Category: Communication Media & Internet

Contract Corner: Cybersecurity (Part 3)

Morgan Lewis logo

Over the last two weeks, we discussed contract provisions designed to address the implementation of preventive security measures, as well as responding to security incidents. Our third and final blog post in this series focuses on contractual provisions that address the allocation of liability for breaches that result in security incidents.

Because of the potential for large-scale damages from a security incident, customers and service providers are generally very focused on the allocation of liability in indemnification and liability provisions. Below we list some key issues to consider when drafting these contract provisions.

  • Rather than relying on general negligence or contract breach standards, consider adding security incidents resulting from a contractual breach as separate grounds for indemnification coverage.

  • Determine whether indemnification is limited to third-party claims or includes other direct and/or indirect damages and liabilities caused by a security incident.

  • Coordinate indemnification defense with incident response provisions and consider the effect on the customer’s client relationships where the vendor assumes such defense.

  • Assess whether all potential damages from a security incident are covered by the damages provisions, including any damages that may be considered indirect or consequential.

  • To determine the allocation of liability, consider the contract value, industry norms, type of data at issue, potential business exposure, cost of preventative measures, and cause of the security incident.

  • Consider calling out specific damages related to a security breach that are not subject to any cap or exclusion to provide clarity and protection—such damages can include the costs of reconstructing data, notifying clients, and providing them with identity protection services.

With cyber attacks growing in number and sophistication on a daily basis and the increased amount and value of data that is at risk to such attacks, cybersecurity concerns are top of mind for senior management.

This post is part of our recurring “Contract Corner” series, which provides analysis of specific contract terms and clauses that may raise particular issues or problems. Check out our prior Contract Corner posts for more on contracts, and be on the lookout for future posts in the series.

Click here for Part 1.

Click here for Part 2.

ARTICLE BY

Peter M. Watt-Morse
A. Benjamin Klaber
OF
Morgan, Lewis & Bockius LLP

How to Measure Your Email Marketing Performance

The Rainmaker Institute

Email newsletters have proven to be one of the most effective methods for attorneys to market themselves to prospects, clients and referral sources.  Every year, email marketing service provider MailerMailer provides a report on email marketing metrics across 34 different industries, including Legal.

They have just issued their 2014 report, based on data gathered from 62,000 newsletter campaigns totaling 1.18 billion emails sent between Jan. 1, 2013 and Dec. 31, 2013.  Here are the results — and what should be your new benchmarks — for your law firm newsletter:

Open rate (what percentage of your recipients opened your email):  13.5%

Click rate (what percentage of your recipients clicked on a link in your email)::  1.6%

Click-to-open rate (of the recipients who opened your email, what percentage of them clicked on a link):  11.8%

Bounce rate (the percentage of emails that cannot be delivered):  2.4%

Every email service (Constant Contact, Mail Chimp, iContact, etc.) provides these statistics for each newsletter you send out.  If your newsletters are not delivering at rates that meet or exceed the benchmarks above, you have a problem.

Here’s what you should consider to improve your click, open and bounce rates:

Are your subject lines engaging to entice people to open your email?  Short subject lines — 4 to 15 characters — generate the highest open and click rates.

Are you sending emails on the right day and at the right time?  The highest open rates occur on Mondays and the highest click rates occur on Sundays.  Open rates peak during the early part of the day, between 8 a.m. and noon.

Is your email list updated regularly and cleaned of old, undeliverable email addresses?  Bounce rates are inescapable but can be improved if you send out emails on a regular basis.

Have you segmented your email list so you can tailor your content to your different audiences?  Targeted emails deliver 18 times more revenue than general blast emails.

Are your emails personalized? Personalizing the message content can boost open rates significantly.

Do you use a responsive design template so your emails are displayed properly for every screen size?  More than half of emails are now opened on mobile devices.

If your newsletters are performing at or above these benchmarks, you may still have some work to do: if you don’t know the source of your success, you can’t repeat it.

ARTICLE BY

Stephen Fairley
OF
The Rainmaker Institute

Protecting Trade Secrets in the Cloud

FINAL SW logo wLLP2

The business community’s growing use of cloud-based computing services provides great benefits due to cost-savings and mobile information access.  However, business leaders should understand the risks of storing valuable trade secrets in the cloud.  This article provides the business community tips on how to safeguard valuable trade secrets stored in the cloud from being freely disclosed to the public, thus putting the business at risk of losing protections that courts grant trade secrets.

As businesses’ profit margins have continued to shrink since the Great Recession, more companies have looked to reduce costs by reducing growing expenses related to their information technology departments.[1] The first line item to draw attention in the IT budget is frequently the rising costs associated with maintaining and upgrading system hardware.  Businesses often find that housing and operating multiple servers stretches IT budgets thin by increasing maintenance, labor, and operational costs.  The solution so many businesses have turned to is to move their valuable data to virtual servers, or the “cloud.”[2]  A recent survey of IT executives provides that companies will triple their IT spending on cloud-based services in 2014 over 2011.[3]  Cloud service providers have also seen demand increase as they increase their cloud capabilities.[4]

Although cloud-based servers provide businesses with substantial financial and operational benefits, businesses must recognize that there are perils to shifting data to the cloud.  One of the key concerns businesses should consider before moving data to the cloud is the risk that its valuable trade secrets will lose protection as a result of insufficient safeguards to protect against disclosure.  This article addresses that concern and provides businesses keys for seeking to protect valuable secrets in the cloud.

What is a Protectable Trade Secret

The initial step for a business to determine how to protect its trade secrets is to understand how the law characterizes a trade secret.  Information qualifies as a trade secret only if it derives independent economic value as a result of not being generally known or readily ascertainable, and be subject to reasonable efforts to maintain its secrecy.  Trade secrets are broadly defined as information, including technical or non-technical data, a formula, pattern, compilation, program, device, method, technique, drawing, process, financial data, strategies, pricing information, and lists of customers, prospective customers, and suppliers.

Businesses Need to Take Reasonable Efforts to Protect Trade Secrets in the Cloud

Trade secrets are only protectable when the owner takes reasonable efforts to prevent them from being freely disclosed to the public so that the information does not become generally known.

Information does not have to be cloaked in absolute secrecy to be a trade secret, as long as a business’s efforts to maintain secrecy or confidentiality are reasonable.  It is easy for one to imagine how a business may protect confidential documents that are stored locally.  Computer files may be password-protected with several layers of encryption software, with access limited to specified personnel.  Similarly, paper files may be stored in locked cabinets, in secured rooms, where only specified personnel are granted access.

However, those seemingly straight-forward security protocols become murky when information is stored in the cloud.  Unlike storing data on local servers, storing data in the cloud requires the owner to disclose confidential information to a third-party vendor.  In most situations, disclosing data to a third-party eliminates trade secret protections.   Therefore, businesses must take additional steps to ensure that its data remains secure.

Three Keys to Protecting Trade Secrets Stored in the Cloud

There are no fail-safe measures to protect data stored in the cloud.  The best way for a business to protect its trade secrets is to locally store and protect its most valuable data with the proper data security protocols.  A business, however, should not fear the cloud as long as it takes certain steps to ensure that it exercises reasonable efforts to protect its cloud-based data.

First, business leaders must conduct appropriate due diligence before selecting a cloud-provider.  The business should conduct necessary research to select a reputable, well-established company that has the physical and technological capabilities to store and protect data.

Conducting due diligence on a provider includes ensuring that the provider has taken necessary steps to establish appropriate physical and virtual security protocols to protect the confidentiality of your information.  Inquire how the provider establishes physical security measures, and monitoring capabilities to prevent unauthorized access to its data centers and infrastructure.  Also, learn how the provider limits its employees’ access to customer data and determine the internal controls that the provider has in place to prevent unauthorized viewing, copying, or emailing of customer information.

A business should also inquire about the provider’s virtual security protocols.  A business must generally understand how its cloud-provider’s encryption software and security management systems work to protect data.  If your business is not capable of independently evaluating whether the provider has proper security protocols, a good indicator is to ask the provider for its client list.  If the provider has clients that are typically security-conscious companies, such as financial institutions or healthcare facilities, that is a good indication that the provider has been vetted and it has proper security measures in place.  Finally, the provider should maintain sufficient data-protection insurance coverage to protect against potential data breaches or system failures.

Second, a business must have contractual safeguards in place with its cloud-provider to adequately protect its intellectual property and trade secrets.  The contract should establish that the business owns the data, that it will be segregated from other data groups, and that the business may enjoy unfettered access to the data.  The contract should specify that the business can demand that the data be deleted or returned request, and detail how the provider will purge the data to ensure that it is properly deleted upon termination of the relationship.  The contract should require regular data backup and recovery tests, while restricting the provider from accessing, using or copying data for its own purpose.  Finally, the contract should establish the provider’s obligations to notify the business of a data breach or system failure.

Third, a business should also consider adding multiple layers of authentication and encryption to data containing trade secrets before transmitting it to the cloud-provider.  However, a business should consider if the additional encryption efforts could adversely affect the business’s ability to access, utilize, and port data for its normal business use.

Conclusion

There are several financial and operational benefits for a business to store data in the cloud.  However, businesses must understand that there are also risks to storing its valuable trade secrets on virtual servers.  Businesses need to take reasonable efforts to protect the confidentiality and secrecy of its most valuable data and information.

[1] Dave Rosenberg.  Reducing IT Infrastructure Costs via Outsourcing.  May 7, 2009.  news.cnet.com/8301-13846_3-10235742-62.html

[2] Thor Olavsrud.  How Cloud Computing Helps Cut Costs, Boost Profits.  March 12, 2013. www.cio.com/article/730036/How_Cloud_Computing_Helps_Cut_Costs_Boost_Profits

[3] Andrew Horne. Transformational Change in IT Will Drive 2014 Spending.  November 5, 2013.  http://blogs.wsj.com/cio/2013/11/05/transformational-change-in-it-will-drive-2014-spending/

[4] IBM Commits $1.2bn to Cloud Data Centre Expansion.  January 17, 2014. www.bbc.co.uk/news/business-25773266

Think Tanks Ask Supreme Court to Clarify Definition of “Foreign Official” in FCPA (Foreign Corrupt Practices Act)

Katten Muchin Law Firm

Two think tanks, the Washington Legal Foundation and the Independence Institute, have filed anamicus brief in the Supreme Court on behalf of petitioners Joel Esquenazi and Carlos Rodriguez, who were recently convicted of violating the Foreign Corrupt Practices Act (FCPA). The amiciseek clarity of the definition of “foreign official” in the FCPA.  The FCPA prohibits certain persons or entities, including US businesses, from paying a “foreign official” for the purpose of obtaining or retaining business. The FCPA defines “foreign official” to include “any officer or employee of a foreign government or any department, agency, or instrumentality thereof.”

Esquenazi and Rodriguez were executives of Terra Telecommunications Corp., a Florida company that purchased phone time from foreign vendors and resold the time to US customers. Terra conducted business with Haiti-owned vendor Telecommunications D’Haiti S.A. (Haiti Teleco). Prosecutors argued that Esquenazi and Rodriguez made payments to Haiti Teleco officers to obtain lower rates. To determine whether Haiti Teleco was an “instrumentality” under the FCPA, the trial court instructed the jury to consider whether the company “provided services to the citizens and inhabitants of Haiti,” and whether it was majority owned by the Haitian government. Defendants were convicted, and Esquenazi was sentenced to 15 years’ imprisonment and Rodriguez received seven years’ imprisonment. The US Court of Appeals for the Eleventh Circuit affirmed, finding that an “instrumentality” is “an entity controlled by the government of a foreign country that performs a function the controlling government treats as its own,” and setting forth a list of factors.

Amici contend that the business community needs concrete guidance in this undeveloped area. They argue that the Eleventh Circuit’s definition is overly broad because (1) Haiti Teleco was never designated a government entity; (2) Haiti Teleco issues common stock, and the government was not an initial stockholder; and (3) Haiti Teleco, as a telephone service provider, does not perform a traditional government function.

Brief for Esquenazi and Rodriguez as Amici Curiae Supporting Petitioners, Esquenazi, et al. v. U.S., Sup. Ct. No. 14-189 (Aug. 14, 2014).

ARTICLE BY

Bruce M. Sabados
Margaret J. McQuade
OF
Katten Muchin Rosenman LLP

Firings for Facebook Comments Unlawful, NLRB Rules

Jackson Lewis Law firm

An employer violated the National Labor Relations Act by discharging two employees because of their participation in a Facebook discussion about their employer’s State income tax withholding mistakes, by threatening employees with discharge for their Facebook activity, by questioning employees about that activity, and by informing employees they were being discharged because of their Facebook activity, the NLRB has ruled. The Board also ruled the employer’s Internet/Blogging policy violated the NLRA. Triple Play Sports Bar and Grille, 361 NLRB No. 31 (2014).

Facebook Posts

Triple Play employees Jillian Sanzone and Victor Spinella discovered they owed more in State income taxes on their earnings at the sports bar than expected. Sanzone discussed this at work with other employees, and some employees complained to the employer about the tax problem. The employees did not belong to a union. 

Sanzone, Spinella, and former employee Jamie LaFrance had Facebook accounts. On January 31, 2011, LaFrance posted the following “status update” to her Facebook page:

Maybe someone should do the owners of Triple Play a favor and buy it from them. They can’t even do the tax paperwork correctly!!! Now I OWE money…[expletive deleted]!!!!

The following comments were posted to LaFrance’s page in response:

KEN DESANTIS (a Facebook “friend” of LaFrance’s and a customer): “You owe them money…that’s [expletive deleted] up.”

DANIELLE MARIE PARENT (Triple Play employee): “I [expletive deleted] OWE MONEY TOO!”

LAFRANCE: “The state. Not Triple Play. I would never give that place a penny of my money. Ralph [DelBuono] [expletive deleted] up the paperwork…as per usual.”

DESANTIS: “yeah I really dont go to that place anymore.”

LAFRANCE: “It’s all Ralph’s fault. He didn’t do the paperwork right. I’m calling the labor board to look into it bc he still owes me about 2000 in paychecks.”

At this point, Spinella selected the “Like” option under LaFrance’s initial status update. The discussion continued:

LAFRANCE: “We shouldn’t have to pay it. It’s every employee there that its happening to.”

DESANTIS: “you better get that money…thats [expletive deleted] if that is the case im sure he did it to other people too.” 

PARENT: “Let me know what the board say because I owe $323 and ive never owed.”

LAFRANCE: “I’m already getting my 2000 after writing to the labor board and them investigating but now I find out he [expletive deleted] up my taxes and I owe the state a bunch. Grrr.”

PARENT: “I mentioned it to him and he said that we should want to owe.”

LAFRANCE: “Hahahaha he’s such a shady little man. He prolly pocketed it all from all our paychecks. I’ve never owed a penny in my life till I worked for him. Thank goodness I got outta there.”

SANZONE: “I owe too. Such an [expletive deleted].”

PARENT: “yeah me neither, i told him we will be discussing it at the meeting.”

SARAH BAUMBACH (Triple Play employee): “I have never had to owe money at any jobs…i hope i wont have to at TP…probably will have to seeing as everyone else does!”

LAFRANCE: “Well discuss good bc I won’t be there to hear it. And let me know what his excuse is ;).”

JONATHAN FEELEY (a Facebook “friend” of LaFrance’s and customer): “And ther way to expensive.” 

Sanzone and Spinella Discharged

When Ralph DelBuono, the employer’s co-owner, learned about the Facebook discussion, he discharged Sanzone, telling her it was because of her Facebook comment. Spinella was terminated the next day, after being interrogated about the Facebook discussion, the meaning of his “Like” selection, the identity of the others in the conversation, and other issues. The other co-owner told Spinella that, because Spinella “liked” the disparaging and derogatory comments, Spinella was disloyal and it was “apparent” that Spinella wanted to work elsewhere. He told Spinella, “[Y]ou will be hearing from our lawyers.” Thereafter, the company’s attorney contacted Sanzone by letter, suggesting a possible defamation action. The lawyer also contacted LaFrance who, in response, deleted the entire Facebook conversation and posted a retraction. 

Sanzone and Spinella filed separate unfair labor practice charges against Triple Play, which the NLRB consolidated into one complaint. 

The employer did not dispute the employees’ Facebook activity was concerted and they had a protected right to engage in a Facebook discussion about the employer’s tax withholding calculations. The employer, however, contended it had not violated the NLRA because the plaintiffs had adopted LaFrance’s allegedly defamatory and disparaging comments, which were unprotected. The employer also asserted the Facebook posts were unprotected because they were made in a “public” forum, accessible to employees and customers, and they had undermined the co-owner’s authority in the workplace and adversely affected its public image.

Comments Protected

The Board disagreed. It determined the employees did not lose the Act’s protection to engage in concerted activity because of their comments in the Facebook discussion. Under its holding in Atlantic Steel, 245 NLRB 814 (1979), the NLRB explained, it must balance employee rights with the employer’s interest in maintaining order at its workplace, but Atlantic Steel dealt with workplace confrontations with the employer, which was not the scenario here. The employer’s reliance on that decision was therefore misplaced. In this case, the Board pointed out, the disputed conduct involved a social media discussion among offsite, off-dutyemployees, and two non-employees in which no manager or supervisor participated and where there was no direct confrontation with management. Further, the Board said, Sanzone’s “use of a single expletive” to describe her manager “in the course of a protected discussion on a social media website” did not “sufficiently implicate” the employer’s “legitimate interest in maintaining discipline and order in the workplace.”

The Board also rejected the employer’s argument that Sanzone’s comment was unprotected because it was a workplace confrontation that could be seen by customers DeSantis and Feeley. The NLRB noted they joined the discussion as LaFrance’s Facebook friends, on their own initiative and in the context of a social relationship with LaFrance outside of the workplace, not because they were the employer’s customers, and“[t]his off-duty indiscretion away from the [employer’s] premises did not disrupt any customer’s visit to the [employer].”

Neither did the Board see this conduct as disloyal or defamatory. While the Board agreed an employer has a legitimate interest in preventing the disparagement of its products or services and in protecting its reputation from defamation, against which NLRA Section 7 rights are to be balanced, that interest was not pr
esent here so as to overcome the employees’ statutory protection. It rejected the employer’s contention that Sanzone’s comment and Spinella’s “like” were disloyal and unprotected. The purpose of the employees’ communications was to seek and provide mutual support to encourage the employer to address problems in the terms or conditions of employment, not to disparage its product or services or to undermine its reputation, the NLRB said. The discussion clearly showed a labor dispute existed and the employees’ participation was not directed to the general public (they were more comparable to conversations that can be overheard by a customer). Further, the Board said the comments were not “so disloyal . . . as to lose the Act’s protection” because they did not even mention the employer’s products.

The Board also rejected the contention that the employees’ comments were unprotected because they were defamatory. According to the agency, Triple Play had not met its burden to establish the comments were made with knowledge of their falsity or with reckless disregard for their truth or falsity. In addition, it said that Sanzone’s use of an expletive to describe a co-owner in connection with the asserted tax-withholding errors “cannot reasonably be read as a statement of fact; rather, Sanzone was merely (profanely) voicing a negative personal opinion of [the co-owner].”

“Like” Protected

The Board also decided that Spinella’s use of Facebook’s “like” option was protected. It expressed agreement only with the comment it immediately followed (LaFrance’s original post), the Board found, not with LaFrance’s other comments. Accordingly, said the Board, Spinella’s activity was protected by the Act, and the employer’s adverse action was unlawful. (See our blog post, Employee’s Facebook ‘Like’ is Part of Concerted Activity: NLRB.)

Internet/Blogging Policy Unlawful

The Board faulted the employer’s internet/blogging policy, as well. It found that, since employees would reasonably construe the employer’s “Internet/Blogging” policy to prohibit the type of protected Facebook post that led to the unlawful discharges, it was illegal.

The policy stated:

The Company supports the free exchange of information and supports camaraderie among its employees. However, when internet blogging, chat room discussions, email, text message, or other forms of communication extend to employees revealing confidential and proprietary information about the company, or engaging in inappropriate discussions about the company, management, and/or co-workers, the employee may be violating the law and is subject to disciplinary action, up to and including termination of employment. Please keep in mind that if you communicate regarding any aspect of the Company, you must include a disclaimer that the views you share are yours, and not necessarily the views of the Company. In the event state or federal law precludes this policy, then it is of no force or effect.

Employees could reasonably interpret the policy as proscribing discussions about terms and conditions deemed “inappropriate” by the employer, because “‘inappropriate’ [is] ‘sufficiently imprecise’ that employees would reasonably understand it to encompass ‘discussions and interactions protected by Section 7,’” the Board found.

Employer Cautions

This decision is wide-ranging. It underscores the need for employers to pause, reflect, and thoroughly investigate before taking action against employees for alleged misconduct where they have acted together in regard to their wages, hours or working conditions, even where their language might give offense to the employer despite the fact that members of the public can view their complaints. The decision also shows the NLRB affords significant leeway to employees, even permitting public invective against business owners — at least up to a point. Finally, employers should avoid policies and rules that contain broad, imprecise, or vague prohibitions that might be viewed as restricting unlawfully employees’ protected activity. 

ARTICLE BY

Howard M. Bloom
Philip B. Rosen
 
OF
Jackson Lewis P.C.

California’s New Kill-Switch Law Targets Smartphone Thieves

Morgan Lewis

California legislators recently signed Senate Bill 962 into law, which requires manufacturers to install kill-switches on smartphones sold in California that are made on or after July 1, 2015. A kill-switch allows a smartphone owner to remotely disable the device via a wireless command, which renders the device inoperable to unauthorized users. This new law was passed on August 25 to deter smartphone theft in California.

Although manufacturers must include the kill-switch on smartphones, consumers will have the option to disable it as long as the consumer is informed that the function is designed to protect him or her from unauthorized use of the phone.

ARTICLE BY

Vito Petretti
James R. Sherwood
 
OF 
Morgan, Lewis & Bockius LLP

Analog in a Digital World: Journalism and Blogs and Where to find Good Information

Bracewell & Giuliani Logo

In an article profiling John R. MacArthur, the publisher of Harper’s Magazine, MacArthur is quoted as saying, “I’ve got nothing against people getting on their weblogs, on the Internet and blowing off steam. If they want to do that, that’s fine. But it doesn’t pass, in my opinion, for writing and journalism.” The article goes on to note that MacArthur is “analog in his habits” because he “prints out articles to read” and that “[h]is version of searching for [a fact] on Google was yelling to a staff member, who hurried to deliver the information.”

McArthur certainly expresses a sympathetic position. A 24-hour news cycle has contributed to an environment where airtime needs to be filled – recent examples of well-publicized overexposure include CNN’s coverage of the Malaysian Air disappearance or the Casey Anthony trial. And because anyone with an internet connection and a Twitter account can “break” news, there is a race to the bottom as to which organization can print the news first as opposed to which can report it most accurately. The inevitably incendiary rush to judgment after the report of a rumor reported as fact seems only to support MacArthur’s position.

But where MacArthur and I part ways is in our view of what blogs or “lighter” commentary may provide. Instead of web commentary offered as simply “blowing off steam,” the internet is more of a tray of samples. You can try a little of anything, and if you’d like more, then that’s available to you as well.

That’s really the beauty of the internet, right? You can critique Buzzfeed’s lists, but they are a quick read that provide you with the opportunity to read more – possibly even from a true “writing and journalism” source. I mean, no one would think to use this blog exclusively as a defense to criminal charges or as any sort of compliance manual. But ideally, it would help you spot issues or pique your interest so that you read more on a particular topic, consult with counsel, or find a way to improve your workplace.

I like to think about the internet like a newspaper with only headlines. I can get the gist of the story from the headline, and if I’m interested, I can read more. (Example: “Salmon Spawning in Seattle” will not encourage me to read further. But hit me with “Cowboys Sweep Eagles, Giants” and I’m 100 percent in.)

MacArthur and I simply diverge on this implied concept that analog habits are somehow better than digital habits. Perhaps it is the trial lawyer side of me, but I try to be open to ways in which you can convey information. People learn in a variety of different ways: some learn by hearing, some learn by seeing, some learn by doing. Some have longer attention spans; some give hummingbirds a run for their money. So the more ways that you can find to reach people, the better odds of success you have in conveying information that they can use.

And that’s the takeaway point here (yay!). Imagine if your organization disseminated a ten-page written policy on what to do if a federal agent knocks on the door. That’s some important information right there. Is everyone going to read and understand it? Unlikely, right? Too busy to get to it right now, will read it tomorrow, and so on? Yup, that’s the MacArthur way. It just doesn’t work by itself.

Okay, change it up. Skip the written policy and instead conduct a 10-minute training session covering the key facts. Have you taught everyone everything they need to know? Probably not, but  you hit the high points. Even if a couple of folks dozing in the back of the room missed it. Right. That would be the Buzzfeed way. This doesn’t work by itself, either.

So instead, disseminate the policy to everyone, and you’ll capture the folks who learn by reading. And conduct your training session, and you’ll capture those folks who learn by listening. And then, as a bonus, rehearse the drill, so you capture those folks who learn by doing. It’s the last piece that most organizations miss, and thereby miss a huge opportunity to make sure their people understand the policies and that their policies actually work.

You can be analog like MacArthur or digital like Buzzfeed. But really effective communication is a blend of both … and just a touch more.

ARTICLE BY

Shamoil T. Shipchandler
 
OF
Bracewell & Giuliani LLP

Microsoft Ordered to Hand Over Data to the U.S. Government

Proskauer Law firm

In April, Microsoft tried to quash a search warrant from law enforcement agents in the United States (U.S.) that asked the technology company to produce the contents of one of its customer’s emails stored on a server located in Dublin, Ireland. The magistrate court denied Microsoft’s challenge, and Microsoft appealed. On July 31st, the software giant presented its case in the Southern District of New York where it was dealt another loss.

U.S. District Judge Loretta Preska, after two hours of oral argument, affirmed the magistrate court’s decision andordered Microsoft to hand over the user data stored in Ireland in accordance with the original warrant. Microsoft argued that the warrant exceeded U.S. jurisdictional reach. However, the court explained that the decision turned on section 442(1)(a) of Restatement (Third) of Foreign Relations. The provision says that a court can permit a U.S. agency “to order a person subject to its jurisdiction to produce documents, objects or other information relevant to an action or investigation, even if the information or the person in possession of the information is outside the United States.” Because Microsoft is located in the U.S. , the information it controlled abroad could be subject to domestic jurisdiction.

Microsoft had the support of large U.S. technology companies, including Apple, AT&T and Verizon. The larger issue for these companies lies in the U.S. government’s power to seize data and content held in the cloud and stored in locations around the world. When a conflict arises between the data sharing laws of the country where the servers are located and U.S. law, it can put these companies in the difficult position to choose to follow one country’s laws over the other.

Microsoft further argued that the ramifications for international policy are substantial. The company argued that compelling production of foreign stored information was an intrusion upon Irish sovereignty. It said that the decision could be interpreted by foreign countries as a green light to make similar invasions into data stored in the U.S. However, Judge Preska dismissed these concerns as diplomatic issues that were incidental and not of the court’s immediate concern.

The order has been stayed pending appeal.

ARTICLE BY

Rohit Dave
 
OF 
Proskauer Rose LLP

Third Circuit Federal Appeals Court Rules Attorneys Have Right to Publish Praise from Judges

The Rainmaker Institute

A federal appeals court issued a ruling yesterday that attorneys have a First Amendment right to publish ads that quote judges praising them, a decision that reverses a lower court ruling.

federal judgeThe case involves a New Jersey employment attorney, Andrew Dwyer, who initially published praise from two jurists on his website.  The published quotes were excerpts from unpublished (but publicly available) judicial opinions.   One of the judges sent Dwyer a letter requesting that his quote be removed from the website.  Dwyer refused because he did not believe the quote was misleading or false.

The matter was forwarded to a committee of the New Jersey Bar, resulting in a proposed guideline that barred attorneys from using a quotation from a judge or court opinion regarding the attorney’s abilities or legal services.  Dwyer argued that the new guideline was an unconstitutional ban on free speech.

Fast-forward to 2012, when the NJ Supreme Court approved an amended guideline saying that attorneys could use quotes from judges or opinions, but that the full text of the opinion must be used instead of excerpts.

Dwyer filed suit against the NJ Bar committee that developed the guideline before it went into effect and moved for a TRO and preliminary injunction to enjoin enforcement of the guideline.  A NJ District Court denied the request.  Both parties then filed cross-motions for summary judgment, which the District Court granted to the committee.

Dwyer then appealed and yesterday, the Third U.S. Circuit Court of Appeals ruled in his favor, calling the guideline “onerous” and saying that it imposed an unconstitutional burden on Dwyer:

“Guideline 3 as applied to Dwyer’s accurate quotes from judicial opinions thus violates his First Amendment right to advertise his commercial services. Requiring Dwyer to reprint in full on his firm’s website the opinions noted above is not reasonably related to preventing consumer deception.”

This decision could have farther-reaching effects in terms of how attorneys use testimonials in their advertising.  Will certainly be interesting to watch!

ARTICLE BY

Stephen Fairley
 
OF 
The Rainmaker Institute

HTTPS – Should I Implement It on My Site?

Consultsweb Logo

Google announced last Wednesday, August 6, that the search engine will use https as a ranking signal. HTTPS stands forHypertext Transport Protocol Secure, which protects the data integrity and confidentiality of users visiting a site. For example, when a user enters data into a form on a site in order to subscribe to updates or purchase a product, a secure site protects that user’s personal information and ensures that the user communicates with the authorized owner of the site. For the HTTPS connection to work properly, websites require an SSL certificate, which is what enables the site to make a secure connection.

HTTPS Hypertext Transport Protocol Secure

Even though Google is making this change, it is not something that webmasters should jump into lightly. Webmasters should implement https only when they really need it and have sections in their site where they need to protect their visitors’ information.

Before making any drastic changes to the site, it is important to take into consideration that Google stated that this change will affect less than one percent of queries, carrying less weight than other signals such as high-quality content.

Cons of using https

  • Up until this recent announcement, it was recommended only using https on the sections of the site that needed to protect the confidentiality of user data, such as payment forms that collected credit card information, the site’s login section or any page that would sends/receive other private information (such as street address, phone number or health records), because using https in the whole site can overload webservers and make sites slower, which affects negatively on a site’s ranking.
  • Changing to https also means that all of the URLs in your site will change and it will be necessary to redirect all of the URLs on the site, so that they can be indexed by Google and avoid having duplicate content between https and http URLs. Redirects usually increase the load time of the site, which can be negative ranking factor and reduce the link juice coming from external sites pointing to http URLs.
  • SSL certificates cost money, and certificates signed by well-known authorities can be expensive.

I advise against making an immediate decision to change to https because it is a recent change and apparently the effort to switch exceeds the benefit obtained in rankings. Right now it is better to stand back and observe how the change affects those sites that alter their URLs to https.

 

ARTICLE BY

Robert Padgett
OF
Consultwebs.com, Inc.