In general, online privacy falls under two categories. First, is personal privacy. Second, is corporate privacy. For example, corporate privacy concerns the protection of corporate data (e.g., electronic communications) from retrieval or interception by unauthorized parties. Security is important for the protection of trade secrets, proprietary information, and privileged communications. The failure to maintain confidentiality can result in a loss of “trade secret” status. The relevant law is 18 U.S.C. §§ 1831 et seq. (e.g., economic espionage and theft of trade secrets). Also, the waiver of the attorney-client privilege and work-product protection come into play during litigation.
The Economic Espionage Act was the first federal criminal law protecting trade secrets. It provides penalties such as prison terms of up to 15 years and fines of up to $5,000,000. It expands the trade secret definition by including all types of business and financial information.
Trade secret owners face an unfair position when it comes to online publication of their trade secrets. One option is to obtain preliminary injunctions. However, the Supreme Court has cautioned against using the Prior Restraint Doctrine where its effectiveness would be questionable (e.g., jurisdictional enforceability concerns). The other option are registering patents, trademarks, copyrights or implementing preventive technologies.
What Are Some of the Applicable State Laws?
First, the Anti-Phishing Act of 2005 prohibits “phishing“ – i.e., posing as a legitimate company or government agency in an email, web page, or other internet communication – in order to trick a recipient into revealing his/her personal information.
Second, Business & Professions Code § 22947 prohibits an unauthorized person from knowingly installing or providing software that performs certain functions, such as taking control of the computer or collecting “personally identifiable information” on or to another user’s computer within California.
Third, the Online Privacy Protection Act of 2003 requires operators of commercial websites or online services that collect personal information on California residents through a website to conspicuously post a privacy policy on their website and to comply with it.
Fourth, Government Code § 11015.5 applies to state government agencies when collecting personal information electronically. These agencies must provide certain notices and prior to sharing someone’s information with third parties, they must obtain written consent.
What Are Practical Steps For Avoiding Privacy Violations?
A business should identify, label, and restrict access to confidential information. A business organization should utilize encryption, firewall, usernames/passwords, software detecting trade secret theft, and warnings in privileged correspondence. It should provide computers without hard drives, prohibit use of removable storage (e.g., flash drives), audit employee computers, prohibit and/or monitor external web-based email services, execute confidentiality and non-disclosure agreements, and execute computer-use policies to avoid privacy violations.
What is Geotagging?
Geotagging is the process of embedding geographical identification metadata to a photo, wherein it’s stored in EXIF or XMP formats. The geographic information can include latitude and longitude coordinates. The data can be read by programs that allow a viewer to see where a photo was taken. The geotagged photos can be linked to map services (e.g., Google Maps, Microsoft Virtual Earth, Yahoo Maps). The Federal Communications Commission (“FCC”) regulates collection and disclosure of location information by telecommunications carriers. The California Attorney General has entered into agreements with major App platforms wherein they’ve promised to prompt privacy policies accordingly.
At our law firm, we assist clients in matters related to online privacy. You may contact us in order to setup a free consultation.