California’s a Trendsetter—-This Time it’s Privacy

No longer merely the source of new fashion trends or technology movements (or McDonald’s), California is quickly becoming the thought leader in protecting consumer privacy. Two new laws, one which deals with personal information given to third parties for marketing (SB27) and another which obligates businesses to adhere to certain security requirements for using and storing personal information, both came into effect January 1, 2005. The new law requires businesses with 20 or more employees to give consumers detailed disclosures about not only what customer information they have shared with third parties, but also the contact information for and descriptions of those parties. Want to avoid the disclosure obligations? Simple. Allow your customers a free opt-out election from having their personal information shared. That said, you will still have to let your customers know how and to whom they can inquire about these requirements – even if your business offers the opt-out choice to consumers. By the way, if you are already subject to the stricter requirements of California’s financial privacy act, you are exempt. While there are some additional exemptions, they are narrow, and anyone doing business in California shouldn’t be too quick to conclude they are exempt without consulting legal counsel. California’s Office of Privacy Protection has drafted a set of recommended practices which attempts to harmonize the requirements of this new act with the California online privacy act, the state’s financial privacy provisions, the federal Gramm-Leach-Bliley Act, HIPAA, and European Union privacy directives. Good luck.

Do you or your contractors have sensitive personal information (e.g., names and addresses in combination with social security numbers and PIN numbers) that could lead to identity or financial theft if compromised? What about medical information about a person’s diagnosis and treatment? Start ensuring you have “reasonable” practices to protect that information from unauthorized access, use, modification and disclosure—and it doesn’t matter if the information is on paper or in electronic form. Both are covered. While the legislative history makes it clear that no one particular standard is “the standard” for “reasonable” security, a company will need to designate a specific individual who is responsible for the company’s security program, and will need to establish a security task force—including a compliance officer and legal counsel. To avoid running afoul of the standards, not only must practices and a task force be implemented, but companies will also have to demonstrate they periodically test and monitor how the security measures are working, make risk assessment, and fine-tune their security measures to keep them updated appropriately. Need employee training? Need help implementing background checks, confidentiality agreements, encryption and record retention/destruction requirements, and disciplinary measures? Call the lawyers at Rimon. We can help.

Remember California’s security breach notification law (we told you about this and you get another prize if you can identify the back-issue in which we did so)? That law requires businesses to disclose security lapses. This new law creates a new duty and standard of care. Lawsuits arising from breaches in security (you remember California’s Business and Professions Code section 17200) can now use AB1950 as a discovery prod to determine if your business has used and effectively maintains reasonable security measures.

Consider this: California has already passed more than a dozen laws to protect privacy—many of which have now spawned federal legislation, some already passed and others in process. SB186 bans unsolicited e-mail and AB1769 bans text messaging advertisements to cell phones and pagers. AB1733 mandates consent from customers before a wireless carrier can list their phone numbers in a 411 directory, and SB1436 restricts keystroke monitoring software, website tracking software, and software that attempts to control personal computers.

Sex, Crimes and the Internet

A federal Judge in New York State has altered the conditions that apply to the release program of a convicted child sex offender, restricting the individual’s access to the Internet. The judge ruled the use of the Internet, to find and lure victims, was such an integral part of the man’s crimes, that a ban on using the Internet is appropriate—even though his supervised work release job is computer programming. When this issue has previously been presented to a federal court in New York, Internet restrictions have been overturned. Here the judge distinguished those cases by noting that in this instance the offender had used the Internet to search for and attract new victims. Technology also played a role in this decision. Because of software incompatibilities, probation officials couldn’t monitor the individual at work. Because the employer develops software for cellular telephones, the employer was concerned about liability if a third-party is permitted to monitor the computer systems. Will this hold up? It is being appealed. Who knows? It again highlights how pervasive the Internet has become and how difficult questions continue to arise at the intersection of law and technology.

Voice Over IP—-The FCC Says “Can You Hear Me Now?”

In what is being hailed as a major victory for VoIP, the Federal Communications Commission ruled that some state telecommunications regulations do not apply to providers of “voice over IP” services, and ruled that states are barred from imposing telecommunications regulations on Internet phone service providers. The FCC clearly indicated that existing regulations which rely on where a call originates and terminates (“geography-based”)—relevant when the original laws and regulations were written—are increasingly irrelevant today. The decision calls into question the validity of numerous state regulations which conflict with the Commission’s policies and regulations, but the hard work is yet to come—the FCC still must draft rules for services that rely on the “Internet Protocol,” the backbone of the Internet’s infrastructure. The Commission also did not address whether cable service providers were or were not covered by this ruling. Dozens of states are currently trying to regulate voice over IP, nervous that revenues from telecommunications taxes will diminish as businesses and consumers migrate their voice traffic to the unregulated Internet, although the FCC’s ruling does not diminish the power of state to enact and enforce consumer protection laws for the benefit of their citizens. Taxation and other regulation, however, may be a different matter.

Film, Tax and Videotape

In an attempt to lure film and television production back to New York from cheaper or more tax-advantaged locations such as Canada and Europe where they have been headed in recent years, New York has passed a bill offering tax cuts to benefit films and television shows produced in New York, although the bill does not extend to commercial productions. The Empire State Film Production Credit Program, signed into law on September 28, provides a tax credit for 10 percent of the production costs of feature films and episodic television programs produced by companies that spend 75 percent or more of their facility-related production costs at a qualifying production facility within New York. The law also allows New York City to offer additional incentives, including a 5 percent tax credit on projects, credits for outdoor media marketing, and assistance with story development, scouting, vendor discounts and consulting.

In a related development, the UK has enacted new permanent and more generous tax relief for small British films to replace the old Section 48 relief, which is scheduled to expire in July 2005. The new tax relief applies to 100 percent of a film’s UK production and raises the “small” film budget for qualifying purposes from £15m to £20m. Qualifying films will be entitled to government subsidies worth up to £4m per film under the new law, and film productions with budgets of up to £20m will receive a tax waiver on their production costs, including overseas costs—subject to the condition that the film actually makes a profit. The government subsidies, worth up to 20 percent of the film’s budget, will be paid directly to the producers on completion of the film. Under current Section 48 regulations, subsidies went to third parties who funded the films. Now they will be paid directly to the film makers.

The British tax relief announcement comes on the heels of a recent (February 10, 2004) clamp-down on some of the UK’s largest tax equity film funds. Set up as sale-and-leaseback deals, these funds allowed British investors to acquire marketing rights to studio films in Britain, the United States and Canada, and enabled investors to write off the cost as an upfront tax loss and lease the films back to the studios for periodic payments over 15 or 20 years. The deals often provided an option for a studio buy-out after a shorter period of time, but those exit strategies were banned by the UK’s Inland Revenue in what has come to be referred to in the film industry as “Black Tuesday.” On that day, the Inland Revenue issued a tax rule change closing a loophole that allowed these funds to operate outside the existing Section 48 film tax break and permitted claiming production costs as tax losses. As if intent on delivering a one-two punch, in March the UK followed this with a prohibition against print and advertising funds that were bankrolling distribution of features from some of the major motion picture studios.

Critics point out that the consequences of these bans could be a dramatic decrease in films produced and shot in the UK, already reeling from a strong pound sterling and increased competition for film financing. We can only assume the newly announced Section 48 incentives, with its direct production credits and other attributes, scheduled to take effect in July 2005 when the current scheme expires, are intended to attempt to repair some of the tax damage done. Combining our poor sense of humor, film and legal expertise, we can only say, “The jury is still out; stay tuned: film at 11:00”!

Spyware Out of the News and Into the Congress

Most of you know “spyware” as pesky programs that install themselves on your computer – often tacked on to programs you intend to install – that do everything from tracking online browsing habits to stealing passwords and getting at sensitive data on your computer. But what about those programs that automatically download and patch your software or update your anti-virus definitions, or cookies that enable sites you visit to recognize you and customize your experience? Of course, you have also heard of “adware” -programs that trigger the delivery of online advertising (did I say pop-ups?) that target consumer preferences and activities.

Confused by the distinctions and attempts to sort out the definitions? There is clearly a legislative drive to prohibit programs from being installed on consumers’ computers without consent or knowledge and at least three spyware bills are winding their way through the U.S. Congress. Although it is unlikely a bill could reconcile the differences and reach the President for signature this session, there is clearly impetus to “do something,” and interests on all sides are lining up to shape the contours of legislation so as not to do away with all those “good” programs!

Confused about the definitions or worried Congress might get it wrong—or just wondering who cares? Pay attention. Much of the utility and appeal of the Internet is interactivity. Browsers and websites interact. Navigational tools and features which make browsing more efficient, reduce time, and provide a more customized – thus more useful—experience, are based on useful programs working in the background and which are helpful and desirable, if properly used—”properly” being the operative issue. If worded too broadly, legislation could prohibit tools that make sense. Imagine every advertiser, website owner, merchant and search engine being required go to every user with a new consent (“opt-in”) form! How will legislation be enforced if the website owner is in another jurisdiction? Need to follow this issue? Want to know more? Want to your voice heard? Call Rimon—we can help.

Online Contracts Are Valid (Everyone Knows That) – So Why More Litigation?

Only a few years ago, risk managers were concerned whether ‘click wrap’ or online contracts would create enforceable contracts. With laws and court cases over the years, the issue has been reasonably settled. They are. But the focus of recent cases has turned to the details—how is effective notice given online? Are there clauses or terms that require prominence to be enforceable? How can we determine if online formalities are sufficient for legal purposes? What about mandatory arbitration clauses? Are choice of law or choice of forum clauses enforceable? Are the assents necessary to waive one’s right to a jury trial or cut short the statute of limitations, the same as those prohibiting use of the website for illegal purposes? Can you bind a user browsing on the Internet to the terms of use when a website simply says “by browsing or visiting this site you must, and you agree to, comply with and be bound by our terms of use”? Do you always need the “I Agree” assent generally ascribed to contract formation. The answers are: it depends. Big surprise from a lawyer, right?

In general, common sense helps when creating online contracts (hiring a knowledgeable Rimon lawyer is good common sense). Ask some simple questions: (a) is your notice of terms reasonable and conspicuous, and can it be bypassed? (b) how do you know if a customer has agreed to your terms – by browsing, by clicking a link or by entering particular words of assent? (c) do the users have a choice if they don’t want to be bound by the terms – is it clear what they should do or not do? (d) are there laws that apply to your business, your industry or in jurisdictions you do business, that relate to online contracts? (e) is there a means to modify, terminate or otherwise alter the agreement—how will the customer know? and (f) keep records.

Some simple principles, but as you can appreciate, often easier to list in an outline than carry out in practice. And there are more. The cost of failure or noncompliance is high. Need to get it right? Call Rimon—we’ll help.

Outsourcing: NJ Governor Signs Executive Order

Outgoing New Jersey Governor James E. McGreevey signed Executive Order No. 129 requiring vendors seeking contracts with New Jersey State agencies to disclose any foreign countries in which the services are to be performed, and prohibits awarding such a contract unless there is no comparable domestic service, failing to use the vendor would cause economic hardship in New Jersey or would not be in the public interest for some reason. Excluded from the Executive Order are contracts with New Jersey’s public institutions of higher education, when the contract is for academic instruction, educational or research services.

Those Bright Ideas Will Cost You!

A little more than a year ago, Taco Bell was ordered to pay $30.1 million to two men who convinced a court they conceived the talking Chihuahua. Lest you think this is an aberration or that these men were opportunists trying to make a quick buck, you would be wrong on both counts. Outside suggestions are a source of potential ideas and potential liability. Companies would be well-served to learn a lesson from these cases.

Smart marketing companies have policies—even outside suggestion “units”—to handle those suggestions company strategists, executives and marketing professionals all say they welcome to better understand what customers want. This is not the place to belabor legal distinctions between market research, focus groups, customer satisfaction surveys and unsolicited outside suggestions, but these distinctions highlight the need to pay attention to potentially dangerous legal landmines at the intersection of intellectual property law and product development.

Imagine that a customer of a bank suggests to the branch manager that the bank issue travelers checks with dual signatures (they exist, so don’t you get any bright ideas) so vacationing couples can use them interchangeably. Now fast forward six months—the bank proudly launches its latest new product, the dual-signature travelers check. Guess the rest. Lawyers, letters, demands, assertions of ownership, misappropriated proprietary information—the suggestion was not an “idea” but a specific product development concept with specific implementation details. Talking Chihuahuas anyone?

Of course, if the company can prove its product was independently developed or in development before the suggestion came in, or that the branch manager threw the suggestion in the trash without telling anyone, showing it to anyone or keeping a copy—yes, the company may win the lawsuit. But do you really want to risk all those lawsuits and the cost of litigation to prove you are right? Settle or fight: each can be costly.

Dealing with outside suggestions should be a part of a company’s product development, brand management and marketing risk management strategy—optimizing the company’s ability to gather meaningful information while minimizing potential exposure to litigation liability and damages. Rimon has lawyers who have developed and managed these functions, counseled clients, conducted seminars, and drafted policies and procedures to do just that. Contact me at joseph.rosenbaum@rimonlaw.com. We are happy to help.

Internet Streaming Media—-The FCC Just Says Yes

Last month we reported the Ninth Circuit Court of Appeals found that Grokster and Streamcast Networks were not violating copyright laws by making software that allows people to swap digital content. Just a few days ago, over the objections from the motion picture, broadcast and professional sports industries, the FCC approved technology allowing digital recording services like TiVo to transmit television programming to subscribers over the Internet, allowing programming, for example, to be viewed anywhere an Internet connection was available. Digital recording services and streaming programs remotely threatens local advertising relevance and revenue, while still allowing viewers to edit out commercials. Advertisers are you paying attention??

Pop Goes the Lawsuit

This past June, we reported L.L. Bean filed suit against Nordstrom, J.C. Penney, Atkins and Gevalia alleging copyright and trademark infringement in connection with pop-up advertising. Bean has now settled with Gevalia and Atkins, who have agreed to damage payments (i.e., for trademark infringement), as well as agreeing not to authorize pop-up advertisements of their products on Bean’s website. Spyware has been the subject of significant controversy, and anti-spyware legislation has passed in Utah and is pending in Congress and in California, although the Utah statute is being challenged by spyware maker WhenU. It is likely lawsuits such as Bean’s will continue to be filed based on theories that not only are consumers annoyed by pop-up ads, but that they become confused by the advertisements as well.