Month: May 2014

FTC Wins First Round In Battle Over Data Security

May 14, 2014 Administrator Leave a comment Security

Wyndham decision affirms FTC jurisdiction and assertive role on “thorny” cyber and data security issues (Wiley Rein, 8 April 2014) – The Federal Trade Commission (FTC) has just won the first major round of its fight with Wyndham Hotels over data security. In FTC v. Wyndham Worldwide Corp., et al., No. 13-1887 (D.N.J.), the FTC’s jurisdiction to punish companies for allegedly lax data security practices was challenged when Wyndham moved to dismiss the FTC’s unfair and deceptive practices claims. On April 7, 2014, after briefing, oral argument, and several amicus submissions, federal judge Esther Salas rejected all of Wyndham’s arguments and affirmed the FTC’s jurisdiction. In doing so, she noted that the case highlights “a variety of thorny legal issues that Congress and the courts will continue to grapple with for the foreseeable future.” The court affirmed the FTC’s jurisdiction and its discretion to proceed by enforcement action, rejecting Wyndham’s argument that ‘the FTC’s “‘failure to publish any interpretive guidance whatsoever’ violates fair notice principles and “bedrock principles of administrative law.’” (quoting briefing). The court found the unfairness proscriptions in Section 5 to be flexible and noted that the FTC had brought “unfairness actions in a variety of contexts without preexisting rules or regulations.” In this sense, the Court found “inapposite” Wyndham’s reference to evolving frameworks at the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) as examples of what the FTC should be expected to do. (See February 13, 2014 Client Alert ). The court analogized the FTC’s enforcement action to case-by-case approaches used by the National Labor Relations Board (NLRB) and Occupational Safety and Health Administration (OSHA), despite Wyndham’s argument that the “rapidly-evolving nature of data security” made those agencies’ actions poor examples. The court also rejected the challenge to the deceptive practices claim, finding that the FTC had adequately pled it under whatever standard applied.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

Public Officials- Past The Age Of Privacy?

May 12, 2014 Administrator Leave a comment Privacy

Public officials in a wired world: How much privacy should they get? (LA Times editorial, 15 April 2014) – New technology often challenges society’s long-standing assumptions and standards, but sometimes courts – and others – lose sight of common sense as they grapple with the changes. That’s the case in a recent decision of California’s 6th Appellate District, which found that text messages and emails between public officials are beyond the reach of the Public Records Act if they are sent on private devices rather than ones owned by public agencies. The three-judge panel said that electronic communications between council members and the mayor of San Jose, even those regarding city business, should not be considered “public” records if they are not “used” or “retained” by the city government (the language cited comes from California’s Public Records Act, written long before smartphones existed). Accordingly, the 6th Circuit overturned the decision of the trial court judge and ruled that the city need not turn over the communications to interested members of the public, even though both sides conceded that they involved official business. That decision hews to the narrow language of the act, but it distorts the act’s larger purpose, which is to ensure that the public can scrutinize the actions of its employees when they are doing public work.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/basketman.

Lawyers Ethically Required To Understand E-Discovery?

May 9, 2014 Administrator Leave a comment Ethics

Botched e-discovery can be an ethics violation, proposed opinion says (ABA Journal, 14 April 2014) – A proposed ethics opinion says California’s duty of competence requires lawyers to have a basic understanding of e-discovery issues and could require greater technical knowledge in certain cases. The proposed opinion (PDF) by the California State Bar’s Standing Committee on Professional Responsibility and Conduct says lawyers without the necessary competence have three options. They can acquire sufficient skill, they can seek out technical consultants or competent counsel, or they can decline the representation. The committee is accepting comments on the proposed opinion through June 24. The proposed ethics opinion is based on a hypothetical situation in which a lawyer agrees to opposing counsel’s search terms for a search of his client’s database. The lawyer instructs his client to allow the opposing counsel’s database search, wrongly assuming a clawback agreement would allow for recovery of anything inadvertently produced. After the search results are turned over to the opposing counsel without the lawyer’s review, the lawyer learns the search produced privileged information and showed that his client had deleted some potentially relevant documents as part of a regular document retention policy. The lawyer in the hypothetical not only breached his duty of competence, he also breached a duty to maintain client confidences and to protect privileged information, the proposed opinion says. In addition, the proposed opinion says, the lawyer should have assisted the client in placing a litigation hold on potentially relevant documents as part of the ethical duty not to suppress evidence.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/digitalart.

What You Should Know About The Future Of Online Learning

May 7, 2014 Administrator Leave a comment Education

Expanding your online pedagogy toolkit (InsideHigherEd, 22 April 2014) – Next-generation online learning differs from last generation e-learning in six distinct ways. First , it is scalable. New instructional support models-including coaches and peer mentors- allow online courses that are not MOOCs to effectively reach many more students in the past. Second , it is personalized. It offers multiple learning pathways tailored to student learning styles, needs, and interests. Just-in-time remediation and enrichment are embedded and content reflects students’ learning goals. Third , it is outcomes-oriented. Mastery of explicit learning objectives, including content and skills, represents its aim. Fourth , it is data-driven. Learning analytics provide students, instructors, coaches, and advisers with dashboards that signal student progress and problems in real time. Fifth , it is social and interactive. Building on the notion of learning as a social process, next-generation online courses encourage student involvement in communities of practice and in personal learning networks, where they have opportunities to collaborate, test ideas, and motivate and assist one another. Six[th] , and perhaps most importantly, it is activity oriented. Next-generation online learning involves challenges, inquiry, and problem solving. Students, individually and in small groups, have opportunities to learn by doing. Depending on the nature of the course, they might engage in hypothesis formulation and testing, data analysis, or constructing and applying rubrics. Simulations, in particular, give students opportunities to mimic professional practice and exercise real-world skills. Here are a series of techniques that you might use to build essential student skills, promote social interaction, and encourage active learning in an online environment * * *

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

When Can You Tweet A Celebrity Photo?

May 5, 2014 Administrator Leave a comment Social Media

When can you tweet a celebrity photo? (GigaOM, 10 April 2014) – Katherine Heigl, a former star on Grey’s Anatomy , is not happy that New York drugstore chain Duane Reade tweeted a picture of her leaving its store. Now, she is suing the company for $6 million in damages, which Heigl says she will donate to a charity named for her late brother. The conflict, which raises interesting questions about endorsements in the age of social media, began after gossip site JustJared posted pictures of Heigl leaving a store with her mother, carrying shopping bags. Soon after, Duane Reade tweeted the photo along with a gleeful caption. Normally, celebrities can’t do much about people taking their picture in public place – it’s just part and parcel of the whole rich and famous thing. And, indeed, Heigl’s lawsuit, embedded below, suggests that JustJared had a right to post the photos since they were “news” (it’s not clear why anyone going to the drugstore is ever “news” – but that’s another story.) According to Heigl, Duane Reade crossed the line by adding the captions. In her view, this was an unauthorized endorsement in violation of federal trademark rules and the personality rights laws of New York state. She appears to have a case in that celebrities have a right to control the way their images are used for endorsement. You can’t, for instance, take a photo of Heigl walking by your donut shop and then use the snap to plaster billboards around the city that suggest she likes your donuts. The Duane Reade case is a little more nuanced, however, in that it involves Twitter which, by its nature, is often associated with fleeting news events. If JustJared had tweeted the original photo and Duane Reade has retweeted it with its own caption, the company would be in a stronger position to say it a fair use right to share the photo. Instead, Duane Reade’s behavior looks more like a calculated decision to use an authorized endorsement rather than any form of news reporting – a claim Heigl’s lawyers make repeatedly in the complaint. (It’s also not clear if the drugstore bought the rights for the photo from JustJared – if not, it could be facing a copyright case too).

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/kanate.

Growing Hacker Creativity

May 2, 2014 Administrator Leave a comment Security

Hackers lurking in vents and soda machines (NYT, 7 April 2014) – Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business’s vast computer network. Security experts summoned to fix the problem were not allowed to disclose the details of the breach, but the lesson from the incident was clear: Companies scrambling to seal up their systems from hackers and government snoops are having to look in the unlikeliest of places for vulnerabilities. Hackers in the recent Target payment card breach gained access to the retailer’s records through its heating and cooling system. In other cases, hackers have used printers , thermostats and videoconferencing equipment. Companies have always needed to be diligent in keeping ahead of hackers – email and leaky employee devices are an old problem – but the situation has grown increasingly complex and urgent as countless third parties are granted remote access to corporate systems. This access comes through software controlling all kinds of services a company needs: heating, ventilation and air-conditioning; billing, expense and human-resources management systems; graphics and data analytics functions; health insurance providers; and even vending machines. Break into one system, and you have a chance to break into them all. Data on the percentage of cyberattacks that can be tied to a leaky third party is difficult to come by, in large part because victims’ lawyers will find any reason not to disclose a breach. But a survey of more than 3,500 global I.T. and cybersecurity practitioners conducted by a security research firm, the Ponemon Institute, last year found that roughly a quarter – 23 percent – of breaches were attributable to third-party negligence. Security experts say that figure is low. Arabella Hallawell, vice president of strategy at Arbor Networks, a network security firm in Burlington, Mass., estimated that third-party suppliers were involved in some 70 percent of breaches her company reviewed.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Salvatore Vuono.