Published on: | by

On July 11, 2014, the privacy watchdog, Electronic Privacy Information Center (“EPIC”) filed a formal complaint with the Federal Trade Commission (“FTC”) against Facebook. EPIC alleged that Facebook broke the law by secretly monitoring users’ emotions in response to news feeds. The complaint explains that Facebook deceived users through its psychological experiment because the users did not give prior consent to participate in the experiment and they were not aware that an experiment was taking place. EPIC stated that this could also be a violation of the guidelines for experiments involving humans. In a world where social media and online presence dominate interaction, such social experiments threaten to undermine privacy and expose the most personal information to marketing and commercial techniques.

What Was the Nature of Facebook’s Experiments?

Facebook conducted surveys to determine whether seeing positive or negative updates in news feeds impacted users’ emotions and altered their browsing tendencies. It controlled the newsfeed of nearly 700,000 members to study whether positive and negative news reports impacted online behavior. The findings from this study were reported in the Proceedings of the National Academy of Sciences. The issue underlying the EPIC complaint arose because Facebook did not warn users in their Data Use Policy that it would be using their data for research purposes. Other agencies have also threatened to take action against Facebook. The Center for Digital Democracy and regulators in the United Kingdom have stated an intent to file complaints. Indeed, the United Kingdom’s Information Commissioner’s Office intends to address its concerns with Facebook after it reviews the study and its findings. Facebook responded to these allegations by explaining that all users consent to this type of research when they sign up. Representatives did apologize to the public for the misunderstanding.

Continue Reading ›

Published on: | by

The smartphone has brought a world of possibility to the average consumer’s fingertips. Now, this has come to include mobile banking. With fast-paced lifestyles and long lines at the banks, mobile banking has emerged as a thrilling convenience. However, this convenience brings cybersecurity concerns. Therefore, consumers who have turned to mobile banking for their financial needs must protect their financial privacy from cybersecurity breaches.

What Is Mobile Banking?

Mobile banking allows customers to access their financial institutions and conduct transactions through their mobile devices. Initially, this began with SMS Banking, which allowed customers to conduct various financial transactions by sending and accepting SMS messages or “texts.” In its most basic form, mobile banking allows customers to access their bank accounts and check on financial transactions. However, as the systems have progressed, customers can now make bill payments, transfer funds, and monitor deposits. Indeed, customers can now manage their investment portfolios and rearrange their investments through a smartphone or tablet. This has certainly increased everyday conveniences. However, it has also contributed to the speed with which finances can shift. Although, customers can review and monitor their accounts faster and more regularly, this also means greater security threats for the underlying financial information. This expansive access may lead to greater unauthorized breaches.

Continue Reading ›

Published on: | by

In the aftermath of high profile cybersecurity breaches, businesses and consumers are alert to the real dangers of cyber vulnerability. In response, various government agencies have taken up efforts to protect against future breaches. Thus, consumers and businesses must continue to take steps to protect themselves and their private information. Accordingly, the office of California’s Attorney General has issued Cybersecurity Guidelines aimed at reducing the threat of electronic security leaks. Furthermore, these guidelines set the standard that businesses must meet to protect customer privacy.

What Are Attorney General’s Cybersecurity Guidelines?

The Attorney General outlined the basics steps to “minimize cyber vulnerability.”  First, anyone could be a target. Therefore, assume cybersecurity could affect you and take preemptive steps to protect your network.  Also, it is important to know where you store your data. The guidelines are directed towards small to medium-sized firms.  So, they focus on the importance for businesses to know which third parties hold company information. It is important to be familiar with these third-party security measures. If a data storage company is not taking proper steps to protect cybersecurity, it may be time to seek different storage options or take steps to counter the vulnerabilities. Alternatively, if your business stores information on the cloud, make sure to back up information, and store data only with secure entities. The overall point is that in the event of a breach, the level of preparedness will limit the consequences.  Next, encrypt your data as an added measure of security. It is also helpful to include firewall and antivirus protection on all devices.  Additionally, make sure to conduct banking and other financial transactions with reliable vendors.  Especially when dealing with third party financial information, the safety and security of those transactions are vital to ongoing business.  Finally, it is important to note that these guidelines are the minimum requirements. It is not a comprehensive list and companies must take care to implement personalized measures based on their cybersecurity needs.

Continue Reading ›

Published on: | by

In a decision released June 25, 2014, the United States Supreme Court held that law enforcement officials could not search a suspect’s cell phone or electronic devices as part of an arrest. In Riley v. California, the Supreme Court maintained that the officials would need to secure a warrant to look through those devices. This holding is especially monumental because it establishes the country’s highest court’s position that electronic devices enjoy privacy protection under the Constitution. Indeed, the Court notes several times throughout the decision that since electronic devices contain so much of users’ most private data, these devices must enjoy a heightened level of privacy.

At the Law Offices of Salar Atrizadeh, we are fully knowledgeable and experienced in the practice of electronic privacy protection for individuals and businesses. Our office handles all civil matters dealing with violations of cyber privacy. Indeed, by speaking to an attorney, you can take precautionary steps to help protect your privacy and personal data.

How Will Riley v. California Impact Individual Privacy Rights?

Continue Reading ›

Published on: | by

A corporation’s trade secrets are its lifeblood. Indeed, it is through this information that a company generates a profit and maintains its reputation in the industry. A trade secret includes any unique information that carries value. There are both state and federal laws which pertain to trade secrets. Unfortunately, federal laws do not provide strong protections. This has weakened U.S. companies that have fallen victim to international trade secret misappropriation.  In response, since April 2014 the U.S. Senate has been considering the Defend Trade Secrets Act to provide stronger national protection for domestic corporations.  Nonetheless, companies can take steps to establish internal protections for their trade secrets.

A. Trade Secrets Status

A corporation cannot claim a trade secret if it is publicly known information. Most importantly, it must be information that is not available to competitors. For example, the recipe for Coca Cola is a trade secret. In fact, this recipe is arguably the most expensive trade secret in the world. Coca Cola could not claim its recipe as a trade secret if it was readily available to Pepsi.  Any information that a corporation freely provides to customers, trade associations, outside parties, or the general public cannot constitute a trade secret.

Continue Reading ›

Published on: | by

When a person harms another, the harmed party has the option of filing a lawsuit to seek damages. However, certain harms affect large groups of people, sometimes reaching into the thousands. In these cases, state and federal civil procedure rules provide for class action lawsuits. A class action lawsuit is brought by a group of parties who have all suffered a similar harm from a defendant’s actions. The defendants can also make up a class where several defendants contributed to the harms at issue. In 2005, in an effort to provide greater protection for harmed plaintiffs, Congress passed the Class Action Fairness Act (“CAFA”) revolutionizing class action procedures.

What Are the Terms of the Class Action Fairness Act?

First, CAFA dramatically expands federal jurisdiction to include a larger body of class action claims. There are two federal class action jurisdiction requirements. First, the case must be for more than $5 million. Second, at least one plaintiff must be from a different state than one defendant. There are exceptions to the second requirement. For example, if at least two-thirds of the plaintiffs are from the same state as the main defendant, federal courts may not have jurisdiction. By expanding jurisdiction, CAFA changed the class action landscape. In turn, this led to several ambiguities in the case law. This also meant that attorneys skilled in traditional class action procedures had to reinvent their practices to comply with CAFA’s new requirements. The American Bar Association provides resources to demonstrate the applications of CAFA.

Continue Reading ›

Published on: | by

The expansion of cyber consumerism—buying and selling products over the Internet, or engaging in business over the Internet—has called into the question whether international laws are equipped to protect consumers in their online transactions. Indeed, online business often takes place over several countries, implicating the legal standards in those countries. When such transactions involve a party that is more experienced than the other, there is the potential that the experienced party will take advantage of the disparity for financial gain. Accordingly, countries around the world have enacted and adopted legislation to combat the threat of unfair business practices. These provisions aim to protect online transactions to promote successful international business.

What Are Unfair Trading Practices?

Unfair trading practices include fraud, misrepresentations, and unconscionable business acts. Fraud is the act of providing false information in a transaction for personal financial gain at the expense of the other party. Misrepresentation involves providing misleading information about any part of a transaction—for example, the quality of the product in question. Finally, unconscionable acts deal with contract terms or negotiations that are overwhelmingly one-sided. These favor the party with greater bargaining power or business experience. The threat of these practices may arise in all sorts of business contexts—for example, insurance contracts, commercial and residential lease provisions, debt collection efforts, and general purchases.

Continue Reading ›

Published on: | by

The European community has been making great strides to establish and protect individual privacy in the globalized cyber community. On May 13, 2014, the European Court of Justice (“ECJ”) issued a decision that European Union (“EU”) citizens had a right to ask search engines to remove search results about themselves.  The ECJ defined this as a “right to be forgotten.”  Google, which is upset about this holding, has set up a form for users to request information removal. American counterparts, and officials within Google, have expressed concern about the implications of this ruling—both for the search engine and the threat to the flow of information.  Ultimately, the ECJ has established that the right to privacy supersedes the right to information.

What Are the Terms of the 2014 Ruling?

In issuing the decision, the ECJ was enforcing a 1995 EU directive on privacy that defines and regulates search engines as data collectors. European regulators have historically been more concerned with personal privacy than the United States. Accordingly, European government agencies have taken greater steps to enforce protections. Both the EU and members states have adopted provisions to protect privacy and family life. For instance, in 2010, the European Commission declared the right to be forgotten as a foundational aspect of its Data Protection Regulation.

Continue Reading ›

Published on: | by

Early in 2012, the European Commission proposed a reformation of the European Union’s data protection rules.  The European Commission sought to strengthen online privacy rights and improve Europe’s digital economy. The European Commission pointed to expansive globalization and different levels of implementation by the EU’s 27 member states as reasons to seek uniform online privacy rights. Indeed, each member state has different standards of enforcement for the rules. This leads to expensive administrative costs in maintaining and continuing to implement the different standards. The European Commission predicated that a uniform law across the European Union would lead to savings of approximately 2.3 billion Euros a year. In addition, with a clearer set of regulations to govern data protection, the European Commission hoped to instill more confidence in consumers in online services, leading to a growth in jobs and innovations.

What Were the Terms of the 1995 Data Protection Directive?

The 1995 Data Protection Directive was adopted to regulate the processing of personal data among European Union member states. This Directive has a broad definition for “personal data,” including “any information relating to an identified or identifiable natural person.” Also, the standards within the Directive apply only if the entity controlling personal data is established within the European Union or uses equipment located therein. The standards prohibit the processing of personal data without transparency of purpose, a legitimate purpose, and proportionality. In terms of the requirement for proportionality, a controller can process personal data only to an extent necessary to its purpose—it cannot store that data for a potential future purpose.  However, the 1995 Directive fails to take into account the implications of social networks and cloud computing on online privacy.

Continue Reading ›

Published on: | by

Employees, in the course of their employment, will often have broad access to company files.  If employees are terminated or seek other employment, such access can become problematic.  Indeed, companies store sensitive and commercially valuable information on their servers. Employee misuse of these files can substantially weaken a company’s economic viability and threaten its progress.  In a recent court decision, the United States District Court for the Northern District of California held that a former employee who accessed an employer’s servers using his login information was not liable for unlawful hacking. The court explained that the employee had not violated the Computer Fraud and Abuse Act (“CFAA”) or the California Comprehensive Computer Data Access and Fraud Act (“CDAFA”).

What is the holding in Enki Corporation v. Freedman?

According to the record, Enki Corporation had entered into a contract with Zuora to provide certain consulting and information technology services. As part of these services, Enki installed a computer resource and performance monitor on Zuora’s network. Additionally, Enki contracted with Keith Freedman, a former employee, to provide consulting services for Zuora. Enki subsequently terminated its contract with Freedman when it discovered that Freedman was speaking negatively about Enki’s services. Freedman had also accessed the monitor Enki installed on Zuora’s network using his employee login to download Enki’s proprietary information (e.g., private company files and data) from the servers. The court held that this did not violate the CFAA because Enki had failed to show that Freedman accessed the computer system without authorization. Since the CFAA is aimed at regulated access to protected data, not the misuse of such data, where employers lawfully access servers, there is no CFAA violation. As for the CDAFA claims, the court also did not find a violation because Freedman did not have to “hack” into the system because he did not have to override a computer code. He simply logged in using his employee login information.

Continue Reading ›