Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy at the Bleeding Edge Lance Koonce

Similar presentations

Presentation on theme: "Privacy at the Bleeding Edge Lance Koonce"— Presentation transcript:

1 Privacy at the Bleeding Edge Lance Koonce

2 Recent and Emerging Technologies Blogs, Podcasts, Vlogs, Mologs WiFi, Wardriving, Wijacking RFID VoIP Biometrics, Encryption Mobile Technologies, Bluetooth Virtual Worlds

3 Blogs: The Technology Blog Authoring Software RSS Feeds Filtered or unfiltered comments Podcasting (audio blogs) Mologs (mobile phone blogs) Vlogs (video blogs)

4 Blogging Types of Blogs: –Individual or Small Group Blogs Diary-like Topical Journalistic –Corporate Sponsored Topical / Corporate Marketing Employee Blogs Journalistic

5 Why Does Blogging Matter? Anywhere from 15 to 100 million blogs in existence, depending on who you ask Companies offer blogs as employee service (like a bulletin board) and as viral marketing Whether company sponsors blogs or not, it is inevitable that some employees will have their own blogs Big Danger is speed/breadth of dissemination of careless or impulsive commentary –Think of: Instantaneous publication of email

6 Blogging Issues Legal Issues Technical Issues Practical Concerns

7 Privacy Overview From a corporate perspective, blogging privacy issues mainly arise in two contexts: Corporation maintains a blog or is considering a blogging policy for employees Employee or outside individual is blogging about the corporation

8 Blogging Overview: Whose Privacy? Where corporation or employee maintains a blog, legal issues may arise: –Privacy torts: when blog entries or visitors comments constitute invasion of the rights of third parties –Defamation and libel of third parties –Disclosure of trade secrets or other sensitive information, and purported whistleblowing –Collection of information about visitors to the blog (registering users who post comments) –Monitoring of employee entries on blogs

9 Blogging Overview: Whose Privacy? Corporate interests may also be implicated by outside blogs –Disclosure of trade secrets/sensitive info –Defamation of corporation

10 Blogging Overview: Examples of Disputes Less than 10 legal cases mentioning the word blog in all federal and state courts to date The only substantive cases about blogs have been Apple trade secret case, recent Delaware defamation case Most disputes have been made public through blogs themselves, which demonstrates power of the medium

11 Blogging Overview: Examples of Disputes Apple v. Doe trade secrets case (Cal.) Doe v. Cahill defamation case (Del.) Employer/Employee disputes: –Flight Attendant case –Google Employee –Microsoft –PR Company employee

12 Legal Issues for Corporate Blogs: Intrusion Into Private Affairs Trespass constitutes intrusion – electronic trespass, recognized in some recent cases, would also be intrusion (intercepting phone calls, email, etc.) Standard: Cannot perform any act that intrudes upon someones private affairs if the intrusion would be considered highly offensive to a reasonable person Determination of what is highly offensive depends on social standards of community and what level of privacy people can expect under the circumstances For blogs, liability turns on where and how information later posted on blog is collected –Mologs and Vlogs may be particularly susceptible to intrusion claim, if photos and video taken without anothers knowledge

13 Legal Issues for Corporate Blogs: Right of Publicity Using another persons name, likeness or personality without authorization for advertising or commercial purposes Key here is whether use was for commercial purpose: unlikely to be the case for most blogs But: for corporate blogs that serve marketing purpose, must be careful when using celebritys name, likeness or personality

14 Legal Issues for Corporate Blogs: Defamation, Libel and False Light Defamation and libel: False statement of fact that damages the reputation of a person or business –Defamation is spoken, libel is written Opportunities abound for liability with blogs: –By definition the libelous words are made public to third parties –Words are often written with little thought –Context of a discussion may make it clear that even cleverly worded statements (ie, not naming the person) are defamatory False light: Publicizing information about a person that places person in false light in a manner that would be highly offensive to a reasonable person. –Person responsible for making info public must have acted with knowledge or reckless disregard with respect to the falsity of the publicized matter

15 Legal Issues for Corporate Blogs: Data Collection Most blogs do not collect user information However, can require users to register before posting comments –Again, even blogs with registration procedures usually do not require personally identifiable information To the extent such information collected, privacy policy should be posted and data should be treated like any other data collected by a corporate website.

16 Legal Issues Arising from Third Party Blogs: Disclosure of Trade Secrets Deliberate or inadvertent disclosure of sensitive information by former employees, or by third parties Also arises in context of corporate blogs (usually through inadvertent disclosure) Claim is defined by Uniform Trade Secrets Act, adopted by most states; unfair competition claims –Economic Espionage Act of 1996 for criminal claims –As practical matter, availability of legal claim may not be as important as acting quickly to remove material from the blog –Take-down notice to blog host or Internet Service Provider is likely the first step To the extent possible, consider monitoring of blogs of disgruntled employees

17 Legal Issues Arising from Third Party Blogs: Defamation of Corporation Disgruntled employees, unhappy customers, etc. Corporation may be defamed, and products/services may be disparaged Remedies dependent on state law, although product disparagement may also be subject to federal law

18 Industries For Which Blogs May Raise Additional Legal Issues Technology Companies Health Care Industry Media Entities

19 Corporate Blogging Policies Publicly available policies: –Sun Microsystems –IBM –Yahoo –Borland –Feedster –Groove Networks –Harvard Law School Blogging policy wiki: – gging_policies

20 Corporate Blogging Policies See Appendix for corporate policies that have been made public Policies can be as wide-ranging as the industries served and are dependent on the corporate cultures of the company Decision must be made at outset as to how blog-friendly policy will be Policy should always incorporate companys privacy policy

21 Corporate Blogging Policies Policy is as much about education as proscription: explain sources of liability Restrictions on blogging outside of workplace are unlikely to be effective Bloggers must respect not just privacy rights, but copyright, trademark, etc. Company must decide whether to vet blog entries before posting (likely impractical in large organizations) Must also decide whether to allow third party comments, and if so, whether to vet those comments before posting Remind employees: although conflict makes for good drama (and good blogging in some contexts!), it does not necessarily make for good corporate blogging Work with PR department as well as legal, HR Section 230 of Communications Decency Act may shield employer liability in some instances

22 Employee Blogging Policies: Essentials Disclaimer of corporate liability: consider giving employees precise language to use Notice to employees that blogging must comply with all HR policies Notice to employees re disclosing trade secrets and other sensitive info Notice to employees re various legal claims that might be made Notice re vetting of questionable posts Best Practices component

23 WiFi Wardriving/Wijacking –Unauthorized access to wireless networks –Recent example in Washington State: consultant for law firm accessing public utility files at public meeting Risks: –Loss of trade secrets or competitive advantage –Loss of passwords/access information –Ultimately, data breach and identity theft

24 RFID Second wave of ubiquitous customer preference and usage tracking –First wave was online advertising (cookies), TiVo Business advantages are tremendous if cost structure becomes reasonable, but… Customers will increasingly see tracking information as personal data deserving of privacy protection under existing or new laws –Question is whether RFID will be seen as surveillance or usage optimization Procedures in place to make information available in the aggregate only and not personally identifiable? There will be waves beyond RFID: constraints are only bandwidth, cost, deployment of networks

25 Voice Over Internet Another example of digitization of personal communication –Same security and privacy concerns as other digital communications, but more to protect since audio is added Not yet widely adopted by corporations, primarily because of quality issues –Most corporate systems are closed, no Internet connectivity –But need to guard against employees downloading peer-to-peer programs like Skype, which may be more vulnerable Subject to eavesdropping, voice spam, phishing, spyware, denial-of-service attacks –But voice is harder to search and index than text, which may make some attacks less likely Current wiretap laws may not address

26 Gaming / Virtual Worlds Testing ground for next-generation issues Electronic proxies for real individuals, interacting in purely digital environment Expectation of privacy? Relationship of personal information to virtual identity? Bleeding edge example: phishing attacks in gaming environments

Download ppt "Privacy at the Bleeding Edge Lance Koonce"

Similar presentations

Ads by Google