Tag: Internet

ADA Compliance for Law Firm Websites in 2022

Legal reasoning involves applying the law to the facts to determine the rights and duties of those involved in a situation. Lawyers frequently take the position that the application of rules should settle disputes and that policies will be considered, if at all, only when there is a high degree of uncertainty surrounding the applicability of the rule. The lawyer might take the position that it is always preferable to seek the result that would further the underlying policies, even if that result would be contrary to the clear language of the rules.

But what if no explicit rules currently exist?

That is the issue with website compliance under the Americans with Disabilities Act (ADA). The Act does not offer specific guidelines to follow; however, websites are expected to be easily accessible to everyone, including those who are disabled. The failure to create an ADA-compliant website could expose an organization to discrimination lawsuits, financial liabilities, and severe damage to its reputation.

What is the ADA?

The ADA compels certain businesses, including banks, hotels, restaurants, public transit, law firms, and others to make accommodations for people with disabilities. According to the National Law Review, the Act is divided into three parts:

  • Title I prohibits employers from discriminating against employees based on disability and requires them to provide reasonable accommodation to certain employees under specific circumstances.
  • Title II covers state and local governments.
  • Title III covers “places of public accommodation,” which the ADA does not define, but are generally private businesses or organizations that provide goods, services, facilities, privileges, or accommodations to the public. These places commonly include schools, restaurants, health care providers, social service agencies, law firms, and more.

The ADA is commonly associated with physical locations and the accommodations that certain businesses must make for people with disabilities, which include wheelchair accessibility, reserved parking, and service animals. Companies that fall under ADA Title I and operate 20 or more weeks per year with at least 15 full-time employees, or Title III – those that fall under the category of public accommodation – must be ADA-compliant.

Although physical “brick-and-mortar” locations are nearly always considered places of public accommodation, the debate is ongoing as to whether a business’s website is a place of accommodation. If so, the digital content must be accessible to all users.

A law firm website must be designed so that those who are disabled can access it easily to comply with ADA requirements. While there are no well-defined regulations that describe precisely what an ADA-compliant website should include, businesses that fall under ADA Title I or ADA Title III are required to develop a website that offers “reasonable accessibility” to people with disabilities.

Compliance Tools & Plugins

Because the ADA doesn’t offer specific guidelines for website compliance, many organizations follow the Web Content Accessibility Guidelines 2.0 (WCAG), updated to 2.1 in 2018. While WCAG isn’t a legal requirement, its requirements have been followed in the European Union and other nations since 1999 and still serves as a reference for businesses that want to improve accessibility to their website.

Under WCAG 2.1, website accessibility concerns generally fall into four groups. These include issues that are:

  • Perceivable – issues that affect users’ ability to locate and process the information on a website, e.g., many visually-impaired individuals use screen readers to distinguish between the text and the background to help them navigate online content.
  • Operable – challenges that impair users’ ability to navigate a site, e.g., functions and navigations such as online forms should be accessible via keyboard-only commands, and users who need additional time to complete them should be allowed to do so.
  • Understandable – users should be able to comprehend the information on the site, e.g., error messages that provide an explanation and directions for correcting an error should be offered.
  • Robust – can be interpreted by various devices and platforms according to the varying needs and abilities of users, e.g., the alt text that should pop up to let users know what it is when read by assistive technology when they hover over an image.

Here are more suggestions regarding what to include to help ensure ADA website compliance:

  • “Alt” tags for every media file and map
  • Descriptive HTML tags for online forms
  • Hyperlinks with descriptive anchor text
  • “Skip navigation” links on all website pages
  • Heading tags to organize text
  • Accessible PDF files
  • Subtitles, transcripts, and audio descriptions for videos
  • Accessible fonts for all applications
  • HTML tables with column headers, row IDs, and cell information
  • Captions written in English for audio files
  • Call-to-action buttons with easily accessible names and ARIA labels
  • A website accessibility policy
  • Easy to find contact information

Meeting these guidelines will make a firm’s website more accessible to those with vision or hearing impairments, as well as cognitive, language, or learning disabilities.

Court Rulings Regarding Website ADA Compliance

According to the American Bar Association (ABA), the number of accessibility-related lawsuits filed against websites has increased dramatically in recent years. Plaintiffs are basing these lawsuits on two legal theories:

  1. Title IIIs “equal access and general nondiscrimination mandate
  2. A requirement that places of public accommodation must provide auxiliary aids and services as necessary (for no extra charge)

Although neither Title III nor its regulations mention websites and mobile applications, the phase “auxiliary aids and services” includes “accessible electronic and information technology,” which covers websites and mobile apps.

ADA Title III Lawsuits Filed Each Year Graph
Image by Seyfarth via adatitleiii.com

A recent ABA analysis of court filings related to ADA website compliance found:

  • Federal courts across the country were inundated with more than 8,000 website accessibility lawsuits between 2017 and 2020.
  • In 2020, three states – New York, Florida, and California – brought more than 85 percent of all the ADA website compliance lawsuits.
  • Since 2018, website and mobile app accessibility disputes have accounted for approximately 20 percent of all ADA Title III cases initiated in federal courts, which now regularly exceed 10,000 suits each year.

These statistics do not consider a significant number of website and mobile app cases pursued in state courts, cases settled before filing in court, and DOJ enforcement proceedings that are resolved prior to court filing.

Here are some examples of court rulings related to ADA compliance and websites:

Gil v. Winn-Dixie Stores Inc.

In June 2107, a Florida court ruled in favor of a blind plaintiff who brought an ADA violation lawsuit against Winn-Dixie. The man claimed that aspects of the supermarket chain’s site weren’t compatible with screen readers, leaving him unable to order his medications online or download rewards cards. The trial court agreed that the website was inaccessible to those with impaired vision and ordered that it be brought into compliance with the WCAG 2.0 Level AA.

Although Winn-Dixie complied with the court order, in April 2021, the Eleventh Circuit Court of Appeals overturned the trial court’s decision, finding that Winn-Dixie was not in violation of the ADA because it did not need accessibility aids to conduct business. After that, however, Winn-Dixie posted an accessibility statement on its website that commits to adhere to WCAG 2.0 AA by using testers from the disability community to check the accessibility of their website periodically.

Robles v. Domino’s Pizza

Domino’s Pizza lost a website accessibility lawsuit in 2019 after years of exhaustive litigation when a federal district court in California granted the plaintiff’s motion for summary judgment after it determined that the website was indeed not fully accessible. The court ordered Domino’s to make its website compliant with the WCAG 2.0 to connect customers to the goods and services of Domino’s physical restaurants.

The court held that the ADA applied to Domino’s website and app because the Act requires places of public accommodation, like Domino’s, to offer auxiliary aids and services to make visual materials available to blind individuals. Although customers primarily access the Domino’s website and app outside its physical restaurants, the court found that the Act pertains to the services of public accommodation, not services in a place of public accommodation.

Andrews v. Blick Art Materials

In 2017, Victor Andrews, who is blind, filed a lawsuit against Blick Art Materials for website inaccessibility. Andrews alleged that because Blick’s website was inaccessible, he could not navigate and purchase items on the defendant’s website independently. When Blick made a motion to dismiss the lawsuit, Judge Jack Weisenstein denied it and made this statement:

Today, internet technology enables individuals to participate actively in their community and engage in commerce from the comfort and convenience of their home. It would be a cruel irony to adopt the interpretation of the ADA espoused by Blick, which would render the legislation intended to emancipate the disabled from the bonds of isolation and segregation obsolete when its objective is increasingly within reach.

The ruling in this case and others illustrates that businesses need to consider their websites equivalent to a place of public accommodation, which puts them at risk of being sued, even without explicit web accessibility regulations.

Latest DOJ Guidelines

In 2010, the Department of Justice (DOJ) launched a rulemaking process to address ADA requirements for website accessibility, including technical standards for accessible websites. However, that effort stalled for seven years during the Obama administration (even though the administration continued to pursue investigations and enforcement actions against businesses with inaccessible websites).

The Trump administration abandoned the process to interpret the ADA entirely in 2017. In 2018, the DOJ revealed that it would not give official guidance regarding website accessibility under the Act, releasing this statement:

The Department is evaluating whether promulgating regulations about the accessibility of Web information and services is necessary and appropriate. Such an evaluation will be informed by additional review of data and further analysis. The Department will continue to assess whether specific technical standards are necessary and appropriate to assist covered entities with complying with the ADA.

Since the DOJ’s withdrawal, the number of lawsuits involving website accessibility increased dramatically, raising awareness regarding website accessibility among businesses but also causing confusion surrounding what features an ADA-compliant website should include. As a result, numerous website accessibility consulting companies emerged promising inexpensive solutions. However, some have been challenged in court.

In June 2018, some bipartisan members of the U.S. House of Representatives sent a letter to Attorney General Jeff Sessions encouraging the DOJ to release clear website accessibility regulations to diminish the unclear nature of current legislation. On September 25, 2018, the DOJ responded by stating that, at this time, the DOJ would not be issuing web accessibility regulations under the ADA: “The Department has consistently taken the position that the absence of a specific regulation does not serve as a basis for noncompliance with a statute’s requirements.”

In March 2022, the DOJ issued further web accessibility guidance under the ADA. The “new” guidance references both the WCAG – which are voluntary – and Section 508 standards, which set standards for federal websites, and indicates that the DOJ supports the notion that sites of public accommodation must be accessible, and in the absence of explicit regulations, websites can be flexible in how they choose to comply with the ADA’s requirements. However, the guidance does not clarify what such flexibility or choice entails and– not necessarily the direction regulation-seekers are looking for, since it provides no substantially new information regarding the vagueness of website accessibility requirements under the ADA.

Final Thoughts

As accessibility regulations for websites remain unclear, it can be easy for organizations to assume that they cannot be sued for noncompliance. However, with no specific standards to follow, law firms and other businesses must do their best to interpret the ADA, practice website accessibility as they see fit, and try to avoid website accessibility-related lawsuits.

One more thing to consider: ambiguity runs both ways, and even though an organization might think its website is accessible, a disabled person might think otherwise, providing the grounds for a lawsuit. Organizations aren’t granted immunity simply because of a lack of clarity in legislation. Instead, uncertainty allows for interpretation by anyone, including the courts.

This article was authored by Jan Hill of Lawmatics.

For more business of law legal news, click here to visit the National Law Review.

©2022 — Lawmatics

AUVSI and DOD’s Defense Innovation Unit Announce Collaboration for Cyber Standards for Drones

The Association for Uncrewed Vehicle Systems International (AUVSI), the world’s leading trade association for drones and other autonomous vehicles, announced a collaboration with the Department of Defense’s (DOD) Defense Innovation Unit (DIU) to further commercial cyber methodologies to design a shared standard. AUVSI’s effort is meant to expand the number of vetted drones that meet congressional and federal agency drone security requirements.

This pilot program would extend relevant cyber-credentialing across the U.S. industrial base and assist the DOD and other government entities in streamlining and accelerating drone capabilities across the board. Overall, this collaboration will help make the drone industry more secure. The program will work with numerous cybersecurity firms to conduct technical cyber assessments before the DIU, DOD, and other government entities conduct additional vetting as necessary.

Currently, the Blue UAS (Unmanned Aircraft Systems) Cleared List has 14 drones on it and 13 more drones are scheduled to be added. The Blue UAS Cleared List is routinely updated and contains a list of DOD-approved drones for government users. These drones are section 848 FY20 NDAA compliant, validated as cyber-secure and safe to fly, and are available for government purchase and operation. However, even with these additions, the demand for additional cleared drones with new capabilities and technology has outpaced the DIU’s ability to scale the program. This collaboration seeks to close that gap and offer cybersecurity certification in close cooperation with the DIU. With off-the-shelf drones serving as critical tools to help conduct diverse government operations, partnership with AUVSI and cybersecurity experts will make it easier for government users to use commercial technology and achieve effective operations in a secure manner.

Article By Kathryn M. Rattigan of Robinson & Cole LLP

For more cybersecurity and data privacy news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

The Top 10 Do’s and Don’ts of Selling a Cell Lease

When you sell a cell lease, in addition to assigning the lease and rents to the purchaser, you also sell the purchaser the right to put communications antennas on your property for 50 years or more. Done properly, this can be very advantageous, but if done improperly, the right, coupled with its lengthy term, can be harmful, especially for valuable properties.

While the intricacies of such sales should be left to professionals (the sale documents are often 15-20 pages long to protect the property owner), here is a short list of items unique to cell lease sales which property owners should keep in mind. This list is based on years of experience helping clients sell over 100 leases.

  1. Sell the cell lease first if you will be selling the property with the lease. Recently, leases have sold for around 20 times annual revenues. Done properly, a lease sale will add dollar for dollar to the sales price of the property it’s on.
  2. Don’t use the documents from the purchaser without extensively revising them (we often toss them out and use our own documents). They are usually so overreaching that using them “as is” can reduce or destroy the value of the property with the lease.
  3. Include provisions protecting the future use, development and value of the property with the lease.
  4. Have a relocation provision so you can require the leased area to be moved to another location on the property if needed for the maintenance, repair or redevelopment of the property.

The following items are particularly important for areas where the leased space is on a building rather than for a tower on open land. Buildings are generally much more valuable than open land (so the potential harm from bad terms is greater), there often are two or more parcels being leased (equipment on the ground, antennas on the roof, cables in between) and property owners need to be specific on the rights being sold and retained.

  • Clearly describe, with engineering drawings if needed, the areas of the building the purchaser can use.
  • Spell out the types of communications uses the purchaser can conduct and the equipment it may place in these areas.
  • Also spell out the rights the building owner and tenants retain to use these same areas (as well as other parts of the building) for their antennas, HVAC, elevators, etc.
  • Describe the types of communications uses and radios that the building owner, residents and tenants have retained and do not violate the sale.
  • Attach engineering drawings showing the equipment currently on the building.
  • Require landlord approval of changes to the preceding and the reasons the approval can be withheld.

Article By John W. Pestle and Peter A. Schmidt of Varnum LLP

For more communications, media, and internet legal news, click here to visit the National Law Review.

© 2022 Varnum LLP

California Law Prohibits Cooperation with Out-of-State Entities Regarding Lawful Abortion

In response to Dobbs v. Jackson Women’s Health Organization, California Governor Gavin Newsom recently signed AB 1242 into law, which “prohibits law enforcement and California corporations from cooperating with out-of-state entities regarding a lawful abortion in California.”

In particular, AB 1242 prohibits California companies that provide electronic communication services from complying with out-of-state requests from law enforcement regarding an investigation into, or enforcement of, laws restricting abortion.

Sponsored by California Assembly member Rebecca Bauer-Kahan and California Attorney General Rob Bonta, AB 1242:

takes an innovative legal approach to protect user data. The bill prohibits California law enforcement agencies from assisting or cooperating with the investigation or enforcement of a violation related to abortion that is lawful in California. This law thereby blocks out-of-state law enforcement officers from executing search warrants on California corporations in furtherance of enforcing or investigating an anti-abortion crime. For example, if another state wants to track the movement of a woman traveling to California seeking reproductive health care, the state would be blocked from accessing cell phone site tower location data of the woman by serving a warrant to the tech company in California. In addition, if another state wants Google search history from a particular IP address, it could not serve an out-of-state search warrant at Google headquarters in CA without an attestation that the evidence is not related to investigation into abortion services. Although the first state to enact such a law, as California often is when it comes to privacy rights, we anticipate that other states will follow suit and that these laws will be hotly contested in litigation.

Article By Linn F. Freedman of Robinson & Cole LLP

For more data privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

Speaker Pelosi Expresses Concerns With Federal Privacy Bill’s Preemption Provision

On Thursday, House Speaker Nancy Pelosi expressed concerns with certain features of the American Data Privacy and Protection Act (“ADPPA”) and its broad preemption provision, which as currently drafted would override the California Consumer Privacy Act (“CCPA”) and its subsequent voter- approved amendments.  The ADPPA was favorably reported by the House Committee on Energy and Commerce in July by a vote of 53-2.  The bill has not yet been scheduled for a vote on the House floor. Speaker Pelosi “commended” the Energy and Commerce Committee for its efforts, while also praising California Democrats for having “won the right for consumers for the first time to be able to seek damages in court for violations of their privacy rights.”  Speaker Pelosi noted that California leads the nation in protecting consumer privacy and it was “imperative that California continues offering and enforcing the nation’s strongest privacy rights.”

Speaker Pelosi stated that she and others would be working with Chairman Frank Pallone (D-NJ) to address concerns related to preserving  California privacy laws.  Although Speaker Pelosi’s comments cast doubt on the future of the ADPPA, we continue to believe that it will clear the House. We anticipate only modest tweaks to the preemption provision, which must be acceptable to the Republican leadership of the committee for the bill to move forward. As Speaker Pelosi noted, the bill contains a private right of action for consumers—the single most important provision to Republicans in return for strong preemption language. After more than a decade of effort, the Democratic leadership of the House will be hard pressed to let the perfect be the enemy of the really good.

Article By Kristin L. Bryan, Jeffrey L. Turner, and Kyle R. Fath of Squire Patton Boggs (US) LLP

For more privacy and cybersecurity legal news, click here to visit the National Law Review.

© Copyright 2022 Squire Patton Boggs (US) LLP

Acronis Reports Ransomware Damages Will Exceed $30B by 2023

In its Mid-Year Cyberthreat Report published on August 24, 2022, cybersecurity firm Acronis reports that ransomware continues to plague businesses and governmental agencies, primarily through phishing campaigns.

According to the report over 600 malicious email campaigns were launched in the first half of 2022, with the goal of stealing credentials to launch ransomware attacks. Other attack vectors included vulnerabilities to cloud-based networks, targeting unpatched or software vulnerabilities, and cryptocurrency and decentralized finance systems.

According to Acronis, “ransomware is worsening, even more so than we predicted.” It estimates that global damages related to ransomware attacks will top $30 billion by 2023.

Article By Linn F. Freedman of Robinson & Cole LLP

For more cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

Judge Approves $92 Million TikTok Settlement

On July 28, 2022, a federal judge approved TikTok’s $92 million class action settlement of various privacy claims made under state and federal law. The agreement will resolve litigation that began in 2019 and involved claims that TikTok, owned by the Chinese company ByteDance, violated the Illinois Biometric Information Privacy Act (“BIPA”) and the federal Video Privacy Protection Act (“VPPA”) by improperly harvesting users’ personal data. U.S. District Court Judge John Lee of the Northern District of Illinois also awarded approximately $29 million in fees to class counsel.

The class action claimants alleged that TikTok violated BIPA by collecting users’ faceprints without their consent and violated the VPPA by disclosing personally identifiable information about the videos people watched. The settlement agreement also provides for several forms of injunctive relief, including:

  • Refraining from collecting and storing biometric information, collecting geolocation data and collecting information from users’ clipboards, unless this is expressly disclosed in TikTok’s privacy policy and done in accordance with all applicable laws;
  • Not transmitting or storing U.S. user data outside of the U.S., unless this is expressly disclosed in TikTok’s privacy policy and done in accordance with all applicable laws;
  • No longer pre-uploading U.S. user generated content, unless this is expressly disclosed in TikTok’s privacy policy and done in accordance with all applicable laws;
  • Deleting all pre-uploaded user generated content from users who did not save or post the content; and
  • Training all employees and contractors on compliance with data privacy laws and company procedures.

Article By the Privacy and Cybersecurity Practice Group at Hunton Andrews Kurth

For more privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

Are You Ready for 2023? New Privacy Laws To Take Effect Next Year

Five new state omnibus privacy laws have been passed and will go into effect in 2023. Organizations should review their privacy practices and prepare for compliance with these new privacy laws.

What’s Happening?

While the US currently does not have a federal omnibus privacy law, states are beginning to pass privacy laws to address the processing of personal data. While California is the first state with an omnibus privacy law, it has now updated its law, and four additional states have joined in passing privacy legislation: Colorado, Connecticut, Utah, and Virginia. Read below to find out if the respective new laws will apply to your organization.

Which Organizations Must Comply?

The respective privacy laws will apply to organizations that meet particular thresholds. Notably, while most of the laws apply to for-profit businesses, we note that the Colorado Privacy Act also applies to non-profits. There are additional scope and exemptions to consider, but we provide a list of the applicable thresholds below.

The California Privacy Rights Act (CPRA) – Effective January 1, 2023

The CPRA applies to for-profit businesses that do business in California and meet any of the following:

  1. Have a gross annual revenue of over $25 million;
  2. Buy, receive, or sell the personal data of 100,000 or more California residents or households; or
  3. Derive 50% or more of their annual revenue from selling or sharing California residents’ personal data.

Virginia Consumer Data Protection Act (CDPA) – Effective January 1, 2023

The CDPA applies to businesses in Virginia, or businesses that produce products or services that are targeted to residents of Virginia, and that:

  1. During a calendar year, control or process the personal data of at least 100,000 Virginia residents, or
  2. Control or process personal data of at least 25,000 Virginia residents and derive over 50% of gross revenue from the sale of personal data.

Colorado Privacy Act (CPA) – Effective July 1, 2023

The CPA applies to organizations that conduct business in Colorado or produce or deliver commercial products or services targeted to residents of Colorado and satisfy one of the following thresholds:

  1. Control or process the personal data of 100,000 Colorado residents or more during a calendar year, or
  2. Derive revenue or receive a discount on the price of goods or services from the sale of personal data, and process or control the personal data of 25,000 Colorado residents or more.

Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTPDA) – Effective July 1, 2023

The CTPDA applies to any business that conducts business in the state, or produces a product or service targeted to residents of the state, and meets one of the following thresholds:

  1. During a calendar year, controls or processes personal data of 100,000 or more Connecticut residents, or
  2. Derives over 25% of gross revenue from the sale of personal data and controls or processes personal data of 25,000 or more Connecticut residents.

Utah Consumer Privacy Act (UCPA) – Effective December 31, 2023

The UCPA applies to any business that conducts business in the state, or produces a product or service targeted to residents of the state, has annual revenue of $25,000,000 or more, and meets one of the following thresholds:

  1. During a calendar year, controls or processes personal data of 100,000 or more Utah residents, or
  2. Derives over 50% of the gross revenue from the sale of personal data and controls or processes personal data of 25,000 or more Utah residents.

The Takeaway 

Organizations that fall under the scope of these respective new privacy laws should review and prepare their privacy programs. The list of updates may involve:

  • Making updates to privacy policies,
  • Implementing data subject request procedures,
  • How your business is handling AdTech, marketing, and cookies,
  • Reviewing and updating data processing agreements,
  • Reviewing data security standards, and
  • Providing training for employees.

Article By Eva J. Pulliam, Christine Chong, and Destiny Planter of ArentFox Schiff LLP

For more privacy and cybersecurity legal news, click here to visit the National Law Review. 

© 2022 ArentFox Schiff LLP

Federal Bill Would Broaden FTC’s Role in Cybersecurity and Data Breach Disclosures

Last week, the House Energy and Commerce Committee advanced H.R. 4551, the “Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act” (“RANSOMWARE Act”).  H.R. 4551 was introduced by Consumer Protection and Commerce Ranking Member Gus Bilirakis (R-FL).

If it becomes law, H.R. 4551 would amend Section 14 of the U.S. SAFE WEB Act of 2006 to require not later than one year after its enactment, and every two years thereafter, the Federal Trade Commission (“FTC”) to transmit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a report (the “FTC Report”).  The FTC Report would be focused on cross-border complaints received that involve ransomware or other cyber-related attacks committed by (i) Russia, China, North Korea, or Iran; or (ii) individuals or companies that are located in or have ties (direct or indirect) to those countries (collectively, the “Specified Entities”).

Among other matters, the FTC Report would include:

  • The number and details of cross-border complaints received by the FTC (including which such complaints were acted upon and which such complaints were not acted upon) that involve ransomware or other cyber-related attacks that were committed by the Specified Entities;
  • A description of trends in the number of cross-border complaints received by the FTC that relate to incidents that were committed by the Specified Entities;
  • Identification and details of foreign agencies, including foreign law enforcement agencies, located in Russia, China, North Korea, or Iran with which the FTC has cooperated and the results of such cooperation, including any foreign agency enforcement action or lack thereof;
  • A description of FTC litigation, in relation to cross-border complaints, brought in foreign courts and the results of such litigation;
  • Any recommendations for legislation that may advance the security of the United States and United States companies against ransomware and other cyber-related attacks; and
  • Any recommendations for United States citizens and United States businesses to implement best practices on mitigating ransomware and other cyber-related attacks

Cybersecurity is an area of recent federal government focus, with other measures recently taken by President Bidenthe Securities and Exchange Commissionthe Food and Drug Administration, and other stakeholders.

Additionally, H.R. 4551 is also consistent with the FTC’s focus on data privacy and cybersecurity.  The FTC has increasingly taken enforcement action against entities that failed to timely notify consumers and other relevant parties after data breaches and warned that it would continue to apply heightened scrutiny to unfair data security practices.

In May 2022, in a blog post titled “Security Beyond Prevention: The Importance of Effective Breach Disclosures,” the FTC’s Division of Privacy and Identity Protection had cautioned that “[t]he FTC has long stressed the importance of good incident response and breach disclosure as part of a reasonable information security program, and that, “[i]n some instances, the FTC Act creates a de facto breach disclosure requirement because the failure to disclose will, for example, increase the likelihood that affected parties will suffer harm.”

As readers of CPW know, state breach notification laws and sector-specific federal breach notification laws may require disclosure of some breaches.  However, as of May 2022 it is now expressly the position of the FTC that “[r]egardless of whether a breach notification law applies, a breached entity that fails to disclose information to help parties mitigate reasonably foreseeable harm may violate Section 5 of the FTC Act.”  This is a significant development, as notwithstanding the absence of a uniform federal data breach statute, the FTC is anticipated to continue exercise its enforcement discretion under Section 5 concerning unfair and deceptive practices in the cybersecurity context.

Article By Kristin L. Bryan and Jeffrey L. Turner of Squire Patton Boggs (US) LLP

For more privacy and cybersecurity legal news, click here to visit the National Law Review.

© Copyright 2022 Squire Patton Boggs (US) LLP

Three Ways to Use LinkedIn’s Notifications Tab to Build Your Network and Business

Here’s an easy and effective way to leverage LinkedIn for business development and networking – use information and updates about your connections from the Notifications tab to build stronger relationships.

LinkedIn gives you many reasons to reach out to people in your professional network through the Notifications tab

These reasons range from new business, networking, jobs, referrals and branding opportunities.

Prompts from the LinkedIn Notifications tab about your connections’ birthdays, work anniversaries and new jobs can serve as powerful catalysts to get back in touch with your connections.

I have seen these prompts lead to new business and reignited relationships many times.

I call these notifications “low hanging fruit” because they require very little effort on your part and they’re easy to do, and can yield major benefits.

Marketing strategies don’t have to be complicated to be successful. We often overlook them when it’s so basic.

So how do you leverage them?

  1. For a work anniversary notification, you could say, “Hey Jim, I can’t believe it’s been X years since you joined your company! Time sure flies. How are you?” Then take it a step further, suggest an off-line conversation either in person, over the phone or via zoom.

  2. For a new job announcement try, “Congratulations on the new role – how is it going so far?” again offer to take the conversation off-line and have a separate conversation either in-person or virtually.  (Many people don’t send an email when they get a new job anymore – it’s up to us to do the due diligence to find out where they landed and then take the initiative to congratulate them on their job move).

  3. Wish your connections a happy birthday.  Just saying a simple “Happy birthday – I hope you’re having a great day – would love to take you for lunch or a drink to celebrate” is a great way to make someone’s day. Adding your birthday into LinkedIn works – I had about 200 LinkedIn birthday well wishes and one of them actually led to a new client.

Sometimes the basic actions that take just minutes are the most impactful.

Having reasons to reach out to your connections is powerful versus the dreaded “just checking in” email.

LinkedIn has made it even easier now to stay updated on others’ notifications by enabling us to follow certain individuals by clicking the bell on their profile.

No one knows who you are following, so use it strategically and follow your clients, referrals, VIP connections and even your competitors. You should also follow content creators whose information you find useful.

I’d love to hear how the Notifications section has worked for you.

Article By Stefanie M. Marrone of Stefanie Marrone Consulting

For more business of law legal news, click here to visit the National Law Review.

Copyright © 2022, Stefanie M. Marrone. All Rights Reserved.