The CAN-SPAM Act is the federal act that preempts state anti-spam laws. In response to this federal statute, California, and many other states have passed similar anti-spam laws. Do you have a new company that needs to market to a broader community? Will your company create an email list to reach out to new users, customers, or clients? Then you should be aware of the federal and state laws and how they can create liability.

What is the CAN-SPAM Act?

The CAN-SPAM Act mostly focuses on unsolicited commercial email. It stands for Controlling the Assault of Non-Solicited Pornography and Marketing. This federal law prohibits any commercial email that is fraudulent or deceptive and requires all email messages to include an opt-out option for the recipients. Although, the law is focused on companies that disguise the source or purpose of the email, the impetus for passing the bill was the growing cost problem for those receiving mass amounts of emails such as non-profit companies, educational facilities, and other businesses with limited server space. However, this law “only provides a private cause of action to internet service providers that have been adversely affected by prohibited commercial e-mails, and does not extend a cause of action to the recipients of such e-mails.” See Hypertouch, Inc. v. ValueClick, Inc., 192 Cal. App. 4th 805, 123 Cal. Rptr. 3d 8 (2011). Therefore, it is up to the states to determine whether individual recipients of spam can bring suit against companies or individuals.

There has been a surge of new laws and regulations passed by governments to implement security and privacy measures for companies storing information in the cloud. This surge is due to recent security breaches and the realization of how much information can be compromised. Information stored in the cloud ranges from personal information to confidential government intelligence. Although, the most publicized breaches may be of celebrity’s compromising photographs, many other breaches of medical insurance companies and credit card accounts have affected the public. It is only natural that a set of new privacy and security laws are drafted both internationally and domestically as the use of cloud computing technology expands.

What are some of the international laws?

In general, each country has been forming its own laws governing privacy and security of information. For example, Australia, Canada, Japan, and Korea have comprehensive privacy regimes without onerous registration requirements. Also, organizations, such as the Cloud Security Alliance (CSA) and Information Technology & Innovation Foundation (ITIF) are trying to assist in finding a clear set of widely-accepted security procedures that will lead to a more consistent set of policies for companies to follow when storing information. Until this is accomplished, companies have to assess the laws and regulations of countries that may affect them. Companies then have to decide the best security and privacy measures to protect them from liability.

In 2011, Congress proposed two relatively similar bills—House of Representatives’ Stop Online Piracy Act (SOPA) and Senate’s Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PIPA)—that legislators and lobbyists hailed as providing important protections against piracy and counterfeiting online. Yet, this apparently strong support was quickly withdrawn when a massive online protest in January 2012 sparked intense and ultimately fatal opposition to the bills.

Despite the strong public disapproval and lack of Congressional support, in July 2014 the Intellectual Property Law (IPL) Section of the ABA issued a white paper proposing that Congress enact legislation allowing essentially the same private copyright infringement suits against allegedly infringing foreign websites as those provided for in SOPA and PIPA, and suggesting that those protections be extended to trademarks as well.

How Does the ABA’s Proposal Differ From Previously Rejected Legislation?

Since the goal of brand management is to optimize the market’s perception of a brand, it follows that effective brand management requires establishing and maintaining a relationship with the target market. Recently, much of relationship development has been accomplished through social media. Although, brand awareness can expand with social media, but companies should be skeptical towards third-party statements regarding their brand.  In fact, legal recourse is available against third parties who engage in trade libel, defamation, and trademark or copyright infringements.

How Can Trademark Misuse Occur on Social Media?

Considering the risk that a negative criticism of a brand on social media will quickly harm the brand’s reputation, it is important for a company to be aware of the types of trademark misuse or infringement. The line between constitutionally-protected free speech and violations can be blurry. For instance, a social media username may be confused with an official brand account, either coincidentally or by imposters (i.e., posing as an employee or someone sponsored by the brand). Further, user statements may improperly dilute a trademark under the Federal Trademark Dilution Act through blurring (i.e., associating a mark with other goods/services) or tarnishment (i.e., associating a mark with substandard goods/services).

Crowdfunding involves a large number of people contributing small amounts of money to finance a business venture, typically an early-stage startup company. Over the past several years, online crowdfunding platforms have become a popular tool for new businesses and entrepreneurs to market inventions, generate revenue, and increase customer base. While improving accessibility to funding offers a significant economic advantage, crowdfunders should be careful not to release too much information before legally protecting an original idea.

What Are the Legal Risks in Crowdfunding?

The major legal risks in crowdfunding stem from crowdfunders launching campaigns before adequately identifying and protecting intellectual property (IP). This inadequate IP protection may allow ideas and inventions to be copied or stolen without legal repercussions. The risk of unprotected IP is magnified by various public disclosure requirements mandated by online crowdfunding platforms. Specifically, popular crowdfunding websites like Kickstarter require detailed disclosures of how a particular invention or product works—beyond a simple prototype—before a campaign is posted. Moreover, sophisticated predators are constantly searching crowdfunding websites for unprotected ideas.

With technological advances rendering complex cellular devices increasingly affordable, the majority of the world population is now using smartphones. Further, applications that employ global positioning system (GPS) tracking allow these worldwide smartphone users to take advantage of location-specific information and social networking. In addition, GPS technologies have aided law enforcement agencies in gathering evidence during criminal investigations. However, this convenience, and potential for enhanced public safety, brings the risk of sacrificing the privacy guaranteed to U.S. citizens by the Fourth Amendment protection against unreasonable searches and seizures.

In particular, courts have been concerned with whether a warrant should be required for the government to search cell phones to obtain location data. The statistics regarding police cell phone tracking practices—compiled in an American Civil Liberties Union (ACLU) report—convey the extent and significance of this issue. Of the hundreds of local law enforcement offices surveyed throughout the nation, nearly 95% reported tracking suspects via cell phone GPS data such as international calls, text messages, and emails. Although, some jurisdictions required a search warrant before engaging in this type of GPS tracking, however, some did not.  In any event, the applicable legal standards lacked consistency or clarity.

What are the Legal Concerns?

The recreational use of drones, or unmanned aerial vehicles (UAV), has become increasingly popular in the United States. While such use has gone largely unregulated due to the unlikeliness that these drones will obstruct air traffic, commercial and governmental use of drones—especially larger drones—has sparked safety and privacy concerns leading to attempts at regulation.

What Are the Major Concerns?

With respect to public safety, the primary concern is that drones will collide or otherwise interfere with other aircraft, particularly when flown in congested airspace such airports. The Federal Aviation Administration (FAA) legitimized this concern by admitting the difficulty in policing drone use since they are typically undetectable by radar. Even assuming drone violations were detectable, it would be nearly impossible to track down the device or, more importantly, its operator. In addition, the inability to fully monitor drone use has caused public concern over personal privacy and accountability for breaches.

In an online penny auction, participants purchase bids for a fee, with each bid placed on a particular item increasing the price of the item by a small increment (e.g., one penny) and extending the bidding period for that item by a few seconds. The last participant to place a bid before the bidding period ends pays the website the final price for the item. Unlike traditional online auction websites like eBay, all penny auction participants must pay to play. Thus, it is common for losing bidders to spend significant amounts of money, but receive nothing of value. In this sense, critics have likened penny auctions to gambling.

Are Penny Auctions Considered Gambling?

In general, bid fees are paid to the penny auction website, rather than pooled and awarded to the winner, so a bid is not technically a “bet” or “wager.” As such, existing gambling legislation probably does not apply, so consumers are protected from illegal gambling charges. Moreover, under California law, whether online gambling is an illegal “lottery” depends in part on the degree of chance involved—specifically, whether the game is “dominated by chance.” While penny auctions involve chance, the element of strategic bidding, based on factors like remaining time to bid and expected website traffic, weighs against finding that the auctions constitute illegal lotteries.

The recent cyberattack on Anthem, Inc., one of the largest health insurance companies in the United States, illustrates the persistence and severity of the risk of data breaches. On February 4, 2015, Anthem confirmed that one of its databases had been hacked. The data breach exposed personal information of approximately 80 million Anthem customers and employees—including names, birthdays, member health ID and Social Security numbers, street addresses, telephone numbers, e-mail addresses, and employment information—potentially the most damaging cyberattack to date on a health insurer.

Noting a pattern of medical data thefts from health insurers by foreign intelligence organizations, the FBI concluded that the attack was likely the work of Chinese hackers attempting to gain access to the networks of defense contractors and government workers. Moreover, while hackers have targeted healthcare providers, similar attacks on companies like Target, Sony, JP Morgan Chase, and Home Depot, signify the risk to all types of businesses.

One obvious implication for businesses that fall victim to these attacks—beyond negative press—is the exposure to liability for the resulting invasion on individuals’ privacy. For instance, individuals have already begun filing class action lawsuits for this particular breach, asserting that Anthem should be held responsible given its inadequate security measures—namely, its failure to employ encryption to prevent unauthorized access to their personal information.

Net neutrality refers to the principle that Internet service providers and governments should treat all Internet traffic equally, regardless of the source. Among other implications, net neutrality includes the idea that a website should not be given the option to pay an Internet service provider a premium to speed up its connection at the expense of slowing down the connections for other, non-paying websites. While this concept may seem fair enough, it is more of an ideal than a reflection of reality.

What Are the Applicable Regulations?

Under the Telecommunications Act of 1996, the Federal Communications Commission (FCC) is authorized to regulate “telecommunications services” as common carriers, like public utilities, while “information services” are exempt from utility-like regulation. Historically, broadband Internet service providers have been classified as “information services,” and thus the FCC has not been allowed to regulate the Internet with certain rules that it may legally impose on businesses classified as “telecommunication services.”