One of the longstanding principles of advertising law is that a consumer should always know when he or she is seeing an advertisement. For most of the digital age, applying this principle has not been much more complicated than it was during the age of print.
“Native Advertising,” a powerful new trend in the way advertising is presented online, is complicating the regulatory picture, and regulators are starting to pay attention. In December 2013, the FTC conducted a day-long workshop on native advertising. Despite this recent focus, however, no specific guidelines for native advertising are likely forthcoming from the FTC, consistent with the agency/s recent practice of flexing its enforcement muscle without establishing clear boundaries for those it claims to regulate. As a result, notwithstanding the FTC’s “guidance,” many questions remain about this form of advertising.
March 7, 2014 No Comments
Even if you aren’t familiar with the increasingly buzzy phrase, the “Internet of Things,” odds are high you’re aware of the concept that it describes.
Put simply, the “Internet of Things” refers to the interconnectivity of everyday items with both the Internet and each other. Think doors you can unlock from your smartphone, thermostats that turn down the heat when the house is empty, or street lights that take into account traffic and weather conditions. Essentially, whenever an object is referred to as “smart,” it’s connected to the Internet of Things.
From the mundane to the futuristic, the Internet of Things is already integral to our daily lives, and only becoming more so. But this increasing interconnectivity is not occurring in a vacuum – the significant privacy and security issues that it presents are drawing the attention of government regulators.
March 4, 2014 No Comments
Fairly often, we get a call from a client who is unhappy with something that has been anonymously posted on the Internet about the client’s product or service. Often, these online reviews are unfair. Sometimes they are downright false. The client calls, wanting us to “do whatever it takes” to discover the identity of the anonymous Internet poster and sue him for defamation or whatever else we can think of. The reality is, although it’s doable, it’s just not that easy.
[Read more →]
February 28, 2014 No Comments
We’ve written before on the continuing judicial wrangling over whether GPS tracking devices, as well as location data maintained by wireless telecom providers, require a warrant before search and seizure by the government. Last July, a New York state court ruled that a government employer did not need a warrant to attach a GPS device to an employee’s car and monitor his movements continuously for a month, contradicting an earlier decision by the New Jersey Supreme Court. More recently, the U.S. Court of Appeals for the Third Circuit held — after a thorough review of precedent dating all the way back to 1981 — that law enforcement agents must indeed first obtain a warrant based on probable cause to attach a GPS device to a criminal suspect’s vehicle.
As we have previously observed, cases dealing with this issue merit watching because they represent the “front lines” of the intersection between personal privacy and technological capability.
The Supreme Court in United States v. Jones, 131 S. Ct. 3064 (2011), ruled that GPS tracking generally requires a warrant, but left open the more important question whether warrantless use of GPS devices would be “reasonable — and thus lawful — under the Fourth Amendment where officers have reasonable suspicion, and indeed probable cause,” to execute such searches. Meanwhile, a divided Fifth Circuit Court ruled in 2013 that the government may compel a wireless company to turn over 60 days worth of cell phone location data without establishing probable cause, while just last week the Massachusetts Supreme Judicial Court held that people have a reasonable expectation of privacy in their phones and thus, under the state constitution, law enforcement needs a warrant before obtaining location data from a suspect’s wireless provider.
So what does all this mean for the business community? Although law enforcement and the rather esoteric realm of constitutional law has been at the front lines of GPS privacy, there are a number of developments indicating that location privacy is also an important business issue:
February 25, 2014 No Comments
We posted earlier this year about the potential ramifications to cloud-based media from the legal fight between television broadcasters and streaming video service Aereo. Aereo was on a roll after a string of legal victories against broadcasters until February 19, when a federal district court judge in Utah brought the streak to an end. The court sided with the plaintiff broadcasters and issued a preliminary injunction barring Aereo from continuing or launching its service in any state in the 10th Circuit (Utah, Colorado, New Mexico, Oklahoma, Wyoming, and Montana). This Utah ruling is the broadcasters’ first victory in their fight with Aereo. But the impact of the decision may be short-lived given that, since our initial post, the Supreme Court has agreed to hear arguments during its spring session on the legality of Aereo’s technology. We’ll see whether Aereo regains its winning form or the broadcasters ultimately come out on top.
February 24, 2014 No Comments
On February 12, 2014, as directed by President Obama in Executive Order No. 13636, the National Institute for Standards and Technology (NIST), an agency within the Department of Commerce, released the final Cybersecurity Framework. The Framework is voluntary, but is designed to facilitate the establishment of a national set of standards for cyber risk management across all segments of the economy. Still, the manner in which the Framework will be implemented by and through the sector-specific agencies, such as DOE, remains to be seen. Critical infrastructure industries, such as electric and gas utilities, among others, should closely follow the implementation of the Framework to ensure that the industries’ unique issues, including cost recovery and liability protection, are adequately considered.
February 21, 2014 No Comments
The consensus among most commentators tracking annual developments in eDiscovery law seems to be a collective yawn when it comes to evaluating 2013. No earth-shattering edicts were pronounced; no bright lines were drawn to simplify preservation obligations; no definitive guidance was announced on what must be disclosed when predictive coding is deployed. But 2013 was still notable – new and amended rules continued to be introduced and adopted at the state and federal level and cases continued to refine parties’ obligations and options for effectively addressing eDiscovery. The eDiscovery landscape of 2013 can help prepare you for 2014 and beyond. [Read more →]
February 18, 2014 No Comments
Not all data is equal in the eyes of the law. We’ve pointed out on more than one occasion how data related to minors is subject to special protections. Student data, which can be loosely defined as personal information collected by educational institutions about their students, is yet another species of data that must be handled with care. [Read more →]
February 10, 2014 No Comments
If you are a covered entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and discovered a breach of unsecured protected health information at some point during 2013, you must report the breach to the Secretary of Health and Human Services (HHS) by March 1, 2014, if you haven’t done so already.
February 7, 2014 No Comments
Given the dizzying pace of high-profile intrusions reported at Target Corp., Neiman Marcus Group Ltd., Michaels Stores and, most recently, one of the largest managers of hotel franchise chains like Marriott, Hilton and Starwood, we thought it might be helpful to our clients and friends to ask the question — Do You Have a Data Breach Response Plan? — and to re-publish our post from September 7, 2012, which includes the basic elements that are necessary for any effective data incident response. Large scale data breaches aren’t new, as the litany of then-recent breaches highlighted in our post from a year and a half ago proves. But the latest news stories from the retail industry have raised awareness of the threat. Here’s the one thing you most need to know: if your organization hasn’t already experienced a data breach, it probably will. The Privacy Rights Clearinghouse has kept a list of reported data breaches since 2005, which chronicles 4,164 separate breach incidents since that time, including a stunning 663,182,386 records breached! That list includes a Who’s Who of the largest, most sophisticated organizations on the planet. So if you think it can’t happen to you, think again. You can spend untold amounts of time and resources aimed at preventing a data breach, and you should certainly implement reasonable administrative, technical and physical safeguards aimed at protecting sensitive data. But data breaches happen, and the key to responding is preparedness. Check out our September 2012 post, and get started in building a workable plan.
For more information, contact John Hutchins.
February 3, 2014 No Comments