Business, Compliance, cyber risk, data privacy, Internet, Law, Privacy, Regulation, RISK MANAGEMENT, Technology, Uncategorized

Recent Court Decisions Provide Some Clarity in Ever-changing Techlaw Landscape

As every CIO knows, today all business is digital business.  From the corner mom and pop bodega using Square to process credit cards up to Cisco Systems global network of devices supporting Zetabytes of data over an increasing number of devices.

What began as largely static website e-commerce at the turn of the millennium is now every day operations across multiple devices and the many different brands of platform and content delivery network.  In case you missed it, two recent cases will have a wide impact regardless of industry period

Law Enforcement Access To Cell Phone Location Data Requires Warrant

In the case of Carpenter v. United States, the Supreme Court ruled that law enforcement must obtain a warrant to have access to location and other data contained on a suspect’s cell phone.  In case you’re not familiar with the case, the facts in the Carpenter case are worth mentioning. In 2011, the government, conducting a criminal investigation in Detroit, obtained months’ worth of time-stamped records known as cell-site location information (CSLI) for suspects.  Wireless carriers produced CSLI for petitioner Timothy Carpenter’s phone, and the Government was able to obtain 12,898 location points cataloging Carpenter’s movements over 127 days—an average of 101 data points per day.  Carpenter moved to suppress the data, arguing that the Government’s seizure of the records without obtaining a warrant supported by probable cause violated the Fourth Amendment.  The District Court denied the motion, and prosecutors used the records at trial.  Carpenter was convicted, based in part on the cell-site records, and he appealed. holding that the government’s acquisition of historic cell-site location information (HCSLI) – at least to the extent it includes 7 days or more of cell-site records – was a search and thereby required a warrant.

In reversing the conviction, a majority of the Court has recognized that individuals have a reasonable expectation of privacy in the whole of their physical movements and a warrant is required only in the rare case where the suspect has a legitimate privacy interest in records held by a third party.  The Court downplayed the significance of its ruling, calling its decision “a narrow one” that “does not express views on “real-time CSLI” or question the application to … a range of other information-gathering tools, such as security cameras.”

What this means for business.  While pundits are wisely praising the decision as a victory for privacy, I for one, do not believe it applies that broadly. Even so, there is a tangible benefit for corporate counsel at technology companies, especially those that maintain location information about their customers. Lawyers and compliance pros will feel some relief knowing that they do not have to scramble, prevaricate or litigate with law enforcement when a company receives a subpoena or other demand for location data without a warrant attached.

For additional views on this decision, please see an article from the International Association of Privacy Professionals here, and another from the Electronic Frontier Foundation here.

States Can Now Require That Internet Retailers Collect Sales Tax

The other notable decision to come down from the Supreme Court involves the long-simmering issue of state taxation on internet sales.

The decision, in South Dakota v. Wayfair Inc., was a victory for brick-and-mortar businesses that have long complained they are put at a disadvantage by having to charge sales taxes while many online competitors do not. And it was also a victory for states that have said that they are missing out on tens of billions of dollars in annual revenue.

The South Dakota Legislature enacted a law requiring out-of-state sellers to collect and remit sales tax “as if the seller had a physical presence in the State” to address the erosion of its sales tax base causing a corresponding loss of critical funding for state and local services (“Act”).  The Act covers only sellers that, on an annual basis, deliver more than $100,000 of goods or services into the State or engage in 200 or more separate transactions for the delivery of goods or services into the State.  Top online retailers with no employees or real estate in South Dakota who met the Act’s minimum sales or transactions requirement, but do not collect the State’s sales tax opposed the Act. South Dakota filed suit in state court, seeking a declaration that the Act’s requirements are valid and applicable to respondents and an injunction requiring respondents to register for licenses to collect and remit the sales tax. At trial and on appeal, courts held that the Act is unconstitutional.

The ruling effectively overturned a system that it created.  In 1992, the Supreme Court held that the Constitution bars states from requiring businesses to collect sales tax unless they have a substantial connection to the state. That case was Quill Corporation v. North Dakota.  The Quill decision helped pave the way for the growth of online retail by letting companies sell nationwide without navigating the complex patchwork of state and local tax codes.

South Dakota’s attorney general, called the ruling “a big win for South Dakota and Main Streets across America.”  The case should benefit both rural businesses where local businesses have been hit hard by competition from online retailers and municipal coffers as well, because in some states local sales taxes are collected at the state level.  Owners of brick-and-mortar stores like the decision as a means of leveling the playing field because they feel they often missed out on sales of big-ticket items since sales tax could have had an amplified effect on the price.  For consumers, this could mean paying more for products bought online.  Although most have a “use tax” that works like a state sales tax for online purchases, few if any consumers actually pay it.

Since the beginning of my practice in 1999, I suggested businesses take a state-by-state approach when it comes to issues like sales tax, since it can vary widely by jurisdiction.  No business is entirely virtual. All businesses will need to examine their ecommerce strategy to see whether and to what extent this case affects the business model.

Compliance, cyber risk, cybersecurity, data privacy, Law, Technology

David Adler continues focus on Cyber Security Conferences

Soem prior conferences:

Data at Risk: Regulatory and Privacy Concerns in a Data Breach. – Enfuse Conference 2018, Las Vegas, NV, May 23, 2018.

Trends in Cyber-Law 2017– ISACA CSX North America 2017, Washington, DC October 2-4, 2017

The Human Side of IT Acquisitions– Assoc. of Technology Acquisition Professionals CAUCUS IT Procurement Summit, New Orleans, LA, November 7-8, 2017

My topic, Assessing and Responding to Cyber Legal Risk,was chosen for presentation at the 2018 New York State Cyber Security Conference. 

#nyscyber 

Advertising, Contracts, Corporate Law, Entrepreneurs, Internet, Law, Privacy, Start-ups

Technology, Innovation and the Law

In today’s world, business is no longer about simply having an online presence. Digital business is transactional and social across platforms and networks across thew globe. The previous model of one-to-one transactional business relationships has evolved to one that is reciprocal, collaborative and highly interactive.

This new level of engagement is not without risks. As businesses expand into new online areas for marketing and commerce, businesses should be aware of a myriad of laws and risk areas implicated when one conducts business online. Business lawyers must be familiar with Technology Law.

There are a wide variety of services around the most common types of content and businesses need legal disclaimers, protection of intellectual property rights and other ways to limit liability.

Generally, the key areas and issues are:

Trade & Commerce Issues

  • Advertising & Promotions Laws (these vary by state)
  • Affiliate Marketing Agreements/Relationships
  • Federal Regulatory Guidelines
  • Industry Regulations & Guidelines
  • CAN-SPAM Act
  • Online Contracts/Terms of Use (Click-Wrap/Browse-Wrap Agreements)
  • Disclaimers
  • Limits of Liability
  • Sales & Taxation/Clarifying Nexus Confusion
  • Choice of Law/Forum
  • Insurance Law
  • Website Representations and Warranties

Intellectual Property Issues

  • Copyright & Digital Millennium Copyright Act
  • Defamation/Free Speech
  • Trademark Law
  • Unfair Internet Business Practices Such as Domain Name Hijacking & Cybersquatting
  • Anti-cybersquatting Consumer Protection Act
  • Linking/Scraping/Crawling
  • Patent Law
  • Licensing
  • Trade Secrets

Privacy & Security Issues

  • Credit Cards / Transaction Processing
  • E-Payment and Credit Card Security/Privacy
  • Children’s Online Privacy Protection Act
  • Data Breach Notification Laws
  • Data Privacy Laws

Human Resources & Employment Issues

  • BYOD & Computer Usage Guidelines for Employees
  • Employment and Labor Laws
  • Social Media Guidelines for Employees

We look forward to the opportunity to discuss any questions you may have regarding the range of business, technology and intellectual property services we offer. Our law office is based in Chicago, Illinois. Please feel free to call us at (866) 734-2568 should you have any questions.

Advertising, Compliance, Influencer Marketing, Marketing

Tips for a Successful & Legal Influencer Marketing Campaign

On September 25, 2017, I gave a presentation at Influencer Marketing Days in NY on how to avoid unnecessary legal risks when using Influencer Marketing.

As most marketing professionals know, media consumption is moving from traditional outlets to other platforms. Explosive growth for social media and declining TV viewership means that advertising dollars are migrating with the eyeballs.  As a result, brands are turning to “influencers,”  celebrities, paid spokespersons and even consumers  who credibility enables them to affect attitudes and purchasing decisions.

Due to popularity and reach of platforms like Instagram, Snapchat, YouTube and even a resurgent Twitter, brands are partnering with these influencers to help the grow through views, impressions and “likes.” Online advertising is an active legal enforcement area and influencer marketing presents potential legal issues.

Since most lawsuits focus on consumer awareness (or lack thereof), legal compliance requires appropriate and adequate disclosures. The presentation focused on when disclosures are required and what constitutes adequate disclosure.

Understanding the “rules of the road” will help you navigate your influencer marketing campaign or program.  Some rules prohibit certain activities while other rules require affirmative actions to be compliant.

Contact us info @ adler-law.com to get a copy of the full presentation.

Cloud, Data, Law, Security, Technology

David Adler takes center stage in Washington D.C. at ISACA #CSXNA 2017

Trends in Cyber Law
ISACA CSXNA 2017 CYBER LAW

Adler’s topic was Trends in Cyber-Law 2017.

Cyber-Law “governs the digital dissemination of both (digitalized) information and software and legal aspects of information technology more broadly, including information security and electronic commerce. Cyber law  is a term that encapsulates the legal issues related to use of the Internet. It is less a distinct field of law than intellectual property or contract law, as it is a domain covering many areas of law and regulation, such as internet access and usage, privacy, freedom of expression, and jurisdiction.”

Despite the variety of subjects, most legal trends for 2017 are in 5 key areas: Data Sovereignty, Cyber Conflict, Civil Liberties, IoT and Cloud.

The full presentation slide deck is available here.

CSX2017 Trends in Cyberlaw 2017 Adler (Read-Only)

Intellectual Property rights (copyright, patent, trademark, trade secrets) and information technology systems each play a crucial role in business competitiveness. In order to realize the full potential of a company’s intangible business assets, it is necessary to be able to identify, locate and safeguard their disclosure and use. Cyber Security plays a crucial role in managing these internal and external business and legal risks. This “Hot Topics” discussion is a snapshot of developments in law, policy, regulation and court cases focusing on privacy and civil liberties, identity, cyber-conflict, IoT, standards, corporate structuring and the international technology marketplace.

This session covered:

  • Understanding how developments in smart home devices are creating new cyber security challenges
  • Learning how changes in regulatory agency policies and personnel are creating new privacy risks and opportunities
  • Identifying new legal cases affecting business operations
  • Recognizing new business and legal risks in relationships with customers and vendors and how to implement changes to mitigate such risks

For more information contact us here:

www.adler-law.com (866) 734-2568

Advertising, Branding, Business, Chicago, Contracts, Copyright, Creative Content, Ecommerce, Entrepreneurs, Infringement, interior design, Internet, Law, Litigation, Marketing, Ownership, Photography, Pinterest, Platforms, Restrictive Covenants, Small Business, Start-ups, Strategy, Trademarks, Twitter, Uncategorized

Advanced Issues in Contracts for Interior Designers

Every business transaction is governed by contract law, even if the parties don’t realize it. Despite the overwhelming role it plays in our lives, contract law can be incredibly difficult to understand.

Successful Interior Designers know how to manage the legal needs of the business while bringing a creative vision to life for a client or project. Confusion about rights, obligations, and remedies when things go wrong can strain and even ruin an otherwise promising professional relationship.

This program teaches new designers and entrepreneurs answers to some basic questions, such as:

  • What to do when clients / vendors / contractors don’t pay?
  • How can one use Indemnifications, Disclaimers and Limitations of Liability clauses to balance business risk when the parties may not be economically balanced?
  • What types of remedies are available and what are the limitations in scope for certain types of monetary and “equitable” remedies?

Take a deeper dive into advanced issues for interior design professionals. Learn how contracts can protect your design business and how to safeguard your rights.

Qualifies for .1 CEU credit.

This program was originally delivered on Aug. 17, 2017 at the Design Center at theMART 14th Floor Conference Center, 222 Merchandise Mart Plaza, Chicago, IL 60654

Uncategorized

ICYMI – Cyber Security & Forensics “Data At Risk” 2017

In case you missed this year’s ForenSecure Conference on Cyber Security and Data Forensics, there is a link below to my presentation. To give you an idea how fast the law is changing in these areas, you need look no further than the state of New Mexico. New Mexico joined 47 other states when it passed its own state data breach notification law in April 2017.

Other notable and recent observations:

  • On March 7, 2017, the CIA got doxed by the anti-secrecy organization WikiLeaks. Nearly 9,000 documents appeared online.
  • In 2016, 106 major healthcare data breaches were attributed to hackers.
  • Financial Services – Third overall security incidents, but first in number of incidents w/confirmed loss.
  • University of Central Florida announced a data breach affected approximately 63,000 current and former students, faculty, and staff.
  • Yahoo – general counsel resigned and the CEO lost 2016 cash payout as well as 2017 equity award.

See the full presentation with notes here:

Forensecure 2017 Data At Risk

Advertising, Affiliate Marketing, Branding, Content Development, Copyright, Creative Content, Facebook, FTC, Healthcare, Internet, Marketing, Media, mHealth, Regulatory Compliance, Social Media, Strategy, Technology

TRENDS IN DIGITAL MARKETING

Digital Healthcare Continues to Evolve

Widespread distribution of digital communications technology (phone, tablets, ultra-portable laptops, gaming devices) has changed the nature of marketing. However, medical practices and other healthcare providers are reluctant to use digital marketing techniques. While most industries move away from the distribution of massive, shotgun-style email and snail-mail campaigns and toward targeted, social media and demographic-driven efforts healthcare marketing is falling behind.

Digital marketing execs face many challenges getting the message and media mix right. Early adopters provide a look into the changing nature of marketing. From a pragmatic perspective, there are barriers to entry for digital healthcare marketing efforts (privacy, regulatory), the growing use of content marketing (native, branded), social marketing, and electronic marketing strategies (email marketing, online scheduling, etc.) in the healthcare field and customer-oriented services that can be a strategic use of the Internet for marketing to providers, patients and third-party service providers.

The evolution of healthcare marketing toward greater use of “native,” sharable and relevant content provides both obstacles and opportunities in acquisition and use of third-party media content.

Use of content marketing is increasing.

On average, 35% of all marketers use print magazines, but 47% of healthcare marketers use them. In print, 28% of marketers use print newsletters compared to 43% of healthcare marketers, and 26% of marketers use print for annual reporting compared to 36% in healthcare. When it comes to using blogs, 74% of all marketers use blogs compared to only 58% in the healthcare industry. The situation is similar for social networks, with an interesting exception – 71% of healthcare marketers make use of YouTube, more than the average of 63%. This is likely because healthcare professionals use YouTube to televise procedures and interview doctors.

By now marketers should be accustomed to using their own creative content. However, focusing on owned assets like a website and email won’t move the needle enough to impact the bottom line. As a result, healthcare marketers are integrating new content (in the form or “advertorials” or “native” content). This in turn is developed alongside a long-term SEO strategy.

Native advertising distributes “sponsored” content on relevant pages, delivering relevant content to the right audience in a way that is non-intrusive and integrates with the user experience.

Native Content often involves use of product/service reviews and endorsements. It is important to include proper disclosures when using native content. The FTC will initiate enforcement actions against marketers that deceive consumers.

In the Matter of Son Le and Bao Le, the FTC charged that the two brothers deceived consumers by directing them to review websites that claimed to be independent but were not, and by failing to disclose that one of the brothers posted online product endorsements without disclosing his financial interest in the sale of the products.

Uncategorized

Cybersecurity is one of the top risks organizations must manage in 2017

This article first appeared in THE LEGAL SIDE OF TECH on CIO.com here.

Recent high-profile data breaches highlight the challenges in understanding how laws apply to a wide variety of information management scenarios and a host of other regulatory, compliance and legal issues.

Cybersecurity and privacy continue to make headlines. Experts have more questions than answers addressing risk management concerns in the evolving cybersecurity market.

High-profile data breach incidents

On March 7, 2017, the CIA got doxed by the anti-secrecy organization WikiLeaks. Nearly 9,000 documents appeared online showing the CIA sought to observe conversations, online browsing habits and other activities by infiltrating the systems that contained them, such as Apple and Android smartphones, laptops, TVs and even cars. The government is not alone.

Nearly every industry that handles sensitive data has been breached recently:

  • Healthcare: ransomware attacks are projected to rise 250%, and hackers were responsible for 106 major healthcare data breaches in 2016.
  • Financial services: Despite ranking only third in volume of security incidents, the financial services industry came in first in number of incidents leading to confirmed data losses.
  • Insurance: Risk is twofold in this market, because insurers are not only targets of hackers, they’re also providers of coverage to victims.
  • Education: At the beginning of February 2016, the University of Central Florida announced a data breach had affected approximately 63,000 current and former students, faculty and staff.

Third-party vendor risk

Third-party vendors remain a growing source of concern. Companies are well-advised to look beyond their own cybersecurity policies and standards to the potentially bigger risk that arises from giving third-party vendors direct access into their systems. Indeed, low-tech threats like errors by vendors’ employees represent an often-overlooked danger to company data security. Newer technology trends such as enterprise-level SaaS provisioning and cloud data storage and processing offer new possibilities and perils alike.

Given the inevitability of cybersecurity breaches, companies are increasingly looking to insurers to offset the losses they are likely to face after suffering an attack. However, because the cyber insurance market is young and growing rapidly, the scope and availability of policies is still fluid. Companies should carefully review the specifics and limits of coverage. According to one source, most questions right now are focused on coverage for business interruptions and losses related to fraudulent transactions.

Smaller companies may face even bigger challenges. Few small companies have the staff or the resources to actively manage cybersecurity risk, and many assume that their business risks are small. Despite their smaller size, these businesses will incur the same level of breach-related costs as larger companies.

Uncategorized

U.S. Supreme Court Protects Varsity Brands Uniform Designs

By now it’s hard to say anything new about the U.S. Supreme Court victory of Varsity Brands in the STAR ATHLETICA, L.L.C. v. VARSITY BRANDS, INC. copyright infringement lawsuit.

If you don’t know the case it’s fairly straightforward: Varsity Brands has over 200 copyright registrations for two- dimensional designs (lines, chevrons, and colorful shapes) used on the surface of the cheerleading uniforms that they design, make, and sell. Varsity sued Star Athletica, who also markets cheerleading uniforms, for copyright infringement. Star won in District Court on theory that the designs were ineligible for copyright protection. Varsity won on appeal to the Sixth Circuit who held the graphics could be “identified separately” and were “capable of existing independently” of the uniforms qualifying for protection under the U.S. Copyright Act.

Justice Thomas writing for the Court held: “an artistic feature of the design of a useful article is eligible for copyright protection if the feature (1) can be perceived as a two- or three-dimensional work of art separate from the useful article and (2) would qualify as a protectable pictorial, graphic, or sculptural work either on its own or in some other medium if imagined separately from the useful article.”

What seems plain and simple on its face may prove otherwise. The Star Athletica decision is simply the jumping-off point for future controversies regarding the existence and scope of protection for fashion designs and concepts. While the Court does note the commercial aspect of the situation, “two- dimensional designs—consisting of various lines, chevrons, and colorful shapes—appearing on the surface of the cheerleading uniforms that they design, make, and sell,” little is made of this fact elsewhere in the opinion. Given the $2.4 Trillion global value of the Fashion Industry, I suspect the case will form the basis of many IP enforcement cases soon to come.