Posted on

Global Forum Shopping in Defamation Cases Gets More Difficult

In a decision of potentially great import, the UK’s top court sided with a European newspaper (The Wall Street Journal Europe) in a defamation case. Until now, British libel laws had been among the most plaintiff-friendly of any jurisdiction in the world, in part based on a 2001 libel decision known as Reynolds vs. Times Newspapers Ltd. that was intended to protect serious investigative journalism on matters of public concern.

It is expected the ruling will now allow the media in the United Kingdom to better defend against libel actions by asserting reports were in the public interest, involving responsible journalism, protections similar to those of the U.S. media under the First Amendment of the Constitution of the United States. The High Court articulated the new standard for such decisions as being “whether the defendant behaved fairly and responsibly in gathering and publishing the information.” If journalists and editors behave responsibly and the news story is of public importance and relevance, the fact that there are defamatory allegations against prominent people in the report, does not, in and of itself, permit damages for libel.

Posted on

Disclosures, Decency and Data Security

For the record, privacy, data protection, information security and international law have officially converged with management, compliance and marketing. More than 30 U.S. states have now passed legislation in one form or another that requires businesses to notify consumers if an actual or potential breach of data security may lead to the compromise of personally identifiable information. This comes on the heels of several years of the government tightening its own policies regarding data security breaches and instances of compromised security.

Recently, the Office of Management & Budget, which oversees U.S. federal agencies, announced a tougher policy for government, requiring agencies to follow the security procedures checklist prepared by the National Institute of Standards and Technology (“NIST”) to protect data. An internal OMB memo recommends that data on mobile computers and devices carrying agency data be encrypted, and suggests two-factor authentication (one being separated from the actual computer obtaining access to the data).

As noted in prior issues of Legal Bytes, requirements and compliance obligations for commercial enterprises doing business across state lines and national boundaries vary, although many have common themes. If you are concerned—and you should be—contact us. We can help you sort out your current compliance obligations and help you keep track of the changing privacy and data protection landscape, both domestically and internationally. Even if you choose not to inject your views into the regulatory process, you must keep abreast of developments or risk action by consumers and regulators.

Continue reading “Disclosures, Decency and Data Security”

Posted on

Web Videos Test the Limits of Feeds, Uploads & Time-Shifting

Web-based videos, through links, feeds or user uploads, are generating significant legal and commercial interest these days. Advertisers are also quick to recognize the potential “buzz” marketing opportunities enabled by the use of the Internet and digital audiovisual technology. User-generated content draws consumers to websites, powerful magnets for advertising messages targeted to those consumers. But beware: Simply because a consumer creates the content, doesn’t mean it is immune from standard legal tests for advertising, endorsements, publicity and product liability.

A lawsuit has recently been filed against one online video-sharing network—Veoh—alleging it allowed video works owned by an adult entertainment company to be viewed through Veoh’s website without authorization. The claims of copyright infringement could be an important test of how the courts view sites that enable sharing or feeds of audiovisual works. Although there are a growing number of popular user-generated content sites such as IFILM, YouTube, Guba, Yahoo! and Google, these sites often have very different policies and some, but not all, of them review user-generated content before it is posted—either to ensure it meets guidelines or to confirm that the user’s tags are accurate.

Earlier this month, the New York State Consumer Protection Board published an official warning about content available on Google Video, the new Google site for user-generated content. Because videos are uploaded by users, Google Video relies on tags (labels which describe the content) which are input and generated by the users. Since the content is not indexed or catalogued by Google, a search will turn up whatever the user submits—and that is what has irritated the New York authorities. As with many websites that allow user-generated content to be uploaded for viewing, Google warns users about uploading obscene or illegal material or items protected by copyright, but currently has no mechanism for filtering it out.

In a move widely viewed as adding an air of legitimacy to these sites, Warner Bros. agreed to allow Guba to distribute some of its television shows and motion pictures, online. NBC is allegedly planning to make clips of some of its most popular programs available to YouTube to promote its fall programming lineup. NBC’s decision is reportedly coupled with advertising commitments for both companies in broadcast television medium and the Internet. That should come as no surprise since advertising is what is usually at the root of all of these revenue models—a fact that has not escaped broadcast network executives.

Also this month, a number of leading television production and motion picture companies joined forces in filing suit against Cablevision, one of the largest cable television companies in the United States. The action asks the U.S. District Court in New York to declare the time-shifting service Cablevision has announced, but not yet offered, in violation of U.S. copyright law. Cablevision has countered that time-shifting of programming by consumers is legal. Unlike an “on-demand” service which would record everything and replay programs when selected by the consumer, Cablevision intends to offer subscribers a specific amount of allocated storage space on the network. Analogous to an outsourced set-top box or digital video recording device that a consumer might purchase, Cablevision will offer consumers an opportunity to buy storage space and use it to record and play back programs and then erase them to free space for new programs—no different than if the storage medium was sitting in their living rooms. Stay tuned.

Posted on

California Court Takes a Bite Out of Apple

In Apple v. Does (a.k.a. O’Grady v. Superior Court) Apple Computer sought to find the sources of certain leaks and rumors relating to trade secrets associated with an Apple product. Apple wanted to compel an email provider and Web publishers to divulge the information and the California Court of Appeal said “‘no,” ruling that the Stored Communications Act (the “Act”) prohibits these kinds of civil discovery efforts and prohibits Apple from compelling disclosure of the identity of the Websites’ sources. Aside from the holding that such a subpoena is not enforceable under the plain meaning of the Act, a subpoena compelling the disclosure of unpublished information from these particular entities would be unenforceable because of shield protections afforded reporters in California and, under the facts presented to the court, trying to get at these particular sources is protected by a conditional constitutional privilege against compulsory disclosure of confidential sources. If all this sounds like a lot of legal-ease, the bottom line is that Apple was barred from obtaining this type of information.

Posted on

Data Protection/Breach Disclosure Laws

In the news, yet more breaches of data security and the potential disclosure of personally identifiable, non-public information about you. From Wells Fargo to the Veterans Administration, breaches are becoming almost daily news. In response, more and more states are enacting breach disclosure laws requiring companies to notify consumers if there is an actual or potential breach of security compromising (or potentially compromising) your information. Even Congress is getting into the act of considering legislation at the national level. Although not all the definitions are uniform, nor are the requirements identical, most have common themes—but to understand what they are, how they affect you and what obligations you may have, you have to contact me, or you can simply wait for the next issue of Legal Bytes—stay tuned.

Posted on

Why-Fi??

In New York’s Westchester County, legislators are proposing a new law to compel commercial businesses (including home offices) that have an open wireless access point to have the “network gateway server” fitted with a firewall to block intrusions. Under the proposed legislation, not only may “public Internet access” not be provided without a gateway server equipped with a firewall, but any business or home office that stores personal information as well must install a server with a firewall—even if the wireless connection is encrypted and not open to the public. Publicly available Internet access sites would have to post a sign: “You are accessing a network which has been secured with firewall protection. Since such protection does not guarantee the security of your personal information, use discretion.” Come on.

Posted on

Fine Tuning Financial Privacy

This June, the Ninth Circuit, overturning a lower court ruling, held that the Fair Credit Reporting Act (FCRA) does preempt some part of the California Financial Information Privacy Act (aka SB1). The court held that the FCRA does, in fact, preempt state affiliate sharing laws insofar as a “consumer report” is concerned. Where affiliate sharing does not involved a “consumer report” as defined in the FCRA, state laws are not preempted. What this means if you do business in California: (a) SB1 opt-out will not apply when affiliates share consumer report information; (b) SB1 opt-out will apply when affiliates share information that isn’t a consumer report; and (c) SB1 “opt-in” relevant to disclosures of information to non-affiliates will continue to be applicable and enforceable.

Posted on

Adware? Spyware? Aware? Beware? Do You Care?

Intermix Media has reportedly agreed to pay $7.5 million to settle a lawsuit filed by the New York Attorney General, and if true, this represents the largest fine in a consumer online privacy action to date. In addition to agreeing to hire a Chief Privacy Officer, Intermix must agree to stop distributing its adware/spyware and redirect programs which the NYAG alleged were downloaded to consumers’ personal computers with inadequate notice, and then hidden to make it difficult to remove. Besides the annoyance which consumers rail about, often such hidden programs can be part of more elaborate identity theft and security breaches, sometimes without the knowledge of the company that created them. The lawsuit’s primary claims were false advertising and deceptive business practices under New York’s General Business Law statutes.

Posted on

Security Checks Out

OK. You’ve all been reading about the recent security breaches which are exposing sensitive financial and other non-public personally identifiable information to potential disclosure—in some cases actual release and compromise of that information. Well it turns out that in one area—the retailer cases involving Polo (Ralph Lauren), DSW (Shoe Warehouse) and others—are all being traced back to software that merchants use to process credit, charge and debit transactions. The problem, it seems, stems from the fact that the hidden coding that resides on the magnetic strip of our plastic money and that is supposed to authenticate and provide a degree of transactional security in processing payment is being retained by the merchants’ systems, rather than being immediately deleted and cleansed from these systems once the transaction is approved and complete. Hackers, learning of this vulnerability, were quick to attempt to break into these merchant systems and “steal” the codes, in many cases enabling them to create counterfeit plastic and compromise personal information of the cardholder in the process. In one case, BJ’s Wholesale Club is being sued by banks and credit unions because hackers made off with customer’s credit card numbers, and BJ’s has decided to sue IBM, whose software allegedly stored the numbers in computer logs. In legal papers filed in response to the suit, IBM not only claims there is no proof the stolen card numbers came from BJ’s systems, but it also claims that its contract with BJ’s disclaims liability for damages because of security breaches. OK, all of you go check your software contracts. Now.

Posted on

Did Anyone at ChoicePoint Read the February ’04 Issue of Legal Bytes?

Shareholders are suing ChoicePoint and its executives after learning that criminals posing as bona fide businesses were given access to personal data. ChoicePoint maintains databases of background information on almost every citizen in the United States—billions of records. A class-action lawsuit has been filed in California charging that executives withheld information to avoid having the stock price fall when and if the news broke: the share price has since fallen more than 20 percent in a month. The suit claims the executives knew their data protection was inadequate; knew or should have known ChoicePoint was selling data to illegal businesses; and that security breaches had occurred previously, exposing even more people to identity theft.

The security breach was uncovered last October, when law enforcement first contacted ChoicePoint investigating an identity theft. Suspects, posing as a ChoicePoint client, gained access to its consumer databases. As if the class action and drop in share price were not trouble enough, ChoicePoint is under investigation by the FTC inquiring into its compliance with information security laws; is under investigation by the SEC for possible violations by certain executives of the insider trading regulations; and is facing lawsuits arising from violations of the Fair Credit Reporting Act and California state law. Will someone please pick up and read the February 2004 issue of Legal Bytes!?!