See on Scoop.it – Social Media Legal & Regulatory Compliance
Cable says changes could generate £500m – a downgrade from previous estimate (Songwriters slam Government Copyright reforms | @scoopit http://t.co/FlL1oADw)…
See on www.scoop.it
Author: David
I am a the founder of a boutique intellectual property law firm based in Chicago, Illinois. In my role as a trusted advisor, I act as the primary transactional attorney for my clients, reporting directly to a company’s executive staff and/or its General Counsel. I provide advice to business units and executives on copyright, trademark, ecommerce, software/IT, media & entertainment and issues associated with creating and commercializing innovations and creative content, drafting and negotiating contracts and licenses, advising on securities laws and corporate governance and managing outside counsel. My clients frequently rely on me to successfully draft and negotiate complex commercial and intellectual property transactions such as supply/distribution agreements, IP development and license agreements and documentation related to mergers, acquisitions and divestitures.
HHS has provided guidance about methods and approaches to achieve de- identification in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The guidance explains and answers questions regarding the two methods that can be used to satisfy the Privacy Rule‘s de-identification standard: Expert Determination and Safe Harbor1. This guidance is intended to assist covered entities to understand what is de-identification, the general process by which de- identified information is created, and the options available for performing de- identification.
Company Sanctioned for ” History Sniffing”
FTC Settlement Puts an End to “History Sniffing” by Online Advertising Network Charged With Deceptively Gathering Data on Consumers
You know the old adage, the Internet is forever. Well, so is your browsing history, apparently. On December 5, 2012, the FTC announced that an online advertising company agreed to settle Federal Trade Commission charges that it used “history sniffing” to secretly and illegally gather data from millions of consumers about their interest in sensitive medical and financial issues ranging from fertility and incontinence to debt relief and personal bankruptcy.
“Consumers searching the Internet shouldn’t have to worry about whether someone is going to go sniffing through the sensitive, personal details of their browsing history without their knowledge,” said FTC Chairman Jon Leibowitz. “This type of unscrupulous behavior undermines consumers’ confidence, and we won’t tolerate it.”
The defendant, Epic Marketplace shared information with a large advertising network that has a presence on 45,000 websites. Consumers who visited any of the network’s sites received a cookie, which stored information about their online practices including sites they visited and the ads they viewed. The cookies allowed Epic to serve consumers ads targeted to their interests, a practice known as online behavioral advertising.
Mobile Applications (Apps) Continue to Threaten Childrens’ Privacy
Kids’ Data Still Collected, Shared without Parents’ Knowledge, Consent
The Federal Trade Commission issued a new staff report, “Mobile Apps for Kids: Disclosures Still Not Making the Grade,” [PDF here ] examining the privacy disclosures and practices of apps offered for children in the Google Play and Apple App stores. The report details the results of the FTC’s second survey of kids’ mobile apps.
The FTC first surveyed kids’ mobile apps in 2011. Since then there has been little progress toward giving parents the information they need to determine what data is being collected from their children, how it is being shared, or who will have access to it. Many any of the apps examined included interactive features, such as connecting to social media, and sent information from the mobile device to ad networks, analytics companies, or other third parties, without disclosing these practices to parents.
Disturbingly, the shared information included login information across multiple sites, GPs location information and device ID information.
|
The Federal Trade Commission today announced publication of an Interim Final Rule on identity theft “red flags” that narrows the circumstances under which creditors are covered by the Rule. Congress directed the FTC, along with several banking agencies to develop regulations requiring “financial institutions” and “creditors” to develop and implement a written identity theft prevention program. By identifying “red flags” for identity theft in advance, businesses can be better equipped to spot suspicious patterns that may arise — and take steps to prevent potential problems from escalating into a costly episode of identity theft. Under the Rule, Red Flag Programs must have four parts. First, the Program must include reasonable policies and procedures to identify signs – or “red flags” – of identity theft in the day-to-day operations of the business. Second, the Program must be designed to detect the red flags of identity theft identified by the business. Third, the Program must set out the actions the business will take upon detecting red flags. Finally, because identity theft is an ever-changing threat, a business must re-evaluate its Program periodically to reflect new risks from this crime. The agencies promulgated the Red Flags Rule in 2007. In December 2010, Congress enacted legislation narrowing the definition of “creditors” covered by the Rule. The amended Red Flags Rule now provides that a creditor is covered only if, in the ordinary course of business, it regularly:
The Commission is seeking comment on the Interim Final Rule for 60 days. After the expiration of the 60-day comment period and a review of the comments received, the Interim Final Rule will become final. The Commission vote approving issuance of the Federal Register notice announcing the Interim Final Rule was 5-0. The notice will be published in the Register shortly and can be found on the FTC’s Web site as a link to this press release. |
By now most small business owners are aware that Cybersecurity is an issue. But, how much time and capital should be spent on cybersecurity protection? This article discusses three key factors that should play into that decision.
Factor #1 Awareness.
According to some experts, the biggest problem that small business owners face is simply awareness of the risk. This includes awareness by employees as well.
Most data leaks and other security incidents are caused by employees who are either unaware of security protocols or indifferent to them. Regardless of the level of security in your data center or the strength of encrypted communications, the weakest link will almost always be the human beings interacting with the network.
To address this risk, small business owners need to focus on training and awareness for employees. However, company management is usually focused on sales and customer service. Further, owners often lack the time and expertise needed to properly assess security risks. Companies in any industry should look to partner with a third-party security firm to asses risks and develop appropriate training.
Factor #2 Employee Training.
Training is the first line of defense against cyber threats. This training needs to include the entire company, and should cover three key areas: (a) proper password management on all company services and devices, including clear procedures for new and departing employees, as well as day-to-day usage; (b) clear guidelines for the sharing of information with remote employees, partners and third parties; and (c) a plan for monitoring usage and privileges to the company’s digital assets.
Employee training needs to account for how the public will access your company’s products or services. For example, what if a hacker got into a system by pretending to be another user? By rolling out new features slowly, its easier to identify and fix security loopholes.
All stakeholders need awareness of: (a) the type of information you’re transmitting (e.g. payment information), (b) the visibility of information you’re transmitting (e.g. highly-publicized public launch vs. a quiet rollout of some new software), and (c) the level of security inherent in the transmission (e.g. encrypted emails and documents shared via a secure server or data shared publicly through public networks and via social media sites.
Factor #3 Vigilance (Monitoring).
For some companies everything is available and accessed online. Since online relationships are built upon trust, it is critical that the company actively monitor the security and transparency of this relationship. Many tools are available to measure and respond to risk factors and gauge likelihood of an impact to help determine the level of investment required. Resources can be assigned to anything with high likelihood and high impact.
For example, monitoring potentially fraudulent user accounts has an immediate commercial benefit as well as reducing risk.
Unfortunately, a common misconception is that putting up basic defenses like firewalls will protect security vulnerabilities. However, after reinforcing your Cybersecurity defense, the focus should shift to monitoring and alerting. In many cases, this may require up-front investments to enable tracking and alerting to irregularities in network and data activity. Fortunately, in the event of a breach or a loss of data, this monitoring information will be the key factor in addressing the problem and pinpointing the issue. Managers, employees and business partners need to understand that Cybersecurity is an ongoing process. Awareness, training and monitoring will go a long way toward enhancing a small business’ Cybersecurity preparedness.
About the Author:
David M. Adler, Esq. is a partner in the Chicago office of Leavens, Strand, Glover & Adler, LLC, a boutique intellectual property and entertainment law firm in Chicago, Illinois whose mission is providing businesses with a competitive advantage by enabling them to leverage their intangible assets and creative content in order to drive innovation and increase overall business value. The practice is organized around five major substantive areas of law: Intellectual Property Law, Commercial & Finance Law, Entertainment & Media Law, Corporate Law and Contract Law.
Contact us for a free consultation today. Dadler @ lsglegal (dot) com or (866) 734 2568
In today’s business world, web sites are no longer simply a static online presence. Today’s web sites are highly interactive and often make use of content (photos, text, images, videos, etc.) that have bee uploaded by visitors and registered users. With the speed of search engines, social networking platforms and mobile computing technologies, any online problem can quickly have far reaching effects well beyond the initial issue.
In order to ensure that web site operators may make as broad a use of this content as possible and that these web sites do not violate the rights of those whose content has been uploaded, many web site have Terms of Use that contain intellectual property licenses, assignments and indemnifications.
A recent federal District Court in Maryland examined whether the mere act of uploading photographs to a website met the requirements of forming a valid electronic contract sufficient to assign copyrights in the photographs under Section 204(a) of the Copyright Act, which requires assignments to be in writing and signed by the assignor.
In Metro. Reg’l Info. Sys., Inc. v. Am. Home Realty Network, Inc., No. 12-cv-00954 (D. Md. Nov. 13, 2012) the defendant argued plaintiff could not state a claim for infringement on the photographs because the assignments of these photographs to plaintiff were void. Defendant argued that the web site Terms of Use Agreement (“TOU”) and the electronic process in which subscribers assigned copyrights in the photographs to plaintiff did not comply with Section 204(a) of the Copyright Act. The Court disagreed.
The Court first looked at Section 204(a). That section provides that “[a] transfer of copyright ownership, other than by operation of law, is not valid unless an instrument of conveyance, or a note or memorandum of the transfer, is in writing and signed by the owner of the rights conveyed or such owner’s duly authorized agent.” 17 U.S.C. § 204(a). The Court then turned to the Electronic Signatures in Global and National Commerce Act (“E-SIGN”), 15 U.S.C. §§ 7001 et seq., to reject defendant’s argument that the assignments were invalid. E-SIGN provides, in relevant part:
“[n]otwithstanding any statute, regulation, or other rule of law . . . with respect to any transaction in or affecting interstate or foreign commerce–
(1) a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and
(2) a contract relating to such transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation.
15 U.S.C. § 7001(a).
“The term ‘electronic signature’ means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” Id. § 7006(5). The Court concluded that the TOU was clear in its terms and that the electronic process by which subscribers assigned the copyrights in the photographs met E-SIGN and Section 204(a) requirements. Accordingly, the Court held that the assignments were not invalid as a matter of law.
| Cybersecurity Act of 2012 Back, but Same Problems and Questions Remain Heritage.org (blog) Senate majority leader Harry Reid (D–NV) has vowed to bring the Cybersecurity Act of 2012 (CSA) up for a vote in the lame-duck session, and it looks as though the vote could take place this week. |
| US-Canada Integrated Cybersecurity Agenda Bay Area Indymedia Under the guise of cybersecurity, the U.S. and Canada have been individually pushing draconian legislation domestically which would grant government agencies sweeping new powers. The implications would be far reaching and pose a risk to privacy. |
| DHS aims to hire 600 cybersecurity pros — if it can find them CSO November 13, 2012 — CSO — The Obama administration is hoping to make good on its promise to create new jobs — in this case, 600 of them in cybersecurity. |
| The Alarming Trend of Cybersecurity Breaches and Failures in the US … Heritage.org This summer, the Cybersecurity Act of 2012 (CSA) failed to pass the Senate, with Democrats and Republicans alike voting against the bill. The overriding concern was that the regulatory approach of the bill would be ineffective at best and harmful at worst. |
| The Elections and Cybersecurity Network World When President Obama was reelected last week, political pundits quickly turned to speculation and prognostication. Was the president’s reelection tantamount to a mandate? Would the election motivate both parties away from partisanship ? |
| NSA: Looking for a few good cybersecurity professionals Network World Network World – At a time when cyberattacks on America’s critical infrastructure have increased 17-fold (between 2009 and 2011), the need for highly trained cybersecurity professionals is acute. However, 83% of federal hiring managers in a recent … |
| Senate readies for fight over cybersecurity surveillance CNET (blog) has inserted the cybersecurity bill into the Senate’s post-election calendar, and a vote could happen as early as this week after debate on a proposal to open more public land for hunting and fishing. That move has reignited a long-simmering dispute … |
| Governor launches cyber security training program WNEM Saginaw The program offers students and Internet technology professionals a full curriculum of meetings and workshops as well as critical cybersecurity training and awareness tools. The new cyber range serves as a central resource hub and a partner in … |
| Seven 2013 Cybersecurity Predictions from Websense Security Labs Sacramento Bee SAN DIEGO, Nov. 13, 2012 — /PRNewswire/ — From mass compromises of WordPress to a spear-phishing attack on the White House, there is no doubt cybercriminals gained confidence and momentum in 2012. To help organizations prepare for next year, the … |
| Researcher to tackle cyber security for North American power grid SecurityInfoWatch In response, Waterfall Security Solutions has announced a $234,000 donation to Michigan Technological University, in support of Dr. Chee-Wooi Ten’s research into the cyber-security of the North American power grid. Dr. Ten’s research addresses these … |
Experts: State Needs Long-Term Cyber Security Plan
WLTX.com
By TIM SMITH — The Greenville News. A month after state officials learned of a massive data breach at the Department of Revenue, officials are still discussing what security measures to take to protect all of the state’s computer systems.
How Obama’s reelection may spur work on cybersecurity in the United States
The Next Web (blog)
Now that the President’s electoral and popular vote victories are in the books, their various ramifications are still being felt. One key element of the addition of four more years to the President’s legacy is the issue of cybersecurity.
Israel’s HLS 2012 Event Highlights Cyber Security Innovations
Defense Update
The Cyber Security panel taking place in Tel-Aviv this week at the HLS 2012 event is attracting considerable interest on the backdrop of the recent revelations of massive Iranian cyber attacks crippling the networks of Aramco Oil Company in Saudi Arabia.
Cyber security facility launched
Alpena News
YPSILANTI, Mich. (AP) — Michigan Gov. Rick Snyder has announced the opening of a facility designed to help electronic security professionals detect and prevent cyber threats and attacks.
Evolving Cyber Crooks Waiting For That Click
The Borneo Post
On the final day of the three-day Cyber Security Awareness campaign, Mohd Izuddin bin Hj Md Hussin, Learning Solution Specialist from Tech One Global, who delivered a public talk on ‘Protect your Computer, Your Family and Yourself’ at Times Square.
Is Obama’s Cybersecurity Executive Order Imminent?
Of course, there remains the chance that Congress will pass some version of a cybersecurity bill before the president can issue his edict.
Social Media and the Financial Services Industry.
From the Madoff scandal, to the Occupy Wall Street Movement, to Mitt Romney’s tax returns, the financial services sector is accustomed to the scrutiny and ire of the public and government regulators. Therefore it is no surprise that on January 4, 2012, the SEC’s Office of Compliance Inspections and Examinations, in coordination with other SEC staff, including in the Division of Enforcement’s Asset Management Unit and the Division of Investment Management, issued its “Investment Adviser Use of Social Media” paper. The paper begins by observing that although “many firms have policies and procedures within their compliance programs” governing use of social media” there is wide “variation in the form and substance of the policies and procedures.” The staff noted that many firms have multiple overlapping procedures that apply to advertisements, client communications or electronic communications generally, which may or may not specifically include social media use. Such lack of specificity may cause confusion as to what procedures or standards apply to social media use.
The SEC paper suggests that the following factors are relevant to determining the effectiveness of a Social Media compliance program:
- Usage Guidelines
- Content Standards
- Monitoring
- Frequency of Monitoring
- Approval of Content
- Firm Resources
- Criteria for Approving Participation
- Training
- Certification
- Functionality of web sites and updates thereto
- Personal/Professional sites
- Information security
- Enterprise-wide web site content cross collateralization
Similarly, the Financial Industry Regulatory Authority (FINRA) has issued guidance for secutires brokerage firms. According to its web site, FINRA “is the largest independent regulator for all securities firms doing business in the United States.” FINRA protects American investors by ensuring fairness and honesty in the securities industry. In January 2010, FINRA issued Regulatory Notice 10-06, providing guidance on the application of FINRA rules governing communications with the public to social media sites and reminding firms of the recordkeeping, suitability, supervision and content requirements for such communications. Since its publication, firms have raised additional questions regarding the application of the rules. Key take aways from FINRA’s guidance include the flowing:
- Brokerages have supervisory and record keeping obligations based on the content of the communications – whether it is business related – and not the media
- Broker-dealers must track and supervise messages that deal with business
- Firms must have systems in place to supervise and retain interactions with customers, if they are made through personal mobile devices
- A broker must get approval from the firm if she mentions her employer on a social media site
- Pre-approval for instant messages, also known as “unscripted interactions’ in legalese, is not necessary as long as supervisors are informed after the fact
On September 25, 2012, the Federal Trade Commission announced a settlement with seven rent-to-own companies that secretly installed software on rented computers, clandestinely collected information, took pictures of consumers in their homes (WTF?!) and tracked these consumers’ locations.
If you haven’t vomited on your computer from the sickening outrage, you can read the FTC press release here.
Software design firm DesignerWare, LLC licensed software to rent-to-own stores ostensibly to help them track and recover rented computers. The software collected the data that enabled rent-to-own stores, including franchisees of Aaron’s, ColorTyme, and Premier Rental Purchase, to track the location of rented computers without consumers’ knowledge
According to the FTC, the software enabled remote computer disabling if it was stolen, or if the renter failed to make payments. It included an add-on purportedly to help stores locate rented computers and collect late payments. Alarmingly, the software also collected data that allowed the rent-to-own operators to secretly track the location of rented computers, and thus the computers’ users.
When activated, the nefarious feature logged key strokes, captured screen shots and took photographs using a computer’s webcam, according to the FTC. It also presented a fake software program registration screen that tricked consumers into providing their personal contact information.
“An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes,” said Jon Leibowitz, Chairman of the FTC. “The FTC orders today will put an end to their cyber spying.”
“There is no justification for spying on customers. These tactics are offensive invasions of personal privacy,” said Illinois Attorney General Lisa Madigan.
Ping® by AdlerLaw A Legal Blog 