2. Technology and the Law….or How you can get into a lot of trouble without even trying How do you identify your risk? What are key areas of growing legal concern? How do you stay current?
3. Identifying Risk: Your Current State What policies and procedures do you have in place? In what areas might you be exposed? Did you write your own policies? Did you plagiarize someone else’s policy? Do you have an attorney? Does that attorney have a specialty in technology? When did you last have your company reviewed and your policies updated? Are you comfortable with your current risk?
4. Employees and Technology Computers Employee surveillance Data Monitoring Discovery Privacy Social media
5. Employer Technology for Employee Use Need definition Employment Contract Employee Handbook Signed Understanding I don’t have employees. I have contractors! Do they use your technology? Are guidelines in your contract? Does a company have the right to the data on an employee’s work computer?
6. Recent cases 2010: Steingartv. Loving Care Agency, Inc. (NJ) 2011: Holmes v. Petrovich Development Company, LLC (CA) At issue: Use of company computers Monitoring/storing user data (emails) Company policy Client-Attorney privilege What should you learn from these cases?
7. Using Technology to Monitor Employees Why? Are you violating privacy? Did you: Intrude upon seclusion Appropriate an employee’s likeness for commercial purposes Publish of private employee matters Disclose medical records Limit to visual images
8. Social Media Assume posts are not private; can be used as evidence Industry regulations Hiring practices: protected classes Potential conflict: “Views are strictly my own” NLRB: Employee protection Complaints about working conditions; especially those that affect co-workers as well what an employee Employees organizing (unions) Company protection What an employee accesses at work What an employee is allowed to post about proprietary company (or client) information CFAA:Is it criminal to access social media sites?
9. Data and E-Discovery E-discovery refers to "electronically stored information” (ESI) Emails, electronic documents, social media, all online activity It does not matter how brief the storage period Federal Rules: term was "intended to be read expansively to include all current and future electronic storage mediums” “Clouds” Social networking sites How do you stay in compliance? Stay informed: general best practices, industry policies Update company retention policies as appropriate Use verified/audited vendors to back up data Consider holding period, access, ownership of data, security1 1http://www.socialmedialawupdate.com/2011/01/articles/ediscovery/ediscovery-rules-applied-to-social-media-what-this-means-in-practical-terms-for-businesses/
10. E-Discovery: Making it complicated Federal vs. state laws Many states have adopted a statute/rules governing e-discovery statute Differing standards across states - document preservation, production of electronically stored information Conflict: companies must dispose of certain records Data privacy laws Failing to comply with e-discovery rules is a serious offense Study of 401 cases prior to 2010; more than half received sanctions1 Sanctions included Case dismissals Adverse jury instructions Large monetary sanctions 1http://www.socialmedialawupdate.com/2011/01/articles/ediscovery/ediscovery-rules-applied-to-social-media-what-this-means-in-practical-terms-for-businesses/ and http://www.abajournal.com/files/DukeLaw.pdf
16. CAN-SPAM: What is it? Protects consumers from unwanted solicitations All messages with promotion as a primary purpose Not limited to unsolicited messages No exception for emails to recipients with whom sender has a pre-existing relationship Additional application: Facebook, MySpace, Twitter Act has a broad definition of an email address Facebook, Inc. v. MaxBounty, Inc. Penalties (listed on FTC site) Each separate email in violation: up to $16,000 More than one person may be held responsible for violations. Aggravated violations: additional fines, criminal penalties – including imprisonment
17. CAN-SPAM: The Do and Don’t List Don’t use false/misleading headers Don’t use deceptive subject lines Do identify the message as an advertisement Do tell recipients where you are located (must be a valid, physical postal address) Do clearly explain to recipients how to “opt out” Do honor “opt out” requests promptly (within 10 business days) Do monitor your vendors; you can’t contract away your liability Do make recipients aware of sexually explicit material Do not “preview” sexually explicit material http://business.ftc.gov/documents/bus61-can-spam-act-compliance-guide-business
18. Stay Current: Changes Coming! Data Privacy PII Third party vendors Employee theft (CFAA), negligence Online advertising FTC revamping guidelines; comment period closes July 11 Paid endorsements New apps and new ways to enforce the law DOL Timekeeping app
19. Creating and identifying opportunities for you to save money, find money and make money Stacy Robin stacyrobin@degania.net @stacyrobin www.deganigroup.com 1.877.334.2642