Published on: | by

When hackers breached the e-commerce firm Zappos in January, they may have compromised the personal information of as many as 24 million users. Legislatures in several states, including California, have responded to attacks such as this one by passing laws enhancing cybersecurity investigation and enforcement, and increasing requirements for disclosure of cyberattacks. The U.S. Securities and Exchange Commission (SEC) has also issued new guidelines for businesses and individuals under attack. The key issue to consider, in light of these new laws and regulations, is how much disclosure is not enough, and how much is too much.

The SEC is recommending disclosure of cyberattacks to an unprecedented degree. A new set of guidelines issued in October 2011 advises publicly-traded companies to disclose details of cybersecurity breaches as part of the quarterly 10-K report. Companies should disclose any and all cyberattacks, regardless of whether they caused a loss. The SEC even encourages companies to disclose “cyberrisks,” even in the absence of a breach. This potentially benefits investors, the SEC says, by providing comprehensive information about both actual and potential losses due to hacking and other cyberattacks. At the same time, extensive disclosure could put companies at greater risk by exposing weaknesses to hackers. Companies must carefully consider how much, or how little, to disclose. Too much disclosure could make them vulnerable to attack. Too little disclosure could make them vulnerable to lawsuits by investors.

State laws regarding cybersecurity disclosures are typically not as stringent as the SEC’s guidelines. California passed the first such law a decade ago. That law applies to any person or business that owns or licenses computer data containing a California resident’s “personal information,” such as social security number, home address, driver’s license number, and so forth. In the event of a breach that would reasonably lead to an unauthorized person obtaining the personal information, an owner or licensor of personal data must notify the person whose personal information may have been breached.

Forty-six states have followed California’s lead and passed similar laws. California has actually fallen behind some states that have passed laws with stricter disclosure requirements. A new law that took effect on January 1, 2012, requires an individual or business to notify the state attorney general of a cybersecurity breach if the breach affects more than five hundred California residents. The notice must include specific details of the type and size of the breach, and a toll-free number to allow users to contact credit agencies.

Continue Reading ›

Published on: | by

An effective employee manual is an essential tool for any business or corporation that employs workers. It is a valuable way for businesses to communicate a company’s expectations to its employees. A well written employee manual will outline company procedures, policies, and expectations. A poorly written manual can create both legal and personnel headaches for your business.

The following policies are important for any employer to consider when writing or revising an employee manual:

  • Each employee manual should include a disclaimer which states that the publication is not an employment contract. This can protect a business from terminated workers filing breach of contract claims against the business.
  • An employee manual should successfully communicate company objectives and the organization’s mission statement. By doing so, the manual can foster each employee’s understanding of business goals and provide them with an enhanced sense of purpose.
  • An effective employee manual will state your business has a zero tolerance policy for any kind of discrimination or harassment. The manual should also explain how to identify and report harassment. A company’s employee manual should also specifically prohibit discrimination based upon sexual orientation.
  • Employee leave and termination policies should always be addressed in an employee manual. Any leave eligibility differences or restrictions based on job functions or employee status should also be addressed. A well written manual will also remind employees that any discrimination based on disability will not be tolerated, and also discuss the Family Medical Leave Act.
  • An employee handbook should define worker misconduct and discuss the company’s disciplinary process. A disciplinary policy should be flexible and include a disclaimer which states misconduct is not limited to behaviors specifically outlined in the manual.
  • A well written employee manual will describe the process for raising workplace issues and filing a formal complaint or grievance. This is important because it shows workers the company will take employee concerns seriously.
  • Because no one should feel threatened at work, each employee manual should provide workers with guidance regarding how to address and respond to workplace violence and other conflicts. An employee handbook should also include a zero tolerance policy for workplace bullying.
  • Finally, as the use of social media such like Facebook and Twitter becomes more common, it is essential for businesses to address employee use or misuse of social networking websites. An employee handbook should discuss what sort of workplace-related communications are inappropriate and remind workers that disseminating confidential or proprietary information is prohibited. A social media policy should also address disparaging or harassing the company or fellow employees.

Continue Reading ›

Published on: | by

Last year, the California State Legislature made various efforts to regulate commercial transactions on the Internet. These efforts provide interesting questions and concerns regarding practical and constitutional limits on a state’s capability to legislate or regulate transactions on the world-wide-web (i.e., the Internet) due to its intrinsic interstate character.

One important consideration is the Dormant Commerce Clause, which stems from Article I, section 8, clause 3 of the federal Constitution. This doctrine implies that Congress only has the power to regulate interstate commerce and that the states do not have such power. Its application to the regulation of activities on the Internet is not quite developed and includes a series of judicially-created analyses. So far, the United States Supreme Court (which is the nation’s highest court) has not issued any definitive rulings. In addition, we do not have authoritative decisions by federal courts regarding the capability of the states to control online privacy and data security, tax online sales, or regulate online gambling.

As mentioned in this article, the legislators in this state passed or proposed laws that would develop our state’s regulatory power over transactions on the Internet which relate to the following topics: (i) privacy and data security; (ii) taxation of retail sales over the Internet; and (ii) online gambling.

Continue Reading ›

Published on: | by

Megaupload.com was among the world’s biggest file-sharing sites with 150 million registered users and about 50 million hits daily. It was big enough that it earned founder Kim Dotcom $42 million in 2011.

The movie industry objected that the site was making money off pirated material; even though, Megaupload is based in Hong Kong and the founder was living in New Zealand, some of the alleged pirated content was hosted on leased servers in Virginia, which was sufficient for U.S. prosecutors to take action.

Thereafter, the site was closed and its founder and three Megaupload employees were arrested in New Zealand on allegations by American prosecutors that they facilitated millions of illegal downloads of films, music and other content, costing copyright holders at least $500 million in lost revenue.

Continue Reading ›

Published on: | by

Michelle Obama is officially live on Twitter. The first lady’s Twitter feed went live on Thursday and her link is being managed by the president’s re-election campaign. The first two tweets came from the campaign staff and described the account as “a new way for you to connect with First Lady Michelle Obama and the President’s campaign.” The traffic was high within the first hour with more than 20,000 followers. President Barack Obama also has a Twitter account managed by the campaign. Its first tweet of the day: “It’s not every day we get to welcome the First Lady of the United States to Twitter – happy to have you, Michelle Obama!”
This acknowledges that technology plays a key role in our lives and allows us to communicate with each other through different means and methods. Twitter is an online social networking service and microblogging service that enables its users to send and read text-based posts of up to 140 characters, known as “tweets”. It was created in March 2006 by Jack Dorsey and launched that July. The service rapidly gained worldwide popularity, with over 300 million users as of 2011, generating over 300 million tweets and handling over 1.6 billion search queries per day. It has been described as “the SMS of the Internet.” Twitter Inc. is based in San Francisco, with additional servers and offices in New York City.

Published on: | by

In January 2011, the University of Minnesota filed suit alleging that a website operator violated copyright law by posting a widely-used psychological test online. The psychological test, which is known as the Minnesota Multiphasic Personality Inventory (“MMPI”), was developed to assess personality traits and help diagnose mental disorders. This test contains more than 500 statements which test takers are supposed to mark either true or false. Over the years, MMPI has become one of the most commonly used psychological tests. The lawsuit alleges that a New Zealand-based Web operator named Andrew Dobson illegally posted the statements and software that claimed to interpret the answers to two websites.

The university’s main concern is to avoid exposure of the test questions to ensure validity of responses because if test-takers have seen the test before, then any responses may be invalid. The University’s lawyer stated that the lawsuit was filed to ensure the websites did not repost the tests. In addition, if the websites cooperate, the lawsuit will likely be withdrawn.

This topic is an example of how intellectual property can be obtained and abused by a third party without legal justification. Intellectual property refers to creations of the mind: inventions; literary and artistic works; and symbols, names and images used in commerce. Intellectual property is divided into two categories: (1) Industrial Property which includes patents for inventions, trademarks, industrial designs and geographical indications; and (2) Copyright which includes literary works (e.g., novels, poems and plays), films, music, artistic works (e.g., drawings, paintings, photographs and sculptures) and architectural design. The legal rights related to copyright include those of performing artists in their performances, producers of phonograms in their recordings, and broadcasters in their radio and television programs.

Published on: | by

In California, a new Facebook feature which permits an advertiser to publish or broadcast a user’s “like” of its product to others in that individual’s circle is under scrutiny.

The United States District Court in San Jose, California refused to grant a motion to dismiss which states that Facebook ads violate its user’s right of publicity by utilizing their names and photographs without authorization. However, the court dismissed an unjust enrichment claim. In the lawsuit, Facebook’s position is that user permission is not required to promote its user’s likes to those in that user’s circle, in a category it terms “sponsored stories.” Facebook contends that such information is newsworthy and exempted under California’s right-of-publicity statute. The company’s position is that its users constitute public figures.

California’s right-of-publicity statute is codified under Civil Code section 3344 which states as follows:

Continue Reading ›

Published on: | by

In the recent years, online harassment or cyberharassment has become an important issue. This is because the Internet has changed our lives on so many levels. Generally, the law prohibits harassment and our readers should consider taking certain precautions when being harassed.

Cyberharassment is different from cyberstalking because it does not involve a credible threat. Cyberharassment occurs when someone sends harassing email messages, instant messages, or posts entries simply to torment another person. Different jurisdictions have different approaches in addressing cyberharassment in codifying their laws. For example, some include language addressing electronic communications in general harassment statutes. However, some states have created stand-alone cyberharassment statutes.

California Penal Code section 653.2(a) states that, “[e]very person who, with intent to place another person in reasonable fear for his or her safety, or the safety of the other person’s immediate family, by means of an electronic communication device, and without consent of the other person, and for the purpose of imminently causing that other person unwanted physical contact, injury, or harassment, by a third party, electronically distributes, publishes, e-mails, hyperlinks, or makes available for downloading, personal identifying information, including, but not limited to, a digital image of another person, or an electronic message of a harassing nature about another person, which would be likely to incite or produce that unlawful action, is guilty of a misdemeanor punishable by up to one year in a county jail, by a fine of not more than one thousand dollars ($1,000), or by both that fine and imprisonment.

Continue Reading ›

Published on: | by

In California, the stalking laws are included under Section 646.9 of the Penal Code, which states that any person who willfully and maliciously, and repeatedly follows or harasses another person and who makes a credible threat with the intent to place that person in reasonable fear for his or her safety or that of an immediate family member is guilty of stalking. Stalking cases may include additional related charges such as: (1) Trespassing; (2) Vandalism; (3) Burglary; (4) Criminal Threats; and (5) Obscene, Threatening, or Annoying Phone Calls.

Please keep in mind that willfulness is a standard related to the culprit’s state of mind. For example, when the person is acting purposefully, then he/she has the “conscious object” of engaging in conduct and believes or hopes that the attendant circumstances exist. If the person is acting knowingly, then he/she is practically certain that his conduct will lead to the result. If the person is acting recklessly, then he/she is aware that the attendant circumstances exist, but nevertheless engages in the conduct that a “law-abiding person” would have refrained from. If the person acts negligently, then he/she is unaware of the attendant circumstances and the consequences of his conduct, but a “reasonable person” would have been aware. Finally, if the person acts with strict liability, then mental state is irrelevant and he/she is strictly liable.

In the last few years and with the emerging of the world wide web, a new kind of stalking has developed which is also called “cyber stalking.” This type of misconduct occurs when the violator utilizes the Internet, electronic mail (e-mail) or other communication devices to harass and stalk others. For example, it can occur by sending e-mails to the victim, impersonating another person in online chat rooms and e-mail messages, and disseminating lies in cyberspace. It is also important to note that the Internet is a cheap and efficient method for “cyber stalkers” to anonymously cause harm to their victims.

Continue Reading ›

Published on: | by

If you use email in your day-to-day business operations the CAN-SPAM Act is a law that sets the rules for commercial email. It also establishes the requirements for commercial messages, provides recipients the right to have the sender stop emailing them, and mentions the penalties for related violations.

The CAN-SPAM Act applies to bulk email and all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,” including email that promotes content on commercial websites. The law makes no exception for business-to-business email which means all email. As an example, a message to former customers announcing a new product line is required to comply with the law.

Each violation of the CAN-SPAM Act is subject to penalties of up to $16,000. Here are the CAN-SPAM Act’s main requirements:

Continue Reading ›