Category: Intellectual Property

Inside Counsel presents the 12th Annual Super Conference in Chicago

National Law Review is pleased to bring you information about the upcoming 12th Annual Super Conference sponsored by Inside Counsel .

Reasons why you should Attend This Year’s Event:

  1. Meet with Decision Makers: You’ll meet face-to-face with senior-level in-house counsel
  2. Networking Opportunities: SuperConference offers several networking opportunities, including a cocktail reception, refreshment breaks, and a networking lunch.
  3. Gain Industry Knowledge: You will hear the latest issues facing the industry today with your complimentary full-conference passes.

Who Should Attend – General Counsel and Other Senior Legal Executives from Top Companies Attend SuperConference:

  • Chief Legal Officers
  • General Counsel
  • Corporate Counsel
  • Associate General Counsel
  • CEOs
  • Senior Counsel
  • Corporate Compliance Officers

The 12th Annual IC SuperConference will be held at the NEW Radisson Blu Chicago.
Radisson Blu Aqua Hotel

221 N. Columbus Drive

Chicago, IL 60601

Don’t forget – The early discount deadline using the NLR discount code is February 24th!

8th Annual Asian ITechLaw Conference

The National Law Review is pleased to bring you information on the upcoming 8th Annual Asian ITechLaw Conference:

ITech --8th Annual Asian ITechLaw Conference on February 23 and 24, 2012

 

As National Law Review member you are entitled to a 10% discount to the

8th ITechLaw International Asian Conference

 

ITechLaw’s 8th annual run of the very popular International Asian Conference will take place in Bangalore – the high technology capital of India.

The theme for India VIII is Technology Law in an Era of Changing Business Paradigms. For a glimpse of what is lined up for a discerning attendee like you, please visit http://www.itechlaw-india.com. Be sure to be one of the first to sign up for this landmark India event.

  • 8th Consecutive event of the ITechLaw India series
  • A ringside view of Indian IT, Media and Telecom Law
  • Supported by several of the largest law firms and global associations
  • ITechLaw’s CyberSpaceCamp® to be held on February 22, 2012
  • Contemporary topics addressed by leading experts drawn from some of the best global law firms
  • Engaging debates with panelists from industry, regulatory authorities and in-house legal departments
  • Interactive sessions on issues affecting the largest IT bases in the world
  • Welcome Reception and Art Show, promoting emerging Indian artistes, allowing delegates to network with local corporates and invited guests
  • Gala Dinner and Networking Luncheons – ample networking opportunities to meet fellow professionals
  • I – Win Tea Meeting
  • In – House Counsel Breakfast Meeting
  • Exclusive golf outings on February 22 and 25, 2012
  • Make the trip a memorable experience by taking an excursion to exotic destinations across southern India, such as Mysore, Kerala and Tamil Nadu

Look forward to a considerable amount of debate and brainstorming. Social meets such as luncheons and gala dinners will enable attendees to indulge into fruitful networking with prospects, contacts and peers from around the world.

See you at the 8th ITechLaw International Asian Conference.

The Anatomy of Data Risk Management

An article by Risk and Insurance Management Society, Inc. (RIMS) recently found in The National Law Review focused on Data Risk Management:

Think of data as a living organism.

Just like a human body, data has various components and life support systems that must be maintained to ensure the whole thrives and survives. You can think of a data risk specialist as a doctor trying to keep the organism healthy through its various life stages.

Data, our hypothetical patient, (you’re welcome Star Trek fans) needs a safe and healthy environment, a supportive lifestyle and good hygiene. Just as a doctor has to consider external threats (“do you smoke?”) so does the data risk manager.

Let’s look at what this all means, and how this philosophy can be applied to your businesses policies and practices.

Data, our hypothetical patient, has three basic forms: paper, electronic and human memory.  A good data risk management plan must consider all three.

Controlling paper and electronic data is what we think of most when considering data security. This is your standard (or what should be standard) security policy, access controls procedures, system audits, and the like. It’s where security planning meets IT.

Human memory is a little more elusive. Education, security training and a reward-demotion plan can help control human errors, as can confidentiality agreements, and project-specific security contracts. These are the tools of teachers and lawyers. Generally speaking, there are four key rules to protecting data in all its forms:

  1. Be stingy with sensitive data, internally and externally;
  2. Provide access to data on a need-to-know basis;
  3. Provide access only to that specific data, rather than entire data sets;
  4. Be deliberate in how data is handled, used and shared.

Data has a life cycle. If your data doesn’t, it should. Whether it’s government secrets or an online shopper’s credit card number, data is received or created within your company’s computer systems. It is used, maintained and stored. It is archived or destroyed. That data, in all cases, has three basic states: in action, in motion or at rest. Take the credit card number example: that information can be used, the card charged, or moved to another computer system, or archived. Use, motion, rest.

There are four fundamental rules regarding the life cycle of data:

  1. If the organization doesn’t need it, don’t collect it.
  2. If data must be collected, collect only what is needed.
  3. If data is needed, control it and encrypt it.
  4. When data is no longer needed, get rid of it – SECURELY.

Now that we know what data looks like (paper, electronic, mnemonic) and how it lives (in action, in motion, at rest) we should consider those external threats, namely data breaches. A data breach is an incident (or series thereof) in which sensitive, protected or confidential information has potentially been viewed, stolen or used with unauthorized access. This can be a hacker attack, an internal company mistake that results in exposed information or, in some cases, corporate or government espionage. A data breach can be anything that jeopardizes data.

These threats range from simple user negligence, operating or systemic issues, all the way to highly complex criminal attacks launched against your organization. As anyone who follows the tech news knows, sensitive consumer and business information has become a criminal commodity.

With this hostile environment in mind, it is imperative for the business to plan and prepare not only for the protection of their information, but also for the response and recovery of their data and business in the event of a data breach. For a data manager or security professional to fail to issue such a warning would be akin to that doctor not asking about smoking.

At the end of the day, data as an organism is more than an extended metaphor. It’s a means to look at your company’s data products in an abstract way and understand how it operates. This, in turn, will allow you to develop the proper health plan. Just like with our health, there is no single wonder pill. But there are data doctors out there who can analyze your businesses’ risk posture and recommend ways to get it in shape.

Brian McGinley, senior vice president of data risk management at Identity Theft 911 offers this well-written piece on the timely topic.

Risk Management Magazine and Risk Management Monitor. Copyright 2012 Risk and Insurance Management Society, Inc.

Transfer of Ownership Requires a Written Assignment

Recently in The National Law Review was an article by Jeremy T. Elman of McDermott Will & Emery regarding the Transfer of Patent Ownership:

Addressing the issue of patent ownership based on contractual assignments, the United States Court of Appeals for the Federal Circuit affirmed the district court’s decision dismissing patent ownership claims where a consulting agreement contained no express assignment language requiring defendant to assign the patents-in-suit to plaintiffs.Abbott Point of Care, Inc. v. Epocal, Inc., Case No. 11-1024 (Fed. Cir., Jan. 12, 2012) (Rader, C.J.)

Defendant-appellee Epocal was founded by Dr. Imants Lauks (Lauks), who was previously an employee of a predecessor company of plaintiff-appellant Abbott, with whom he signed three contracts (two employment agreements and one consulting agreement).  Both Epocal and Abbott claim to own the patents-in-suit, which cover systems for testing blood samples.Epocal is the assignee of both patents.  Lauks’ 1984 employment agreement contained language assigning all inventions to Abbott’s predecessor company (Integrated Ionics), but his 1999 consulting agreement, although it stated that the 1984 agreement remained in effect for work done while Lauks was an employee, was “silent” as to assignments of any inventions.  Lauks filed applications for these two patents in 2001, after which Abbott sued Epocal and claimed ownership of the patents pursuant to the 1984 agreement.  Epocal claimed ownership pursuant to the 1999 consulting agreement.After the district court granted Epocal’s motion to dismiss, Abbott appealed.

After noting that the Court reviews decisions on standing and contracts without deference, the Federal Circuit noted that Abbott had the burden of showing ownership and concluded that under New Jersey law, where the contract was apparently signed, the 1984 employment agreement ceased upon the execution of 1999 consulting agreement.  The 1999 consulting agreement expressly stated that Lauks resigned from his position and the 1999 consulting agreement then refers to Lauks as a “Senior Consultant,” i.e., no longer an employee.  The Court found that the 1999 consultant agreement did not specify that the entire 1984 employment agreement remained in effect, but only the confidentiality provisions.  The 1999 consulting agreement was silent as to any assignment of inventions, but “recognized and allowed Lauks to pursue other, non-conflicting interests.”  The Court thus found that there was an express recognition that Lauks’ agreement in the 1984 employment agreement to assign his inventions had ceased.   The Court rejected the contention that Lauks had a duty to continue to assign his inventions to Abbott, finding that proposed interpretation to be in conflict with the express language of the 1999 consulting agreement.  The Court thus held that Epocal was the owner of the patents-in-suit and affirmed the district court’s dismissal of Abbott’s infringement claim.

Practice Note: Companies should carefully examine patent assignment obligations of their employees or consultants and, in connection with corporate changes, examine whether prior assignment agreements will impose continuing assignment obligations after the employee or consultant has ceased employment with the company.

© 2012 McDermott Will & Emery

Inside Counsel presents the 12th Annual Super Conference in Chicago

National Law Review is pleased to bring you information about the upcoming 12th Annual Super Conference sponsored by Inside Counsel .

Reasons why you should Attend This Year’s Event:

  1. Meet with Decision Makers: You’ll meet face-to-face with senior-level in-house counsel
  2. Networking Opportunities: SuperConference offers several networking opportunities, including a cocktail reception, refreshment breaks, and a networking lunch.
  3. Gain Industry Knowledge: You will hear the latest issues facing the industry today with your complimentary full-conference passes.

Who Should Attend – General Counsel and Other Senior Legal Executives from Top Companies Attend SuperConference:

  • Chief Legal Officers
  • General Counsel
  • Corporate Counsel
  • Associate General Counsel
  • CEOs
  • Senior Counsel
  • Corporate Compliance Officers

The 12th Annual IC SuperConference will be held at the NEW Radisson Blu Chicago.
Radisson Blu Aqua Hotel

221 N. Columbus Drive

Chicago, IL 60601

Don’t forget – The early discount deadline using the NLR discount code is February 24th!

New Domain Name Registry Application Period Now Open Though Critics Urge Delay

An article by Kathleen E. BlouinLee J. EulgenAntony J. McShaneKatherine Dennis Nye and Sarah E. Smith of Neal, Gerber & Eisenberg LLP regarding Domain Name Applications was recently in The National Law Review:

On Thursday, Jan. 12, 2012, the Internet Corporation for Assigned Names and Numbers (ICANN) began accepting applications from private- and public-sector entities and organizations to obtain nearly any combination of words as their own generic top-level domain name (gTLD) registry. ICANN will only accept applications for new gTLD registries for a 90-day period, concluding on April 12, 2012. The plan will drastically increase the number of available gTLDs from the currently available 22 gTLDs (e.g., .com, .net. and .org) to potentially thousands of gTLDs (e.g., .clothing, .sports, or .yourbrand). With the opening of the application period, public and private sector outcry and dissent concerning the program has started to bubble up to mainstream consciousness.

In particular, the U.S. Department of Commerce has been reviewing the pending expansion after recently obtaining input from numerous sectors of industry regarding the potential shortcomings of the program. In November 2011, an alliance of 87 business groups, organizations and companies wrote a letter to Commerce Secretary John Bryson requesting that the Department urge ICANN to postpone the opening of the gTLD expansion application period. In light of record high levels of domain name dispute filings in 2010, the coalition believes that ICANN should delay implementing the expansion until it can confidently demonstrate that the plan will enhance consumer trust, boost Internet security, create economic benefits across many sectors and show that the benefits outweigh the costs of the expansion. The coalition is led by the Association of National Advertisers and the letter’s signatories include the Intellectual Property Owners Association and the American Intellectual Property Law Association.

In addition, last month, U.S. Representative Bob Goodlatte, Chairman of the House Judiciary Committee’s Subcommittee on Intellectual Property, Competition and the Internet, along with Representative Howard Berman, ranking member of the House Committee on Foreign Affairs, wrote to the Department of Commerce and expressed serious concerns about the dramatic expansion of gTLDs and urged the Department to encourage ICANN to undertake additional evaluation and review before initiating the robust expansion. They relayed concerns that brand owners will be forced to assume significant legal expenses to monitor and protect their trademarks and to obtain defensive registrations in light of an unprecedented number of new top-level domain names. The Representatives argued that consumers will be harmed as many of the legal expenses will be passed on to consumers in the form of higher prices. In addition, they are concerned that, as a result of the expansion, counterfeiting and piracy rates will continue to rise. They encouraged the Department of Commerce to delay the rollout until a sufficient analysis and evaluation is conducted, and until the Department is satisfied the benefits of the rollout exceed the costs and risks to consumers and businesses and to Internet safety and security.

Four commissioners of the Federal Trade Commission (FTC) also sent a letter to ICANN in December urging the delay of the expansion and voicing consumer protection concerns regarding the new gTLDs. The FTC reminded ICANN that ICANN planned to ensure that consumer protection and malicious abuse issues would be adequately addressed. The FTC is particularly worried that the rapid and large-scale expansion will lead to a significant rise in the use of false Whois (domain name ownership) information by domain name registrants, slowing down the FTC’s ability to identify and locate individuals behind fraudulent or counterfeit Web sites. The FTC has proposed a few immediate steps, including the implementation of a gTLD pilot program that would substantially reduce the number of gTLDs accepted in the first application round, and would require ICANN to hire additional compliance staff and impose registrant verification requirements.

Then three weeks ago, just before the Jan. 12 opening of the ICANN application process, a Commerce Department official, Lawrence Strickling, wrote to ICANN regarding some of these concerns. In his letter, Mr. Strickling recognized that the expansion has come after years of preparation and commentary from many stakeholders. However, Mr. Strickling stated that after meeting with industry stakeholders, there is tremendous concern about the expansion that could jeopardize its success. The Commerce Department requested that ICANN take three steps. First, develop a strategy to minimize defensive registrations so that a large number of organizations and entities, concerned about cybersquatting, do not feel forced to obtain defensive gTLD registries (e.g., .theirbrands) without any interest in actually operating a registry. Second, determine whether there is a need to phase in new gTLDs after the application window closes (on April 12th) and evaluate whether additional protection measures are necessary. And, third, better engage with and educate stakeholders as to the purpose and scope of the domain name expansion and available protective resources.

© 2012 Neal, Gerber & Eisenberg LLP.

Copyright Lessons from the Campaign Trail: Romney, Gingrich and Fair Use

Recently found in The National Law Reviewwas an article by Geri L. Haight of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. regarding Copyrights and Fair Use:

This Republican primary season has provided lots of fodder for political blogs, but it has also provided a few gems relating to — what else — trademark issues.    Now, U.S. copyright law is in the spotlight of the Republican primary campaign.  First, Republican presidential hopeful Mitt Romney is considering whether to pull a television ad that is comprised wholly of a 30 second clip from a January 21, 1997 episode of NBC’s “Nightly News” program hosted by Tom Brokaw.  The Romney ad is entitled “History Lesson” and can be viewed here.  In the ad,  Brokaw announces the House Ethics Committee’s decision to penalize then-Speaker Newt Gingrich.  The ad contains no other voiceover or images.  It ends simply with a Romney disclaimer (“Paid For By ….) and the statement that Romney approves the ad.  NBC has sent the Romney campaign a cease and desist letter, alleging that the ad constitutes copyright infringement.  Tom Brokaw has expressed that he is “extremely uncomfortable” with the use of his personal image.   Romney’s campaign asserts that its use of the news clip  “falls within fair use” and, therefore, does not violate copyright laws.

Second, Romney’s primary opponent in the race for the Republican nomination, Newt Gingrich, has copyright troubles of his own.  On Monday, Gingrich was sued in Illinois by a former member of the band Survivor (under the name “Rude Music”) for his use of the song “Eye of the Tiger” at campaign events.  The complaint asserts that Gingrich is “sophisticated and knowledgeable” of federal copyright law, citing Gingrich’s tenure in the U.S. House of Representatives during which the Copyright Act underwent several revisions.  As evidence of Gingrich’s further familiarity with copyright laws, Rude Music cites Gingrich’s recent criticism of the Stop Online Piracy Act at the Republican primary debate in South Carolina.  During that debate, Gingrich is quoted in the complaint as saying: “We have a patent office, we have copyright law. If a company finds that it has genuinely been infringed upon, it has the right to sue.”  In the complaint, Rude Music seeks an injunction and unspecified monetary damages based on Gingrich’s unauthorized public performances of the song.

Romney’s and Gingrich’s recent copyright troubles involve the defense of fair use.  So, what is that?  This defense to a charge of copyright infringement is provided in Section 107 of the Copyright Act.  Section 107  contains a list of the various purposes for which the reproduction of a work may be considered fair, such as criticism, comment, news reporting, teaching, scholarship, and research.   This provision sets out four factors to be considered in determining whether or not a particular use is fair:

  1. The purpose and character of the use, including whether such use is of commercial nature or is for nonprofit educational purposes
  2. The nature of the copyrighted work
  3. The amount and substantiality of the portion used in relation to the copyrighted work as a whole
  4. The effect of the use upon the potential market for, or value of, the copyrighted work

In Romney’s situation, NBC’s position seems to be focused largely on the first factor — its assessment that use of the news clip is commercial in nature.  The clip is used in a political ad that seeks, among other things, donations to fund Romney’s campaign against Gingrich.  But Romney’s campaign has stressed that it used only 30 seconds of a much longer broadcast and that it is using the clip for the content of the facts conveyed (regarding Gingrich’s past ethics violations), not for the particular style of the delivery of those facts.  And Romney seems to be using the clip to comment on Gingrich’s representations during the campaign regarding these past ethics violations.  The risk for the Romney campaign, however, may be the problem with reliance on the fair use in general, identified by the U.S. Copyright Office itself:  “The distinction between fair use and infringement may be unclear and not easily defined.”  But maybe that’s the point.  The Romney ad is certainly getting lots of attention due to NBC’s assertion of a copyright infringement claim.

In Gingrich’s case,  there are arguments for and against application of the fair use factors for both sides.  Again, because the songs are played at campaign events, there is an arguable commercial component to the use.  But there are also arguments about the use being political speech and commentary (given the theme of Gingrich’s underdog status).  The case involves claims that arise frequently in the content of political campaigns (e.g., Jackson Browne sued John McCain in 2008 based on the candidate’s use of the song “Running on Empty” in an ad mocking then candidate Barack Obama’s energy policies).  Though common, most cases settle early so that we do not have a wealth of case law resolving this issue.

NBC and Rude Music have both expressed false endorsement and right of publicity concerns.  By using the NBC news clip, does the public believe that NBC and/or Brokaw endorse Romney?  Or does the band Survivor endorse Gingrich because Gingrich uses “Eye of the Tige” at his campaign events?  Clearly, this perception is a concern to Brokaw, who has stated that he does not “want [his] role as a journalist compromised for political gain by any campaign[.]“  In a world where journalists are perceived as favoring one political party or the other (e.g., Fox News or MSNBC) and musicians take sides in political fights (e.g., Springsteen endorsing Obama or Wayne Newton endorsing Bachmann), such a claim may have legs.

©1994-2012 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

Lessons from the Facebook Privacy Fiasco

An article recently in The National Law Review by Dean W. Harvey of Andrews Kurth LLP regarding Facebook Privacy:

Facebook is a wildly popular social media site which allows users to share information about themselves, send messages to friends, play games and join common interest groups. It is the most visited site in the U.S., with over 100 million active U.S. users and hundreds of millions of active users worldwide.1

During the week of April 18, 2010, Facebook made material changes to the way that its users’ personal information was classified and disclosed. The changes resulted in complicated privacy settings that confused users, and in some cases, personal data which users had previously designated as private was allegedly made public. As a result, a group of petitioners, including the Electronic Privacy Information Center (“EPIC”), filed a complaint with the FTC requesting that the Commission investigate Facebook to determine whether it engaged in unfair or deceptive trade practices (“Complaint”).

Allegations

The Complaint claimed that Facebook violated its own privacy policy, disclosed personal information of Facebook users without consent, and engaged in unfair and deceptive trade practices. Specifically, the Complaint alleged that among other things:

  • Facebook made publicly available personal information which users had previous designated as private.2
  • Facebook disclosed to third parties information that users designated as available to Friends Only (including to third-party websites, applications, other Facebook users and outsiders who happen on to Facebook pages).3
  • Facebook claimed that none of user’s information was shared with sites visited via a plug-in (such as the Like button, Recommend button, etc.). However, such plug-ins may reveal users’ personal data to such websites without consent.4
  • Facebook designed privacy settings “to confuse users and to frustrate attempts to limit the public disclosure of personal information . . .”5
  • Although the Facebook terms which many users accepted indicated that developers would be limited to a 24-hour retention period for any user data, Facebook announced that the limit no longer exists.6

Angry End Users

Regardless of whether each of the above allegations is true, it is clear that Facebook’s changes to its privacy practices inflamed some of its users. In support of its allegations, the EPIC Complaint included quotes from experts and users about Facebook’s privacy practices such as:

“I shouldn’t have to dive into complicated settings that give the fiction of privacy control but don’t, since they are so hard to understand that they’re ignored. I shouldn’t need a flowchart to understand what friends of friends of friends can share with others. Things should be naturally clear and easy for me.”7

“Facebook constantly is changing the privacy rules and I’m forced to hack through the jungle of their well-hidden privacy controls to prune out new types of permissions Facebook recently added. I have no idea how much of my personal information was released before I learned of a new angle the company has developed to give my information to others.”8

“‘Instant Personalization’ is turned on automatically by default. That means instead of giving you the option to “opt-in” and give your permission for this to happen, Facebook is making you “opt-out,” essentially using your information how they see fit unless you make the extra effort to turn that feature off.”9

“Facebook has become Big Brother. Facebook has succeeded in giving its users the allusion [sic] of privacy on a public site, leaving everyone to become complacent about keeping track of the myriad changes going on behind the scenes. The constant changes assure Facebook that you can never keep all your information private.”10

The Proposed Settlement

The FTC investigated the Complaint and ultimately agreed to a proposed settlement agreement containing a consent order.11 Without admitting liability, Facebook has agreed to a settlement that among other things requires the following:

  • Facebook must establish, implement and maintain a comprehensive privacy program designed to: (1) address privacy risks related to the development and management of new and existing product and services for consumers; and (2) protect the privacy and security of covered information.12
  • Facebook must obtain an independent third-party audit every other year for the next 20 years certifying that the Facebook privacy program meets or exceeds the requirements of the FTC order;13
  • Facebook is required to obtain express consent from a user before enacting changes that override the user’s privacy preferences;14
  • Facebook is required to prevent third parties from accessing user data after the user has deleted (with exceptions for legal compliance and fraud prevention).15

Lessons from the Complaint and Order

Facebook received significant negative publicity, incurred legal costs and business disruption associated with a government investigation, and will incur compliance costs for the next 20 years as a result of the proposed settlement. Businesses that deal with consumer information would be well advised to learn from Facebook’s experience. There are several lessons that businesses can draw from the Facebook privacy fiasco in dealing with data privacy issues.

A. Don’t Make Your Customers Angry

Facebook’s intentions in making the changes to its privacy settings may have been entirely good. For example, Facebook may have honestly been trying to improve its user experience. However, the changes significantly angered some of its customers. The lesson to be learned here is that intentions don’t matter if you anger your customers with your changes. The ultimate user experience may be better, the site may objectively offer more functionality, but none of that matters if users are offended by the process.

Businesses need to achieve innovations and improvements in the use of consumer data with user consent, and without breaking prior promises. Keeping your customers satisfied isn’t just good business, it also greatly reduces the likelihood that they will be filing deceptive trade practice complaints with the FTC.

B. Keep the Privacy Settings Simple

Much of the Complaint is dedicated to showing how complicated the Facebook settings are, and many of the quoted user statements underscore that issue as well. Such complexity often leads to errors (such as permitting applications to access personal information of a user through the user’s friends). Even when the settings work perfectly, the average person may find such complexity frustrating, leading to angry end users.

It is important to keep privacy policies simple and establish privacy settings so that they can be easily understood by an average user. Informed consent is really only obtained when the user understands the policy or setting to which he or she is consenting.

C. Consider How Applications Access User Data

When drafting a privacy policy, it is easy to focus on the organization’s use of data for internal purposes and with its vendors and subcontractors. However, special care must be taken with use of consumers’ data by software applications. For example, it is alleged that Facebook indicated applications only had access to the user information necessary for their operation, when the applications in fact had access to all user information.

In order to accurately describe how applications use consumer data in your privacy policy, you have to investigate the operation of the applications on your site, document that operation, and establish IT policies and procedures governing the use of data by new or modified applications. If you do not take these steps, it is likely that any promise regarding the use of data by applications will become misleading over time as the applications change and are updated.

D. Monitor Linking and Other Advertising Arrangements

Linking and advertising arrangements are the lifeblood of many sites. In order to make accurate statements about the types of data shared in such arrangements, it is necessary to review the contracts to understand what types of user data will be shared through business processes. However, this is not sufficient to ensure that the full use of data is understood. Just as with applications, it is necessary to investigate what data is collected or shared in the process of passing the user to the third party. Similar to applications, it is important to document what user data is permitted to be shared with advertisers and other third parties, and to establish IT policies and procedures to enforce such permitted uses.

E. Don’t Make User Data Public Without Consent.

One of the problems many businesses face with privacy policies is that as their business changes, the types of user data that they want to access or use may change as well. However, it is important to remember that no matter what the motive, if you have promised to keep certain elements of user data private in your privacy policy, you should not make it public by default without first obtaining affirmative user consent.

Privacy compliance is difficult in a changing online environment, even for businesses that don’t have hundreds of millions of users. The Complaint and Order in the Facebook matter highlight some of the many ways that a business can go wrong in protecting private consumer information. In order to successfully protect such information, a business which deals extensively with consumer data should establish, maintain, update and enforce a comprehensive privacy and security program, which takes into account material risks as well as lessons learned from the experience of other companies, such as Facebook.

1. In the Matter of Facebook, Inc., Complaint paragraph 31 (May 5, 2010); available at http://epic.org/privacy/facebook/EPIC_FTC_FB_Complaint.pdf.

2. Id. at paragraph 55.

3. Id. at paragraph 59.

4. Id. at paragraph 65.

5. Id. at paragraph 64.

6. Id. at paragraphs 92-94.

7. Id. at paragraph 95.

8. Id. at paragraph 97.

9. Id. at paragraph 98.

10. Id. at paragraph 106.

11. In the Matter of Facebook, Inc. File No. 092 3184, Agreement Containing Consent Order (“Order”); available athttp://www.ftc.gov/os/caselist/0923184/111129facebookagree.pdf.

12. Id. at paragraph IV.

13. Id. at paragraph V.

14. Id. at paragraph II.

15. Id. at paragraph III.

© 2012 Andrews Kurth LLP

Inside Counsel presents the 12th Annual Super Conference in Chicago

National Law Review is pleased to bring you information about the upcoming 12th Annual Super Conference sponsored by Inside Counsel .

Reasons why you should Attend This Year’s Event:

  1. Meet with Decision Makers: You’ll meet face-to-face with senior-level in-house counsel
  2. Networking Opportunities: SuperConference offers several networking opportunities, including a cocktail reception, refreshment breaks, and a networking lunch.
  3. Gain Industry Knowledge: You will hear the latest issues facing the industry today with your complimentary full-conference passes.

Who Should Attend – General Counsel and Other Senior Legal Executives from Top Companies Attend SuperConference:

  • Chief Legal Officers
  • General Counsel
  • Corporate Counsel
  • Associate General Counsel
  • CEOs
  • Senior Counsel
  • Corporate Compliance Officers

The 12th Annual IC SuperConference will be held at the NEW Radisson Blu Chicago.
Radisson Blu Aqua Hotel

221 N. Columbus Drive

Chicago, IL 60601

Don’t forget – The early discount deadline using the NLR discount code is February 24th!

8th Annual Asian ITechLaw Conference

The National Law Review is pleased to bring you information on the upcoming 8th Annual Asian ITechLaw Conference:

ITech --8th Annual Asian ITechLaw Conference on February 23 and 24, 2012

  • 8th Consecutive event of the ITechLaw India series
  • A ringside view of Indian IT, Media and Telecom Law
  • Supported by several of the largest law firms and global associations
  • ITechLaw’s CyberSpaceCamp® to be held on February 22, 2012
  • Contemporary topics addressed by leading experts drawn from some of the best global law firms
  • Engaging debates with panelists from industry, regulatory authorities and in-house legal departments
  • Interactive sessions on issues affecting the largest IT bases in the world
  • Welcome Reception and Art Show, promoting emerging Indian artistes, allowing delegates to network with local corporates and invited guests
  • Gala Dinner and Networking Luncheons – ample networking opportunities to meet fellow professionals
  • I – Win Tea Meeting
  • In – House Counsel Breakfast Meeting
  • Exclusive golf outings on February 22 and 25, 2012
  • Make the trip a memorable experience by taking an excursion to exotic destinations across southern India, such as Mysore, Kerala and Tamil Nadu