Deciding what Platform to Use for Your Law Firm Website

I often have clients ask me how frequently they should refresh or update their websites. That is a tricky question. When it comes to content, a website should be updated on an on-going basis – every week is good, and every day is not too much. Frequent content additions will increase the likelihood that your site is viewed often, as search engines catalog content using the keywords users are likely to query and return results based on a combination of the most recently posted content, the closest match to the query and the most highly viewed pages that contain the appropriate keywords. That means the more optimized (good use of keywords) content you post, the more views the content is likely to get.

When it comes to design, a website will begin to look dated in two to three years and should be revisited and updated. This is the perfect time to review the site’s navigation and make sure it has remained user-friendly and consistent with current trends in website design. As with most things in business, having an initial strategy when building a website will reduce the need for changes and make the changes easier to implement when it does come time to refresh the site.

So, what does good initial strategy entail when beginning a website build?

The Importance of CMS Selection

First and foremost, you must think about the foundation the site is built upon. Nearly every website built now has a Content Management System (CMS). A CMS allows for ease in operating the website without a need for knowledge of coding. For instance, adding and deleting content can be easily managed on the back-end of the site with the use of built-in templates. There is no reason for a law firm not to use a CMS. The only questions to consider are which category and type of system to choose. This is the big overall strategy decision, and it will impact the ease of use and updates for the life of the site.

There are two categories of CMSs: Proprietary and Open Source. They provide similar functionality, but they operate very differently. A Proprietary CMS is built and owned by an independent company, and that company “leases” the right for a firm to use the technology. Proprietary was the most used form of legal website CMSs for many years.

Open Source CMSs are built and maintained by programmers throughout the world and are open for anyone to use at no cost. Programmers continually update and add to the code making improvements, which they openly share. This is a newer platform for the legal industry.

Deciding Between Open Source or Proprietary

Proprietary CMSs generally come with a hosting and maintenance plan, providing a sense of security to smaller firms without the in-house resources to update and maintain the site. Though this can ease the burden of website management for the firm, it also requires a monthly or annual fee to keep the site up and running. In addition, as most licensors will not allow access to their code, a site refresh will entail additional fees whenever upgrades are needed.

With the use Open Source CMSs, programmers are continually enhancing the code and the updated functionality is freely shared. Any firm can add the enhanced functionality to their site free of charge. That said the firm must have the in-house capability to do so or contract with an outside vendor to complete the project. If a firm does use an outside vendor to assist, it’s a one-time project fee as opposed to a long-term commitment.

The Move Toward Open Source

For the past several years, law firms have steadily trended toward the use of Open Source platforms and ownership of their websites. Long gone are the days of two or three legal power vendors owning the mass market share of law firm websites by using a formulaic, proprietary build approach and charging for site content and technology updates on an hourly or monthly basis.

Not if, but when you do plan for a refresh or new site build, you can reduce costs and enhance site longevity by using an Open Source platform. There are three main options, WordPress, Drupal and Joomla. There have been many comparisons of these Open Source Code options, and I share the main value/asset for each below.

WordPress: This system works best for small- to medium-sized firm websites. (Most Popular)

Drupal: The most powerful Open Source CMS, it allows for efficient upgrades. (Most Advanced)

Joomla: The better platform for e-commerce, it requires some level of technical coding. (The Compromise between WordPress and Drupal)

There is considerable information on the Internet regarding each of the listed Open Source systems. Identifying which CMS to use, whether proprietary or open source, is key to ensuring a smooth and effective website strategy for years to come.

Article By Sue Remley of Jaffe

© Copyright 2008-2015, Jaffe Associates

On Sale Today – .law Domain Names

Today, all law firms will be able to apply for .law names. This top-level domain name is intended to create an online space in which only regulated, licensed legal practitioners can be found.

In order to purchase your .law domain name, there are specific steps involved, as well as some key dates of which to be aware. Here is a quick guide to help you move forward with purchasing your .law domain.

What domain names should you buy?

  1. Purchase the .law version of your domain name.

  1. Purchase keyword specific URLs that are important to your branding efforts, such as employmentlawyer.law, employment.law, advertisinglaw.law, etc. Note that there could be bidding for some of the more popular domains.

When and where can I register the domain?

Oct. 12 – 18, 2015:

  1. Qualified lawyers can apply for domain names. Domain names will be awarded on a first-come, first-served basis.

  2. There will be a one-time Early Access Program (EAP) fee as well as an annual registration fee.

  3. Pricing will decrease each day for the first seven days of General Availability – check with an authorized registrar for purchasing details.

October 19 – Future:

  • Qualified lawyers can still purchase domain names on a first-come, first-served basis, minus the EAP fee.

What is the eligibility process?

  1. Decide which of your firm’s lawyers will be designated a “qualified lawyer” for purposes of purchasing .law domain names – such as your managing partner or marketing partner.

  1. Gather the following information for your qualified lawyer:

  1. Attorney’s name (as it appears on his/her bar registration)

  2. State/jurisdiction(s) where attorney is licensed to practice

  3. Year of registration: Year(s) admitted to practice

  4. Bar registration number(s)

  5. Bar association state and country

How long does it take?

The verification process should take 48 hours, after which time the domain names you applied for will be registered to you.

Copyright 2015 Knapp Marketing

ECJ Rules EU-US Safe Harbor Programme Is Invalid

The powers of EU data protection authorities are significantly strengthened by the decision, allowing them to suspend some or all personal data flows into the United States in certain circumstances.

In Maximillian Schrems v. Data Protection Commissioner (case C-362/14), the European Court of Justice (ECJ) has ruled[1] that the European Commission decision approving the Safe Harbor programme is invalid. Further, the ECJ ruled that EU data protection authorities do have powers to investigate complaints about the transfer of personal data outside Europe (whether by Safe Harbor-certified organisations or otherwise, but excluding countries deemed as having “adequate” data protection laws according to the EU). Finally, the ECJ ruled that data protection authorities can, where justified, suspend data transfers outside Europe until their investigations are completed.

Safe Harbor Programme

According to the European Commission, the United States is a country with “inadequate” data protection laws. The European Commission and the US Department of Commerce, therefore, agreed in 2000 to a self-certification programme for US organisations that receive personal data from Europe. Pursuant to the self-certification programme, a US organisation receiving personal data from Europe must certify that it adhered to certain standards of data processing comparable with EU data protection laws such that the EU citizens’ personal data was treated as adequately as if their personal data had remained in Europe. The Safe Harbor programme is operated by the US Department of Commerce and enforced by the Federal Trade Commission. Over 4,000 organisations have current self-certifications of adherence to Safe Harbor principles.[2]

The Schrems Case

Mr. Schrems complained in Irish legal proceedings that the Irish Data Protection Commissioner refused to investigate his complaint that the Safe Harbor programme failed to protect adequately personal data after its transfer to the US in light of revelations about the National Security Agency’s (NSA’s) PRISM programme. The question of whether EU data protection authorities have the power to investigate complaints about the Safe Harbor programme was referred to the ECJ. Yves Bot, Advocate General at the ECJ, said in an opinion released on 23 September 2015 that the Safe Harbor programme  does not currently do enough to protect EU citizens’ personal data because such data was transferred to US authorities in the course of “mass and indiscriminate surveillance and interception of such data” from Safe Harbor-certified organisations. Mr. Bot was of the opinion that the Irish Data Protection Commissioner, therefore, had the power to investigate complaints about Safe Harbor-certified organisations and, if there were “exceptional circumstances in which the suspension of specific data flows should be justified”, to suspend the data transfers pending the outcome of its investigation.

The ECJ followed Mr. Bot’s opinion and, further, declared that the European Commission’s decision to approve the Safe Harbor programme in 2000 was “invalid” on the basis that US laws fail to protect personal data transferred to US state authorities pursuant to derogations of “national security, public law or law enforcement requirements”. Furthermore, EU citizens do not have adequate rights of redress when their personal data protection rights are breached by US authorities.

The EU-US Data Protection Umbrella Agreement

In the last two years, the European Commission and various data protection working parties have discussed ways to improve the Safe Harbor programme and strengthen rights for EU citizens in cases where their personal data is transferred to the United States. Recently, the United States and European Union finalised a data protection umbrella agreement to provide minimum privacy protections for personal data transferred between EU and US authorities for law enforcement purposes. The umbrella agreement will provide certain protections to ensure that personal data is protected when exchanged between police and criminal justice authorities of the United States and the European Union. The umbrella agreement, however, does not apply to personal data shared with national security agencies.

The umbrella agreement also provides that EU citizens will have the right to seek judicial redress before US courts where US authorities deny access or rectification or unlawfully disclose their personal data. Currently, US citizens have the right to seek judicial redress in the European Union if their data—transferred for law enforcement purposes—is misused by EU law enforcement authorities. EU citizens, however, do not have corresponding rights of redress in the United States. A judicial redress bill has been introduced in the US House of Representatives; adoption of the bill would allow the United States and European Union to finalise the umbrella agreement.

Key Findings of the ECJ Decision

The key findings of the ECJ decision are as follows (quotes indicate excerpts from the ruling itself):

“The guarantee of independence of national supervisory authorities is intended to ensure the effectiveness and reliability of the monitoring of compliance with the provisions concerning protection of individuals”.

The powers of supervisory authorities include “effective powers of intervention, such as that of imposing a temporary or definitive ban on processing of data, and the power to engage in legal proceedings”.

The Safe Harbor programme “cannot prevent persons whose personal data has been or could be transferred to a third country from lodging with the national supervisory authorities a claim. . .concerning the protection of their rights and freedoms”.

National courts can consider the validity of the Safe Harbor programme, but only the ECJ can declare that it is invalid.

Where the national data protection authorities find that complaints regarding the protection of personal data by Safe Harbor-certified companies are well-founded, they “must. . .be able to engage in legal proceedings”.

Organisations self-certified under the Safe Harbor programme are permitted to “disregard” the Safe Harbor principles to comply with US national security, public interest, or law enforcement requirements.

There is no provision in the Safe Harbor programme for protection for EU citizens against US authorities who gain access to their personal data transferred to the United States pursuant to the Safe Harbor programme. There is only a provision for commercial dispute resolution.

The EU Data Protection Directive[3] “requires derogations and limitations in relation to the protection of personal data to apply only in so far as is strictly necessary”, but there is no such requirement applicable in the United States following the transfer of personal data pursuant to the Safe Harbor programme.

The Safe Harbor programme “fails to comply with the requirements” to protect personal data to the “adequate” standard required by the EU Data Protection Directive and is “accordingly invalid”.

Other Options to Transfer Personal Data to the United States

Safe Harbor-certified organisations should note that there are other options to transfer personal data to the United States, including express consent and the use of Binding Corporate Rules or EU-approved model clause agreements. Organisations using Safe Harbor-certified vendors may wish to discuss these other options with their vendors. There is, however, a risk that this decision could affect these other options, as national security derogations are likely to override the protection of personal data regardless of how it is transferred, with the only exception being the specific and informed consent of an individual to the transfer of his or her personal data to governmental authorities for national security purposes.

Conclusion

The ECJ decision is likely to take the European Commission by surprise.

The powers of national data protection authorities are significantly strengthened by this decision. They could allow data protection authorities to suspend some or all personal data flows into the United States in serious circumstances and where there is a justifiable reason to do so. There is a risk that a data protection authority could order that the data transfers by an international organisation outside of Europe be suspended from that jurisdiction, whereas data transfers in other European jurisdictions are permitted. To mitigate this risk, the European Commission is entitled to issue EU-wide “adequacy decisions” for consistency purposes.

The European Commission has today announced that it intends to release guidance for Safe Harbor-certified companies within the next two weeks.

Article By Stephanie A. “Tess” BlairDr. Axel Spies & Pulina Whitaker of Morgan, Lewis & Bockius LLP
Copyright © 2015 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

[1] See Judgment of the Court (Grand Chamber) (6 October 2015)

[2] See Safe Harbor List.

[3] Directive 95/46/EC

Days of Tax-Free Internet Sales May Soon Be Over With Introduction of Remote Transactions Parity Act

The imposition of sales tax on internet transactions is a continuing topic of conversation on Capitol Hill that has recently gained even more momentum. In June, Rep. Jason Chaffetz and Rep. Steve Womack introduced the Remote Transaction Parity Act (RTPA), a bill which would require online retailers to collect sales taxes from buyers in remote states even if the retailer does not have a physical location in such state. The passing of the RTPA would be a marked shift from current law, which requires internet retailers to pay sales tax only in those states where they have a physical location.

The RTPA is the most recent iteration of bills proposing to broaden the taxing authority of states by allowing them to capture additional sales tax revenue from internet retailers and closing what some have called a tax loophole that for years has allowed internet retailers a great pricing advantage over brick-and-mortar retailers who are forced to charge higher prices for identical merchandise to cover the sales taxes imposed on them. The Marketplace Fairness Act (MFA), which was passed by the Senate but not the House of Representatives in 2013 was also reintroduced earlier this year, showing the importance of this issue to some lawmakers.

While some claim the RTPA is intended to “level the playing field” among internet retailers and brick-and-mortar businesses, the lines of support are not so clear. In today’s marketplace many brick-and-mortar retailers also have some (if not a significant) internet sales presence, which means this Act will not just impact the Amazon’s of the world. Under the RTPA, retailers of all sizes that sell products online face potential new taxes and, at the very least, will be required to implement stringent sales tracking systems. Considering the expected costs of imposing these systems, the RTPA may actually create a competitive advantage for the larger online retailers as they would have the resources to implement these systems while continuing to provide products at a lower cost, while smaller retailers may have to increase prices to cover the additional costs of this system. As such, it is extremely important that retailers understand how the proposed destination-based taxation system will impact their bottom line and to become involved in the discussion prior to the final legislation.

The RTPA includes several notable differences from the MFA that may make this slightly more palatable than its predecessor. These differences include a larger initial small seller exception that phases back over three years and is eliminated in year four rather than the set smaller exception amount included in the MFA, increased protections for sellers using certified software providers, and additional audit protections. However, the basic premise remains the same. Under both Acts, states would be gaining greater authority to look inside a retailer’s business and impose tax based on the location of its customers, not just the location of the retailer itself. This shift in tax law would have a significant impact on the way retailers do business and is something that should be watched carefully in the coming months.

©2015 von Briesen & Roper, s.c

Legal Bloggers: Strategies for Increasing Your Readership

So you have a blog. Great! Everyone – from legal marketers to managing partners – has probably told you that writing a regular blog will establish you as a thought leader and drive business development.

Unfortunately, it’s not that easy. Finding a blog on the Internet is akin to picking out a needle from a haystack.

Just because you write it doesn’t mean they will read it. For your blog to attract readers, you need to give it a push. And that means coming up with a solid distribution strategy.

Let’s look at potential channels that could send readers to your blog.

Organic Search

You can bet that your target audience will be using search engines – Google, Bing, etc. – to find articles and blogs. Understanding topics and keywords that people search for should be the first step in blog writing.

Use Google Trends and Google News to mine for topics. Then research which keywords people are using to search for your topic. Google’s keyword planner provides data on how many searches are conducted every month. For example, if you’re writing about Title IX, are people using search phrases like “title IX discrimination on campus” or “gender equality in education”?

Once you determine the best keywords, integrate them into your blog – naturally. Don’t overuse phrases again and again. Instead, choose five or six phrases and sprinkle them throughout your blog.

Next, give consideration to your title tag. This is separate from the headline on your blog post. The title tag is what is known as a “meta” field and is accessible on the back end of most content management systems (WordPress, Drupal, etc.). Select one prominent keyword phrase that has relatively high search volume, along with high relevancy, to use in your title tag. Search engines use title tags to index your blog posts. Your title tag is also what search engines use to designate your posts in their results pages.

And don’t forget about “domain authority.” Domain authority is a third-party metric that indicates how well search engines will rank a website in search results. Hosting your blog on your firm website (as opposed to building a brand-new site for your blog) will most likely provide higher authority for your blog.

Email Subscriptions

Have a way for readers to sign up for email alerts that are triggered when you put up a new blog post. This type of “opt-in” automated program delivers your blog to engaged readers – that is, potential leads.

If your blog focuses on various practice areas or industries, creating sign-up categories will help you target your readers with relevant content. As an example, Kirton McConkie recently launched a multi-practice blog that provides email sign-up options by category.

Subscription-Based Legal Syndication Sites

Sites like the National Law Review, JD Supra and Mondaq repost blogs on their websites. These online resources are hubs for general counsel, attorneys and reporters to find information on legal topics. Subscribers can join for free, while contributors pay monthly or annual fees to have their content included.

These types of sites have an added benefit for blog authors: They also use social media and email marketing tactics to deliver your content, creating additional visibility.

Social Media

It goes without saying that social media has the potential to reach an enormous pool of readers. But getting the attention from the right people on social media is a daunting task. Sending out a tweet linking to your blog can be like putting a message in a bottle and throwing it into the ocean. Fortunately, there are a few best practices to help you get additional visibility.

First, decide which social media platforms you’re going to use based on the audience you want to attract. Every social network has a unique culture and demographic characteristics. Don’t waste your time chasing a crowd that’s not relevant – for instance, Snapchat users are not interested in legal blogs.

Once you’ve identified one or two social platforms, search for influencers in your topic area. These influencers will frequently write about and share relevant content and will have high follower and engagement metrics. Start engaging with these people. Don’t bombard them with requests to share your blog, but show interest in their content and join in conversations. Also, sprinkle links to your blog into your social stream. Just be careful not to make it all about you.

LinkedIn Posts

Use the LinkedIn “Publish a Post” feature to repurpose your blogs on your profile. It’s a simple way to expand your reach on LinkedIn. Not only are posts searchable on LinkedIn, but they also are pushed out through LinkedIn’s email notification program.

Blog Directory Sites

Setting up your blog’s RSS feed to relevant blog directory sites like AllTop’s legal section and ABAJournal blogs will drive readers to your blog. Track visits from these sites in the “Referral” section of your Google Analytics dashboard to measure the effectiveness of these visitors.

Guest Authors

I

nvite thought leaders with high online visibility to write guest posts for your blog. These authors will have followers who read their content. If they post to your site, they will help you share their post through their social media channels, which again drives visits to your website.

It may be difficult to recruit guest bloggers. If you find that is the case, try to provide benefits to writers, such as prominent links back to their websites.

Other Digital Marketing Initiatives

Leverage all your digital marketing channels by including a link to your blog in your electronic communications – email signature lines, client alerts, invoices, etc. Add a link to your blog in all your social media profiles – LinkedIn, Twitter, Google+ and Facebook.

As with all digital marketing initiatives, measurement and tracking are key steps for identifying tactics that work and tactics that don’t. Review your Google Analytics or other analytics-tracking platform regularly. Understanding which topics resonate with your readers will inform your content strategy as you go forward.

ARTICLE BY Melanie Trudeau of Jaffe

© Copyright 2008-2015, Jaffe Associates

How to Avoid Being Penalized by Google [Infographic]

Google algorithm updates are usually accompanied by much wailing and gnashing of teeth among marketers, and sometimes it’s for good reason. With one flick of a switch, all that hard work to improve search results can be undone if your site no longer complies with what Google considers to be best practices for your website and blog.

Of course, Google’s intention is not to penalize sites — it’s to improve the user experience. Recently, Internet marketing consulting company QuickSprout developed the infographic below with specifics on what to avoid and strategies for ensuring your sites don’t get penalized by Google.

These tips are easy to understand and not too difficult to implement. The reward of not incurring a Google penalty is well worth your time in becoming educated on current best practices in SEO for Google:

How to Avoid Being Penalized by Google [Infographic]

© The Rainmaker Institute, All Rights Reserved

New Internet Domain Names for Banks: What You Need to Know Now

The world of the Internet is in a state of change. In 2008, the Internet Corporation for Assigned Names and Numbers (ICANN), the administrator of the Domain Name System, approved a new program that enables the creation of an unlimited number of new generic Top-Level Domains (gTLDs). In response, a coalition of banks, insurance companies and financial services associations partnered to establish fTLD Registry Services, LLC (fTLD) in order to apply for and operate the .BANK gTLD on behalf of the global banking community. On September 25, 2014, fTLD was granted the right to operate .BANK as a new gTLD.

The .BANK gTLDs will open up much-needed real estate on the Internet, providing new marketing, branding and cross-selling opportunities for the banking community. Eligible institutions will be able to obtain domain name registrations with a .BANK suffix instead of .COM. In addition, fTLD will implement enhanced control systems to mitigate cyber risks from malicious activities over the Internet. For example, registrants will be required to include charter verification by the registrant’s regulator before they can register a domain name in the .BANK gTLD.

The registration system for the .BANK gTLD became available mid-May 2015 for banks with registered trademarks with ICANN’s Trademark Clearing House (TMCH). The figure below illustrates the timeline for obtaining .BANK gTLDs.

domain name for banks

Domains will be awarded on a first-come, first-served basis in all registration periods. The Qualified Launch Program for Founders period was available for founding members of fTLD that have registered their trademarks in ICANN’s TMCH. The Sunrise period will be available for eligible members of the global banking community that have registered their trademark with ICANN’s TMCH. During the 30-day Sunrise period, banks that meet fTLD’s eligibility requirements will have an advance opportunity, before names are available to other eligible members of the banking community, to register domain names that are exact matches to their registered trademarks. The Founders period will be available to the founding members of fTLD that have yet to register their domains. Eligible members of the global banking community that do not meet the Sunrise or Founders requirements can then register their trademarks, on an ongoing basis, during the General Availability period starting June 24, 2015.

The .BANK gTLD provides new opportunities for marketing, branding and other promotional activities. However, once the Sunrise and Founders periods expire, domain names will be granted on a first-come, first-served basis. Institutions, therefore, should review their current marketing plan to determine if and when registration of the newly available .BANK domain names is appropriate.

© 2015 Vedder Price

Unprecedented Move: Vox Populi Extends Sunrise Deadline for “.sucks” Domain Registration

In a move that is being interpreted as possible overreaching, Vox Populi, operator of the .sucks domain name, extended the period for registering .sucks during the “sunrise period” without notice. The new deadline to register the .sucks domain name is June 19. Not only is it $2,000 or more to register each .sucks domain name, there is also an annual renewal fee of $2,000.

There is online speculation that Vox’s extension is motivated by a relatively large surge in last minute registrations before the original deadline of May 29. This might indicate that Vox is extending the sunrise period for the purpose of taking additional profits from the registration of this already high priced gTLD.

What is a trademark owner to do?

  • Some businesses are defensively registering .sucks then “parking” the domain name to prevent others from using it.

  • Other trademark owners plan to proactively “own” .sucks as a way to receive and curate criticism. This is seen as a way to allow consumers to vet issues and allow companies to manage legitimate issues.

  • Some trademark owners have decided to not register the domain name.

The decision that is right for individual businesses should take into account a variety of factors uniquely associated with the business and its anticipated future use of the Internet for communicating criticism about goods and/or services.

Vox is promoting the registration of this domain name as being consumer friendly providing a “voice” for the people. Vox retained Ralph Nader and Dr. Martin Luther King (via vintage film clip) as two of their celebrity spokes people to promote .sucks as a “protest word.”

There has been significant controversy regarding the launch of the new domain name .sucks. Foremost is Vox’s pricing strategy. Vox Populi (Voice of the People) is offering the domain name to trademark owners for $2,000 for each registration during the “sunrise period.” The sunrise period is an initial brief period of time, usually about two months, during which a trademark owner has priority to register their trademark with the new gTLD. As an example: “chicagocubs.sucks” could be registered by the Chicago Cubs as the trademark owner during the sunrise period for $2,000. Most new domain names (.coffee, .wedding, .football, .media, etc.) can be registered during their sunrise period for $100 – $200. However, if the Cubs decide to not register .sucks, a party qualifying for a “Consumer Advocate Subsidized” registration (as determined by Vox) can register “chicagocubs.sucks” after the sunrise period for only $9.95.

Many trademark owners are questioning whether Vox’s pricing strategy is an impermissible windfall or free speech. Some parties have already brought this matter to the U.S. Federal Trade Commission (FTC) and the Competition Bureau Canada for consideration. Although no final decision has been reached by either agency, FTC Chairwoman Edith Ramirez provided a preliminary response pointedly reminding Internet Corporation for Assigned Names and Numbers (ICANN), acting on behalf of the concerned parties, that the FTC weighed in on these and similar issues years ago prior to the launch of the new gTLD program. While Chairwoman Ramirez cannot comment on the existence of pending investigations she left the door open for monitoring the actions of registries and taking action in appropriate cases “if we have reason to believe an entity has engaged in deceptive or unfair practices in violation of [the] consumer protection authority.” Chairwoman Ramirez urged ICANN to address these issues internally since the dramatic growth of gTLDs brought on by ICANN’s program cannot be “feasibly addressed on a case-by-case basis” by the FTC.

Over the first 30 years of the publically accessible Internet approximately 220 gTLDs, including country codes were made available. Between 2011 and 2014 ICANN initiated a program to create new gTLDs. The stated goal of these new gTLDs was to be inclusive of new interest groups, non-Latin script languages and to anticipate the expansion of the Internet. This initiative was wildly successful with 1,930 applications being received by ICANN. After significant review of the applications approximately 1,370 new gTLDs were scheduled for launch. As of May 1, 2015, the launch of these new gTLDs is approximately one quarter completed with approximately 1,000 new gTLDs still to launch.

© 2015 BARNES & THORNBURG LLP

Telecoms File Lawsuit Challenging Net Neutrality Rules

Allen Matkins Leck Gamble Mallory & Natsis LLP

The Federal Register officially published the FCC’s new rules governing net neutrality on Monday, April 13, 2015, and the new rules will take effect 60 days following the date of publication. As anticipated, AT&T and the wireless and cable industry groups immediately filed suit in the D.C. Circuit Court to challenge the new rules on Tuesday, April 14, 2015. The litigation is spearheaded by AT&T and its trade group CTIA – The Wireless Association which also represents Verizon, Sprint and T-Mobile. The suit represents a new stage in the telecommunications industry’s efforts to challenge the recently enacted rules. Read additional coverage of the suit including potential arguments the telecommunications groups will raise, and stay tuned for our take on the developing litigation.

ARTICLE BY

California Wireless Law Blog

IoT – It’s All About the Data, Right?

Foley and Lardner LLP

A few weeks ago, the FTC released a report on the Internet of Things (IoT). IoT refers to “things” such as devices or sensors – other than computers, smartphones, or tablets – that connect, communicate or transmit information with or between each other through the Internet. This year, there are estimated to be over 25 billion connected devices, and by 2020, 50 billion. With the ubiquity of IoT devices raising various concerns, the FTC has provided several recommendations.

Security

The report includes the following security recommendations for companies developing Internet of Things devices:

  • Build security into devices at the outset, rather than as an afterthought in the design process

  • Train employees about the importance of security, and ensure that security is managed at an appropriate level in the organization

  • Ensure that when outside service providers are hired, that those providers are capable of maintaining reasonable security, and provide reasonable oversight of the providers

  • When a security risk is identified, consider a “defense-in-depth” strategy whereby multiple layers of security may be used to defend against a particular risk

  • Consider measures to keep unauthorized users from accessing a consumer’s device, data, or personal information stored on the network

  • Monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks

Data Minimization

The report suggested companies consider data minimization – that is, limiting the collection of consumer data, and retaining that information only for a set period of time, and not indefinitely. Data minimization addresses two key privacy risks: first, the risk that a company with a large store of consumer data will become a more enticing target for data thieves or hackers, and second, that consumer data will be used in ways contrary to consumers’ expectations.

Notice and Choice

The FTC provided further recommendations relating to notice and choice. It is recommended that companies notify consumers and give them choices about how their information will be used, particularly when the data collection is beyond consumers’ reasonable expectations.

What Does This Mean for Device Manufacturers?

It is evident from the FTC’s report that security and data governance are important features for IoT device manufacturers to consider. Although the report suggests implementing data minimization protocols to limit the type and amount of data collected and stored, IoT device manufacturers should not be short-sighted when deciding what data to collect and store through their IoT devices. For many IoT device manufacturers, the data collected may be immensely valuable to them and other stakeholders. It would be naïve to decide not to collect certain types of data simply because there is no clear use or application of the data, the costs and risks of storing such data are cost prohibitive or because they want to reduce their exposure due to a security breach. In fact, quite often IoT device manufacturers do not realize what types of data may be useful. IoT device manufacturers would be best served by analyzing who the stakeholders of their data may be.

For instance, an IoT device manufacturer that monitors soil conditions of farms may realize that the data they collect can be useful, not only to farmers, but also to insurance companies to better understand water table levels, produce suppliers, wholesalers, and retailers to predict produce inventory, farm equipment suppliers, among others. Because of this, IoT device manufacturers should identify the stakeholders of the data they collect early and revisit the data they collect to identify new stakeholders not previously identified based on trends that can be determined from the data.

Moreover, IoT device manufacturers should constantly consider ways to monetize or otherwise leverage the data they gather and collect. IoT device manufacturers tend to shy away from owning the data they collect in an effort to respect their customers’ privacy. Instead of not collecting sensitive data at all, IoT device manufacturers would be best served by exploring and implementing data collection and storage techniques that reduce their exposure to security breaches while at the same time allay the fears of customers.

ARTICLE BY

OF