First Joint Consultations May Foreshadow Effectiveness of Privacy Shield

–  Stephen Díaz, Partner, Rimon, P.C. &  Claudio Palmieri, Of  Counsel Rimon, P.C. (Principal, Studio Legale Palmieri –Rimôn Italia)

On October 6, 2015, the Court of Justice of the European Union invalidated the so-called “Safe Harbor” that previously governed data transfers between the U.S. and the EU (Case C-362/14 – Maximillian Schrems v. Data Protection Commissioner, 6 October 2015).

As you already know if you read our Legal Bytes’ posting in May concerning the US-EU Data Transfer Privacy Shield, personal data cannot be transferred to from the EU to a non-European Union/European Economic Area country, unless that country can ensure “adequate levels of protection” for such personal data. While the European Commission had identified a number of countries that met the ‘adequate protection’ test, the United States was not one of them and without the Safe Harbor understandings, transatlantic exchanges of data – both for commercial and national security reasons – were at risk of being non-compliant with EU regulations!  In an attempt to temporarily address the data transfer issues, the EU and the U.S. proposed a new framework for exchanges of personal data for commercial purposes, known as the EU-U.S. Privacy Shield (“Privacy Shield”) which was formally launched on July 12, 2016.

Further complicating matters, a new EU General Data Protection Regulation (GDPR) comes into effect on May 25, 2018.    In furtherance of a formal and more permanent agreement under the Privacy Shield and in contemplation of the new regulations, representatives of the U.S. and the EU have announced they will meet in Washington, DC during the week of September 18, 2017, for the first Annual Review of the Privacy Shield.  In advance of the meeting, the EU’s official Working Group (WP 29) sent the European Commission their recommendations and consistent with previous pronouncements, they believe the meeting should focus on enforcement of rights and obligations, as well as changes in U.S. law since the adoption of the Privacy Shield.  WP29 recommended discussions focus on these issue and that any formal agreement must deal with both commercial, as well as law enforcement and national security access.

These concerns and considerations are explored in more detail in our full Client Alert: No Certainty in Future of Privacy Shield as Transatlantic Consultations Set to Begin and it is clear that the September consultations may well be an indication of whether the Privacy Shield will prove an adequate regulatory regime for the transatlantic transfer of personal data and whether meaningful progress is likely in the current environment.

If you would like more information, a better understanding or need guidance regarding compliance with these regulations, contact Stephen Díaz Gavin, a Rimon Law Partner based in Washington, DC or Claudio Palmieri is of counsel to Rimon, P.C. and the principal of Studio Legale Palmieri –Rimôn Italia in Rome, Italy. Of course you can always contact me, Joe Rosenbaum, or any of the lawyers at Rimon with whom you regularly work.

 

The Paradox of Illumination

I first heard about the paradox of illumination from Lee Loevinger, an extraordinary gentleman I was privileged to know professionally.  Lee was a multi-faceted, multi-talented, thought-provoking lawyer whose sage advice and stimulating ideas continue to resonate with those honored to have known him, and everyone else wise enough to read his work and the words he left behind.

In a nutshell, the paradox of illumination is extraordinarily complex, but simple to describe.  Much like Albert Einstein who, when asked about his theory of relativity and the notion that time is not constant, described it in personal terms: if a man is at dinner for 10 minutes with a beautiful woman, it seems like a fleeting instant; but sit on a burning hot stove for 10 minutes and it seems like an eternity :).

The paradox of illumination can similarly be described on a personal level.  Sit in completely dark room.  Really.  Completely dark.  What can you see?  Nothing.  You know little about your surroundings and can only sense your own body – in fact, you don’t even know how far your surroundings extend beyond your immediate sensations.

Now light a match.  The circle of illumination allows you to see a little of what is around you – but the perimeter and beyond are still dark.  Now light a candle.  The circle of what you can see illuminated by the light is larger than before, but the size of the perimeter beyond which you cannot see is also a lot larger than before.  The larger the light, the larger the area of illumination, but larger by far is the perimeter beyond which we know nothing.

The more we can see and the more we know and understand about the world around us, the larger the amount becomes that we don’t know.  In other words, as the circle of our knowledge grows, so does the amount of knowledge we cannot see and don’t know.  The paradox of illumination is the paradox of knowledge.  Perhaps that is why Michelangelo, when he was more than 87 years old, still said, “Ancora Imparo” (I am still learning).

Dear WikiLeaks, Here We Come. Sincerely, The Wall Street Journal.

The Wall Street Journal just announced it has established a secure mechanism that allows “newsworthy” materials to be uploaded to its separate, but internal, secure servers. The new service, Safehouse, is a logical outgrowth of the age-old newsgathering function. That noted, one can only imagine everyone scratching their heads saying, “What took you so long?” considering the international notoriety garnered by the most visible recent leak-gathering organization, WikiLeaks.

Legal Bytes was certainly not alone in highlighting the WikiLeaks phenomenon (see IMHO – Wiki Wiki True to Its Meaning), so it’s a bit surprising that traditional news organizations had not previously moved aggressively into the digital technology age with their news-gathering activities. That said, kudos to the industry for opting to enter the digital age on the input side of the process and create competition in this arena, just as competition among journalists has existed for centuries.

The presumption is the WSJ upload process will be secure and apparently anonymous – the accumulation of anonymous and pseudonymous tips, leaks and leads has long been part of every investigative reporter’s and journalist’s job. Other news organizations are also rumored to be working on similar services, although not having done an investigation myself, others perhaps may have already launched. The WSJ service will reportedly provide encrypted digital file transmissions and, according to the Safehouse website, will seek to minimize the amount of technical information (read that to mean, traceable information) that the service receives on its servers.

Joseph I. (“Joe”) Rosenbaum is a partner in the New York office of Rimon, global chair of its Advertising Technology & Media law group – oh, and is the editor, publisher and often author of posts on Legal Bytes.

IMHO – Wiki Wiki True to Its Meaning

According to Tech Terms, “wiki” comes from the Hawaiian phrase “wiki wiki,” which means “super fast.” I guess if you have thousands of users launching denial of service attacks (see below) against targeted web sites – well “super fast” spells super trouble. Which has prompted me to write this article “IMHO” (in my humble opinion) – IMHO being a social media nod to the kewl gnu SMS lingo.

So, doesn’t it seem as if this WikiLeaks thing has gotten out of hand? Now in fairness, in my view there are intelligent points being made on both sides of the issues – national security is important; so is freedom of the press and speech. There are also rights and responsibilities on both sides of the issues – private censorship is not something that sits well with those of us who value the right to hear and voice differing opinions and thoughts; yet using a “free speech” argument to allow someone to scream fire in a crowded theatre – even when none exists – can cause harm to innocent people and is, again in my view, irresponsible, if not illegal.

So if you have been following this Wikileaks issue, you already know about the leak of U.S. diplomatic cables by or through WikiLeaks, and unless you have been living under a rock, you have also noticed the arrest of WikiLeaks founder, Julian Assange. All of this has resulted in a dramatic and well-publicized series of “cyber attacks” from “hacktivists” primarily using a disruptive technique known as “denial of service attacks.”

Curiously, the arrest of Mr. Assange in London has nothing to do with the current controversy over confidential and sensitive material that is giving rise to the tensions across the Internet. Mr. Assange’s legal problems stem from an international warrant issued by Sweden, where he is accused of rape, molestation and unlawful coercion by two women in connection with sexual encounters he reportedly had while he was in Sweden last summer. Mr. Assange apparently confirmed the encounters, he has denied the allegations of assault, and he has not yet been formally charged in either of the women’s cases.

The disruptions on the Internet and outcry against his treatment (or the treatment of his company) are not about his personal problems, but rather have taken on a life of their own as a poster child for the principle of “information needs to be free.” Somehow, WikiLeaks has become a symbol, a rallying cry, for the cause of free speech and information transparency, being championed by activists around the world, the activities of some of whom has allegedly already resulted in:

  • The Swedish government website http://regeringsen.se was offline for several hours, and arms of the Swedish postal service, the websites of Swedish prosecutors, and at least one lawyer, were the targets of attacks.
  • Both MasterCard and Visa, whose banking and financial institution members stopped accepting payment transactions in support of either WikiLeaks or Mr. Assange’s defense, were subject to attack (e.g., reportedly Visa’s website and MasterCard’s “secure code” system was affected – in the case of MasterCard, apparently preventing some online transactions from being processed for several hours.
  • Just today we read of allegations and reports that Sarah Palin’s credit card information and the website of her political action committee were hacked because she referred to Mr. Assange on ABC News yesterday as “an anti-American operative with blood on his hands,” and U.S. Senator Lieberman’s website was impaired and anonymous SPAM faxes sent to the Senator’s office after he called for an investigation of The New York Times, which had published articles with details of the diplomatic cables leaked by WikiLeaks.

As Mr. Spock, the iconic “Star Trek” character played by Leonard Nimoy, might have remarked well into the future: “Fascinating!” Well the future is now.

So what should you do? First you should read my partner, Douglas J. Wood’s recent opinion piece on Corporate Counsel, entitled “Say Hello to the World’s New Sovereign Nations: Facebook, Google and RIM.”  (subscription required) When you finish, head straight to YouTube and watch the clip (my title) “There’s a War Out There” from the incredibly prescient motion picture “Sneakers,” with Ben Kingsley and Robert Redford. You might also grab a copy of An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths, by Glenn Reynolds. Oh, and in case anyone is thinking about my Legal Bytes post more than a year ago, entitled FTC (Revised) Endorsement Guides Go Into Effect, rest assured I have no interest (other than intellectual) in either my partner’s publication, the motion picture production, or the book or publishing company noted.

It is likely, some of the “attacks” may lead to criminal prosecution or civil litigation, or both. It is also likely that companies and governments may rethink their security and dependence on digital technology, as well as their activities and responses to events such as these. Protests of this nature, irrespective of one’s view or one’s “side,” are now occurring on a scale, orchestrated by individuals dispersed throughout the globe, in a manner that might make taking to the streets or holding passive sit-ins or hunger strikes in the halls of legislative bodies passé. Further, the effects of such activities on innocent people should not be underestimated. While the United States holds dear the Constitutional rights of free speech and freedom of the press, that does not include the right to create panic or harm or injury to others. There is a line between voicing one’s support and opinion, freely heard in the blogosphere, and illegal conduct that damages persons and property.

So after reading this and the references cited, ask yourself the following question: Is this a technology problem? A political problem? A national security problem? A public relations problem? A legal problem? It is probably worth noting, since my partner Doug Wood mentioned it after reading a draft, that the freedoms of speech and the press (and assembly, etc.) that are embedded in the U.S. Constitution are not the norm around the world. We often lose sight of the fact that these rights (and the passion and zealousness with which we cherish them and defend them) are not the global norm – yet. But, technology has enabled activities and communication unimaginable in the past. It can be a force for good or bad – sometimes both. Now comes the revolution? Fascinating! But that’s just my opinion.

Joseph I. (“Joe”) Rosenbaum is a partner in the New York office of Rimon, global chair of its Advertising Technology & Media law group – oh, and is the editor, publisher and often author of posts on Legal Bytes.

When Pressing Suits, Judges Tell Jurors Neither Social Nor Media is OK

A few months ago, Legal Bytes reported some important developments and judicial rulings concerning social media and freedom of the press in the United States (see, Freedom of the Press = Freedom to Tweet). But lest you be lulled into a false sense of security, freedom of the press only applies to the ‘press’ and not to jurors.

You have all seen the motion picture and television courtroom scenes played out numerous times. Evidence is admitted or not admissible. The jury is admonished to disregard certain remarks or testimony as inadmissible or irrelevant. Jurors are told they must reach a verdict on only the evidence that is allowable during the trial – nothing else. Now decades ago, a jury was told not to watch accounts of a case on television, or to listen to such on the radio, or to read newspaper articles about the case. Juries could be sequestered – squirreled away out of sight and, theoretically, out of harmful evidence’s way – until the verdict was rendered and justice done.

But today, with a mobile phone, PDA or any one of literally hundreds of devices – some no larger than a credit card – one can ‘tweet’ (www.Twitter.com), one can post to your or someone else’s wall (www.Facebook.com), one can upload photos (www.flickr.com) or videos (www.YouTube.com) or post to one’s own blog (www.LegalBytes.com). All from the convenience of the palm of your hand, purse or jacket pocket. One can also surf, search, ask and obtain answers across the web, almost instantaneously, with the press of a few buttons or the wave of one’s fingers across a touch screen. The interactive two-way communication and searches for independent information is at odds with our jury system that limits the juror’s knowledge base for decision-making purposes to what’s in her or his head when they walk in along with the evidence that is presented and deemed admissible by the court. Everything else is off limits – at least for administering justice. Although not the subject of this two-part blog posting, Legal Bytes has also covered the growing issue of whether a mindless application of disqualification criteria makes sense simply because you have a ‘friend’ or someone is ‘following’ you among the other thousands or millions of individuals on some social media platform (See, Florida Judges Can’t Have Friends).

But now back to our story. Just this past December, the Judicial Conference Committee on Court Administration and Case Management issued its “Proposed Model Jury Instructions – The Use of Electronic Technology to Conduct Research on or Communicate about a Case”. I know this will surprise you, but the basic do’s and don’ts they proposed are:

  • Thou shalt not undertake any independent research, use any outside reference works, dictionaries, surf the web, or use any digital or other means to try and get information about the case or anything related to the case.
  • Thou shalt not communicate with anyone about the case – anyone – not even other jurors. No mobile phones, email, Blackberry, iPhone, SMS text messaging, tweets, blogging, chat rooms or social media platforms. None, nada, zilch, zero, null, never. Period.
  • Thou shalt decide the case solely on the admissible evidence presented in the courtroom.

Sound familiar? While many of us recognize there are sophisticated rules and regulations established to ensure evidence is presented in a fair manner, consistent with the system of justice – protecting the rights of the accused and the accuser, the plaintiff and the defendant – jurors often are curious – curious about questions that aren’t asked or answered during the course of a trial. In motion pictures or television, we get to go behind the scenes. We can often see what the jury cannot. But real juries may not appreciate, under the constraints of a particular case, why some information is simply not available to them, some questions not permissible, some witnesses never called and some answers never provided. It’s far too tempting to try and find out and with today’s digital technology – well, it’s not that hard to do so – sometimes even believing one can escape detection when doing so.

So stay tuned. In the next installment of this post, Legal Bytes will take you on a brief tour of some court decisions over the last few years, starting from simple emails and online surfing by jurors, to jurors who post blogs in the middle of jury deliberations, to tweets before, during and after multimillion dollar civil trials. Yes, we even have jurors communicating to each other on Facebook during a trial. You just can’t make this up.

While the next installment is pending, if you need to know more – how social media can help or hurt your company in litigation – remember that Rimon has teams of litigators who not only know digital (e-)discovery, forensic evidence, security and other technology applicable to legal proceedings, but also know social media – increasingly relevant, for good or bad, in dispute proceedings. Need us to press your suit and avoid being taken to the cleaners? Contact me, Joseph I. Rosenbaum or any Rimon attorney with whom you regularly work and stay tuned for Part II – Jurors Behave, or We’ll Throw the Facebook at You!

Freedom of the Press = Freedom to Tweet

Twitter keeps hitting the newswires—in this instance, in a matter involving freedom of the press. You might have heard from time to time, especially in high-profile or emotionally charged cases, about judges who have used their power to control proceedings by restricting the use of certain communications equipment and mechanisms from within their courtrooms (e.g., use of mobile phones, video recording equipment, etc.).

From Pennsylvania comes an order from a Dauphin County judge refusing to bar reporters from sending Tweets during the course of a public and high-profile trial. In response to a motion by the defendants counsel, Judge Lewis, in a brief order, noted that “. . . to impose the proposed restriction would be premature and that the restriction itself is overly broad.”

In this particular case, the defendants were concerned that reporters, using Twitter inside the courtroom, would broadcast witnesses testimony, which could then be read or seen by other witnesses who were yet to testify. While refusing to ban Twitter to reporters, the judge did order the witnesses to avoid reading or listening to reports concerning the trial.

As icing on the cake, our own Rimon lawyers, Tom McGough, Mark Tamburri and Tom Pohl, won the order on behalf of the Associated Press and Pittsburgh Post-Gazette. Yes, Virginia, there is a place for social media in jurisprudence.

If you remember, Twitter was also the subject of some controversy in Pittsburgh during the G20 Summit last year. In that case, involving freedom of speech, police in Pittsburgh arrested a man who was using Twitter to send messages about the movements of police officers as protests were unfolding. Although the police sought to charge the man with aiding an illegal protest, the man was broadcasting what was easily visible in plain sight.

While commercial cases often involve money or intellectual property rights, or rights of publicity or privacy, cases are emerging that involve fundamental Constitutional rights. The law will need to move quickly into the digital and social media age in order to keep up. Some courts and judges are doing just that!

Need to know more? Contact me, Joseph I. Rosenbaum, or any Rimon attorney with whom you regularly work.

Privacy: FTC Announces the First in a Series of Public Roundtables

Earlier today the Federal Trade Commission announced details of the first of a series of Public Roundtables being held to deal with continuing efforts to examine, evaluate and determine if, and to what extent, regulation may be needed in connection with consumer privacy. In its announcement, the FTC specifically cites its intention to review privacy practices related to social networking, cloud computing, online behavioral advertising, mobile marketing, and the collection and use of information by retailers, data brokers and third-party applications.

The FTC’s announcement acknowledges the beneficial uses of information and technological innovation, while seeking to balance those against the need to protect consumer privacy. The first full-day session will be held Monday, December 7, 2009, at the FTC Conference Center at 601 New Jersey Avenue, N.W., Washington, D.C., and no registration is required. Those who cannot attend in person are welcome to go to FTC.gov and will be able to view the proceedings as a webcast.

The FTC has invited individuals and organizations to participate and/or to suggest topics. To participate, your request can be submitted directly to the FTC by email sent to privacyroundtable@ftc.gov on or before October 30th, and comments surrounding the issues to be discussed can be submitted on or before November 6th. The FTC has prepared a list of specific questions it intends to use in opening the dialog at this first in its series of public roundtable discussions and has invited written comments, as well as research submissions. Details can be found at the Privacy Roundtable Workshop page of the FTC’s website. Comments can be mailed to the FTC, or you can check the FTC website for instructions as to submitting comments electronically. Of course, Rimon stands ready to assist clients in preparing comments or providing representation, and if we can be of assistance, don’t hesitate to contact us. If you need to know more, please feel free to call me or the Rimon attorney with whom you regularly work.

Could the Government Seize Control of the Internet?

The text of the Cybersecurity Act of 2009 (the “Act”) is now available, and individuals, organizations and associations, and, of course, lawyers, are now starting to digest its contents.

This legislation, introduced by Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine), would appear to give the federal government sweeping and unprecedented authority over the Internet. Section 2 of the bill starts off with a lengthy series of observations about horrible things and consultants’ wisdom concerning our vulnerability to “attack.” Curiously, it is unclear exactly how the bill and the powers to be granted the government will correct that issue. But I digress.

So when the title of this post says “the Internet,” you’re kidding, right? Of course, you must mean government-operated networks or defense or intelligence systems, right? Well . . . not really. Hmm. Then you must mean those critical infrastructure systems related to national defense – you know, communications and transportation systems? Well . . . not exactly. You see the bill includes, within the meaning of systems and networks covered by the Act, “State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks.” In other words, we’ll know what they are when the President tells us what they are. Comforting for federal legislation, isn’t it?

“Non-governmental” includes financial institutions – then again, the government already owns a chunk of those anyway – wired and wireless carriers, electricity grids, gas and power systems, and air and rail transportation systems, to name a few. All of these are currently in the hands of private companies and management. Go ahead, name some systems that aren’t directly or indirectly critical or connected to critical systems – my refrigerator, for instance, or your digital music account.

There is even a section in the Act that proposes to enable the President, with almost no restriction, to shut down all message traffic on the Internet in an “emergency,” and to order the disconnection of all critical infrastructure systems in furtherance of national security. Now if that amount of authority, without any guidance or parameters built into the legislation, isn’t enough, here’s more. The bill also gives the Secretary of Commerce the right to access all relevant data concerning these critical infrastructure networks without regard to any provision of law, regulation, rule, or policy that would otherwise temper or restrict such access. No standards. No limits on what data or why. No opportunity for judicial review, much less intervention.

Curiously, just this past June, the Government Accountability Office (GAO), in testimony before Congress entitled Cybersecurity: Continued Federal Efforts Are Needed to Protect Critical Systems and Information, noted that continuing efforts to remedy systems security and network vulnerability needed far less dramatic remediation – fixing things like correcting insufficient access controls, better network management, inadequate or poor audit procedures, ineffective information security programs, and in some cases, simply adding encryption where none exists today. Critics of the Act have questioned whether granting the President far-reaching and ambiguous power is proper, but just as significantly, whether they will actually deal with the problem.

As with many legislative initiatives, this appears to deal with the aftermath of a cyber-attack, not at preventing one from ever occurring. Has it occurred to anyone that mandating standards for security, updating and maintaining security where appropriate, and simply requiring government or other critical systems to practice security measures that have been known for years or even decades, is much more likely to allow the nation to avoid and withstand a cyber-attack?

One can only wonder whether placing control of the Internet in the hands of the government might actually make vulnerability to a devastating cyber-attack greater. When the ‘net was first conceived, it was precisely it’s dispersion, diversity and lack of central control that was at its core, and its endearing and enduring characteristic. No one point of control, no single point of vulnerability. Redundancy, multiple pathways, mirror image reflections and files ensured that if one part was crippled, others would continue to function. True, times change, technology changes, and, so too, must our defense mechanisms and postures. But one has to wonder whether centralizing command and control in an emergency might not just give the bad guys a single point of vulnerability and failure to concentrate on, instead of making it more difficult – precisely when we need the Internet the most. Food for thought.

For information about security (can you say PCI compliance?) or privacy (GLB anyone?) or data breach assistance (is your identity safe?) look up Joseph I. Rosenbaum, send me an email, or contact the Rimon attorney with whom you regularly work. We are happy to help.

Your Medical Information; Just A Mouse Click Away – From Hackers?

This post was written by Adam Snukal.

Kathleen Sebelius, Secretary of the Department of Health and Human Services (“HHS”), hadn’t been on the job even two months when she found herself a defendant in a class-action lawsuit brought in the Southern District of New York. A registered nurse had brought the action against Ms. Sebelius, as well as the White House Office of Health Reform Director and the Administrator of the Centers for Medicare & Medicaid Services, alleging that certain provisions of the American Recovery and Reinvestment Act (“ARRA”) violate privacy rules central to the Health Insurance Portability and Accountability Act (“HIPAA”) and the federal Privacy Act.

The suit claims that pursuant to the ARRA, the development and implementation of a new health care information technology system that will create an electronic medical records database by 2014 will include Americans who are not covered by either Medicare or Medicaid (according to the lawsuit, Medicare and Medicaid only cover approximately 23 percent of the American population). This system, according to the complaint, poses a major threat to individual privacy, placing individuals’ personal health information “just a mouse click away from being accessible to an intruder.”

The action takes issue with ARRA’s provision allowing HHS to determine what constitutes the “minimum necessary” amount of personal health information allowed to be disclosed under HIPAA. According to the suit, “This technology will be used to deprive the Plaintiff and others of their fundamental right to privacy by requiring that their medical records be released by their health care providers and upon entry into the Health Information Technology maintained under the supervision of the Secretary will be made available without the permission of the Plaintiff to an unknown and potentially unlimited number of persons.” The action seeks an injunction to prevent distribution of payments for the purchasing of the electronic health care systems.

The standard of “minimum necessary” is a central tenet of the HIPAA laws, which require that when a health care provider uses or discloses personal health information, or requests personal health information from others, the provider must undertake reasonable efforts to limit itself to “the minimum necessary amount of PHI to accomplish the intended purpose of the use, disclosure, or request.” Under this standard, providers must develop policies and procedures that limit information uses, disclosures and requests to those necessary to carry out the organization’s work. That includes identification of those within the provider’s workforce that need access to carry out their duties, and reasonable efforts to limit access accordingly. HHS has been clear that the minimum necessary standard that health care providers are required to follow calls for the employment of a “reasonableness” analysis, so that a provider’s functions are not unduly restricted.

Few elements of HIPAA have generated more controversy than this standard, but if this court elects to embrace that standard, the likelihood of the success of this action on its merits may seem remote. HIPAA places a heavy emphasis on maintaining the privacy of an individual’s personal health information, and if the ARRA regulations applicable to the manner by which health information electronic systems are permitted to collect and share personal health information are consistent with HIPAA’s standard of reasonableness, there will be a substantial burden of proof for the plaintiffs to overcome.

If you need to know, you need to contact Adam Snukal—or you can always contact your favorite Rimon attorney who will be more than happy to help you.

Employees Off-Work, But Online

This post was written by E. David Krulewicz and Cindy Schmitt Minniti.

Facebook, MySpace and Twitter have become household names, a ubiquitous part of the daily lives of many and often a tool for keeping in touch with friends and family. These websites are increasingly being used by individuals to document their daily lives and activities, voice their concerns and post their opinions for the world to read and to respond. The business community has also turned to these “social media” websites as means for marketing their brands and, in some instances, for obtaining information about current employees and prospective job applicants. A series of recent cases reminds us there are significant risks related to the posting and/or use of information discovered on “social media” websites.

For example, in Pietrylo and Marino v. Hillstone Restaurant Group, a case pending in the Unites States District Court for the District of New Jersey, two individuals sued their former employer after they were terminated for posting complaints about their workplace on an invitation-only discussion forum on MySpace.com. Much to the employees’ surprise, managers from Hillstone Restaurant Group were able to access this discussion board (although the parties dispute whether the managers had a right to do so) and were less than pleased with what they read. The employees were quickly terminated and a lawsuit followed. 

In their complaint, the former employees assert their employer not only violated state and federal Wiretap and Stored Communications Acts by accessing the invitation-only forum, but wrongfully terminated them in violation of New Jersey’s public policy favoring free expression and privacy as embodied in the U.S. and the New Jersey Constitutions. Their employer has denied the claims and asserts the plaintiffs were “at-will” employees who could be terminated for any reason or no reason at all.

Ultimately, the question of liability may hinge upon whether the employees had a right to privacy for statements made online and whether the employer has a right to make disciplinary decisions based on an employee’s off-duty conduct.

Although legal commentators and privacy advocates debate how the trial will unfold when the case goes to trial later this summer, they all agree the case highlights real- world issues that can follow an individual’s seemingly innocent decision to post his or her thoughts on a social networking website. This is far from an isolated incident – indeed, the sports media recently reported a similar incident involving the Philadelphia Eagles’ termination of a long-time employee for disparaging the team’s management and its decision to release a prominent player on his Facebook page.  

While it is unclear if any of the companies in the cases above had a policy or provided instruction to their employees on these issues, it should not surprise you that increasingly business employers are finding they must do so. Clearly, before making decisions or taking action against employees for online, but off-duty conduct, employers should seek legal counsel from lawyers who understand these issues and can guide you in this dynamically evolving environment – where federal and state (and sometimes municipal or local) law may apply and little, if any, precedent currently exists. Worried? Need help? Need to understand more? Contact E. David Krulewicz or Cindy Schmitt Minniti or the Rimon lawyer with whom you work. 

Update:  Today, May 20th, after this story was posted, the U.S. House of Representatives also approved the bill regulating some common credit card and gift card industry practices. It is likely President Obama will sign the bill once it arrives on his desk.