Tag: Communications

Five Ways to Encourage Lawyer Participation With Your CRM System

Lawyers are busy and often resistant to change, so getting them on board with using a new or even your existing CRM system can be challenging.

But if you approach your CRM efforts as a value-added benefit that will support their marketing and business development efforts and is not difficult to use or time-consuming, you can increase CRM adoption and participation by your lawyer population at any size law firm or professional services organization. Here’s how.

  1. Explain what’s in it for them. Spend the time to clearly outline to users how the CRM system will directly benefit them, not just the organiztion as a whole.
  2. Put yourself in their shoes. Overcomplicated systems and non-technical users are a recipe for disaster. The whole point of implementing a CRM system is to improve efficiency and productivity, not hinder it, so make it easy for your lawyers to use it – or they simply won’t. In addition, lawyers use many different systems on a daily basis, such as time and billing, practice management and document management. CRM can become the one place to get all or most of what they need and allow them more time to be lawyers. Tip – look for CRM systems that include customizable dashboards to personalize daily views.
  3. Show lawyers how easy it is to gain value and insights from the information in the CRM on their own. Engage your marketing professionals to regularly meet with lawyers on a regular basis to gather new and updated contact information.
  4. Find a system that makes it easy for lawyers to share appointments and activities with CRM. This way, marketing professionals can provide strategic, proactive support for upcoming prospect and client meetings based on CRM data. For example, let’s say your marketing manager sees a calendar appointment with a prospective client on an attorney’s schedule. She could then reach out to them and proactively create pitch materials and share who-knows-who info, past matters information and other intelligence. After meetings, attorneys can be prompted to add their meeting notes in CRM too.
  5. Maintain clean, updated CRM data. Your CRM is only as useful and strong as the information entered into it, so if its users are inputting inaccurate data, you’ll only distill inaccurate insights from it. Ensure your data is up to date and accurate, and implement a regular data cleaning process which you can outsource if you don’t have internal resources to manage it.

5 Ways to Encourage Lawyer Participation With Your CRM System

While the keys to CRM adoption success will vary for each firm, the common, important thread is always the “value exchange.” If you make it easy for your attorneys to contribute valuable information – and ensure they are getting value out of the CRM – adoption and CRM success will follow.

Increasing CRM adoption and participation takes time, but it is an important investment to make and one that will provide many long-term benefits for your lawyers and your firm.

Another strategy to consider: redefining CRM success by minimizing the need for attorney adoption. Many smart firms are moving away from the traditional model of having attorneys be responsible for data entry. We’ll discuss that in an upcoming post.

Article By Christina R. Fritsch JD of CLIENTSFirst Consulting

For more business of law legal news, click here to visit the National Law Review.

© Copyright 2022 CLIENTSFirst Consulting

Wegmans Settles With NYAG for $400,000 Over Data Incident

The New York Attorney General recently announced a data security-related settlement with Wegmans Food Markets. The issue arose in April 2021 regarding a cloud-based incident. At that time a security researcher notified Wegmans that the company had an Azure cloud storage container that was unsecured. Upon investigation, the company determined that the container had been misconfigured and that three million customer records had been publicly accessible since 2018. The records included email addresses and account passwords.

Of concern for the AG, among other things, were that the passwords were salted and hashed using SHA-1 hashing, rather than PBKDF2. Similarly, the AG found concerning the fact that the company did not have an asset inventory of what it maintained in the cloud. As a result, no security assessments were conducted of its cloud-based databases. The NYAG also took issue with the company’s lack of long-term logging: logs for its Azure assets were kept for only 30 days. Finally, the company kept checksums derived from customer driver’s license information, something for which the NYAG did not feel the company had a “reasonable business purpose” to collect or maintain.

The NYAG argued that these practices were both deceptive and unlawful in light of the promises Wegman’s made in its privacy policy. It also felt that the practices were a violation of the state’s data security law. As part of the settlement, Wegmans agreed to pay $400,000. It also agreed to implement a written information security program that addresses, among other things:

  1. asset management that covers cloud assets and identifies several items about the asset, including its owner, version, location, and criticality;
  1. access controls for all cloud assets;
  1. penetration testing that takes into account cloud assets, and includes at least one annual test of the cloud environment;
  1. central logging and monitoring for cloud assets, including keeping cloud logs readily accessible for 90 days (and further stored for a year from logged activity);
  1. customer password management that includes hashing algorithms and a salting policy that is at least commensurate with NIST standards and “reasonably anticipated security risks;” and
  1. policies and procedures around data collection and deletion.

Wegmans agreed to have the program assessed within a year of the settlement, with a written report by the third-party assessor provided to the NYAG. It will also conduct at-least-annual reviews of the program. As part of that review it will determine if any changes are needed to better protect and secure personal data.

Putting It Into Practice: This case is a reminder for companies to think not only about assets on its network, but its cloud assets, when designing a security program. Part of these efforts include clearly identifying locations that house personal information (as defined under security and breach laws) and evaluating the security practices and controls in place to protect that information. The security program elements the NYAG has asked for in this settlement signal its expectations of what constitutes a reasonable information security program.

Article By Kari M. Rollins and Liisa M. Thomas of Sheppard, Mullin, Richter & Hampton LLP

For more data privacy legal news, click here to visit the National Law Review.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.

Italian Garante Bans Google Analytics

On June 23, 2022, Italy’s data protection authority (the “Garante”) determined that a website’s use of the audience measurement tool Google Analytics is not compliant with the EU General Data Protection Regulation (“GDPR”), as the tool transfers personal data to the United States, which does not offer an adequate level of data protection. In making this determination, the Garante joins other EU data protection authorities, including the French and Austrian regulators, that also have found use of the tool to be unlawful.

The Garante determined that websites using Google Analytics collected via cookies personal data including user interactions with the website, pages visited, browser information, operating system, screen resolution, selected language, date and time of page views and user device IP address. This information was transferred to the United States without the additional safeguards for personal data required under the GDPR following the Schrems II determination, and therefore faced the possibility of governmental access. In the Garante’s ruling, website operator Caffeina Media S.r.l. was ordered to bring its processing into compliance with the GDPR within 90 days, but the ruling has wider implications as the Garante commented that it had received many “alerts and queries” relating to Google Analytics. It also stated that it called upon “all controllers to verify that the use of cookies and other tracking tools on their websites is compliant with data protection law; this applies in particular to Google Analytics and similar services.”

Article By the Privacy and Cybersecurity Practice Group at Hunton Andrews Kurth

For more data privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

Heated Debate Surrounds Proposed Federal Privacy Legislation

As we previously reported on the CPW blog, the leadership of the House Energy and Commerce Committee and the Ranking Member of the Senate Commerce Committee released a discussion draft of proposed federal privacy legislation, the American Data Privacy and Protection Act (“ADPPA”), on June 3, 2022. Signaling potential differences amongst key members of the Senate Committee on Commerce, Science, and Transportation, Chair Maria Cantwell (D-WA) withheld her support. Staking out her own position, Cantwell is reportedly floating an updated version of the Consumer Online Privacy Rights Act (“COPRA”), originally proposed in 2019.

Early Stakeholder Disagreement

As soon as a discussion draft of the ADPPA was published, privacy rights organizations, civil liberty groups, and businesses entered the fray, drawing up sides for and against the bill. The ACLU came out as an early critic of the legislation. In an open letter to Congress sent June 10, the group urged caution, arguing that both the ADPPA and COPRA contain “very problematic provisions.” According to the group, more time is required to develop truly meaningful privacy legislation, as evidenced by “ACLU state affiliates who have been unable to stop harmful or effectively useless state privacy bills from being pushed quickly to enactment with enormous lobbying and advertising support of sectors of the technology industry that resist changing a business model that depends on consumers not having protections against privacy invasions and discrimination.” To avoid this fate, the ACLU urges Congress to “bolster enforcement provisions, including providing a strong private right of action, and allow the states to continue to respond to new technologies and new privacy challenges with state privacy laws.”

On June 13, a trio of trade groups representing some of the largest tech companies sent their open letter to Congress, supporting passage of a federal privacy law, but ultimately opposing the ADPPA. Contrary to the position taken by the ACLU, the industry groups worry that the bill’s inclusion of a private right of action with the potential to recover attorneys’ fees will lead to litigation abuse. The groups took issue with other provisions as well, such as the legislation’s restrictions on the use of data derived from publicly-available sources and the “duty of loyalty” to individuals whose covered data is processed.

Industry groups and consumer protection organizations had the opportunity to voice their opinions regarding the ADPPA in a public hearing on June 14. Video of the proceedings and prepared testimony of the witnesses are available here. Two common themes arose in the witnesses’ testimony: (1) general support for federal privacy legislation; and (2) opposition to discrete aspects of the bill. As has been the case for the better part of a decade in which Congress has sought to draft a federal privacy bill, two fundamental issues continue to drive the debate and must be resolved in order for the legislation to become law: the private right of action to enforce the law and preemption of state laws or portions of them. . While civil rights and privacy advocacy groups maintain that the private right of action does not go far enough and that federal privacy legislation should not preempt state law, industry groups argue that a private right of action should not be permitted and that state privacy laws should be broadly preempted.

The Path Forward

The Subcommittee on Consumer Protection and Commerce of the House Energy and Commerce Committee is expected to mark up the draft bill the week of June 20. We expect the subcommittee to approve the draft bill with little or no changes. The full Energy and Commerce Committee should complete work on the bill before the August recess. Given the broad bipartisan support for the legislation in the House, we anticipate that the legislation, with minor tweaks, is likely to be approved by the House, setting up a showdown with the Senate after a decade of debate.

With the legislative session rapidly drawing to a close, the prospects for the ADPPA’s passage remain unclear. Intense disagreement remains amongst key constituency groups regarding important aspects of the proposed legislation. Yet, in spite of the differences, a review of the public comments to date regarding the ADPPA reveal one nearly unanimous opinion: the United States needs federal privacy legislation. In light of the fact that most interested parties agree that the U.S. would benefit from federal privacy legislation, Congress has more incentive than ever to reach compromise regarding one of the proposed privacy bills.

Article By Shea Leitch, Jeffrey L. Turner, Kristin L. Bryan, and Kyle R. Fath of Squire Patton Boggs (US) LLP

For more data privacy and cybersecurity legal news, click here to visit the National Law Review.

© Copyright 2022 Squire Patton Boggs (US) LLP

NCLC Tells FCC “Callers can easily avoid making calls to telephone numbers that have been reassigned….” – But Is it That Simple?

The National Consumer Law Center is at it again.

In response to the Department of Health and Human Services’ recent letter to the FCC seeking clarity on whether the TCPA applies to texts it would like to make to alert Americans of certain medical benefits, the NCLC–an organization that nominally represents consumers, but really seems to represent the interests of the plaintiff’s bar–has filed a comment.

Unsurprisingly, the NCLC takes the position that HHS needs no relief. Government contractors are covered by the TCPA–it says–but the texts at issue in HHS’ letter are consented, so they’re fine. (Although it later clarifies that only “many” but not “all” of the enrollees whom HHS wishes to call have “probably” given their telephone numbers as part of written enrollment agreements–so perhaps not.)

Hmmmm. Feels like a trap. But we’ll ignore that for now.

The critical piece here though is what the NCLC–very powerful voice, for better or (often) worse–is telling the FCC about the effectiveness of the new Reassigned Number Database:

3. Callers can easily avoid making calls to telephone numbers that have been reassigned to someone other than the enrollee

A primary source of TCPA litigation risk has been calls inadvertently made to numbers that are no longer assigned to the person who provided consent. Courts have held the caller liable for making automated calls to a cell phone number that has been reassigned to someone other than the person who provided consent to be called.29

The Commission has implemented the Reassigned Number Database specifically to address that risk of liability, as well as to limit the number of unwanted robocalls:

The FCC’s Reassigned Numbers Database (RND) is designed to prevent a consumer from getting unwanted calls intended for someone who previously held their phone number. Callers can use the database to determine whether a telephone number may have been reassigned so they can avoid calling consumers who do not want to receive the calls. Callers that use the database can also reduce their potential Telephone Consumer Protection Act (TCPA) liability by avoiding inadvertent calls to consumers who have not given consent for the call.31

The database has been fully operational since November 1, 2021. It provides a means for callers to find out before making a call if the phone number has been reassigned. If the database wrongly indicates that the number has not been reassigned, so long as the caller has used the database correctly, no TCPA liability will apply for reaching the wrong party. 32 Thus, as long as HHS’s callers make use of this simple, readily available database, they can be confident that they will not be held liable for making calls to reassigned numbers.

While I steadfastly support both the creation and use of the RND, it also must be observed that there are myriad problems with the RND as it currently exists. Most importantly, the data sets in the RND are only comprehensive through October 1, 2021 and spotty back to February, 2021 (beyond which there are no records!)

So for folks like HHS–and servicers of mortgages, and retailers, and credit card companies–who want to reach customers who provided their contact information before 10/2021 or 2/2021 the RND is simply not helpful.

The NCLC’s over simplification of a critical issue is not surprising. They once told Congress that the TCPA is “Straightforward and Clear” after all.

Full comment here: NCLC Comments-c3

We’ll keep an eye on developments on HHS’ letter and all the FCC goings ons.

Article By Eric J. Troutman of Troutman Firm

For more TCPA and communications legal news, click here to visit the National Law Review.

© 2022 Troutman Firm

French Insider Episode 12: Navigating the Metaverse with Jim Gatto [PODCAST]

Joining host Sarah Aberg is Jim Gatto. Jim joins us today to discuss the metaverse, the technology and business models involved in these virtual worlds, the role of NFTs and cryptocurrency in the digital economy, and the legal, regulatory, and governance issues that can arise when companies seek to enter that space.

Jim Gatto is a partner in Sheppard Mullin’s Washington, D.C. office, where he leads the  Blockchain & Fintech Team, Social Media & Games Team, and Open Source Team. Jim’s practice focuses on blockchain, interactive entertainment, digital art, AI, and online gambling. He advises clients on IP strategies, development and publishing agreements, licensing and technology transaction agreements, and tech regulatory issues. Jim has been involved with blockchain since 2012 and has been recognized as a thought leader by leading organizations including as a Cryptocurrency, Blockchain and Fintech Trailblazer by the National Law Journal.

Sarah Aberg is special counsel in the White Collar Defense and Corporate Investigations Group in Sheppard Mullin’s New York office. Sarah’s practice encompasses litigation, internal investigations and white collar defense.  Her areas of focus include financial services and securities, as well as corporate fraud in a variety of industries, including technology, construction, and non-profits.  Sarah’s regulatory practice encompasses market regulation, foreign registration and disclosure requirements, supervisory procedures, and sales practices.  Sarah represents corporations, financial services companies, and associated individuals in connection with investigations and regulatory matters before the U.S. Department of Justice, the Securities and Exchange Commission, the Commodity Futures Trading Commission, FINRA, the New York Stock Exchange, the New York State Department of Financial Services, and the New York Attorney General’s Office.

What We Discussed in This Episode:

  1. What is the Metaverse?
  2. How Do Metaverses Differ from Earlier Virtual Worlds?
  3. What Role Do NFTs Play in the Digital Economy?
  4. Investing in a Metaverse: What are the Risks?
  5. What are Legal, Regulatory, and Tax Considerations?
  6. What Governance Issues Exist for Brands Operating in a Metaverse?
  7. What are the Inflationary and Deflationary Aspects of the Virtual Economy?
  8. How Might Blockchain and Cryptocurrency Alter International Financial Transactions?
  9. Is the World Moving into a Virtual/Digital Economy?

Article By Sarah E. Aberg and James G. Gatto of Sheppard, Mullin, Richter & Hampton LLP

For more technology and internet legal news, click here to visit the National Law Review.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.

How Businesses Can Use LinkedIn Company Newsletters in Their Marketing Efforts

LinkedIn has added what I think is the most helpful tool in a long time for businesses to engage with and bring value to their followers – the ability for LinkedIn Company Pages to publish email newsletters right through LinkedIn.

This underscores the importance of having a company page and how it can be used as a content hub for marketing and recruiting your business.

Linked Company Page newsletters are available to businesses with more than 150 followers that actively maintain their LinkedIn presences.

You can create a LinkedIn Company Page newsletter in three simple steps:

  1. Create: Start writing an article on and select “Create a Newsletter.” Give it a title, add a header image (it prompts you with the dimensions) and cut and paste your text. You can add hyperlinks and images for each article too.
  2. Publish: When you publish your newsletter it will post to your feed and LinkedIn will notify your followers. They can opt in to receive email and in-platform notifications when you publish new content.
  3. Review performance: View the analytics of each newsletter sent out and see the number of subscribers. The number increases pretty quickly which is awesome. And it’s opt in so you don’t have to worry about GDPR rules.

There’s a lot of opportunity here because it is a new feature (for companies – it’s been available to individuals for a short time) and most companies don’t know about it yet (and certainly aren’t using it yet), so being an early adopter is to your benefit.

Even if you send out an email newsletter, you should still utilize the LinkedIn platform to send out a newsletter because you will reach a different audience and cast a wider net for your content.

In addition, people are opting into this newsletter, so it’s not building an audience from scratch, and if you haven’t ever sent out an email newsletter, this is a great way to start. If email marketing programs and CRM management tools overwhelm you, this is a great way to test out the waters.

It’s also really easy to repurpose content you already have. I would include hyperlinks to your website or blog with the full text (in order to keep the newsletter short and to drive traffic to your site).

You can embed links from YouTube into the newsletter to play. Check out my LinkedIn newsletter to see how it looks.

Here are some content ideas for what you can include in your LinkedIn Company Page Newsletter:

  • Article snippets with links to your latest blog posts or client alerts
  • Links to past webinars (provide a synopsis too)
  • Links to recent podcasts and videos (with shownotes)
  • Recent case studies
  • Q&As with your employees
  • Highlights of your community service/pro bono work
  • Announcements of your recent hires
  • Recent press coverage (this would be the only place where I would recommend including self-promotional items in the newsletter – the rest of it should be client-focused)
  • Upcoming events/webinars – this is a great way to promote them
  • Open jobs – why not promote them through this newsletter? It’s a competitive job market
  • News about your diversity and women’s initiatives programs – clients care a lot about this

Check out this new feature and let me know what you think of it. With nearly 800 million people on LinkedIn and the fact that your competitors are very likely not using it yet, it’s at least worth trying out.

Article By Stefanie M. Marrone of Stefanie Marrone Consulting

For more business of law thought leadership, click here to visit the National Law Review.

Copyright © 2022, Stefanie M. Marrone. All Rights Reserved.

Chinese APT41 Attacking State Networks

Although we are receiving frequent alerts from CISA and the FBI about the potential for increased cyber threats coming out of Russia, China continues its cyber threat activity through APT41, which has been linked to China’s Ministry of State Security. According to Mandiant, APT41 has launched a “deliberate campaign targeting U.S. state governments” and has successfully attacked at least six state government networks by exploiting various vulnerabilities, including Log4j.

According to Mandiant, although the Chinese-based hackers are kicked out of state government networks, they repeat the attack weeks later and keep trying to get in to the same networks via different vulnerabilities (a “re-compromise”). One such successful vulnerability that was utilized is the USAHerds zero-day vulnerability, which is a software that state agriculture agencies use to monitor livestock. When the intruders are successful in using the USAHerds vulnerability to get in to the network, they can then leverage the intrusion to migrate to other parts of the network to access and steal information, including personal information.

Mandiant’s outlook on these attacks is sobering:

“APT41’s recent activity against U.S. state governments consists of significant new capabilities, from new attack vectors to post-compromise tools and techniques. APT41 can quickly adapt their initial access techniques by re-compromising an environment through a different vector, or by rapidly operationalizing a fresh vulnerability. The group also demonstrates a willingness to retool and deploy capabilities through new attack vectors as opposed to holding onto them for future use. APT41 exploiting Log4J in close proximity to the USAHerds campaign showed the group’s flexibility to continue targeting U.S state governments through both cultivated and co-opted attack vectors. Through all the new, some things remain unchanged: APT41 continues to be undeterred by the U.S. Department of Justice (DOJ) indictment in September 2020.

Both Russia and China continue to conduct cyber-attacks against both private and public networks in the U.S. and there is no indication that the attacks will subside anytime soon.

Article By Linn F. Freedman of Robinson & Cole LLP

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

Organizational Use of Social Media: Boon or Burden?

Organizational use of social media has evolved precipitously from the early days when social media was viewed as little more than a novel marketing concept on the fringe of broader traditional advertising campaigns.

However, with the increase in innovation comes concern over the extent to which increased organizational activities on social media may expose the organization to potential civil liability. Indeed, organizational use of social media has been described by some as a “virtual Pandora’s Box,” which is at once an exciting boon for business but filled to the brim with the potential for legal exposure.1 This article explores some of the most common insurance coverage issues organizations are likely to experience as their use of social media continues to expand and evolve. Although the article focuses on organizational issues, many of the principles described are equally applicable to coverage issues which may arise from an individual’s use of social media under consumer-focused policies.

As social media has become increasingly ingrained in the average consumer’s life, organizations and commercial entities have developed innovative ways to leverage their own social media presence as a marketing tool and as a means by which they can communicate directly with the consumer. For many organizations, this evolution means nothing more than using social media as an analogue to traditional advertising concepts, such as banner and sidebar ads, audio and video spots, product placement, and endorsement deals. For others, social media is at the core of the organization’s operations. Indeed, it is not uncommon for the world’s leading corporations to devote entire teams to the development and use of social media. Organizations running the gamut from national governments and major religious institutions, to startup social activist groups and mom-and-pop shops have found creative ways to use social media for endeavors ranging from disaster and emergency response, security at major events, breaking news coverage, broadscale organizational efforts, get out the word efforts, and customer service response centers.2

But as is all too often the case with innovation, the increase in organizational use of social media has been accompanied by litigation presenting novel legal questions on a variety of social media-related issues. And with the increase in litigation have come questions over the degree to which Commercial General Liability (“CGL”) insurance—the principles of which were developed decades before pioneering social media platforms such as MySpace and Friendster emerged—can keep up with ever evolving trends in the social media landscape. Fortunately, the legal theories under which social media-related lawsuits most typically arise are quite familiar. Libel, slander, copyright infringement, use of another’s advertising idea, and invasion of privacy all remain the stalwarts of the industry.3 Though courts throughout the nation have struggled at times to apply CGL’s pre-internet principles to modern day realities, traditional common law principles remain at the core of resolving these seemingly novel issues. Accordingly, and because courts have seemed inclined to require CGL carriers to provide coverage where the issues involved resemble otherwise traditional common law principles, organizations seeking to navigate the ever-evolving scope and substance of social-media related claims must keep traditional common law concepts in mind.

As a preliminary matter, social media comes with certain fundamental characteristics about which organizations must remain cognizant when developing their social media strategies. Indeed, the very feature of social media to which organizations are drawn most—the potential for cheap and instant access to 73% of the country4—necessarily implies that when a potentially problematic tweet or post catches steam, it stands to be shared far and wide and memorialized for all to see. Given the inherently “viral” nature of social media, plaintiffs are often well positioned to establish special damages by virtue of the far-reaching consequences of social media exposure alone. This is particularly problematic in libel-based defamation claims, which require proof of special damages as an element of the claim.5 Predictably, lawsuits alleging libel have grown in popularity as organizational use of social media has evolved,6 and given the wide array of theories under which such claims have been successful, they are perhaps the most problematic.7 Indeed, libel claims arising from organizational use of social media have become so common that that the phrase “Twibel”—a portmanteau of “Twitter” and “libel”—has emerged as a new favorite in the legal lexicon.

But claims arising from organizational use of social media are not limited to defamation alone. In jurisdictions that recognize the tort of invasion of privacy, courts have required CGL carriers to provide coverage in causes of action resulting from an insured’s role in the release of a third-party’s confidential information online.8 However, where the invasion of privacy has resulted from intentional conduct on the part of a third-party—such as a data breach—courts are divided on the issue of whether any potential negligence on the part of the insured satisfies the “publication” requirement of the invasion of privacy claim.9

Courts have also found that CGL coverage for so-called “advertising ideas” extends to social media-related claims.10 While these issues commonly resemble traditional trademark and trade dress infringement claims,11 some courts have interpreted Coverage B to encompass claims arising from organizations’ alleged infringement on another’s advertising strategy more broadly.12 Further, courts have used advertising ideas coverage to address publicity rights cases13 and, under certain circumstances, to encompass claims arising from patents related to internet and website functionality.14 Claims alleging intellectual property infringement have also commonly been held to apply to social media conduct under Coverage B’s express coverage for copyright, trade dress, and slogan infringement.15 Such claims are particularly likely to arise where an organization adopts content created by its social media followers without permission to do so.16

Importantly, recent revisions to CGL forms expressly contemplate certain social media conduct as “advertisement” for the purpose of coverage arising from advertising idea and infringement-related claims. Because these forms often set forth specific definitions of what constitutes an advertisement in the context of social media, organizations must pay close attention to what types of social media activity are and are not covered when developing their social media strategies.17

One interesting evolution in advertising in which such definitions have played an important role is the advent of an “influencer” industry, which has raised novel questions as to the degree to which a paid influencer’s representations of a product or infringement upon another’s intellectual property may constitute an advertisement for Coverage B purposes.18

Finally, it is worth noting that while Coverage B has been interpreted to cover a broad variety of claims arising from an organization’s use of social media, evolutions in policy exclusions and coverage limits may in some cases defeat coverage for social media-related claims.19 In particular, exclusions applicable to prior publication, intellectual property, media and internet, electronic chatrooms and bulletin boards, and unauthorized use of another’s name exclusions all stand to be implicated. However, because exclusions vary from policy to policy and are ever-evolving, a detailed examination of their potential broad applicability to social media-related claims generally is outside the scope of this article.

As this article demonstrates, organizational use of social media has emerged as a lucrative means by which organizations can market themselves and connect individually with their market base. However, as the means by which organizations use social media continues to evolve, so too have the legal theories under which social media-related claims are raised. However, with careful planning and an eye toward trends in the industry and the availability of increasingly diverse coverage options, organizations can make the most of the social media boon without falling prey to its potential pitfalls.

  1. Susan Evans Jennings, Justin R. Blount, & M. Gail Weatherly, Social Media—A Virtual Pandora’s Box: Prevalence, Possible  Legal Liabilities, and Policies, 77(1) Business & Professional Communication Quarterly, 96 (2014).

  2. See generally Matteo Tonello, Corporate Use of Social Media, Harvard Law School Forum on Corporate Governance, May 17, 2016.

  3. Although outside the scope of this article, organizational use of social media can under certain circumstances implicate federal regulatory issues. See Lord & Taylor Settles FTC Charges It Deceived Consumers Through Paid Article in an Online Fashion Magazine and Paid Instagram Posts by 50 “Fashion Influencers”, Federal Trade Commission (Mar. 15, 2016) https://www.ftc. gov/news-events/press-releases/2016/03/lord-taylor-settles-ftc-charges-it-deceived-consumers-through.

  4. See Social Media Fact Sheet, Pew Research, https://www.pewresearch.org/internet/fact-sheet/social-media/.

  5. See Restatement (Second) of Torts § 558 (describing the elements of defamation as “(1) a false factual statement concerning the plaintiff (2) published to a third-party (3) that is made either negligently or with malice, and (4) results in special damages”).

  6. See Raymond Placid, Judy Wynekoop, & Roger W. Feicht, Twibel: The Intersection of Twitter & Libel, 90 Fl. Bar J. 8, 32 (Sep./ Oct. 2016).

  7. See, e.g.AIX Specialty Ins. Co. v. Big Limo, Inc., Case No. 3:21-cv-08, 2021 WL 2708902, at *4–5 (S.D. Ohio July 1, 2021) (holding that an insurer had a duty to defend its insured nightclub under a theory of defamation where the nightclub had allegedly used a model’s picture in a Facebook post to promote a cabaret); Jar Labs. v. Great Am. E&S Ins. Co., 945 F. Supp. 2d 937 (N.D. Ill. 2013) (holding that an insurer had a duty to defend its insured under a theory of implied disparagement where the insured had published a Facebook post implicitly representing a competitor’s products in a false and misleading way).

  8. See State Farm Gen Ins. Co. v. JR’s Frames, Inc., 181 Cal. App. 4th 429, 448 (2010); Travelers Indem. Co. of Am. v. Portal Healthcare Sols., LLC, 644 F. App’x 245 (4th Cir. (Va.) 2016).

  9. See, e.g., St. Paul Fire & Marine Ins. Co. v. Rosen Millennium, Inc., 2018 WL 4732718, at *3 (M.D. Fla. Sept. 28, 2018); Innovak Int’l v. Hanover Ins. Co., 280 F. Supp. 3d 1340 (M.D. Fla. 2017); Zurich Am. Ins. Co. v. Sony Corp. of Am., 2014 WL 8382554 (N.Y. Sup. Ct. Feb. 21, 2014) (denying claims for invasion of privacy where the publication at issue arose from intentional third-party conduct); but see Landry’s Inc. v. Ins. Co. of the State of Penn., 4 4th 366, 270 (5th Cir. (Tex.) 2021) (requiring an insurer to defend against publication of personally identifiable information resulting from a data breach).

  10. See Atlantic Mut. Ins. Co. v. Badger Medical Supply Co., 528 N.W.2d 486, 490 (Wis. App. 1995) (defining “advertising idea” as “an idea for calling public attention to a product or business, especially by proclaiming desirable qualities so as to increase sales or patronage”).

  11. See Cat Internet Servs., Inc. v. Providence Washington Ins. Co., 333 F.3d 138, 142 (3rd Cir. (Penn.) 2003).

  12. See Great American Inc. Co. v. Beyond Gravity Media, Inc., Case No. 3:20-cv-53, 2021 WL 4192738 (S.D. Tex. Sept. 15, 2021) (finding that an insured’s use of the claimant’s martial arts-themed advertising strategy was subject to CGL coverage); See also Native Am. Arts, Inc. v. Hartford Cas. Ins. Co., 435 F.3d 729 (7th Cir. 2006); Gustafson v. Am. Family Mut. Ins. Co., 901 F. Supp. 2d 1289 (D. Colo. 2012).

  13. See Air Eng., Inc. v. Industrial Air Power, LLC, 828 N.W.2d 565 (Wis. App. 2013); Hyundai Motor Am. v. Nat’l Union Fire Ins. Co. of Pittsburgh, PA., 600 F.3d 1092 (9th Cir. (Cal.) 2010); but see Holyoke Mut’l Ins. Co. in Salem v. Vibram USA Inc., 106 N.E.3d 572 (Mass. 2018) (rejecting claim that Coverage B provides coverage for traditional patent infringement claim).

  14. See Gencor Indus, Inc. v. Wausau Underwriters Ins. Co., 857 F. Supp. 1560 (M.D. Fla. 1994).

  15. See generally Daniel I. Graham Jr. & Thomas W. Arvanitis, Social Media Risks & “Personal & Advertising Injury” Coverage Issues, DRI Insurance Coverage & Practice Symposium, December 9–10, 2021. A special thanks to the authors for their extensive research, from which this article benefits considerably.

  16. See Stross v. Redfin Corp., 730 Fed. App’x 198 (5th Cir. 2018).

  17. See Graham & Arvanitis, supra, at 10–11.

  18. Michael B. Rush, Social Media Advertising Under CGL Coverage B, The National Law Review, May 21, 2019.

  19. See Graham & Arvanitis, supra, at 11.

This article was written by Christopher S. Etheredge of Steptoe & Johnson law firm. For more articles about social media use, please click here.

New Poll Underscores Growing Support for National Data Privacy Legislation

Over half of all Americans would support a federal data privacy law, according to a recent poll from Politico and Morning Consult. The poll found that 56 percent of registered voters would either strongly or somewhat support a proposal to “make it illegal for social media companies to use personal data to recommend content via algorithms.” Democrats were most likely to support the proposal at 62 percent, compared to 54 percent of Republicans and 50 percent of Independents. Still, the numbers may show that bipartisan action is possible.

The poll is indicative of American’s increasing data privacy awareness and concerns. Colorado, Virginia, and California all passed or updated data privacy laws within the last year, and nearly every state is considering similar legislation. Additionally, Congress held several high-profile hearings last year soliciting testimony from several tech industry leaders and whistleblower Frances Haugen. In the private sector, Meta CEO Mark Zuckerberg has come out in favor of a national data privacy standard similar to the EU’s General Data Protection Regulation (GDPR).

Politico and Morning Consult released the poll results days after Senator Ron Wyden (D-OR) accepted a 24,000-signature petition calling for Congress to pass a federal data protection law. Senator Wyden, who recently introduced his own data privacy proposal called the “Mind Your Own Business Act,” said it was “past time” for Congress to act.

He may be right: U.S./EU data flows have been on borrowed time since 2020. The GDPR prohibits data flows from the EU to countries with inadequate data protection laws, including the United States. The U.S. Privacy Shield regulations allowed the United States to circumvent the rule, but an EU court invalidated the agreement in 2020, and data flows between the US and the EU have been in legal limbo ever since. Eventually, Congress and the EU will need to address the situation and a federal data protection law would be a long-term solution.

This post was authored by C. Blair Robinson, legal intern at Robinson+Cole. Blair is not yet admitted to practice law. Click here to read more about the Data Privacy and Cybersecurity practice at Robinson & Cole LLP.

For more data privacy and cybersecurity news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.