Category: Technology

Privacy Tip #335 – Health Care Sector Continues to Be Hit with Ransomware

According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care sector shared that 66 percent of them had experienced a ransomware attack in 2021, which was an increase of 69 percent over 2020. This was the largest increase of all sectors surveyed.

If you look at the Office for Civil Rights data breach portal, you will see that a vast majority of breaches reported by health care providers and business associates are related to “Hacking/IT incident.” This confirms that the health care sector continues to be attacked by threat actors seeking to steal protected health information of patients.

If you are a patient who receives a breach notification letter from a health care provider or business associate, the letter will provide guidance on how to protect yourself following a data breach and may offer some protection guidance, including credit monitoring or fraud resolution. Such a letter has been sent to patients to comply with the breach notification requirements of HIPAA and state law. Part of those requirements includes that the patients be provided mitigation steps following the breach to protect themselves from fraud. Avail yourself of these protections in the event your information is compromised. Take the time to sign up for the mitigation offered. It is clear that these attacks will not subside any time soon.

Article By Linn F. Freedman of Robinson & Cole LLP

For more cybersecurity and media legal news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

Six Tips for Selecting the Right CRM System

Before deciding on a new CRM, follow these steps to select the right CRM system that meets your requirements, enhances adoption, offers value to your users – and can provide a return on your investment.

Research estimates that up to 70% of CRM systems fail to meet expectations – and a failed CRM implementation can be extremely costly, not just in terms of the financial expense, but also because of the costs in lost time – and credibility. Even more impactful: you don’t often get a second chance at CRM success. This means that it’s critical to select the right CRM system the first time.

The good news is CRM success is more than possible. If you simply follow a few critical steps before and during the CRM selection process, you can ensure that the system you select will help you achieve your organization’s goals, enhance adoption and provide value to your users – and deliver a return on your technology investment.

Tip 1: Problems First, Then Products

When attempting to successfully select and implement CRM software, it’s essential to focus on people and processes first, products second. Too many people immediately rush out to find potential vendors, so they can set up demonstrations of the most popular CRM software.

While it’s easy to get caught up in the shiny bells and whistles of a good CRM demo, it’s important to resist the temptation to dive into features and functions too soon without first taking the time to gain a real understanding of your organizational and user needs.

Tip 2: Assess Your Needs

Organizations buy CRM software for a number of reasons – but each organization is unique. To provide real value and ROI, before making the purchase, you have to understand what you are trying to accomplish.

Start by putting together a list of the key reasons you think you need a CRM.

  • Are you trying to communicate more effectively with clients and prospects?
  • Manage and evaluate the ROI of events or sponsorships?
  • Track and enhance business development efforts?
  • Help the organization be more efficient?
  • Increase business and revenue?

After assessing your organization’s needs, you may discover that you have more goals than you first thought.

If this is the case, it will be important to prioritize the goals. Don’t try to boil the ocean. If you try to tackle too many things at once, especially during the initial rollout, you will be less likely to succeed. Instead, assign your goals to a timeline based on importance and value to users. For the initial implementation, set a few relevant goals, achieve those initial successes, communicate the successes – and repeat.

Making your users part of the process up front will also make them more likely to adopt the software later.

Once you understand your organization’s unique needs and requirements, it’s time to talk to your users. One of the biggest frustrations we hear from clients is a lack of CRM adoption. This isn’t surprising since, in many of these organizations, system users were not involved during the selection process. To get people to buy in and use software, it has to provide value not only to the organization, but to the users individually. The challenge is that different people define value differently, which means different groups or types of users will have their own unique needs and requirements. That’s why it’s so important to get them involved early. Making your users part of the process up front will also make them more likely to adopt the software later.

To gather user input, consider creating focus groups to provide feedback on product features and functions. You may even want to meet with some of the naysayers individually to start encouraging their participation and head off future roadblocks. Finally, be sure to involve key stakeholders in system demonstrations to help evaluate the software and solicit their feedback before proceeding with system selection. In fact, it’s beneficial to have users involved throughout the rollout to offer ideas on how to improve the CRM implementation for everyone.

Tip 3: Evaluate the Systems and Providers

After gathering all the relevant information, it’s important to fully document your requirements and make sure you are well-prepared before reaching out to providers. The best way to do this is with what I call a ‘demo roadmap.’ This is a comprehensive two- to three-page document that sets out all of the details for the demonstrations along with all the needs and requirements gathered during the needs assessment and the features and functionality that you want to see.

Your ‘roadmap’ will guide the CRM providers so that they show you the key system attributes that are critical to the success of your organization and users and also helps to prevent the demonstrations from becoming a ‘dog and pony show.’ Your roadmap should be shared with the CRM providers well in advance of the demonstrations to give them time to adequately prepare.

Some larger organizations may also find it beneficial to take an additional step and create a much more detailed, formal RFP document. This request for proposals would be sent to potential CRM providers to solicit answers to a number of questions before scheduling any demos. The formal responses allow you to evaluate and compare the vendors and their system features and pricing in advance of the demonstrations. Many organizations use the RFP to limit the demonstrations to only the potential providers who are able to meet the organization’s budget and other requirements.

Once you have identified a few CRM systems that meet your requirements, you can begin the vetting process to select the right CRM system for your organization.

Tip 4: Direct the Demonstrations

It’s essential that the CRM demonstrations allow you to make an informed decision and adequately and accurately compare systems, features and pricing. It’s also important at this phase to again involve your users. CRM systems have a reputation for being notoriously difficult to implement, and the last thing you want is to be responsible for unilaterally selecting a system that then doesn’t meet user expectations. This can also help to make them more invested in system success.

It’s also important to structure the participation and demonstrations so you maximize the benefits.

First, it can be helpful to thin the field of participating CRM providers to a manageable number.

Next, select a group of users to participate. It can be good to choose users from different groups such as professionals and administrative, so you get some different perspectives.

Participants selected must have the time and inclination to participate and must be willing to sit through all of the demonstrations so they can accurately compare all the systems.

Finally, you may want to prepare the users by sharing the requirements and/or roadmap with them and asking them to be prepared to ask any questions they may have.

You should also prepare the providers. First, let them know how much time they have. A typical CRM demonstration can take between one and two hours.

Also let them know who will be participating and what their needs and interests are. If you have professional or executive users who have limited time for demonstrations, it can be helpful to direct the providers to spend the first 30 minutes to an hour of the demo on the features that are most relevant to those users.

Then they can step out and the rest of the time can be spent showing you the more detailed back-end functionality. Finally, be sure to leave at least 15 minutes at the end of the demonstrations for questions.

Tip 5: Check References

CLIENTSFirst CRM References Checklist

Before making the final commitment to a CRM system, it’s important to make sure you go through a thorough vetting process. It’s important to make sure you get all the information you need before finalizing your purchase.

First, ask the CRM vendor for references you can speak with. But don’t stop there. Talk to other companies or organizations in your industry who have used the software. Be sure to ask open-ended questions that will help you learn not only about the software, but also about other important areas. A few good questions to ask include:

  • Would you recommend the software?
  • Has the system performed as expected?
  • What were the biggest challenges with the implementation?
  • Were there any unexpected costs or delays?
  • What do you wish you had done differently during the selection and implementation?
  • How was the service after the sale?

For a comprehensive list of good questions to ask before finalizing the sale, check out our CLIENTSFirst CRM Reference Checking Questions Document.

Tip 6: Final Selection Steps

Once you have selected the right CRM system for your organization, there are still a few additional important details that require attention. You will want to have a formal scoping call with the provider to be able to accurately gauge the actual cost. The final price can vary depending on a number of variables including:

  • The number and types of licenses
  • Additional modules or software needed
  • Professional services to implement
  • Ongoing annual subscription or maintenance costs
  • Any proposed integrations
  • The types of training and materials
  • Data conversion and/or quality

If the price is an issue with your system of choice, there are also options. First, there may be room for negotiation. Alternatively, you can do a phased rollout to spread the costs over time. Some organizations prefer to start the rollout with Marketing and power users and then roll out to a small pilot group. Then additional groups can be added in later phases over time.

Finally, remember that in any sale, you are not finished until the paperwork is done. After the price is agreed upon, you will need to review the contract or agreement. While these documents may look official and final, in fact they are often open to negotiation, so it can be beneficial to modify some of the contract terms.

For instance, if the software is new to the market, you may be able to get a discount or arrange a beta test at a reduced rate.

Additionally, instead of paying the entire invoice up front, you can often negotiate payment terms that are stepped over time based on the satisfactory completion of key deployment steps. This can enhance your chances of CRM success by aligning your CRM vendor’s success with yours.

One Last Tip: Don’t Do It Alone

Selecting the right CRM system can be a daunting process. Most firms have never been through the process before – and few want to repeat it.

Article By Christina R. Fritsch JD of CLIENTSFirst Consulting

For more business of law legal news, click here to visit the National Law Review.

© Copyright 2022 CLIENTSFirst Consulting

THE OLD 9999 SCAM?: Plaintiff Alleges Defendant Made 5000 Illegal Phone Calls to his Number–But is it a Set Up?

So ostensiby the case of Mongeon v. KPH Healthcare, 2022 WL 1978674 Case No. 2:21-cv-00195 (D. Vt. 06/06/2022) is simply a case about the definition of “consumer” under the Vermont Consumer Protection Act (“VCPA”), 9 V.S.A. § 2453.

The plaintiff alleges his receipt of 4000 calls from the Defendant after the Defendant promised to stop calling was an act of “fraud” and “deceit” under the VCPA. But since the Plaintiff has not alleged facts establishing he is a “consumer” within the meaning of the Act the Court dismissed the case, without prejudice.

Pretty blasé.

But let’s back up. Why would Defendant–seemingly a local pharmacy–blast the Plaintiff’s number so many times?

Well the Plaintiff’s full number is not set forth in the decision–but the last four digits are “9999.”

Many years ago before I became a TCPA class action defense lawyer I–like many out there–had a very low impression of the TCPA. I remember a guy in law school who made tuition bring junk fax cases. And I had a colleague who was locked in mortal battle with some clown who was bringing a series of small claims TCPA suits in Southern California arising out of calls to a “designer phone number”: 999-999-9999.

Hmmmmm.

Much like the old case of Stoops in which the Plaintiff had over 80 cell phones–or the recent case of Barton in which the Plaintiff had a cell phone purchased specifically to set up TCPA suits–a 9999 scammer will pick up a “designer number” like 999-999-9999 and wear it is for a legitimate purpose. “I run a real estate agency, etc.” Looking deeper there is rarely any utility behind the number–although other designer numbers like (800) 444-4444 are very helpful–and the numbers are often just used to net TCPA lawsuits.

The reason it works is rather obvious.

When I walk into my local Sports Clips for my monthly trim there is no way I’m going to give them my private cell phone number. So I give them 999-999-9999. (Of course, I also give them my email of no@no.com.) It works perfectly well for check in, and I never receive any texts or calls from them reminding me to come back to style my luscious used-to-be-black locks.

Apart from folks providing the number 999-999-9999 to a business, many companies will knowingly have their agents enter the number as a default when the customer does not otherwise provide their number. This was the case in the old “small claims bandit” run of suits I mentioned earlier–apparently a local hospital group was engaging in this practice, which lead to an endless number of TCPA suits being filed against them by an enterprising Plaintiff.

Well Mongeon appears to be the same issue. Per the ruling: , Defendant’s representatives advised Plaintiff “that his phone number was attached to multiple other customers who had prescriptions at the pharmacy” because Plaintiff’s phone number, XXX-XXX-9999, is “the ‘default’ number for all new or current customers in [Defendant’s] system without a phone number.” 

Pro tip: the 9999 play is arguably the oldest manufactured lawsuit trick in TCPAWorld. Don’t fall for it. Never use 999-999-9999 (or any other series of numbers) as a “default” setting for customer phone numbers. And if you do, you definitely want to suppress dialing to those numbers.

Stay safe out there TCPAWorld.

Article By Eric J. Troutman of Troutman Firm

For more communications, media, and internet news, click here to visit the National Law Review.

© 2022 Troutman Firm

Hackers Go Phishing in Beeple’s Deep Pool of Twitter Followers

“Stay safe out there, anything too good to be true is a … scam.” Beeple, a popular digital artist, tweeted to his followers, addressing the phishing scam that took place on May 23, 2022, targeting his Twitter account. The attack reportedly resulted in a loss of more than US$400,000 in cryptocurrency and NFTs, stolen from the artist’s followers on the social media website.

After hacking into Beeple’s Twitter account, perpetrators tweeted links from the artist’s page, promoting a fake raffle for unique art pieces. The links would reportedly take the user to a website that would drain the user’s cryptocurrency wallet of their digital assets.

Phishing scams for digital assets, including NFTs or non-fungible tokens, have steadily increased, with funds as large as $6 million being stolen. Various jurisdictions have adopted privacy and security laws that require companies to adopt reasonable security measures and follow required cyber incident response protocols. A significant part of these measures and protocols is training for employees in how to detect phishing scams and other hacking attempts by bad actors. This incident is a reminder to consumers to exercise vigilance, watch for red flags and not click on links without verifying the source.

The remaining summaries of news headlines are separated by region for your browsing convenience. 

UNITED STATES

Relaxed Deaccessioning COVID-19 Exemptions Expire

The global COVID-19 pandemic brought many changes, including dire financial consequences of the shutdowns for museums. In April 2020, the Association of Art Museum Directors (AAMD) made a decision to ease the rules that dictate how museums may use proceeds from art sales. Until April 2022, museums were permitted to use the funds for “direct care of collections” rather than to procure new artworks for their collections.

This relaxed policy and some of the museums that followed it met with backlash on more than one occasion; others, however, advocate for its continuation, citing considerations of diversity and inclusion. Some further argue that a policy born out of financial desperation should be continued to provide museums with the means to overcome any future financial issues that may arise.

Given that “direct care” is vague and open to interpretation, opponents of the relaxed rules counter giving museums such latitude to decide on the use of the proceeds, as it can lead to abuses and bad decisions. While AAMD has returned to its pre-pandemic regulations, and museums have followed suit, it appears that the public debate around deaccessioning is far from over.

Inigo Philbrick Sentenced to a Prison Term

Former contemporary art dealer Inigo Philbrick was sentenced by a federal court in New York to serve seven years in prison for a “Ponzi-like” art fraud, said to be one of the most significant in the history of the art market, with more than an estimated US$86 million in damages. Philbrick stood accused of a number of bad acts, including forging signatures, selling shares in artworks he did not own and inventing fictitious clients.

New York Abolishes Auction House Regulations

As the U.S. government is studying whether the art market requires further regulations to increase transparency and to combat money laundering, New York City repealed its local law that required auctioneers to be licensed and required disclosures to bidders, including whether an auction house had a financial stake in the item being auctioned. While the abolition of the regulation was ostensibly to improve the business climate after the pandemic, some commentators note that the regulations were outdated and not serving their purpose in any event. As an illustration, a newcomer to an auction will likely struggle to understand the garbled pre-action announcements or their significance. Whether the old regulations are to be replaced with new, clearer rules remains to be seen.

EUROPE

Greece and UK to Discuss Rehoming of Displaced Parthenon Marbles

The Parthenon marbles, also known as the Elgin marbles, have been on display in London’s British Museum for more than 200 years. These objects comprise 15 metopes, 17 pedimental figures and an approximately 250-foot section of a frieze depicting the birthday festivities of the Greek goddess Athena. What museum goers might not know is that these ancient sculptures were taken from the Acropolis in Greece in 1801 by Lord Elgin.

Previously, the British government, seeking to retain the sculptures, relied on the argument that the objects were legally acquired during the Ottoman Empire rule of Greece. However, for the first time, the UK has initiated formal talks with Greece to discuss repatriation of the Parthenon sculptures. These discussions are expected to influence future intergovernmental repatriation negotiations.

ASIA

Singapore High Court Asserts Jurisdiction over NFTs after Ruling Them a Digital Asset

The highest court in Singapore has granted an injunction to a non-fungible token (NFT) investor, Janesh Rajkumar, who sought to stop the sale of an NFT that once belonged to him and was used as collateral for a loan. The subject NFT from the Bored Ape Yacht Club Series is a rarity, as it depicts the only avatar that wears a beanie. Rajkumar now is seeking to repay the loan and have the NFT restored to his cryptocurrency wallet. The loan agreement specified that Rajkumar would not relinquish ownership of the NFT, and should he be unable to repay the loan in a timely manner, an extension would be granted. Instead of granting Rajkumar an extension, the lender, who goes by an alias “chefpierre,” moved to sell the NFT. The significance of the Singapore court’s decision is two-fold: the court has (1) recognized jurisdiction over assets cited in the decentralized blockchain, and (2) allowed for the freezing order to be issued via social media platforms.

THE MIDDLE EAST

Illegal Trading Leads to Raiding of Antique Dealer by the Israeli Authorities

A recent raid on an unauthorized antiquities dealer in the city of Modi’in by the Israel Antiquities Authority recovered hundreds of artifacts of significant historical value, including jewelry, a bronze statue and approximately 1,800 coins. One the coins is a nearly 2,000-year-old silver shekel of great historical significance. The coin is engraved with the name Shimon, leader of the 132–136 C.E. Bar Kokhba revolt.

Investigations are ongoing to determine where the antiquities were obtained. The Antiquities Robbery Prevention Unit intends to charge the dealer and their suppliers upon obtaining this information.

Article By Jana S. Farmer and Meenka Maharaj of Wilson Elser Moskowitz Edelman & Dicker LLP

For more entertainment, art, and sports news, click here to visit the National Law Review.

© 2022 Wilson Elser

Protection for Voice Actors is Artificial in Today’s Artificial Intelligence World

As we all know, social media has taken the world by storm. Unsurprisingly, it’s had an impact on trademark and copyright law, as the related right of publicity. A recent case involving an actor’s voice being used on the popular app TikTok is emblematic of the time. The actor, Bev Standing, sued TikTok for using her voice, simulated via artificial intelligence (AI) without her permission, to serve as “the female computer-generated voice of TikTok.” The case, which was settled last year, illustrates how the law is being adapted to protect artists’ rights in the face of exploitation through AI, as well as the limits of current law in protecting AI-created works.

Standing explained that she thinks of her voice “as a business,” and she is looking to protect her “product.” Apps like TikTok are taking these “products” and feeding them into an algorithm without the original speaker’s permission, thus impairing creative professionals’ ability to profit in an age of widespread use of the Internet and social media platforms.

Someone’s voice (and aspects of their persona such as their photo, image, or other likeness) can be protected by what’s called the “right of publicity.” That right prevents others from appropriation of one’s persona – but only when appropriation is for commercial purposes. In the TikTok case, there was commercial use, as TikTok was benefiting from use of Standing’s voice to “narrate” its users’ videos (with some user videos apparently involving “foul and offensive language”). In her Complaint, Standing alleged TikTok had violated her right of publicity in using her voice to create the AI voice used by TikTok, and relied upon two other claims:  false designation of origin under the Lanham Act and copyright infringement, as well as related state law claims. The false designation of origin claim turned on whether Standing’s voice was so recognizable that another party’s misappropriation of it could confuse consumers as to whether Standing authorized the Tik Tok use. The copyright infringement claim was possible because Standing created the original voice files for a company that hired her to record Chinese language translations. TikTok subsequently acquired the files but failed to get a license from Standing to use them, as TikTok was legally obligated to do because Standing was the original creator (and therefore copyright owner) of the voice files.

As with other historical technological innovations (one of the earliest being the printing press), the law often plays catch-up, but has proven surprisingly adaptable to new technology. Here, Standing was able to plead three legal theories (six if you count the state statutory and common law unfair competition claims), so it seems artists are well-protected by existing law, at least if they are alleging AI was used to copy their work or persona.

On the other hand, the case for protecting creative expression produced in whole or in part by AI is much more difficult. Some believe AI deserves its own form of copyright, since innovative technology has increasingly made its own music and sounds. Currently, protection for these sounds is limited, since only humans can be identified as authors for the purposes of copyright. Ryan Abott, a professor of law and health science at the University of Surrey in Britain, is attempting to bring a legal case against the U.S. Copyright Office to register a digital artwork made by a computer with AI as its author. The fear, says Abott, is that without rights over these sounds, innovation will be stifled — individuals will not have incentive to create AI works if they cannot protect them from unauthorized exploitation.

Article By Jeanne Hamburg of Norris McLaughlin P.A.

For more communications, media, and internet news,  click here to visit the National Law Review.

©2022 Norris McLaughlin P.A., All Rights Reserved

Thailand’s Personal Data Protection Act Enters into Force

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA, originally enacted in May 2019, provides for a one-year grace period, with the main operative provisions of the law originally set to come into force in 2020. Due to the COVID-19 pandemic, however, the Thai government issued royal decrees to extend the compliance deadline to June 1, 2022. 

The PDPA mirrors the EU General Data Protection Regulation (“GDPR”) in many respects. Specifically, it requires data controllers and processors to have a valid legal basis for processing personal data (i.e., data that can identify living natural persons directly or indirectly). If such personal data is sensitive personal data (such as health data, biometric data, race, religion, sexual preference and criminal record), data controllers and processors must ensure that data subjects give explicit consent for any collection, use or disclosure of such data. Exemptions are granted for public interest, contractual obligations, vital interest or compliance with the law.

The PDPA applies both to entities in Thailand and abroad that process personal data for the provision of products or services in Thailand. Like the GDPR, data subjects are guaranteed rights, including the right to be informed, access, rectify and update data; restrict and object to processing; and the right to data erasure and portability. Breaches may result in fines between THB500,000 (U.S.$14,432) and THB5 million, plus punitive compensation. Certain breaches involving sensitive personal data and unlawful disclosure also carry criminal penalties including imprisonment of up to one year.

Article By Hunton Andrews Kurth’s Privacy and Cybersecurity of Hunton Andrews Kurth

For more communications, media & internet news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

How to Create an Impactful and Authentic Pride Month Social Media Campaign for Your Company

June is Pride Month, which offers companies of all kinds a unique opportunity to celebrate, show support and raise awareness for LGBTQIA+ rights on their social media channels.

Businesses of all kinds and sizes can get involved, raise awareness and give back for Pride Month regardless of their budget or reach.

While Pride is most definitely a celebration, an impactful Pride campaign should include education, awareness, and center around people.

Celebrating Pride and showing your support for the LGBTQIA+ community is not a trend— and it shouldn’t be treated as such.

Here’s how to create and implement an impactful and genuine Pride Month social media campaign at your company.

The Do’s and Don’ts of Pride Month social media planning

Before you dive head-first into planning your corporate Pride initiatives, it’s important to get a wide range of employees involved in the planning process.

If your company has an LGBTQIA+ affinity group or diversity committee, collaborate with them or if you don’t have a group, consider convening a committee of employee volunteers of diverse backgrounds to serve as a sounding board and provide their input as your plans begin to take shape.

Please note: these volunteers should be compensated for their time and efforts in some meaningful way (vacation time, bonuses, gift cards, etc.). While it may be too late to do this for this year’s campaign, activate or assemble the group now for your 2023 initiative.

Don’t: Exploit social initiatives and conversations as a means to reach business goals.

Celebrating Pride and showing your support for the LGBTQIA+ community is not a trend— and it shouldn’t be treated as such.

If you’re simply posting rainbow-branded imagery (rainbow washing) during the month or posting about your commitment to the cause without having any real initiatives or actions to back it up, you’re just paying lip service to and perhaps exploiting yet another social initiative. Make sure your company can really walk the walk before you talk the talk. Performative allyship can backfire, alienating your employees, your clients, recruits, and others.

Remember that everyone (employees, clients, and the general public) is watching what you post online, even if they don’t actually like or comment on it.

Do: Ask yourself why you’re supporting this initiative and have a clear purpose.

Before publishing Pride-related content, ask yourself, are we actually adding value to this conversation? What are we hoping to gain from inserting ourselves into this conversation? What are our motivations? Is our company an actual safe space or inclusive environment that includes active and engaged allies?

Remember, Pride Month should not be about your business goals. You also don’t have to have accomplished all of your LGBTQIA+ related inclusion goals to commemorate Pride, but your efforts should be more than surface level.

Do: Support LGBTQIA+ initiatives year-round.

If you don’t already take steps to support the LGBTQIA+ community year-round, take the opportunity to discuss doing so with management and staff before Pride. June is only one month out of the year, a month where it’s arguably the “most acceptable” to show support for the LGBTQIA+ community. To be a true ally, it’s important to show this level of support year-round. Work to ensure that your company’s policies and practices are inclusive and address the needs of your LGBTQIA+ employees.

In addition to internally focused actions, consider how your true commitment can be reflected externally. There are many organizations to which you can donate and volunteer. Solicit voluntary feedback from your LGBTQIA+ employees and clients to ensure that they feel involved and included in the process.

Do: Educate yourself and those around you on the origins and history of Pride Month.

Pride Month has a rich, political history that companies often fail to understand and recognize as they participate in Pride Month. Pride Month is celebrated in June to honor the 1969 Stonewall Uprising in Manhattan — a tipping point for the Gay Liberation Movement in the United States.

Not only is Pride a time to recognize the progress that’s been made since the Stonewall Riots, but it’s just as important to acknowledge how far we still must go as a society, particularly considering recent efforts to overturn or narrow the progress that has been made. A successful Pride campaign should have education and awareness at its core.

Do: Make education and awareness the core of your campaign.

Ideas for content for your Pride Campaign can include educating your followers on the meaning behind the Pride flag, using posts to tell the history of the Pride flag, and what Pride means to your employees, and run their answers in Q&A posts.

Another idea is to create posts to help followers better understand Pride Month and provide resources to help people better educate themselves on the cause and support those of the LGBTQIA+ community.

In addition, spotlighting members of the LGBTQIA+ community is a helpful way to educate your followers and amplify the contributions of individuals.

No matter what you choose, create a campaign that is rooted in improving awareness and education amongst your community.

Do: Let inclusivity be at the core of your all campaigns.

Inclusivity should be an active mission as part of your Pride campaign, and for your future marketing efforts too. Aim to have better representation on social media for your community — that means including people of all marginalized or otherwise underrepresented voices.

If you really want to reach, represent, and support your diverse community, it’s time to make active shifts towards better inclusive marketing year-round. It’s less about what you need to do for Pride today and instead, how are you supporting LGBTQIA+ folks year-round?

Do: Put your money (and time) where your mouth is.

Instead of treating Pride like a marketing campaign, put your efforts toward an activity that will positively impact the LGBTQIA+ community.

While monetary donations can be helpful, volunteering at community events or spending time with LGBTQIA+ advocacy organizations can be more impactful for your employees.

Consider hosting or taking part in LGBTQIA+ programming and donating to local charities doing work in your community to support LGBTQIA+ initiatives.

Do: Use the right hashtags to be discovered

  • #lgbtqia
  • #lgbtqpride
  • #lgbtqhumanrights
  • #equality
  • #pridemonth
  • #loveislove
  • #pride

Every organization that wants to support Pride on social media can find a way to do so, we challenge you to do it in a way that is authentic, genuine, and impactful to your brand and most importantly, to your employees and your clients. The world is watching you, so challenge yourself by doing the right thing.

This article was authored by Stefanie Marrone of Stefanie Marrone Consulting, and Paula T. Edgar, Esq, the CEO of PGE Consulting Group LLC, a firm that provides training and education solutions at the intersection of professional development and diversity, equity and inclusion. 

For more legal marketing and law office management news, click here to visit the National Law Review.

Copyright © 2022, Stefanie M. Marrone. All Rights Reserved.

Small Businesses Don’t Recognize Risk of Cyberattack Despite Repeated Warnings

CNBC surveys over 2,000 small businesses each quarter to get their thoughts on the overall business environment and their small business’ health. According to the latest CNBC/SurveyMonkey Small Business Survey, despite repeated warnings by the Cybersecurity and Infrastructure Security Agency and the FBI that U.S.- based businesses are at an increased risk of a cyber-attack following Russia’s invasion of Ukraine, small business owners do not believe that it is an actual risk that will affect them, and they are not prepared for an attack. The latest survey shows that only five percent of small business owners reported cybersecurity to be the biggest risk to their company.

What is unfortunate, but not surprising, is the fact that this is the same percentage of small business owners who recognized a cyber attack as the biggest risk a year ago. There has been no change in the perception among business owners, even though there are repeated, dire warnings from the government. Also unfortunate is the statistic that only 33 percent of business owners with one to four employees are concerned about a cyber attack this year. In contrast, 61 percent of business owners with more than 50 employees have the same concern.

According to CNBC, “this general lack of concern among small business owners diverges from the sentiment among the general public….In SurveyMonkey’s polling, 55% of people in the U.S. say they would be less likely to continue to do business with brands who are victims of a cyber attack.” CNBC’s conclusion is that there is a disconnect between business owners’ appreciation of how much customers care about data security and that “[s]mall businesses that fail to take the cyber threat seriously risk losing customers, or much more, if a real threat emerges.” Statistics show that threat actors are targeting small to medium-sized businesses to stay under the law enforcement radar. With such a large target on their backs, business owners may wish to make cybersecurity a priority. It’s important to keep customers.

Article By Linn F. Freedman of Robinson & Cole LLP

For more cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

DOJ Limits Application of Computer Fraud and Abuse Act, Providing Clarity for Ethical Hackers and Employees Paying Bills at Work Alike

On May 19, 2022, the Department of Justice announced it would not charge good-faith hackers who expose weaknesses in computer systems with violating the Computer Fraud and Abuse Act (CFAA or Act), 18 U.S.C. § 1030. Congress enacted the CFAA in 1986 to promote computer privacy and cybersecurity and amended the Act several times, most recently in 2008. However, the evolving cybersecurity landscape has left courts and commentators troubled by potential applications of the CFAA to circumstances unrelated to the CFAA’s original purpose, including prosecution of so-called “white hat” hackers. The new charging policy, which became effective immediately, seeks to advance the CFAA’s original purpose by clarifying when and how federal prosecutors are authorized to bring charges under the Act.

DOJ to Decline Prosecution of Good-Faith Security Research

The new policy exempts activity of white-hat hackers and states that “the government should decline prosecution if available evidence shows the defendant’s conduct consisted of, and the defendant intended, good-faith security research.” The policy defines “good-faith security research” as “accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”

In practice, this policy appears to provide, for example, protection from federal charges for the type of ethical hacking a St. Louis Post-Dispatch reporter performed in 2021. The reporter uncovered security flaws in a Missouri state website that exposed the Social Security numbers of over 100,000 teachers and other school employees. The Missouri governor’s office initiated an investigation into the reporter’s conduct for unauthorized computer access. While the DOJ’s policy would not affect prosecutions under state law, it would preclude federal prosecution for the conduct if determined to be good-faith security research.

The new policy also promises protection from prosecution for certain arguably common but contractually prohibited online conduct, including “[e]mbellishing an online dating profile contrary to the terms of service of the dating website; creating fictional accounts on hiring, housing, or rental websites; using a pseudonym on a social networking site that prohibits them; checking sports scores at work; paying bills at work; or violating an access restriction contained in a term of service.” Such activities resemble the facts of Van Buren v. United States, No. 19-783, which the Supreme Court decided in June 2021. In Van Buren, the 6-3 majority rejected the government’s broad interpretation of the CFAA’s prohibition on “unauthorized access” and held that a police officer who looked up license plate information on a law-enforcement database for personal use—in violation of his employer’s policy but without circumventing any access controls—did not violate the CFAA. The DOJ did not cite Van Buren as the basis for the new policy. Nor did the DOJ identify any another impetus for the change.

To Achieve More Consistent Application of Policy, All Federal Prosecutors Must Consult with Main Justice Before Bringing CFAA Charges

In addition to exempting good-faith security research from prosecution, the new policy specifies the steps for charging violations of the CFAA. To help distinguish between actual good-faith security research and pretextual claims of such research that mask a hacker’s malintent, federal prosecutors must consult with the Computer Crime and Intellectual Property Section (CCIPS) before bringing any charges. If CCIPS recommends declining charges, prosecutors must inform the Office of the Deputy Attorney General (DAG) and may need to obtain approval from the DAG before initiating charges.

Article By Kyle R. Freeny, Linda Ricci, Jena M. Valdetero, and Brittany M. Fisher of Greenberg Traurig, LLP

For more data privacy and cybersecurity legal news, click here to visit the National Law Review.

©2022 Greenberg Traurig, LLP. All rights reserved.

Trade Mark Infringement – Muslim Dating App Meets its Match [.com]

A recent Intellectual Property Enterprise Court Decision (IPEC) on 20 April 2022 has decided that ‘Muzmatch’, an online matchmaking service to the Muslim Community has infringed Match.com’s registered trade marks.

The decision by Nicholas Caddick Q.C was that Muzmatch’s use of signs and its name amounted to trade mark infringement and/or passing off of Match.com’s trade marks. This case follows successful oppositions by Match.com to Muzmatch’s registration of its marks in 2018, and unsuccessful attempts by Match.com to purchase Muzmatch between 2017 and 2019.

Match.com is one of the largest and most recognisable dating platforms in the UK. It first registered a word mark ‘MATCH.COM’ in 1996 and also owns other dating-related brands including Tinder and Hinge with other marks including the word mark ‘TINDER’. Match.com used a 2012 TNS report to illustrate its goodwill and reputation and 70% of people surveyed would be able to recall Match.com if prompted, 44% unprompted and 31% of people would name Match.com as the first dating brand off the ‘top of their head.’

Muzmatch is a comparatively niche but growing dating platform, which aims to provide a halal (i.e. in compliance with Islamic law) way for single Muslim men and women to meet a partner. Muzmatch is comparatively much smaller and was founded in 2011 by Mr Shahzad Younas and now has had around 666,069 sign-ups in the UK alone.

The Court considered that the marks ‘Muzmatch’ and ‘MATCH.COM’ and each company’s graphical marks, had a high degree of similarity in the services provided. The marks were also similar in nature orally and conceptually and the addition of the prefix ‘Muz’ did not distinguish the two marks, nor could the lack of the suffix ‘.com’ or stylistic fonts/devices.

The key issue of the case relates to the idea of the term ‘Match’ which is used by both marks to describe the nature of the business: match[ing]. Muzmatch argued that as both marks share this descriptive common element, so it is difficult to conclude that there is a likelihood of confusion between the two marks as the term just describes what each business does.

 The Court found that finding that there is a likelihood of confusion for a common descriptive element is not impossible, as the descriptive element can be used distinctively. The average consumer would conclude that the portion ‘Match’ is the badge of origin for Match.com due to its reputation as a brand and the very substantial degree of distinctiveness in the dating industry. An average consumer would have seen the word ‘Match’ as the dominant element in the Match.com trade marks and Match.com is often referred to as just ‘Match’ in advertisements.

Aside from its marks, Muzmatch utilised a Search Engine Optimisation strategy from January 2012 whereby it utilised a list of around 5000 keywords which would take a user to a landing page on the its website. In the list of the keywords used, Muzmatch used the words ‘muslim-tinder’, ‘tinder’ and ‘halal-tinder’ which were accepted by Muzmatch during the litigation to have infringed Match’s trade marks of the Tinder brand including the word mark ‘TINDER’. Muzmatch’s SEO use was also found to cause confusion based on some of its keywords including ‘UK Muslim Match’, which again uses the term Match distinctively, therefore a consumer may confuse a link to ‘UK Muslim Match’ with ‘Match.com’.

Therefore, the Court found that there was likely to be confusion between Muzmatch and Match.com because of the distinctive nature of the term ‘Match’ in the world of dating platforms.  An average consumer would conclude that Muzmatch was connected in a material way with the Match.com marks, as if it was targeted at Muslim users as a sub-brand, so this confusion would be trade mark infringement under S10(2) of the Trade Marks Act 1994.

The Court also considered that Muzmatch had taken unfair advantage of Match.com’s trade marks and had therefore infringed those marks under S10(3) of the Trade Marks Act 1994. This was due to the reputation of Match.com’s trade marks and because a consumer would believe that Muzmatch was a sub-brand of Match.com.

The Court rejected Muzmatch’s defence of honest concurrent use and found that Match.com would also have an alternative claim in the tort of passing off.

Key Points:

  • The Court found that a common descriptive element can acquire distinctiveness in an area, solely because of a company’s reputation and influence in that market.
  • The use of Search Engine Optimisation strategies can also constitute a trade mark infringement.
  • The lack of the suffix ‘.com’ in a mark is not sufficient to distinguish use from a household brand such as Match.com, so care should be taken with brands such as ‘Match.com’, ‘Booking.com’[1]

Source:

[1] Match Group, LLC, Meetic SAS, Match.Com International Limited v Muzmatch Limited, Shahzad Younas [2022] EWHC 941 (IPEC)

[1] Note- Blog Post of July 6 2020 Relating to Booking.com- https://www.iptechblog.com/2020/07/us-supreme-court-opens-doors-to-generic-com-trademarks/

Article By Connor Sargeant and the Intellectual Property and Technology Practice Group at Squire Patton Boggs (US) LLP ​.

For more intellectual property legal news, click here to visit the National Law Review.

© Copyright 2022 Squire Patton Boggs (US) LLP