Court Sanctions UBS for Destroying E-Mails

On July 20, the U.S. District Court for the Southern District of New York imposed sanctions against UBS Warburg for destroying relevant e-mail messages during the course of litigation (Zubulake v. UBS Warburg LLC, et al., 2004 U.S. Dist. LEXIS (S.D.N.Y, July 20, 2004)). The Court ordered UBS to pay expenses and attorney fees incurred by the plaintiff, granted plaintiff’s request for further discovery, and agreed to instruct the jury that a negative inference may be drawn against UBS as a result of the missing evidence. The case provides important guidance for counsel on electronic discovery issues and record management, and the Court notes counsel is expected to take some affirmative steps: (1) “identify sources of discoverable information”; (2) “put in place a litigation hold and make that known to all relevant employees by communicating with them directly” and not only repeat these instructions “regularly” but also “monitor compliance”; (3) “call for employees to produce copies of relevant electronic evidence”; and (4) “safeguarding any archival media” the client must preserve. Given the notoriety of the case, these practices will likely become a de facto standard in evaluating electronic discovery issues and requests for sanctions. Got litigators? Call Rimon—we not only have knowledgeable litigators, but we also have an entire team of professionals skilled in data management, record retention, and compliance in and out of litigation. Try us, you’ll like us.

Can You Grok This? Fans of Robert Heinlein Smile

In what may be a momentous ruling and certainly a setback to the music, film and entertainment industry’s effort to fight illegal on-line downloading and file swapping, on August 19, the three judges of the Ninth Circuit Court of Appeals upheld a lower court ruling that found that Grokster and Streamcast Networks were not violating the copyright laws merely because they made software available that allows people to trade digital content (e.g., movies, music). To be clear, the decision in no way condones copyright infringement, nor changes the law relating to the illegal use or theft of copyrighted materials, nor authorizes anyone to ignore the intellectual property rights of others. But harkening back to cases which look and feel (pun intended) much like the Sony Betamax cases years ago, the court ruled that this particular type of software—referred to as “file sharing” software—was designed in such a way that it could not be held illegal.

It is noteworthy that this is the same court that essentially brought Napster to its knees a few years ago with an exactly opposite conclusion. While critics will argue that the ruling is a descriptive guide to designing software that can avoid being caught in the web (another pun) of the Copyright Act, many others welcomed the ruling for bringing clarity to a murky area of the law and focusing on the distinctions which make some software and systems infringing, while others are not. For you technical gurus in the audience, the court found it significant that neither Grokster nor Streamcast used centralized databases or computer systems with programming file directories pointing to files on individual users’ computers—in other words, these systems didn’t direct other people (and couldn’t even intercept or prevent people) to actual or potentially pirated music, film or any other content. As with the Betamax cases, the court also found that although there were plenty of arguments (and evidence) provided in entertainment industry briefs noting that the vast majority of content exchanged by these programs was illicitly copied, the software Grokster and Morpheus (the software licensed by Streamcast), had other substantial non-infringing uses and thus could not be held illegal as a matter of law.

Spam Settlement Restricts E-Mail Marketing in New York

Last month, New York’s Attorney General announced a settlement against OptInRealBig.com, a bulk e-mail marketing company based in Colorado. Although much of the settlement focused on clearly deceptive spamming practices (e.g., using forged “sender” names and addresses to hide the source of the e-mail, using names of well-known companies without permission), it also prohibits false or misleading information in the subject line—so called “teaser” lines. As someone who receives lots of unsolicited email, trying to get me to open and read a particular message from someone I don’t know (or don’t think I know) is an increasing challenge to marketers. Using context or other snappy text in the subject line to get me to read these messages, when they cross over the line, may be considered false and misleading and a deceptive trade practice. Trying to induce me to read an e-mail by implying it is personal (i.e., from someone who knows me) or is part of the subject matter of messages I have sent to others, could be deceptive—especially if there is no readily apparent way of determining that it actually is unsolicited commercial e-mail.

The lawyers in Rimon’s Advertising & Marketing Group (yes, I am a member of that one too) are experts on counseling you and guiding you through the maze of laws and regulations so that you stay on the correct side of these lines. Not only are our litigators armed with first-hand experience in dealing with and defending these issues, but Rimon’s transactional and business lawyers are also widely regarded as among the most skilled and knowledgeable in the world. Whether counseling you about e-mail, web policies, “Spam Settlement Restricts E-mail Marketing in New York” privacy on the Internet, e-commerce, web-based sweepstakes, or simply helping protect one of your most valuable assets—your brand—Rimon has the capability and happy-to-help attitude you need. Try us, you’ll like us. Want to know more? Visit us at rimonlaw.com—or, better yet, check out our other resources at www.adlawbyrequest.com.

Think brands, teasers and tag-lines are unimportant? Think again. Few people may remember who Al Dvorin was—but everyone remembers his tag line!

Privacy is Back in the News

In last month’s issue, we mentioned (in “Gnu & Gnoteworthy”) the F.D.I.C. released a report entitled “Offshore Outsourcing of Data Services by Insured Institutions and Associated Consumer Privacy Risks”. Well, privacy issues are popping up all over the place again.

California Financial Privacy Act

The California Financial Privacy Act of 2003 became effective July 1st and requires banks to give customers the right to opt out of sharing information with bank affiliates with separately regulated lines of business and requires banks to get permission from customers to share information with outside companies. After the law was enacted, the American Bankers Association, Consumer Banking Association and Financial Services Roundtable filed suit claiming the Fair Credit Reporting Act—the federal law regulating sharing of information among affiliates—preempted state law and thus the part of the statute attempting to limit sharing of information among affiliates is invalid. Not so, said the Judge—to the surprise of bankers scrambling to comply—a recent notice from the California Department of Financial Institutions indicated it would begin enforcing the law immediately!

The Judge ruled that since the FCRA only applied to the sharing of “credit reports,” the California law covering a broader range of customer information was not preempted by federal law. Will the ruling be appealed? Will other states follow suit?

Continue reading “Privacy is Back in the News”

Spyware

A Utah statute, the first in the nation, entitled “The Spyware Control Act,” was originally scheduled to take effect on May 3, but has been delayed by a legal challenge brought by a New York-based company, WhenU.com. WhenU.com filed suit in Salt Lake City on April 12, seeking a declaration that Utah’s new law violates the U.S. and Utah Constitutions. WhenU.com claims the act—which targets software downloaded onto a consumer’s computer that triggers pop-up advertisements—unfairly targets online contextual advertising services that aren’t linked to websites, but instead sells ads based on consumer browsing preferences. The Utah Attorney General agreed to delay the effective date of the Act until the hearing to allow WhenU.com to seek a preliminary injunction delaying implementation of the law. WhenU.com hopes it can persuade the court to delay enforcement until a trial can be held to test WhenU.com’s claims that the law is unconstitutional. At the hearing, WhenU.com’s lawyers argued that regulation of advertising on the Internet is a matter of interstate commerce subject to federal, not state, jurisdiction. Arguing the State’s case, lawyers noted that disrupting a consumer’s browsing and highlighting competitors goods and services is the kind of consumer protection the Utah Legislature has a right to prohibit. In protecting consumers, lawyers for the State also argued that computer users are often tricked into installing such software without adequate disclosures and then find it difficult to remove when unintended or unwanted consequences arise.

WhenU.com noted its software is only installed with consumer consent and that pop-up ads offer consumers useful free features (e.g., weather, screen savers, tool bars) in exchange for allowing software that tracks browsing habits and generates related ads on the screen. With such context-based advertising software, a consumer browsing mortgage lending websites might be offered home loan information from one or more lending institutions. Stay tuned.

L.L. Bean Sues Over Pop-Up Ads

L.L. Bean filed lawsuits last month against Nordstrom, J.C. Penney, Atkins and Gevalia alleging they used pop-up ads that appeared when customers visited the retailer’s website. Each of the retailers named in the action had retained Claria, a software company that creates programs which track browsing habits on the Internet and cause windows or “pop up” advertising displays to appear on the user’s computer screen when the user’s browser visits specific websites. At least one State has already enacted legislation attempting to prohibit certain types of software that trigger such pop-ups (See “Spyware”).

Disaster Recovery – The Short List

Disaster recovery and continuity planning is still on everyone’s mind. Recent trends focus on data management and recovery—not necessarily to ensure continued operations in the event of an unplanned interruption, but most notably to ensure that regulators can monitor, audit and enforce compliance with the laws and regulations that have arisen in the wake of 9-11, and the corporate ‘scandals’ that have plagued businesses over the past few years.

But as many of you know, record-keeping and data backup is only a piece of the puzzle, albeit an important one. Two years ago (September 2002), Rimon conducted a legal briefing to review the issues related to continuity planning, and this month we thought it might be helpful to repeat some of the simple tips that may help you think about disaster recovery. Of course, if you would like a copy of the presentation, or help, just let us know.

  • Get senior management support: Without it you have no money or authority.
  • Identify, evaluate, prioritize: Which critical operations must continue?
  • Retrieve and restore: What resources need to be available?
  • Plan, plan, plan: Alternate locations, communication methods and control centers. Avoid single points of failure.
  • Money: Emergency cash and lines of credit.
  • Communicate: Media, emergency personnel, employees, customers and suppliers.
  • Practice, practice; Test, test, test: Got the message?
  • Educate, train and inform: Everyone should be advised and trained in his or her role.
  • Update, plan, update, plan: Continuity planning is a continuous process.
  • Insurance: Not prevention, but damage control and worth considering.
  • Consider others: Employees, customers, suppliers, business partners. Involve those who will be affected, to the extent you can.
  • Think relationship, not lawsuit: Contracts can be roadmaps for cooperation.
  • Tear up the plan and start again: What if your primary plan doesn’t work?
  • Think globally, act locally: International operations have international problems.
  • Safety first: Safety of people is the first priority. Good people can overcome the toughest challenges—treat them accordingly.

It’s Often the Little Things that Count – Here are Two

Last month, we brought you information about outsourcing—a topic making news daily. This month, we bring you smaller news with potentially bigger implications.

In the biblical prophecy of Isaiah, the wolf lives with the lamb, the leopard lies down with the kid and a little child shall lead them. You can draw your own conclusions as to who are lions, lambs and the little child, but a few days ago, the unthinkable occurred. Sun Microsystems and Microsoft reached peace by dropping most claims, cross-claims and the vitriolic debate raging since 1997 when Sun sued Microsoft alleging violations of its Java license terms. With a trail of litigation which includes U.S. and European antitrust regulators, the announcement is nothing short of astounding. Yes, it remains to be seen whether years of mistrust will dissipate and lead to true cooperation, but this is not simply a truce between two rivals. The Wall Street Journal quotes Tony Scott, Chief Technology Officer for General Motors, as saying “What we try to do is educate them on the real pain customers go through when you have multiple incompatible standards and technologies.” Instead of customers being forced to figure out (and pay for) solutions to interoperability and compatibility problems, vendors are now being pressured to do so. Is this the beginning of a trend? Too soon to tell, but this truce is a big deal—Mr. Scott represents a customer!

And now, number 2. Perhaps we have become less concerned about providing information to “friendly sites,” but Yahoo! has introduced a “paid inclusion” product which allows advertisers to guarantee their sites will show up in searches—although payments do not change the order in which results are displayed. Not to be outdone, Google’s new “G-mail” will have context-based advertising derived from—are you ready—a scan of key words in G-mail received by subscribers, which customizes advertising based on information in the e-mail. G-mail a friend about bowling and you may see a pop-up coupon for a local bowling alley. Marketing professionals and advertisers point to the fact that G-mail is an opt-in service and consumers have shown they are willing to give up privacy to obtain greater levels of convenience.

For the record, cookies were invented to allow you to have a shopping cart and accumulate items when going web shopping. Fast-forward past cookies to
spammers, phishing, pop-ups, invisible GIFs, web bugs, intelligent bots and spyware to this latest announcement. Google can now accumulate a detailed
dossier of individual consumer preferences and the contents of e-mails. No one is suggesting Google would abuse such information or that subscribing is not
truly voluntary, but not only do we know what you did last summer, soon we may also be able to tell you what you are planning next summer.

Privacy Policies to be Required by California on All Commercial Websites

California has done it again! The nation’s toughest anti-spam law, the first database security breach notification law, and now the first state to require commercial website owners and online service providers to adopt and communicate privacy policies, ensure policies satisfy certain minimum standards, and pay penalties if they fail to conform.

California’s Online Privacy Protection Act of 2003 becomes effective July 1, 2004, and applies to commercial website owners and online services that collect and maintain “personally identifiable information” from a “consumer” residing in California. This will likely apply to all businesses selling goods or services online in the United States. To comply, among other things, the privacy policy must identify the categories of information collected; third parties who have access; how a consumer may review and correct information; and how consumers will be notified of changes in the policy. The statute also requires website owners to “conspicuously post” a privacy policy on their websites. A website owner can satisfy the requirement by posting the policy on its home page or by providing a hyperlink from that page to the policy. The link must include the word “privacy” and meet certain case, type size, font, or contrasting colors or marking requirements that call attention to the link and the policy. Online service providers must use “reasonably accessible means” to make its policy available.

This act is a good reason for businesses to review existing privacy, website and online practices. Re-examine privacy promises and consider liability waivers. If you have not yet adopted a privacy policy, now is the time to do so!

The Buzz About Sourcing: Out, Near, Offshore, Strategic, Corporate, In…

Not a day goes by that outsourcing isn’t in the news. Not just news, but NEWS. The Wall Street Journal, Information Week, The New York Times, Financial Times, CIO Magazine, American Banker. “Press 1 for Delhi, 2 for Dallas,” “Prove It’s Secure: Legislators Want CIOs and Service Providers to Show that Customer Data Sent Overseas is as Safe as it is at Home,” “Global Talk Gets Cheaper—Outsourcing Abroad Becomes Even More Attractive as Cost of Fiber-Optic Links Drop,” “Offshore Outsourcing: How to Safeguard Your Data in a Dangerous World,” “Weighing the Benefits of Offshore Outsourcing,” “Big-Bank Perspectives on Offshore Outsourcing,” “Lesson in India: Not Every Job Translates Overseas,” “Business Coalition Battles Outsourcing Backlash,” “More Work is Outsourced to U.S., Than Away From It, Data Show,” “Offshoring Can Generate Jobs in the United States”—well, you get the picture. Senator Liz Figueroa (D-Calif.) is seeking legislation prohibiting consumer medical and financial data from being sent overseas without assurances of strong privacy safeguards (remember the U.S. position on the European personal data directive?). Even Alan Greenspan has weighed in, cautioning, “These alleged cures would make matters worse rather than better.”

Both providers and customers consistently articulate several key themes. Many third-party providers can do it cheaper, faster and at higher quality – processing is their business – not yours. Third-party providers survive by keeping up with technology, training personnel and responding to changes quickly and efficiently – often a secondary priority and a headache for other companies. Further, companies are recognizing that allowing a third-party to perform functions and assist in providing services rarely requires relinquishing control or responsibility – in fact, proper management increases, and almost always in a positive way.

Like it or not, outsourcing is likely to remain a significant weapon in management’s arsenal of choices in managing business—an alternative available for consideration as requirements change. Although perhaps obvious, an outsourcing transaction should take into account the following key issues:

  • All or Some?—Assess needs, evaluate priorities, costs and requirements, and understand which functions, process or operations should be outsourced and which retained. Outsourcing is a tool, not an end in itself.
  • Control, Flexibility & Cost—A delicate balance considering the difficulty and implications—especially when entrusted to a third party, or if you are a third-party provider. Agreements must address varying objectives, priorities, customers and suppliers—hardly a trivial exercise.
  • Human Resource—Outsourcing affects employees: seniority, pensions and benefits, decisions involving termination, changes in salary, and even relocation. Immigration issues arise when moving people around—even for temporary training or other assignments.
  • Performance Standards—Defining and prioritizing standards is difficult enough internally and fixing accountability in a contract even more so.
  • Corporate Compliance, Privacy & Security—These issues require careful examination. Functions can be outsourced, but rarely can the responsibility.
  • Relationship Management—Customer and provider must develop a solid working relationship—in operation and spirit. From shifting priorities to changing performance standards—there is no substitute for a strong, effective team approach.
  • International—Global outsourcing gives rise to issues relating to currency fluctuations, differing intellectual property protections, privacy and transborder data flow, surveillance and security, governing law, dispute resolution, and interpretation and enforcement of contracts in local courts; and
  • Insourcing—Sometimes forgotten, no decisions are permanent. Leave room to re-evaluate or move functions from one service provider to another in an amicable transition process. Businesses, operations, requirements and costs change—don’t lose flexibility.

Did you know Rimon has significant experience in handling sourcing transactions—near, offshore, strategic and otherwise? Did you know Rimon may be the only law firm with attorneys here and abroad who have handled major international and multinational outsourcing transactions for financial institutions, airlines, health care providers, telecommunications and manufacturing companies, to name a few? Did you know Rimon lawyers are adept at looking at both the purely legal and contractual issues, as well as counseling clients for success and guiding clients through the process?

Whether understanding sensitivities of internal employee concerns, or preparing RFPs and negotiating and managing these complex contracts, Rimon lawyers understand and handle risks and issues new and unknown to many organizations—a host of human resource and performance issues, assignment, immigration and employment, warranty, insurance, indemnity and liability questions, growth, change control, customer service and termination issues. How to handle a migration plan? What about our people? What if I can’t get the service I need? What if my needs, my systems, my operations or my processes or my business changes?

The implications are large, the risks enormous and the complexity overwhelming—don’t skimp on retaining people with the right expertise, including lawyers. Want to know more? Want to schedule a customized in-house seminar? Contact Joe Rosenbaum in the U.S. at joseph.rosenbaum@rimonlaw.com and let us help you.