Health Care in the Clouds: Not Always Fine on Cloud 9

Many of you are already familiar with the series of individual and topical cloud computing white papers that we launched in 2011. We spent the next months and years compiling these articles into a comprehensive work entitled, “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing.”

The Consumer Finance Law Quarterly Report previously published two of our articles associated with “cloud-related” legal issues: The first applicable to financial services [65 Consumer Fin. L. Q. Rep. 57 (2011)] and the second related to advertising and marketing [65 Consumer Fin. L. Q. Rep 431 (2011)].

Recently, Joe Rosenbaum and Nancy Bonifant were privileged to have an article they wrote published as the third in the Consumer Finance Law Quarterly Reporter’s cloud computing series, and you can read the article right here: “Health Care in the Cloud: Think You Are Doing Fine on Cloud Nine? Think Again. Better Get Off My Cloud” [67 Consumer Fin. L. Q. Rep 367 (2013)]. The article represents an updated version of the article originally posted right here on Legal Bytes [See Transcending the Cloud – Health Care on Cloud 9? Are You Doing Fine?].

For more information about the implications of cloud computing and technology on health care, privacy compliance, and related legal matters, feel free to contact me, Joe Rosenbaum, or Nancy Bonifant or the Rimon attorney with whom you regularly work, and we can make sure you get the guidance and help you need to navigate the clouds.

Insight from California’s Special Assistant Attorney General for Technology

In a recent interview with Travis LeBlanc, California’s Special Assistant Attorney General for Technology, Amy Mushahwar and Joshua Marker of Rimon’s Data Privacy, Security & Management practice, obtained some interesting insight on California’s new Privacy Protection and Enforcement Unit. Mr. LeBlanc addresses current and upcoming privacy trends, and the focus of California’s enforcement actions.

You can read the entire discussion and the insights obtained right here: Rimon Attorneys Interview Travis LeBlanc, of California’s New Privacy Protection and Enforcement Unit

As always, if you need help or more information, contact the Rimon lawyers mentioned above; me, Joseph I. Rosenbaum; or any of the Rimon lawyers with whom you regularly work.

White House Releases Privacy Report and Calls For a Consumer Bill of Rights

Earlier today, Secretary of Commerce John Bryson and Federal Trade Commission Chairman John Liebowitz outlined the Obama administration’s strategy for ensuring “consumers’ trust in the technologies and companies that drive the digital economy.” On the heels of their announcement, and although it is dated January 2012, the Department of Commerce released a long-awaited report entitled “Consumer Data Privacy in a Networked World, A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy,” the administration’s roadmap for privacy legislation and regulation in the years ahead.

The announcement and privacy blueprint envisions a comprehensive and integrated framework for data protection, rather than the current sector-patchwork-quilt approach, and is comprised of four key pillars: (1) a consumer privacy bill of rights; (2) a multi-stakeholder process and approach dealing with how such a bill of rights would apply in a business context; (3) more effective enforcement; and (4) greater commitment to harmonization and cooperation in the international community.

The Report outlines the seven principles of its proposed Consumer Privacy Bill of Rights and, although calling for legislation and regulation to codify and memorialize these rights, also sets out consumer privacy standards that companies are asked to immediately and voluntarily adopt in a cooperative public-private partnership. These seven principles are:

  1. Individual Control Through Choice
  2. Greater Transparency
  3. Respect for Context
  4. Secure Handling
  5. Access & Correction Rights
  6. Focused Collection
  7. Accountability

The Report notes that a company’s adherence to the voluntary codes will be viewed favorably by the FTC in any investigation or enforcement action for unfair and deceptive trade practices. By implication, a company that does not adopt and follow these principles might be used as evidence of a violation of Section 5 of the FTC Act, even if federal legislation is not passed on the subject. The FTC is expected to soon release its Final Staff Report on Consumer Privacy that will be consistent with the Obama administration’s proposed Framework Report. The report reinforces the administration’s commitment to international harmonization, and also touches upon the role state attorneys general in the United States can play. While we are still reviewing the details – and more will likely be forthcoming from the administration in the weeks and months ahead – Legal Bytes will keep you on top of these developments as they arise.

You can read the entire report right here: Consumer Data Privacy in a Networked World, A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.

These are developments that affect all businesses, domestic and multi-national, global and local, consumers and regulators. The complexity and challenges of compliance should not be underestimated, nor should the administration’s commitment to follow the roadmap outlined. Rimon has teams of lawyers who have experience and follow developments in privacy and data protection, from prevention and policy to compliance and implementation. If you want to know more, need counsel, need help navigating, or if you require legal representation in this or any other area, feel free to call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon lawyers with whom you regularly work.

Robocop Fights Robocalling

In the 1987 film "Robocop", directed by Paul Verhoeven, a terminally wounded cop returns to the police force as a powerful cyborg, albeit with haunting memories, to fight crime and evil. Fast-forward to 2012 and "robo calling."

One of the government’s main consumer cops, the Federal Communications Commission, has acted to tighten rules regarding the use of so-called "robo calling" (ok, it’s auto-dialing systems). The FCC’s official order has not been released, but the following is clear:

  • Express written consumer consent in advance will be required before using an autodialer or prerecorded message
  • You can no longer rely on an "established business relationship" as an exception to the prior written consent requirement
  • Each robocall must include an automated opt-out mechanism
  • Rules governing abandoned or "dead air" calls will be tightened

When the final regulations and order designating the effective date and detailing precisely how these rules will be applied are released, we’ll bring you the news; but in the meantime, you can read more about the FCC’s action and its thinking right here: FCC Approves Order to Tighten Regulatory Treatment of Robocalls Under the Telephone Consumer Protection Act.

As always, if you need legal or regulatory counsel, call me, Joseph I. ("Joe") Rosenbaum, or any of the lawyers highlighted in the full client alert, or, of course, the Rimon lawyer with whom you regularly work.

Stealing Limelight from Hollywood, California Shines the Light on Privacy

California’s Shine the Light Act, California Civil Code 1798.83, responded to the perceived need for transparency and provides consumers certain rights in connection with how businesses share information about California residents for purposes related to direct marketing. The regulatory team at Rimon has prepared a Rimon Shine the Light Act Reference Guide; and while the Act doesn’t apply to every business, if it does apply, liability may be as high as $3,000 per violation. You can view the entire blog posting on our sister GRE Law Blog.

As always, if you need guidance from lawyers who have experience and resources aligned to deal with these issues, call me, Joseph I. (“Joe”) Rosenbaum; any of the lawyers highlighted in the posting; or, of course, the Rimon lawyer with whom you regularly work.

ICONfusion Creeps Into Interactive Advertising Awareness

Earlier this week, ClickZ reported that the improper use of the Digital Advertising Alliance’s behavioral icon

is threatening to dilute the self-regulatory effectiveness of its campaign to educate consumers on the risks of online behavioral advertising, and enable them to make an informed judgment in seeking to control the use of their browsing behavior across multiple websites. Legal Bytes has previously reported the initial development and launch, as well as the growing acceptance of the industry’s self-regulatory efforts (just search us for “behavioral advertising” or follow the links through any of our prior posts – e.g., Self-Regulatory Ad Industry Effort Continues to Drive Forward). While the icon has gained wide acceptance as part of the advertising industry’s self-regulatory initiative (See Advertising Industry Collaboration Releases Self-Regulatory Online Behavioral Advertising Principles), using it inappropriately or inaccurately may cause consumers to be more confused, rather than educated.

You might be tempted to argue that if advertising that does not involve behavioral information nonetheless includes the DAA icon, what’s the harm? However, if the objective is to educate consumers about the distinctions in how their information is collected and used by advertisers, agencies, network publishers, browser publishers and others in the interactive ecosystem, confusion fuels the concerns already raised by consumer advocacy groups, regulators and lawmakers alike – and that’s counterproductive.

The good news is that the industry campaign to stimulate adoption of the self-regulatory guidelines and the inclusion of the icon in relevant advertising is gaining momentum – a sign the industry can and will police and regulate itself. Innocent mistakes in the name of compliance are certainly better than abuse or ignorance, so let’s not be too quick to throw stones. That said, as consumers increasingly see the icon and begin to appreciate, and take advantage of, the self-regulatory efforts, it behooves the industry to do a better job of making sure the educational component is consistent and not ICONfusing!

As always, if you need more information about the advertising industry’s self-regulatory initiative, advice regarding compliance, or legal help in understanding the dynamic and ever-changing environment of online and mobile interactive advertising, marketing and privacy, call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon attorneys with whom you regularly work – our lawyers deal with these issues every day.

Transcending the Cloud – Financial Services: Show Me the Money!

This post was written by Joseph Rosenbaum, Adam Snukal and Leonard Bernstein.

Welcome to the New Year. As they do each year, clouds, together with some sunshine (and a cold winter blast periodically in our Northern Hemisphere), roll in, too.

Last year we published a number of topical updates to our Cloud Computing initiative – new chapters and white papers intended to provoke thought, stimulate ideas and, most of all, demonstrate the thought leadership Rimon attorneys bring to bear when innovative and important trends and initiatives in the commercial world give rise to new and interesting legal issues.

So here, from Adam Snukal, Len Bernstein, and Joe Rosenbaum, is a glimpse at some issues that apply to the world of financial services arising from Cloud Computing. This next chapter in Rimon’s on-going series, “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing,” is titled “Look, Up in the Cloud, It’s a Bird, It’s a Plane, It’s a Bank.” This white paper examines the issues that arise within financial services institutions in the wake of complex and evolving regulation and scrutiny, and we hope it provides some insight into the considerations and concerns that apply, even while the industry and the regulatory landscape are still evolving. A special note of thanks to Anthony S. Traymore, an Advertising Technology & Media associate and a good friend and colleague, who has now joined the legal department of a Rimon client. Anthony was instrumental in helping put the initial topical white paper draft together while at Rimon, and we like to give credit where credit is due – both here and in the white paper itself. Thanks Anthony.

As we do each time, we have updated the entire work so that, in addition to the single “financial services” white paper, you can access and download a PDF of the entire “Transcending the Cloud: A Legal Guide to the Risks and Rewards of Cloud Computing” compendium, up to date and including all of the previous chapters in one document.

Of course, feel free to contact Adam Snukal, Len Bernstein or Joe Rosenbaum directly if you have any questions or require legal counsel or assistance related to financial services. Make sure you subscribe via email or get the Legal Bytes RSS Feed so you are always in touch with our latest information. And if you ever have questions, you can always contact any Rimon attorney with whom you regularly work.

Privacy & Data Security Bills After the Midterm Elections

The midterm elections will likely result in a shift of political power within the House of Representatives. The resultant divided government is likely to impact the current ambitious privacy and data security legislative agenda. Rimon Washington D.C. Data Privacy, Security & Management attorneys Judith Harris, Christopher Cwalina, and Amy Mushahwar have published an analysis of their predictions for 2011 legislative priorities as the incoming crop of legislators move from campaign mode to governance. Please see their article in Information Security.

Court Rules Twitter Libel is Stale, and Neither Ripe Nor Moldy

Back in July, Legal Bytes posted a report (Landlord Can’t Let Tweet sMOLDer) about a Twitter "tweet" posted by Amanda Bonnen, that contained the following statement: "Who said sleeping in a moldy apartment was bad for you? Horizon realty thinks it’s OK."

Back then we told you that Horizon Group Management, the landlord of the apartment building involved, filed suit in a Cook County Illinois Court for libel, alleging that it was a "malicious and defamatory" tweet about the state of her apartment. 

Well this past Wednesday (Jan. 20, 2010), Cook County Circuit Court Judge Diane J. Larsen dismissed the suit, and Ms. Bonnen’s attorney indicated the judge described the posting as too vague to constitute libel under the legal tests applicable to such a claim.

To support a claim of libel, Horizon would have had to show that Ms. Bonnen wasn’t merely offering her opinion, that the statement must be reasonably understood by everyone to refer to the specific entity—in this case, this particular Horizon realty company—and that there was actual harm that can be proved, flowing from the statement. The fact that the statement was made on Twitter, and consequently widely available across the Internet, doesn’t change the standard one must meet to prove libel, and the judge dismissed the case. 

As you can guess, these aren’t the only cases involving defamation in the context of social media. For example, the action against Courtney Love, wife of the late Kurt Cobain, is alive and well. You might recall that case arose when a fashion designer claimed Ms. Love tweeted that the designer was a drug addict, a prostitute and called her a "lying hosebag thief." As we reported in Legal Bytes this past August (Court Orders Google to Turn Over Blogger Identity Information), cases of defamation become even more complex when the identity of the actual "tweeter" is hidden behind a pseudonym.

These cases all hinge upon the friction created by social interaction. Defamation is not a new concept, and whether broadcast over radio waves or propagated across the web, it should come as no surprise that when human beings populate the borderless universe of cyberspace, these interactions can give rise to legal actions. The laws that apply to publicity, privacy, libel, deceptive advertising, unfair competition and intellectual property may need to be applied or viewed differently, but they don’t disappear simply because the content is digital. Need to know more? Contact me, Joseph I. Rosenbaum, or any Rimon attorney with whom you regularly work.

Court Orders Google to Turn Over Blogger Identity Information

Earlier this week, New York State Supreme Court Judge Joan Madden ordered Google to turn over account information about an anonymous blogger to model Liskula Cohen in order to enable her to pursue a claim of defamation. The blogger had used Google’s blogging service to create a blog entitled “Skanks in NYC,” and had posted pictures and references to the model that were anything but flattering, and which, she claimed, lost potential opportunities for her. When Ms. Cohen originally sought to find out who had posted the content, predictably Google resisted, maintaining that its privacy policy does not permit the disclosure of the blogger’s account information.

To put this in perspective, the protection of free speech—especially anonymous speech—is a concept in American jurisprudence and history that traces its roots to Thomas Payne’s pamphlet, Common Sense. First published in 1776, it anonymously challenged the authority of Great Britain in the New World and is widely regarded as the first work to openly ask for independence for the Colonies from Britain.

Since then, state courts have varied on just how wide those rights go and for what purposes protection is appropriate. Although I am hardly a First Amendment lawyer or a Constitutional scholar, the legal issue still seems simple. If the speaker—anonymous or not—is expressing ideas or an opinion or belief, he or she is more likely to enjoy protection. While there are limitations on freedom of expression (e.g., yelling “fire” in a crowded theater), political expression has typically enjoyed greater protection than “commercial” speech—one being fundamental to a society’s encouragement of the free flow of ideas, the other designed to promote a product, service or brand in a free market economy. On the other side of the spectrum and generally not protected, would be public expressions that are clearly and solely intended to hurt someone, where actual harm can be shown from intentional or malicious public expression or, as was determined by the New York court here, where an illegal act was or was likely to have been committed—in this case, defamation.

While it is difficult to pinpoint a single factor that will always favor protection, anonymity is a strong legal shield U.S. jurisprudence holds dear to protect individuals from the potential swords of those in power, or from anyone who might seek to stifle dissent or ideas that might be unpopular. For example, in 2005, a blogger who ranted against a politician, accusing him of “obvious mental deterioration,” was ultimately protected by the Delaware Supreme Court expressing concern over the potential “chilling effect” on anonymous speech. The blogger in this case was referring to a politician, and the court ruled that in order to justify revealing the identity of an anonymous blogger, the plaintiff must provide evidence sufficient to all the elements of the claim if the case were to go to trial. Because the court concluded no reasonable person would believe the blogger’s statements to be factual, no action for defamation could be sustained, and the court dismissed the case. You can read the Delaware Supreme Court’s decision in full right here, but clearly for bloggers, this represented a significant landmark and affirmation of the substantial protection afforded anonymous posting.

In a subsequent 2008 case, a Maryland Court of Appeals decision (Independent Newspapers, Inc. v. Zebulon J. Brodie) similarly concluded that anonymous posts should be protected, and set out an approach first detailed in a New Jersey case (Dendrite Int’l, Inc. v. John Doe No. 3) describing the steps judges should take in deciding whether to compel disclosure of anonymous online speakers in cases that come along in the future.

Unlike the previous cases, and potentially distinguishing this case, is the fact that the blogger here targeted Ms. Cohen intentionally, exclusively, and individually; and while the defendant argued the postings were just “trash talk” and only opinion, Judge Madden noted that if Ms. Cohen could prove the blogger’s statements were factually inaccurate, it would refute the argument that the posts were merely opinion and would support a legal claim of defamation.

As we have previously noted in Legal Bytes in articles describing the FTC’s efforts to regulate the blogosphere, and in presentations we have made, it is clear that online speech is coming under increased scrutiny, and that regulators and courts appear to nibbling away at the virtually complete immunity anonymous bloggers once seemed to enjoy, seeking to define the contours of what is or is not permissible conduct on the web. Does anyone remember the term “netiquette”?

For more information, or for assistance with issues like these or any social media, online, digital content, gaming or matters that meet at the crossroads of advertising, technology & media, look up Joseph I. Rosenbaum, send me an email, or contact the Rimon attorney with whom you regularly work. We are happy to help.