Category: Communication Media & Internet

New Federal Communication Commission (FCC) Rules to Protect Telephone Consumers from Autodial/Robocalls

Lewis & Roca

On October 16, 2013, new Federal Communication Commission rules took effect to further protect consumers under the Telephone Consumer Protection Act of 1991 (TCPA). See 47 U.S.C. § 227; 47 C.F.R. § 64.1200. The changes ordered by the FCC are designed to protect consumers from unwanted autodialed or pre-recorded telemarketing calls, also known as “telemarketing robocalls.” The new TCPA rules accomplish four main things: (1) require prior written consent for all autodialed or pre-recorded telemarketing calls to wireless numbers and residential lines; (2) require mechanisms to be in place that allow consumers to opt out of future robocalls even if during the middle of a current robocall; (3) limit permissible abandoned calls on a per-calling campaign basis in order to discourage intrusive calling campaigns; and (4) exempt from TCPA requirements calls made to residential lines by health care related entities governed by the Health Insurance Portability and Accountability Act of 1996. None of the FCC’s actions change the requirements for prerecorded messages that are non-telemarketing, informational calls such as calls by or on behalf of tax-exempt organizations, calls for political purposes, and calls for other non-commercial purposes including those to people in emergency situations.

Under the FCC’s new rules, “prior written consent” will require two things: a clear and conspicuous disclosure that by providing consent the consumer will receive auto-dialed or prerecorded calls on behalf of a specific seller, and a clear an unambiguous acknowledgement that the consumer agrees to receive such calls at the mobile number. The content and form of consent may include an electronic or digital form of signature such as the FTC has recognized under the E-SIGN Act. See Electronic Signatures in Global and National Commerce Act, 15 U.S.C. § 7001 et seq. However, prior written consent may be terminated at any time. In addition, the written agreement must be obtained “without requiring, directly or indirectly, that the agreement be executed as a condition of purchasing any good or service.” 16 C.F.R. § 310.4(b)(v)(A)(ii).

Read the full rule here.

Article By:

To Track or Not to Track Re: Digital Advertising

McDermottLogo_2c_rgb

Digital advertising based on tracking users’ interests and related privacy concerns have been the subject of many recent news articles.  What does this mean for businesses?  Evolving industry practices and new legislation relating to online privacy and user tracking likely require changes to online privacy practices and policies.

Online privacy and user tracking are in the news almost daily.  Consider these highlights from the past few weeks about online tracking of California minors, big data brokers, California legislation addressing “do not track,” new mobile and online interest-based advertising technology, and a warning to all website operators from the Better Business Bureau:

New Privacy Rights for California Minors

On September 23, 2013, Governor Brown signed into law new Sections 22580 through 22582 of the California Business and Professions Code titled “Privacy Rights for California Minors in the Digital World.”  The new law, which goes into effect January 1, 2015, requires an operator of a website (including online services and applications, such as a social media site) or mobile application that is “directed to minors” to allow minors (defined as anyone younger than 18 years old residing in California) who are registered users the opportunity to un-post or remove (or request removal of) their posted online content.  The operator also must provide minors with notice and “clear instructions” about how to remove their posted content.  The operator is not, however, required to remove posted content in certain specific circumstances, such as when the content was posted by a third party.

This new law also prohibits website and mobile app operators from advertising to California minors certain products and services that minors cannot legally purchase, such as alcoholic beverages, firearms, ammunition, spray paint, tobacco products, fireworks, tanning services, lottery tickets, tattoos, drug paraphernalia, electronic cigarettes, “obscene matter” and lethal weapons.  Operators also are prohibited from using, disclosing or compiling certain personal information about the minor for the purpose of marketing these products or services.

Senator Rockefeller Expands Investigation of Data Brokers

On September 25, 2013, Governor Rockefeller (W.VA) announced that he sent letters to 12 operators of popular family-, health- and personal-finance-related consumer websites requesting details about whether and what information collected from consumers is shared with data brokers.  In his letter to the operator of self.com, for example, Rockefeller noted that “[w]hile some consumers may not object to having their information categorized and used for marketing purposes, before they share personal information it is important that they know it may be used for purposes beyond those for which they originally provided it.”

California Adds Do-Not-Track Disclosure Requirements Effective January 1, 2014

On September 27, 2013, California Governor Brown signed into law amendments to the California Online Privacy Protection Act (CalOPPA), a 2004 law requiring all commercial websites and online service providers collecting personally identifiable information about California residents to “conspicuously” post a “privacy policy.”  The amendments to CalOPPA, which take effect on January 1, 2014, add two new disclosure requirements for privacy policies required by CalOPPA:

  • The privacy policy must explain how the website “responds to ‘Do Not Track’ signals from web browsers or other mechanisms that provide California residents the ability to exercise choice” about collection of their personally identifiable information (Cal Bus and Prof Code §22575(b)(5)).
  • The privacy policy must disclose whether third parties use or may use the website to track (i.e., collect personally identifiable information about) individual California residents “over time and across third-party websites” (Cal Bus and Prof Code §22575(b)(6)).

The “Bill Analysis” history indicates that CalOPPA amendments are not intended to “prohibit third-party or any other form of online tracking” but rather to “implement a uniform protocol for informing Internet users about tracking . . . and any options they may have to exercise choice . . .” (6/17/13 – Senate Judiciary).

A website operator may meet the “do not track” disclosure requirement by including a link in the privacy policy to “an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice” (Cal Bus and Prof Code §22575(b)(7)).

The reference in §22575(b)(7) to “an online location” suggests that businesses already complying with the “enhanced notice link” requirements of the Self-Regulatory Program for Online Behavioral Advertising of the Digital Advertising Alliance (DAA) will comply with amended CalOPPA.  Among other requirements, the DAA’s self-regulatory program requires website owners/operators (called “First Parties”) to provide “clear, meaningful and prominent” disclosure about data collection and use for advertising purposes, and to offer consumers a way to opt out of tracking, such as through the DAA’s consumer choice page.  As noted in the Bill Analyses, while the DAA’s consumer choice mechanism enables consumers to opt out of receiving advertising based on online tracking data, it only works for companies that participate in the DAA’s program and “does not allow consumers not to be tracked.”

User Credentials Subject to California Breach Laws Effective January 1, 2014

Governor Brown also signed into law amendments to California’s breach notification laws on September 27, 2013.  As amended, the definition of “personal information” that triggers breach notification requirements includes consumers’ online credentials: “user name or email address, in combination with a password or security question and answer that would permit access to an online account.”

Mobile Advertising: Mobile Telephone as Tracking Device

In the October 6, 2013, edition of the New York Times, an article titled “Selling Secrets of Phone Users to Advertisers” describes sophisticated profiling techniques for mobile phone users that feed on data collected through partnerships with other various online service providers.  These companies are developing alternatives for cookies, which do not work on mobile devices and, as the new California law illustrates, are increasingly irrelevant as an online tracking technique because users can block or delete them.

New Tracking Technology from Microsoft and Google

On October 9, 2013, AdAge reported that Microsoft is developing a new kind of tracking technology to replace cookies.  The new technology would function as a “device identifier,” allowing user tracking across devices that use Microsoft Windows, Xbox, Internet Explorer, Bing and other Microsoft services.  Similarly, USA Today reported that Google is developing its own digital tracking mechanism known as “AdID.”  While both of these new trackers will be used to collect and aggregate date for advertising and marketing purposes, they purportedly will offer users more control over how and what online activity is tracked and who has access to their personal data.

Better Business Bureau Issues Compliance Warning to Website Operators

On October 14, 2013, the Better Business Bureau issued a Compliance Warning noting that a “significant minority of website operators” are omitting the “enhanced notice link” (as required by the DAA’s Self-Regulatory Program for Online Behavioral Advertising) when ad networks and other third parties collect data for interest-based advertising purposes but cannot provide their own notice on the website on which the data collection occurs.  The Better Business Bureau operates the Online Interest-Based Advertising Accountability Program, through which it monitors businesses’ advertising practices and enforces the DAA’s self-regulatory program, even for companies that are not participating in it.

All of this news has created consumer confusion.  While consumers are increasingly aware of being tracked, they don’t know what exactly it means or which websites are doing it—and they are not happy about it.  A study from data privacy company TRUSTe found that 80 percent of consumers are aware of being tracked and 52 percent don’t like it.

What to Do?

A check-up for the privacy policy (or “privacy statement,” which is the increasingly popular industry term) posted on your company’s website is a good way to start evaluating your company’s digital advertising and privacy practices.  The online privacy statement is the primary means by which website operators (also known as “publishers”) communicate their privacy practices to users.

These Four steps can help you successfully evaluate your company’s privacy statement:

First, find out if your company’s marketing strategy includes advertising based on consumer information collected through cookies or other tracking technology.  Even if this type of advertising is not part of current plans, your company’s website still may have third-party tracking activities occurring on it, and these activities must be disclosed in the privacy statement as of January 1, 2014.

Second, review the privacy statement displayed on your company’s website(s) and/or mobile application(s) and make sure it accurately, clearly and completely discloses the information collected from users, how it is collected (e.g., by your company or by third parties), how your company uses the information, and whether and how the information is disclosed to third parties.  If you use information that you collected from consumers for targeted advertising, make sure the privacy statement says so.  A federal judge in the Northern District of California recently reviewed a company’s online privacy policy to evaluate whether users reading the privacy policy would understand that they were agreeing to allow user profiles and targeted advertising based on the contents of their e-mails.  The court found that the lack of specificity in the company’s privacy policy about e-mail interception meant that users could not and did not consent to the practices described in the online privacy policy.

Third, find out when and how the privacy statement is or was presented to users who provide personal information through the company website(s) and/or mobile application(s).  Is the privacy statement presented as a persistent link in the footer of each webpage?  Are users required to agree to the privacy statement?  If not, consider implementing a mechanism that requires users to do so before providing their personal information.

Finally, if your privacy statement needs to be updated, make sure you notify all consumers in advance and ensure that the changes you propose are reasonable.  Unreasonable and overbroad changes made after the fact can cause reputational harm.  Instagram learned this at the end of 2012 when it tried to change its terms of service so that users’ photos could be used “in connection with paid or sponsored content or promotions, without any compensation to [the user].”  After a hail of consumer complaints, Instagram withdrew the revised terms and publicized new, more reasonable ones.

Article By:

of

California Enacts New Data Privacy Laws

Sheppard Mullin 2012

As part of a flurry of new privacy legislation, California Governor Jerry Brown signed two new data privacy bills into law on September 27, 2013: S.B. 46 amending California’s data security breach notification law and A.B. 370 regarding disclosure of “do not track” and other tracking practices in online privacy policies. Both laws will come into effect on January 1, 2014.

New Triggers for Data Security Breach Notification

California law already imposes a requirement to provide notice to affected customers of unauthorized access to, or disclosure of, personal information in certain circumstances. S.B. 46 adds to the current data security breach notification requirements a new category of data triggering these notification requirements: A user name or email address, in combination with a password or security question and answer that would permit access to an online account.

Where the information subject to a breach only falls under this new category of information, companies may provide a security breach notification in electronic or other form that directs affected customers to promptly change their passwords and security questions or answers, as applicable, or to take other steps appropriate to protect the affected online account and all other online accounts for which the customer uses the same user name or email address and password or security question or answer. In the case of login credentials for an email account provided by the company, the company must not send the security breach notification to the implicated email address, but needs to provide notice by one of the other methods currently provided for by California law, or by clear and conspicuous notice delivered to the affected user online when the user is connected to the online account from an IP address or online location from which the company knows the user ordinarily accesses the account.

Previously, breach notification in California was triggered only by the unauthorized acquisition of an individual’s first name or initial and last name in combination with one or more of the following data elements, when either the name or the data elements are unencrypted: social security number; driver’s license or state identification number; account, credit card or debit card number in combination with any required security or access codes; medical information; or health information. S.B. 46 not only expands the categories of information the disclosure of which may trigger the requirement for notification, it also—perhaps unintentionally—requires notification of unauthorized access to user credential information even if that information is encrypted. Thus, S.B. 46 significantly expands the circumstances in which notification may be required.

New Requirements for Disclosure of Tracking Practices

A.B. 370 amends the California Online Privacy Protection Act (CalOPPA) to require companies that collect personally identifiable information online to include information about how they respond to “do not track” signals, as well as other information about their collection and use of personally identifiable information. The newly required information includes:

  • How the company responds to “do not track” signals or other mechanisms that provide consumers the ability to exercise choice over the collection of personally identifiable information about their online activities over time and across third-party websites or online services, if the company collects such information; and
  • Whether third parties may collect personally identifiable information about a consumer’s online activities over time and across different websites when a consumer uses the company’s website.

These disclosures have to be included in a company’s privacy policy. In order to comply with the first requirement, companies may provide a clear and conspicuous hyperlink in their privacy policy to an online description of any program or protocol the company follows that offers the user that choice, including its effects.

It’s important to note that the application of CalOPPA is broad. It applies to any “operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service.” As it is difficult to do business online without attracting users in technologically sophisticated and demographically diverse California, these provisions will apply to most successful online businesses.

What to Do

In response to the passage of these new laws, companies should take the opportunity to examine their data privacy and security policies and practices to determine whether any updates are needed. Companies should review and, if necessary, revise their data security breach plans to account for the newly added triggering information as well as the new notification that may be used if that information is accessed. Companies who collect personally identifiable information online or through mobile applications should review their online tracking activities and their privacy policies to determine whether and what revisions are necessary. The California Attorney General interprets CalOPPA to apply to mobile applications that collect personally identifiable information, so companies that provide such mobile apps should remember to include those apps in their review and any update.

Article By:

 of

Another Software Patent Horror Story Unmasked and Debunked: This One You Won’t Believe

Schwegman Lundberg Woessner

I have noticed lately that the anti-software patent PR machine is trying pretty hard to find examples of start-ups “crushed” by software patents.

Ok, so here is the latest laugher example they came up with:  FindTheBest.com, a company that is nearing its fifth birthday and handling 20 million visitors a month, is supposedly a “start-up” being unfairly targeted by a patent troll  (see http://www.latimes.com/business/la-fi-hiltzik-20131011,0,704586.column).

Jack-o'-lantern and pumpkins

As far as I can tell from their web site, FindTheBest is doing a land-office business, and probably has a valuation better than 95% of all software companies.  For starters, in my opinion, pretty much every software entrepreneur on the planet would gladly endure a challenge from a troll if they could get 20 million visitors a month in web traffic.  But that is just the beginning of the irony of this anti-patent sob story.   The leader of this particular start-up at present, Kevin O’Connor, sold a previous start-up he co-founded, Doubleclick, to Google for $3.1 billion in 2008.  Doubleclick, and indeed O’Connor himself, named as an inventor on at least four software patents acquired by Google (http://www.patentbuddy.com/Inventor/O%27Connor-Kevin-Joseph/5640460#More), had aggressively filed patents to protect its innovations (http://www.seobythesea.com/2007/04/doubleclick-google-looking-at-some-of…).   Those patents weighed heavily in the valuation of Doubleclick when it was sold to Google.  So, is it not a little ironic that FindTheBest.com would be outraged about software patents impeding their progress, after one of their founders profited mightily from the patent filings of his own prior company?  Well, I sure think many would think so.  This is not to say I don’t have nothing but the utmost admiration for Mr. O’Connor’s entrepreneurial talents.  And, its not to say that he may very well be legitimately frustrated to have to deal with a patent infringement issue.  But, these are the problems that go with the kind of success few entrepreneurs are ever lucky enough to achieve, not the problems of the vast majority of true start-ups still trying to find enough customers to survive another round of financing.

Here is another injustice of this story: Eileen C. Shapiro, the inventor of the so-called troll patent in question, is no slacker. She has an undergraduate degree from Brown University and an MBA from Harvard University.  According to her LinkedIn profile, she holds 14 patents and has been actively involved in many start-ups.  Is this really an example of some undeserving “troll” inventor with no right to exclusive rights in her inventions?  Is it so improbable that someone that likely has a genius level IQ would be awarded a valuable patent for her ideas, which mind you appear to have come to her a good while ago before the site FindTheBest.com was even a notion in its founder’s imagination.

So, is this really an example of a “start-up” getting drummed out of business by underserving troll?  The Electronic Frontier Foundation would like you to believe that — “Trolls do a really good job of targeting start-ups at their most vulnerable moments,” says Julie Samuels, a staff attorney at the Electronic Frontier Foundation and holder of its Mark Cuban Chair to Eliminate Stupid Patents.”  (LA Times, October 13, 2013).   Or, is this an example of a large, successful, well established and fast growing company nearing its fifth birthday, that some time ago left “start-up” mode behind?  Wouldn’t most five year old companies be embarrassed to say they were still “starting up”?  This is a label only those desperately in need of contriving the facts to suit their hypothesis would dare to come up.

Moreover, is this not a great example of how Mr. O’Conner’s patents helped him get a fair return for the sale of Doubleclick to Google, so he could reinvest some of his gains in FindTheBest.com, rather than an example of how Ms. Shapiro’s innovations are a poster child for patents underserving of a reward.

If this is the best software patent horror story the anti-patent forces can come up with this Halloween, they should give it a rest for a while.

Article By:

 of

Consent Isn’t the Only Consideration: NY Comic Con Attendees Disagree that Hijacking Twitter Accounts Makes the Event “100x cooler! For realz.”

MintzLogo2010_Black

The comic book industry is no stranger to displays of heroic anger and berserker rage, but over the weekend New York Comic Con (NYCC) was on the receiving end of considerable fan fury after it began ghostwriting effusive tweets about NYCC and posting on the Twitter pages of NYCC attendees in a way that made it appear as though the attendee was the author of the tweet.

During the event registration process, NYCC attendees were given the option of linking RFID badges to their Twitter account through the event’s mobile application interface.  During the application registration process, attendees were asked to authorize NYCC to access their Twitter accounts.  At this point, attendees arguably consented to having NYCC impersonate the attendee when posting about NYCC on the attendee’s Twitter feed.

The NYCC website page explaining the ID badge technology and the site’s registration page did not mention that NYCC would be posting to attendee Twitter pages on the attendee’s behalf.  Rather, the registration process is explained as a method for giving the attendee access to enhanced social media content, while helping NYCC protect against fraudulent credentials.  The activation terms provided that NYCC could use the information collected through the badge “for internal purposes” and to contact the user about future events.  After a user registered his or her badge and elected to link a Twitter account, the user was presented with an opt-in notice (a screenshot of which can be seenhere), specifying that following authorization, the application would be able to, among other things, “post Tweets for you”.  This type of warning is not uncommon.  For example, any website that allows users to click to share news articles or stories on their Twitter pages requires this type of access.

In spite of the opt-in warning, the wide-spread surprise among attendees suggests that the opt-in language did not draw a clear distinction between posting tweets for a user and posting tweets as a user.  Moreover, the failure to mention this practice when explaining the registration process could have led attendees to conclude that even if they were agreeing to provide this type of access, NYCC would not be taking the unusual step of pretending to be the attendee when it published tweets on the user’s page.

NYCC’s initial response was a brief tweet telling attendees not to “fret” over the ghostwritten posts and informing attendees that the “opt-in feature” had been disabled.  However, after anger continued to spread, NYCC issued a longer statement apologizing for any “perceived overstep.”

This type of disconnect between online service providers and users is becoming increasingly common as advances in technology permit mobile device and social media data to be accessed and used in new ways.  Earlier this year, for example, Jay-Z and Samsung stepped into a public relations debacle when the “JAY Z Magna Carta” mobile application required that the user, in exchange for receiving a free music download, authorize the application to have extensive access to phone data and social media accounts. The response from NYCC attendees also underscores the lesson learned by Googleearlier this month, that consent provided by users who do not fully understand what they are consenting to may not be consent at all.

As your online business finds new and innovative ways to deliver products and services to your users, it is important to take a step back and consider whether additional communications in different formats, such as just-in-time notifications, are necessary to ensure that the only surprise your customers have is how great your products and services are.   Or, to put it another way, “with great power comes great responsibility.”

Article By:

 of

Need Ideas for Your Legal Blog? Here's a Bunch

The Rainmaker Institute mini logo (1)

If there is one thing I hear over and over again from attorneys when it comes to blogging, it’s this:   “What do I blog about?”

The reason to have a blog is to establish your authority as an expert in your field of practice. You must keep your target market in mind at all times when writing a blog – it needs to be about topics your clients and prospects are interested in, providing good in-depth information on each topic (now more important than ever for SEO) that they can’t find anywhere else.

Still, the creative juices do run dry at times. Which is why it’s so great that the LexisNexis Law Marketing blog has started highlighting monthly events, anniversaries, holidays and observances that have a legal connection.

Here is their list for October/November, categorized by practice area:

Civil Rights Law:

  • October is National Disability Employment Awareness Month
  • October is Gay and Lesbian History Month
  • Oct. 14: Native American Day
  • Oct. 17: United Nations’ International Day for the Eradication of Poverty
  • Oct. 20-26: Freedom from Bullies Week
  • Oct. 21-27: Freedom of Speech Week
  • November is National American Indian Heritage Month

Corporate Law:

  • October is National Crime Prevention Month
  • October is National Cyber Security Month
  • October is National Disability Employment Awareness Month
  • Oct. 16: National Boss’s Day
  • Oct. 16: Support Your Local Chamber of Commerce Day
  • Nov. 3-9: International Fraud Awareness Week

Education Law:

  • October is National Bullying Prevention Month
  • Oct. 20-26: Freedom from Bullies Week
  • Oct. 21-25: National School Bus Safety Week

Elder Law:

  • October is Health Literacy Month
  • October is Long-Term Care Planning Month
  • October is National Organize Your Medical Information Month
  • Oct. 15: Medicare open enrollment begins
  • Oct. 20-26: National Save for Retirement Week
  • November is National Alzheimer’s Disease Awareness Month
  • November is National Family Caregivers Month
  • November is National Home Care and Hospice Month
  • November is National Long-Term Care Awareness Month
  • Nov. 1-7: National Patient Accessibility Week

Environmental Law:

  • Oct. 18: Forty-first anniversary of the passing of the Water Pollution Control Act

Estate Planning:

  • October is Long-Term Care Planning Month
  • Oct. 20-26: National Save for Retirement Week
  • November is National Alzheimer’s Disease Awareness Month

Family Law:

  • October is Antidepressant Death Awareness Month
  • October is Breast Cancer Awareness Month
  • October is Domestic Violence Awareness Month
  • October is Gay and Lesbian History Month
  • October is National Bullying Prevention Month
  • October is National Organize Your Medical Information Month
  • Oct. 17: Get Smart About Credit Day
  • November is Military Family Appreciation Month
  • November is National Adoption Month
  • November is National Alzheimer’s Disease Awareness Month
  • November is National Family Caregivers Month
  • Nov. 1: National Family Literacy Day

Health Care Law:

  • October is Antidepressant Death Awareness Month
  • October is Breast Cancer Awareness Month
  • October is Health Literacy Month
  • October is Long-Term Care Planning Month
  • October is National Organize Your Medical Information Month
  • Oct. 15: Medicare open enrollment begins
  • Oct. 17-24: Food and Drug Interaction Education and Awareness Week
  • Oct. 24-31: Prescription Errors Education and Awareness Week
  • November is National Home Care and Hospice Month
  • November is National Long-Term Care Awareness Month
  • Nov. 1-7: National Patient Accessibility Week

Insurance Law:

  • October is National Crime Prevention Month

Intellectual Property Law:

  • Oct. 29: 44th anniversary of the creation of the Internet

Labor Law:

  • October is National Disability Employment Awareness Month
  • Oct. 16: National Boss’s Day

Personal Injury Law:

  • October is Antidepressant Death Awareness Month
  • Oct. 21-25: National School Bus Safety Week
  • Oct. 24-31: Prescription Errors Education and Awareness Week

Real Estate Law:

  • October is National Crime Prevention Month

Who’s Afraid of Website Data Migration?

Great Jakes-logo

Does the phrase “data migration” send chills up your spine? Would the fear of moving content from your old website to a new one hold you back from pulling the trigger on a website project?

If you nodded “yes” to either of those questions, you’re not alone.

The topic of data migration can be scary for marketers. Simply put, trained communicators are not database jockeys, and the prospect of ones and zeros flying back and forth can cause discomfort. But comfort level aside, should the fear of data migration warrant the keeping of a crummy website?

What can go wrong?

Everything, right?! There’s a chance that data could get lost, or content could end up in the wrong places, causing countless hours of aggravation for the marketing department…

Or not.

Professionals who do this all the time are well practiced in the art of handling the various challenges associated with data migration. But how can marketers be assured that their migration won’t go awry

How to do data migration

Data migration is not rocket science – or magic. At its simplest, it can be summed up as matching database fields from the old website, with the new. The actual act of migrating data (also called “data mapping”) can vary in its level of difficulty, depending on the condition, structure and size of the firm’s current website database. But irrespective of how old your website is or how it was built, the basic steps involved are the same.

Here’s a simplified version of the process that we use at Great Jakes:

  1. Analysis: The first step involves requesting a “data dump” of all the text content of the website and of the headers for each data table. We analyze the data to determine how much of the migration can be automated.

    We also investigate whether it would be more practical and/or cost efficient to not automate the migration and instead configure a “data-entry” website to have the data manually moved from the old website into the new. It’s not as hard as it sounds, and it’s not unusual that we end up recommending a combination of automated data-migration and “data-entry” website methods. It all depends on how the old website’s data are formatted.

  2. Transfer setup: The next step involves planning the “field-mapping” – writing the appropriate scripts necessary to move the data into the proper fields of the new website.
  3. Migration: A month prior to delivering a finished website, we migrate the data from the old website to the new, using data from a second data dump that contains all of the most current content (text, photos, PDFs, videos, presentations, audio files, etc.).
  4. Testing: Finally, we rigorously review the data migration results to ensure that everything moved as planned.

Better the devil you know – right?

While the steps outlined are straightforward, data migration is a time-consuming but doable process. Consequently, larger websites with more data will require more time to analyze, set up, migrate and then test.

So, the best way to ensure that everything goes smoothly is to take a peek under the hood. Have a pro examine your existing website. They might find some issues, like embedded tables or miscellaneous image files tucked in strange places. You’ll probably need to make some decisions about how to migrate these items. But most likely, they’ll probably find that the hurdles to moving the content are a lot lower than you might think.

Don’t let those two little words “data migration” keep you from advancing your firm’s business goals! There’s too much to be gained from having a properly conceived website.

Article By:

 of

Will a New California Ballot Initiative Usher in the Next National Shift in Privacy Law?

Poyner Spruill

Just 10 years ago, California enacted the first breach notification law and unwittingly transformed the landscape of American privacy and data security law. To date, 45 other states, multiple federal agencies, and even local governments have followed suit. California residents may soon find themselves voting on a ballot initiative that could have an equally dramatic effect on this area of law.

computer broadcast world

The ballot initiative, known as the California Personal Privacy Initiative, is designed to remove barriers to privacy and data security lawsuits and also would promote stronger data security and an “opt-in” standard for the disclosure of personal information. Specifically, the initiative would amend the California Constitution to:

  1. Create a presumption that “personally identifying information” collected for a commercial or governmental purpose is confidential

  2. Require the person collecting such information to use all reasonably available means to protect it from unauthorized disclosure

  3. Create a presumption of harm to a person whenever her confidential personally identifying information has been disclosed without her authorization.

Notwithstanding the presumption of harm, the amendment would permit the disclosure of confidential personally identifying information without authorization “if there is a countervailing compelling interest to do so (such as public safety or protected non-commercial free speech) and there is no reasonable alternative for accomplishing such compelling interest.”

Turning first to the impact on litigation, plaintiffs have largely been unsuccessful in privacy and data security litigation because they have failed to show harm resulting from an alleged unlawful privacy practice or security breach. The obligation to show harm arises at two stages when a case is litigated in federal court: first, the plaintiff must establish that he has suffered an “injury in fact” in order to meet the requirements for Article III standing, and second, the plaintiff must satisfy the harm requirement that applies to the relevant cause of action (e.g., negligence). If the case is litigated in state court, the standing requirement does not apply, but most, if not all, privacy and data security breach class actions have been litigated in federal court.

The ballot initiative would create a presumption of harm that could allow more lawsuits to satisfy the injury-in-fact standard (step one, above) and the harm requirement for the underlying cause of action (step two, above). Without that barrier, business would be stripped of the most effective means of prevailing on a motion to dismiss for certain causes of action. And in some scenarios, business would be forced to rely on untested or tenuous defenses, making companies more likely to settle, rather than fight, previously unsustainable causes of action.

Other components of the initiative would exacerbate the uptick in litigation, including the presumption that personally identifying information collected for a commercial purpose is confidential and the requirement that organizations use reasonable measures to prevent unauthorized disclosure of that information. Plaintiffs’ claims are sometimes based on an allegation that promises made in the defendant’s privacy notice regarding security measures are deceptive. Currently, companies can protect themselves against these claims by making only conservative representations about privacy and security. But the ballot initiative could create a general duty to adopt reasonable privacy and security measures, raising the prospect that plaintiffs could more successfully pursue negligence-style claims, which companies cannot deter solely by adopting conservative privacy notices.

The initiative also employs a very broad definition of personally identifying information: “any information which can be used to distinguish or trace a natural person’s identity, including but not limited to financial and/or health information, which is linked or linkable to a specific natural person.” (The definition does not cover publicly available information lawfully made available to the public from government records.) This expansive definition would force organizations to apply stricter security to types of information that might not otherwise receive those protections. Furthermore, the definition is particularly problematic when considered in conjunction with the presumption of harm discussed above because identifiable data such as names, email addresses, and device identifiers are routinely shared by businesses without consent. If this initiative succeeds, the increased threat of litigation will incentivize businesses to default to an opt-in standard for disclosures of information.

There is, however, at least one reason to believe that the initiative may not be as detrimental to business interests as some are predicting. Showing a nominal harm for the underlying cause of action does not necessarily equate to an award of damages so, even if the ballot initiative is successful, there would in some cases remain a practical limitation on the plaintiff’s ability to recoup money damages. Where statutory damages are available, or where a plaintiff can show some actual monetary harm, money awards would be possible. But in cases where statutory damages are not available and a plaintiff must show actual monetary harm to procure a monetary award, the ballot initiative may not save such claims. For example, the damages award flowing from a negligence claim is generally based on the actual damages incurred by a plaintiff. Therefore, even if the plaintiff could state a cause of action for the purpose of defeating a motion to dismiss, the plaintiff may not be entitled to anything more than a nominal damages award if the plaintiff cannot demonstrate monetary damage such as the cost of credit monitoring, identity theft insurance, or perhaps even therapy bills. On the other hand, courts could interpret the amendment as requiring recognition of a new type of harm, similar to emotional distress, that is compensable through money damages—even without a showing of some concrete financial harm to the plaintiff.

The ballot initiative’s proponents must obtain 807,615 signatures before Californians would have the opportunity to vote on it. If the signatures are collected, then the initiative will appear on the ballot without further opportunity to seek amendments to address business concerns. If the initiative appears on the ballot, it would require only a simple majority vote to pass. Interested organizations should work to ensure that public debate over the initiative includes a discussion of the heavy burden on business that could result from the initiative.

 
 of

10 Free Keyword Research Tools + How to Use Them [INFOGRAPHIC]

The Rainmaker Institute mini logo (1)

An old friend – Google’s free Adwords Keyword tool – has gone off the grid for good, leaving in its place the new Keyword Planner. The Planner is a little more detailed, but still fairly easy to use and still free.

A recent post at the GroTraffic.com blog had a list of 10 free keyword research tools you will find useful, as well as a good infographic that provides step-by-step instructions on how to conduct keyword research:

Mergewords – especially useful for creating long tail keyword phrases which are critical to your SEO efforts.

Wordstream – will give you up to 30 free keyword results; after that, you have to subscribe.

SEMRush – the first 10 results are free; a subscription is required for more. Data analysis and keyword performance info is also offered on the site.

SEOBook – this site has a free keyword tool that requires free registration to access.

Keyword Eye – if you are more visually oriented, this site is for you.

KGen – if you use Firefox as your browser, this tool is available as an add-on and will rank keywords on any given website.

Bing Keyword Research Tool – part of the Bing Webmaster Tools.

Keyword Spy – lets you evaluate competitive websites for keywords they use.

Thesaurus.com – this website gives you synonyms for your keywords.

Ubersuggest – suggestion tool for more keyword ideas.

Article By:

 of

12 Tips to Increase Referrals & Revenues With Email Marketing

Katten Muchin

Despite all the focus these days on social media, email marketing still remains the most effective way to reach prospects, remind clients, and reconnect with referral sources. According to the latest Pew Internet & American Life Project Report, email remains the top use of the Internet across all age groups.

Far too few law firms properly utilize email marketing to generate more referrals and develop new business. I’m going to lay out a game plan for your firm so you can implement an effective email marketing program.

He or She Who Has The Biggest List Wins!

I have said this to audiences for the last several years, but it bears repeating, he or she who has the biggest list wins! Your list is one of the few tangible assets of your law firm that is of a true lasting value. What makes your firm valuable is your ongoing relationship with your current and former clients, prospects and referral sources-that is to say, your list!

As a business owner, you must do everything you can to build, maintain and grow a healthy list of interested prospects, clients and referral sources. Developing a robust email marketing list should be at the core of your law firm’s business development efforts.

Here are proven ways to build a great law firm marketing list:

Insert a newsletter sign-up form on each page of your website and on your blog. Include a brief summary of the benefits of receiving your no-cost, monthly legal newsletter as well as a link to a sample they can read.

Promote your newsletter on social media. A growing number of law firms are using social media as a low-cost method to promote their law firms. Periodically include snippets from your newsletter in your social media.

Invite your connections on LinkedIn to join your list. Send out an email invitation to all your connections on LinkedIn asking if they would like to join your newsletter.

Use networking events to grow your list. If you’re like most attorneys, you have a stack of business cards somewhere on your desk from people you have met at networking events and you haven’t done anything with those names since then. Instead of letting them collect dust, put them on your newsletter list. It is the easiest way to stay connected long-term.

When you have a speaking engagement, provide a sign-up sheet for your complimentary newsletter. This technique has a very high response rate because the audience has already expressed an interest in your practice area by virtue of attending your presentation.

Partner with other non-legal professionals who serve a client base similar to yours. For example, if your area of practice is estate planning, financial planners, CPAs, tax attorneys or real estate professionals might have a target client similar to yours.

The overall goal is to continually grow your list and produce top quality content of interest to your list so they start to see you as a thought leader in the field.

Creating an Email Marketing Program for Your Law Firm

If you do not already have a regular email marketing campaign in place – like a monthly e-newsletter – here are 10 tips to keep in mind as you embark on your list building efforts:

1. Use every opportunity to build your list. Every prospect your office talks to on the phone, every person who fills out a form on your website, every business contact you network with, every visitor to your website or blog, every contact on social media, every referral source you meet for lunch, and every new client you sign up-invite them all to join your monthly newsletter.

2. Give away a free report on a topic of interest to your prospects when they sign up for your newsletter. This is a great way to entice reticent people to divulge their contact information.

3. Only send emails to people who have agreed to receive them. One of the services we offer is “done for you” newsletters for law firms and I will occasionally have a new client ask me about buying a list of targeted prospects. In general, I do not recommend purchase a list of names as they have no existing relationship with you and you will likely receive a lot of spam complaints.

4. Include an opt-out option in every email you send. Make it easy for people who are no longer interested in your content to unsubscribe.

5. Be sure your content is always relevant to your audience. Write about areas they are interested in. Don’t be afraid to take a specific point of view. As famous business author Robert Kiyosaki, author of Rich Dad, Poor Dad put it, I would rather be loved or hated, but not forgotten.

6. Always include a clear call-to-action. Tell them what you want them to do: Do you want them to call your office for a free consultation? Do you want them to visit your blog for more information on a specific topic? Would you like them to attend your upcoming webinar?

7. Use professional email marketing software to send it out. We recommend a program like Constant Contact, Mail Chimp, iContact, or Vertical Response. They are all very easy to use and costs start out around $20 per month. These programs will give you great insight into how many people are looking at your newsletter (open rates), how many people click on a link to “read more” (click through rates), and how many pass it on to a friend (“recommend” rates).

Due to spam blockers and concerns over viruses being sent via email, we do not advise you to send it out via Microsoft Outlook® or even worse as a PDF attached to an email.

8. Send your email on a consistent basis. We recommend every 4-6 weeks, but some of you could send it even more frequently.

9. Test to find out the best time to send your newsletter. The day of the week and the time of day can make a huge difference in the open rates of your newsletter. Email marketing studies show that in general, the best times for sending B2B emails is Tuesday through Thursday between 9:30 a.m. and 1:30 p.m. The best times for sending B2C emails is Tuesday through Thursday between 5 p.m. and 8 p.m. or on the weekend, but your audience may be different and the only real way to find out is to test it.

10. Keep the “from” name consistent. You should use your name or the name of your law firm in the “from” line.

11. Use clear, concise and interesting subject lines. Don’t make people guess what your email is about. Studies have shown the two biggest factors in determining if your email gets open is does the recipient recognize who it is from and the subject line.

Make your subject lines interesting. If you get two emails and you don’t immediately recognize either sender, but one of them has the subject line “10 ways to double your law firm’s revenue this year” and the other one has the subject line “March Newsletter from The Rainmaker Institute,” which one will you be more inclined to open?

12. Keep it short and sweet. You should be able to read your entire newsletter in less than 5 minutes. If you have a great article that is longer simply include several paragraphs in your newsletter then add a link to “click here to read more.” Everyone’s attention span is getting shorter as multiple mediums for messaging continue to grow.

Article By:

 of