Published on: | by

As some of readers, who have active facebook profiles know, the like button is a way to express your support for a cause or idea. However, a federal judge states that, clicking it doeos not constitute constitutionally protected speech.

For example, the employees of a local police department sued their boss (Sheriff B.J. Roberts) for firing them after they supported his opponent in his 2009 re-election campaign. One of those workers, Daniel Ray Carter, had “liked” the Facebook page of Roberts’ opponent, Jim Adams. Exactly what a “like” means – if anything is the main question. The ex-employees posit that their First Amendment rights were violated.

While public employees are allowed to speak as citizens on matters of public concern, the United States District Judge, the Honorable Raymond Jackson, ruled that clicking the “like” button does not amount to expressive speech. Express conduct, also referred to as “symbolic speech,” relates to the communication of ideas through one’s conduct. Expressive conduct raises some interesting constitutional questions because it combines expression, which typically receives First Amendment protection, and conduct, which typically does not receive First Amendment protection. This dualistic nature may account for the court’s position of affording expressive conduct some constitutional protection, but substantially less protection than pure speech.

Published on: | by

What is personal jurisdiction? It is the court’s authority to determine a claim affecting a specific person. Generally, providing any type of data or information on the world-wide-web (i.e., Internet) is insufficient to subject a person to personal jurisdiction in each state wherein the date or information is accessed. However, a nonresident’s online activity, must be expressly targeted at, or directed to, the forum state in order to establish minimum contacts necessary to support the exercise of personal jurisdiction. In general, personal jurisdiction may not be exercised against a nonresident whose website was not directed toward any state.

If a non-resident defendant publishes statements that fall under the category of defamatory comments concerning the plaintiff on a website, the effects of which were clearly directed at the forum state, result in sufficient contact with the forum to warrant the assertion of jurisdiction over the nonresident defendant. On the other hand, the publication of defamatory comments concerning the plaintiff on a website is not, by itself enough to support the exercise of jurisdiction over a nonresident defendant (e.g., when an article was not specifically directed to residents in the forum state, or was not primarily directed at the plaintiff in that state).

Our readers must keep in mind that the tort of defamation can be committed in the jurisdiction (i.e., the state), even if the message was not directed there, if it has effects in that state.

Continue Reading ›

Published on: | by

Cyberattacks can hit businesses of any size, causing catastrophic damage to a business’s finances and to the integrity of its information security. Hundreds of breaches occurred at large corporations during 2011, affecting over thirty million sensitive or confidential records. Hackers went after Sony, NASDAQ, and other giant businesses, but small companies are also vulnerable to attack. According to a report in the Business Journals, as many as eighty-five percent of small business owners do not see cyberattacks, which may include hackers or malicious software, as a serious threat. Heightened security at these big companies, though, could lead hackers and other cyber criminals to focus their attacks on smaller businesses who may not be so prepared.

Guarding against cybercrime is simply good business for small companies. A hacker targeting a small business can cripple the business or even force it to shut down with a very simple series of hacks or viruses. If a cyber criminal targets a small business’ banking system, it could empty its cash reserves and leave it unable to operate. A hacker who compromises a business’ confidential client data could expose the business to enough liability to put it out of business.

The “Common Sense Guide to Cyber Security,” published by a coalition of government agencies and organizations, including the Federal Emergency Management Agency and the U.S. Chamber of Commerce, offers a set of security practices small businesses can use to protect themselves from cyberattack. After an initial set-up period, most practices involve simple daily maintenance and monitoring.

Risk Management Planning. Businesses should carefully assess the risks and weaknesses in their computing systems to see where protection is most needed. They should prepare contingency plans in case a breach or loss occurs, including how to continue business operations with alternate computing systems or at an alternate location.

Access Control and Accountability. A business’s network security plan should include access controls that limit who may access critical systems and information. A single department or officer should have responsibility for information security and for approving new hardware and software, thus ensuring accountability for decisions and errors. At the same time, a business should educate all employees and officers as a means of creating a “culture of security.” All employees should sign an agreement committing to the company’s cybersecurity policies.

Firewalls and Other Security Measures. Firewalls can protect businesses from many common attacks, particularly from viruses and malware. Companies should also encourage use of complex passwords that combine upper- and lowercase letters, numbers, and other symbols; avoid common words and phrases; and change at least every three months.

Continue Reading ›

Published on: | by

Computers and computing activities play an increasingly integral role in daily life in America, affecting our financial activity, social interactions, and more. With an increased level of dependence on networked devices comes the risk of theft, or even attacks, on and through our computer networks. While the business community has already recognized the importance of cybersecurity, the government and legal system are finally responding in five key areas.

National security. The federal government has made cybersecurity a central feature of its national security strategy. Recognizing the risk of an attack on the nation’s computer networks by a foreign power or sub-national group, the Department of Defense created a comprehensive strategy for cybersecurity (PDF file) in 2011. The strategy treats “cyberspace” as its own “operational domain,” requiring specialized training and organization. The government has also taken steps to combat online theft, which can include not only monetary theft but theft of intellectual property and identity theft. The latter has become more and more sophisticated as thieves find ways to exploit personally identifiable information (PII) stored online.

Federal legislation. The Obama administration proposed legislation outlining ten points for cybersecurity protection. These generally included protection of the American people, the nation’s infrastructure, and the federal government’s networks and computer systems. Several bills pending in Congress address aspects of cybersecurity. The controversial Cyber Intelligence Sharing and Protection Act (CISPA), for example, allows sharing of data between companies and the National Security Agency in order to investigate and combat cybersecurity threats.

State legislation. Protection of government data, PII, and personal privacy have informed numerous state statutes enacted in the past ten years. California passed a law requiring notification of cybersecurity breaches in 2003, and forty-six other states and the District of Columbia followed suit. Laws requiring “reasonable” levels of security for protected information exist in at least ten states, and numerous states are enacting statutes protecting people from wiretapping and other monitoring of electronic activity.

Regulatory initiatives. Multiple regulatory agencies have addressed cybersecurity concerns through additional regulations, guidelines, and enforcement actions. The U.S. Security and Exchange Commission (SEC), for example, recently issued a new set of guidelines for publicly-traded companies. The guidelines address disclosure of cybersecurity breaches as a means of making information available to investors. The FBI, meanwhile, established a joint task force to investigate cyber threats.

Continue Reading ›

Published on: | by

When hackers breached the e-commerce firm Zappos in January, they may have compromised the personal information of as many as 24 million users. Legislatures in several states, including California, have responded to attacks such as this one by passing laws enhancing cybersecurity investigation and enforcement, and increasing requirements for disclosure of cyberattacks. The U.S. Securities and Exchange Commission (SEC) has also issued new guidelines for businesses and individuals under attack. The key issue to consider, in light of these new laws and regulations, is how much disclosure is not enough, and how much is too much.

The SEC is recommending disclosure of cyberattacks to an unprecedented degree. A new set of guidelines issued in October 2011 advises publicly-traded companies to disclose details of cybersecurity breaches as part of the quarterly 10-K report. Companies should disclose any and all cyberattacks, regardless of whether they caused a loss. The SEC even encourages companies to disclose “cyberrisks,” even in the absence of a breach. This potentially benefits investors, the SEC says, by providing comprehensive information about both actual and potential losses due to hacking and other cyberattacks. At the same time, extensive disclosure could put companies at greater risk by exposing weaknesses to hackers. Companies must carefully consider how much, or how little, to disclose. Too much disclosure could make them vulnerable to attack. Too little disclosure could make them vulnerable to lawsuits by investors.

State laws regarding cybersecurity disclosures are typically not as stringent as the SEC’s guidelines. California passed the first such law a decade ago. That law applies to any person or business that owns or licenses computer data containing a California resident’s “personal information,” such as social security number, home address, driver’s license number, and so forth. In the event of a breach that would reasonably lead to an unauthorized person obtaining the personal information, an owner or licensor of personal data must notify the person whose personal information may have been breached.

Forty-six states have followed California’s lead and passed similar laws. California has actually fallen behind some states that have passed laws with stricter disclosure requirements. A new law that took effect on January 1, 2012, requires an individual or business to notify the state attorney general of a cybersecurity breach if the breach affects more than five hundred California residents. The notice must include specific details of the type and size of the breach, and a toll-free number to allow users to contact credit agencies.

Continue Reading ›

Published on: | by

An effective employee manual is an essential tool for any business or corporation that employs workers. It is a valuable way for businesses to communicate a company’s expectations to its employees. A well written employee manual will outline company procedures, policies, and expectations. A poorly written manual can create both legal and personnel headaches for your business.

The following policies are important for any employer to consider when writing or revising an employee manual:

  • Each employee manual should include a disclaimer which states that the publication is not an employment contract. This can protect a business from terminated workers filing breach of contract claims against the business.
  • An employee manual should successfully communicate company objectives and the organization’s mission statement. By doing so, the manual can foster each employee’s understanding of business goals and provide them with an enhanced sense of purpose.
  • An effective employee manual will state your business has a zero tolerance policy for any kind of discrimination or harassment. The manual should also explain how to identify and report harassment. A company’s employee manual should also specifically prohibit discrimination based upon sexual orientation.
  • Employee leave and termination policies should always be addressed in an employee manual. Any leave eligibility differences or restrictions based on job functions or employee status should also be addressed. A well written manual will also remind employees that any discrimination based on disability will not be tolerated, and also discuss the Family Medical Leave Act.
  • An employee handbook should define worker misconduct and discuss the company’s disciplinary process. A disciplinary policy should be flexible and include a disclaimer which states misconduct is not limited to behaviors specifically outlined in the manual.
  • A well written employee manual will describe the process for raising workplace issues and filing a formal complaint or grievance. This is important because it shows workers the company will take employee concerns seriously.
  • Because no one should feel threatened at work, each employee manual should provide workers with guidance regarding how to address and respond to workplace violence and other conflicts. An employee handbook should also include a zero tolerance policy for workplace bullying.
  • Finally, as the use of social media such like Facebook and Twitter becomes more common, it is essential for businesses to address employee use or misuse of social networking websites. An employee handbook should discuss what sort of workplace-related communications are inappropriate and remind workers that disseminating confidential or proprietary information is prohibited. A social media policy should also address disparaging or harassing the company or fellow employees.

Continue Reading ›

Published on: | by

Last year, the California State Legislature made various efforts to regulate commercial transactions on the Internet. These efforts provide interesting questions and concerns regarding practical and constitutional limits on a state’s capability to legislate or regulate transactions on the world-wide-web (i.e., the Internet) due to its intrinsic interstate character.

One important consideration is the Dormant Commerce Clause, which stems from Article I, section 8, clause 3 of the federal Constitution. This doctrine implies that Congress only has the power to regulate interstate commerce and that the states do not have such power. Its application to the regulation of activities on the Internet is not quite developed and includes a series of judicially-created analyses. So far, the United States Supreme Court (which is the nation’s highest court) has not issued any definitive rulings. In addition, we do not have authoritative decisions by federal courts regarding the capability of the states to control online privacy and data security, tax online sales, or regulate online gambling.

As mentioned in this article, the legislators in this state passed or proposed laws that would develop our state’s regulatory power over transactions on the Internet which relate to the following topics: (i) privacy and data security; (ii) taxation of retail sales over the Internet; and (ii) online gambling.

Continue Reading ›

Published on: | by

Megaupload.com was among the world’s biggest file-sharing sites with 150 million registered users and about 50 million hits daily. It was big enough that it earned founder Kim Dotcom $42 million in 2011.

The movie industry objected that the site was making money off pirated material; even though, Megaupload is based in Hong Kong and the founder was living in New Zealand, some of the alleged pirated content was hosted on leased servers in Virginia, which was sufficient for U.S. prosecutors to take action.

Thereafter, the site was closed and its founder and three Megaupload employees were arrested in New Zealand on allegations by American prosecutors that they facilitated millions of illegal downloads of films, music and other content, costing copyright holders at least $500 million in lost revenue.

Continue Reading ›

Published on: | by

Michelle Obama is officially live on Twitter. The first lady’s Twitter feed went live on Thursday and her link is being managed by the president’s re-election campaign. The first two tweets came from the campaign staff and described the account as “a new way for you to connect with First Lady Michelle Obama and the President’s campaign.” The traffic was high within the first hour with more than 20,000 followers. President Barack Obama also has a Twitter account managed by the campaign. Its first tweet of the day: “It’s not every day we get to welcome the First Lady of the United States to Twitter – happy to have you, Michelle Obama!”
This acknowledges that technology plays a key role in our lives and allows us to communicate with each other through different means and methods. Twitter is an online social networking service and microblogging service that enables its users to send and read text-based posts of up to 140 characters, known as “tweets”. It was created in March 2006 by Jack Dorsey and launched that July. The service rapidly gained worldwide popularity, with over 300 million users as of 2011, generating over 300 million tweets and handling over 1.6 billion search queries per day. It has been described as “the SMS of the Internet.” Twitter Inc. is based in San Francisco, with additional servers and offices in New York City.

Published on: | by

In January 2011, the University of Minnesota filed suit alleging that a website operator violated copyright law by posting a widely-used psychological test online. The psychological test, which is known as the Minnesota Multiphasic Personality Inventory (“MMPI”), was developed to assess personality traits and help diagnose mental disorders. This test contains more than 500 statements which test takers are supposed to mark either true or false. Over the years, MMPI has become one of the most commonly used psychological tests. The lawsuit alleges that a New Zealand-based Web operator named Andrew Dobson illegally posted the statements and software that claimed to interpret the answers to two websites.

The university’s main concern is to avoid exposure of the test questions to ensure validity of responses because if test-takers have seen the test before, then any responses may be invalid. The University’s lawyer stated that the lawsuit was filed to ensure the websites did not repost the tests. In addition, if the websites cooperate, the lawsuit will likely be withdrawn.

This topic is an example of how intellectual property can be obtained and abused by a third party without legal justification. Intellectual property refers to creations of the mind: inventions; literary and artistic works; and symbols, names and images used in commerce. Intellectual property is divided into two categories: (1) Industrial Property which includes patents for inventions, trademarks, industrial designs and geographical indications; and (2) Copyright which includes literary works (e.g., novels, poems and plays), films, music, artistic works (e.g., drawings, paintings, photographs and sculptures) and architectural design. The legal rights related to copyright include those of performing artists in their performances, producers of phonograms in their recordings, and broadcasters in their radio and television programs.