Understanding the Dark Sides of the Cloud: Top Ten Legal Risks for Cloud Computing Users – Association of Corporate Counsel (ACC)

Understanding the Dark Sides of the Cloud: Top Ten Legal Risks for Cloud Computing Users – Association of Corporate Counsel (ACC).

Austin Attorney Dave Floyd Honored by Texas Bar Foundation

Dave Floyd of Prism Risk Management, LLC has been elected to membership in the Fellows of the Texas Bar Foundation.  Fellows of the Foundation are selected for their outstanding professional achievements and their demonstrated commitment to the improvement of the justice system throughout the state of Texas.  Election is a mark of distinction and recognition of Mr. Floyd’s contributions to the legal profession.

Selection as a Fellow of the Texas Bar Foundation is restricted to members of the State Bar of Texas.  Each year one-third of one percent of State Bar members are invited to become Fellows.  Once nominees are selected, the Texas Bar Foundation Board of Trustees must elect them.  Membership has grown from an initial 254 Charter Fellows in 1965 to more than 7,500 Fellows throughout Texas today.

The Texas Bar Foundation is the largest charitably-funded bar foundation in the country.  Founded in 1965 by lawyers determined to assist the public and improve the profession of law, the Texas Bar Foundation has maintained its mission of using the financial contributions of its membership to build a strong justice system for all Texans.  To date, the Texas Bar Foundation has distributed more than $14 million throughout Texas to assist nonprofit organizations with a wide range of justice-related programs and services.  For more information, contact the Texas Bar Foundation at www.txbf.org.

Web Users Settle Claim Against Web Analytics Company for “Surreptitiously” Tracking Web Browsing

Two individuals recently settled a lawsuit against a web analytics company in which they alleged that the company hid code in users’ web browsers to track internet activity. The code allowed the company to bypass security settings on users’ computers, thus revealing data to the company without users’ consent. The lawsuit is a class action, and the settlement is not binding on the potentially millions of additional web users who might have claims against this defendant and other companies. Nearly two hundred class action lawsuits around the country allege that multiple companies engaged in various schemes to collect data without users’ knowledge or consent. Companies that engage in web tracking, in order to avoid potential legal liability, should be certain that they disclose their tracking activities to users, or enable them to opt out of tracking.

The plaintiffs, John Kim and Dan Schutzman, filed suit against Space Pencil, Inc., which engages in the business of web analytics under the name KISSmetrics, in a San Francisco federal court. The plaintiffs alleged that the defendant, along with other websites and internet companies, engaged in a joint effort to hide code in the web browsers of users who visited the companies’ websites. According to the plaintiffs’ complaint, the code reconfigured users’ browser software to bypass users’ security and privacy settings and allow the company to track browsing activity. Read the rest of this entry »

Tech Industry, Federal Government Consider Labeling Standards for Privacy Information

Privacy, meaning the security of computer users’ personal information, has become a major concern for the federal government, and therefore of technology companies. Legislation protecting personally identifiable information (PII) is in effect at the state and federal level, but federal regulators like the Federal Trade Commission (FTC) take the lead role on this issue. The FTC recently announced plans to create a standardized form for disclosing the privacy practices of a website or application, comparing it to a nutrition label on food. Several tech companies, meanwhile, have also developed systems of icons to indicate how they use data collected from users. No single standard exists yet, but companies and organizations that do business on the internet should be aware of how these issues are developing.

FTC Chairman Jon Leibowitz, speaking at a digital business conference in September 2012, said that businesses should design privacy protections into their products and services from the beginning, and that they should be transparent about how and why they collect PII. He also spoke of the need to craft privacy policies that are comprehensible to computer users. Most privacy policies and end-user license agreements (EULAs) are multiple pages in length and full of dense legal terminology. Few people, if any, ever read the privacy policies or EULAs associated with websites, software, and other computer applications, but they are still bound by them. Leibowitz stated that he and the FTC’s chief technologist are developing a list of “five essential terms” for businesses to include on a privacy label.

Researchers at Carnegie Mellon University’s Cylab Usable Privacy and Security (CUPS) Laboratory proposed a similar concept earlier in 2012. One professor in the lab noted how consumers use nutrition label information to compare food products when deciding what to buy. Computer users should have the same ability to make an informed decision. Read the rest of this entry »

Legal Liability for Failing to Include a Privacy Statement in a Mobile App

Companies that do business online must navigate an increasingly complex legal landscape, as state governments pass legislation regarding consumer privacy rights and data security. California has one of the strictest privacy laws in the country, the California Online Privacy Protection Act (CalOPPA). The state’s attorney general recently filed the first lawsuit under the statute for failing to include adequate privacy protections. The case, California v. Delta Air Lines, Inc., No. CGC-12-526741 (Cal. Super. Ct., Dec. 6, 2012), alleges that Delta Air Lines violated CalOPPA by failing to include a privacy policy in its mobile application. While CalOPPA should only apply to companies that do business in California, federal statutes with similar provisions have nationwide reach.

California enacted CalOPPA in 2004. The law requires businesses that operate online services, including websites and mobile apps, to provide detailed information to consumers regarding what personal information the business collects, such as a user’s name and contact information. The business must post this privacy policy in a conspicuous location on the website, via a hyperlink, or, in the case of mobile apps, within the application. The policy must notify users of how the business uses their personal information and with whom it shares the information.

The lawsuit alleges that Delta’s mobile app, “Fly Delta,” does not have a privacy policy. The app is available for smartphones and other mobile devices, allowing users to check in to flights, check reservations, track luggage, and more. As such, users must input personal information including their Delta online account login. The state alleges that Delta does not have a privacy policy displayed in any of the locations the statute allows, such as on Delta’s website, in an “app store” where users can download the app, or within the app itself. The lawsuit seeks injunctive relief and a fine of $2,500 for each CalOPPA violation. Read the rest of this entry »

Privacy policies now a must for mobile apps – Corporate Counsel Newsstand – Powered by Lexology

Privacy policies now a must for mobile apps – Corporate Counsel Newsstand – Powered by Lexology.

Important Texas water rights case could affect oil & gas activities as well – Corporate Counsel Newsstand – Powered by Lexology

Important Texas water rights case could affect oil & gas activities as well – Corporate Counsel Newsstand – Powered by Lexology.

Cyber risks: are you protected? – Corporate Counsel Newsstand – Powered by Lexology

Cyber risks: are you protected? – Corporate Counsel Newsstand – Powered by Lexology.

FTC releases 2012 Green Guides – Corporate Counsel Newsstand – Powered by Lexology

FTC releases 2012 Green Guides – Corporate Counsel Newsstand – Powered by Lexology.

Risks to Schools and School Districts from Students’ Online Statements

The conduct of a student off of school property and outside of school hours can still create significant disruption to the school environment. In these situations, school administrators have some authority to discipline students. Social media has given students a much larger voice, with statements that may reach hundreds or even thousands of people. Some conduct, including misleading or defamatory statements about faculty or staff, can have a significant impact on a school. School administrators need a clear understanding of the extent of their authority over student speech, which must balance students’ First Amendment rights with the need to maintain an orderly school environment.

False Statements on Facebook – The Chapel Hill, Georgia Case

An example of how student statements on social media can affect the school environment occurred at Chapel Hill Middle School in 2011. A 13 year-old student, A.S., along with 12 year-olds W.L. and T.T., posted a statement on A.S.’s Facebook account calling one of their teachers a pedophile. The principal reportedly called A.S. to her office, and made her log into her Facebook account and delete the comment. All three students were initially suspended, and one was later expelled. A.S. and the others insisted that they were mad at the teacher but meant the statement as a “joke.” The parents of the children accused the principal of violating A.S.’s privacy by forcing her to log into her Facebook account in the principal’s presence, and of violating her free speech rights by making her delete the comment.

The example of false accusations of sexual abuse against a teacher shows three types of liability that a school may face.

Civil Liability for Alleged Criminal Acts of Teachers

Leaving aside any criminal investigations a teacher may face, schools would also be subject to investigation in such a situation. False allegations make it more difficult for school officials to intervene in cases of abuse. Two lawsuits in Miami allege that a school principal knew that a teacher was abusing students, but did not intervene. The parents of an Indiana child are suing a school district over sexual abuse the child allegedly suffered at the hands of classmates. A Los Angeles jury recently awarded $23 million in damages in a sex abuse lawsuit, finding the school district thirty percent at fault. Read the rest of this entry »