ago, such words and concepts were alien to the typical luddite. Now, these terms are not just parts of the common parlance; a vast majority of us actually use these resources on a daily basis (in some cases, with our childrens’ guidance and assistance).

Consider, then, the relatively new concept of “cloud computing.” In lay terms, cloud computing is the on-line or internet-based use of a third-party vendors’ or service providers’ off-site (and hopefully secure) servers for data storage and/or management. Hotmail, Facebook, LinkedIn, YouTube and Google all use cloud computing to serve their members, often at no cost. At the same time, there are a growing number of vendors (like Apple) which “host” or “back-up” at-home and business computer systems by storing a consumer’s data or facilitating their use of cost-effective business solutions for a monthly or annual fee. Users typically do not have to incur fixed costs or purchase hardware or even software programs. All they need is access to a computer and the internet. And with that, voila! Cloud computing is just a click away.

Needless to say, the advent of cloud computing has opened up a world of opportunity for entrepreneurial software developers, hardware providers, and data storage companies around the globe. At the same time, it has created new business segments with a keen need for insurance products. Cyber insurance. Tech insurance. Property/All-Risk insurance. Business Interruption insurance. Professional Services/E&O insurance. Fidelity/Crime insurance. And, in some cases, personal injury/advertising injury coverage.

The potential third-party exposures are endless. Consider, for example, the legal (and regulatory) implications (and concomitant need for insurance) when an unauthorized user hacks into a “cloud” database storing personally identifiable or proprietary business information. Or think about the possibility of liability for a software developer or data storage vendor who has a customer that uses the cloud to host viruses or illegal content. Or who simply release information about their clients to marketers, advertisers or other third-parties without considering the impact or legal ramifications of their doing so. And how about power outages or other crises or service interruptions that prevent customers from accessing their accounts or critical business information that may be the key to closing an all-important business deal (resulting in privacy claims, claims of lost income, lost profits and business interruption expense and other alleged third-party injury).

So too, first-party cyber/tech risks are well known in other contexts and would apply with equal force and effect to cloud computing. The threat of service interruptions, data corruption and the like all necessitate the need for insurance.

The bottom line, as always, is that underwriters need to constantly stay ahead of the curve and tailor their products (and marketing strategies) to address the ever-changing landscape of new and innovative technology resources. Today cloud computing. Tomorrow? Ask me tomorrow night….


Fax Online    Send article as PDF   

Facebook Subpoena Information – Here It Is!

facebook_picSo you want to get production of documents from Facebook to assist you in your civil case. How do you go about it? We asked and Facebook answered.

Well, first off, you are going to need a court order (subpoena) to obtain the information. In the U.S., Facebook users’ data is protected by the Electronic Communications Privacy Act (“ECPA”). See 18 USC section 2701 et. seq. ECPA is a federal statute that prohibits Facebook from producing any “content” without notarized user consent or a Search Warrant. Facebook’s Law Enforcement Response Team has advised that, with regard to civil matters:

  • State Court Subpoenas must issue from a court within California or must be issued pursuant to the proper California court commission.
  • Federal Civil Subpoenas seeking the production of documents must issue from the court in the district where the production is to be made.

The subpoena should be sent to subpoena@facebook.com or faxed to 650-644-3229.

Facebook states that it requires a $150 processing fee per User ID. Checks can be made payable to Facebook, Inc. and can be sent to the attention of Facebook Security at 1601 S. California Ave., Palo Alto, CA, 94304, bearing the name and number of the case for which the fees are paid.

In addition to a valid subpoena, Facebook advises that as much of the following information as possible should be provided in order to expedite a request:

  • Your full contact information (name, physical address, phone and email)
  • Response date due (please allow 2-4 weeks for processing)
  • Full name of user(s)
  • Full URL to Facebook profile
  • School/networks
  • Birth date
  • Known email addresses
  • IM account ID
  • Phone numbers
  • Address
  • Period of activity (specific dates will more likely expedite your request)

It takes Facebook approximately 2-4 weeks to respond to questions from law enforcement agencies or legal representaives about the status of these requests. If Facebook is informed and has a good faith belief that the matter is an emergency regarding potential threat of serious bodily harm or threat to life (see Title 18 United States Code section 2702(b)), they generally respond within 24 hours.

Facebook advises that if you are not a member of a Law Enforcement Agency or Legal Department, you will have to contact Facebook through their Help Page or have your local law enforcement or legal representative contact them. Some other helpful Facebook links are as follows:

Facebook Help Page: http://www.facebook.com/help

Facebook Terms of Use: http://www.facebook.com/terms.php

Hacked/Phished Facebook Account: http://www.facebook.com/security

Facebook Safety: http://www.facebook.com/safety

PDF Converter    Send article as PDF