Landlord Can’t Let Tweet sMOLDer

If you have been wondering what happened to the third grade line “there’s a fungus among us,” we have the answer. It seems a “tweet” made available May 12, 2009 on Twitter contained the following statement: ". . . Who said sleeping in a moldy apartment was bad for you? Horizon realty thinks it’s OK." Since the tweet is alleged to be available publicly for the world to see on Twitter, that didn’t seem particularly humorous to the management of the apartment building in which the Tweeter lives.

So non-humorous in fact, that Horizon Group Management, landlord of the apartment building in question, has filed suit in a Cook County Illinois Court for libel, alleging this was a "malicious and defamatory" tweet about the state of her apartment. The complaint further contends that because the "statement damaged the plaintiff’s reputation in its business, the statement is libel per se." Horizon is seeking a minimum of $50,000 in damages and that isn’t birdseed. You can read a copy of the complaint right here.

Facebook Flap Over Ad Photos (Déjà vu All Over Again)

Last week, rumors started spreading that Facebook had changed its policy and was now allowing third-party advertisers to use your photos (i.e., images users post onto Facebook) without permission. The flap over the use of Facebook user-profile photos in advertising came into the limelight when a man, using a third-party application, saw an advertisement displayed for an online dating website, and much to his surprise—it happened to include a picture of his wife. There’s Good, Bad & Ugly.

Good news: His wife wasn’t out looking for a date. Bad news: The photo emanated from a Facebook profile photo available to companies that use the Facebook platform ad network. Ugly news: You could be next!

So here’s the scoop:

Facebook has not changed its policy and does not allow the use of your photo(s) without permission. Facebook had previously suspended two ad networks from the Facebook platform for deceptive practices and user complaints. Those ad networks were said to be using third-party applications in which these photos were embedded and, according to Facebook, that violates Facebook’s privacy policy; and the ads were misleading since they made it look as if someone’s Facebook friend had taken action when they really had not. Facebook itself issued a statement noting, “We are as concerned as many of you are about any potential threat to your experience on Facebook and the protection of your privacy. That’s why we prohibit ads on Facebook Platform that cause a bad user experience, are misleading, or otherwise violate our policies.” 

Although some Facebook users might not know it, Facebook has been running ads from its own ad system for more than a year—it lets your Facebook friends know of any direct connections you have with products and services. So if you become a "fan" of a Facebook Page, your Facebook friends might see an advertisement showing both the action you took (becoming a fan) and your profile photo along with the ad. According to Facebook, it will only do this when a Facebook user has taken some affirmative action indicating a connection with the product or service being advertised. Facebook also claims no data is shared with third parties in this process.

The best we can determine, Facebook technically only allows any user content to display in or with third-party advertising if the content isn’t being cached. While Facebook likely tries to control these networks, some obviously are not adhering to this policy, with photos then appearing not only on third-party ad networks within Facebook when they haven’t been authorized, but also in some cases outside the Facebook domain itself.

If you are a Facebook user and have actually read (and understood) its Terms and Privacy Policy, which is part of the Facebook Principles, you might know that Facebook ad networks can use these user photos in ads—they just can’t do so in violation of their privacy policy or in a deceptive manner. While clearly Facebook has an interest in keeping users comfortable with the online social media environment it has created, it will likely either do a better job of disclosing and explaining the potential uses that may be made of user information (including images, connections, and the like), or it will need to monitor and control the use of its advertising platform by third-party advertising networks that are allowed to use the platform.

Every user on Facebook is opted-in to allowing the use of their photos as described above, by default, when they sign up. Perhaps part of the flap is the fact that many users may simply have not known this. Or perhaps there’s a disclosure or communication problem within the community. Facebook might also provide more visible or multiple ways of enabling users to opt-out of this feature or create more refined privacy settings so that users are given more options and more information that allows them to control the use of their photos (and other information), certainly outside and potentially inside the Facebook social media community. Most users simply may have had no clue this was the default or that this was happening. Even when they realize this is occurring, many can’t figure out how to change the settings. Currently, the only way to fix the problem is to have users change the privacy settings that are found under “Settings,” “Privacy Settings,” “Newsfeeds and Wall”; looking for the tab that says “Facebook Ads”; and re-setting your “Appearance in Facebook Ads” preference to “No One.”

HOWEVER, just so everyone is clear—this still may not opt you out of Facebook ads displayed to your friends with your photo when you expressly take action within Facebook (e.g., becoming a "fan"), but it will opt you out of third-party network ads. That said, it remains to be seen how Facebook will deal with the delicate reality of handling third-party ad networks that aren’t Facebook affiliates, since these represent a significant source of revenue for creators of Facebook applications. 

To put it more simply, if you provide a third-party application with the right to access your information (which you generally need to do in order to use the application), then technically the advertising networks can access that information, too. That’s why users should pay attention to the applications they add, and get rid of applications they are no longer using. You can do this through the “Settings” menu as well. Head for the “Application Settings” page, and if you see a menu that says “Recently Used,” change it to “Authorized” and you will see the applications you have approved with an “X.” Just click to remove those you no longer wish to have authorization. That way, you won’t wind up as a poster child for some product or service that you did not and would not ever intend to endorse.* 

If you need to know more, please contact Joseph I. Rosenbaum at, or you can view his bio at Of course, you can always contact your favorite Rimon attorney, who will be more than happy to help you. 

* Speaking of endorsements, Joseph I. Rosenbaum was actually speaking of Endorsements (and Testimonials) at a recent CLE Conference in Ireland, sponsored and hosted by the School of Law at Limerick University and previously featured in Legal Bytes. A copy of Joe’s presentation (without the embedded videos) has been posted in .PDF format in an update to the previous posting.

Your Medical Information; Just A Mouse Click Away – From Hackers?

This post was written by Adam Snukal.

Kathleen Sebelius, Secretary of the Department of Health and Human Services (“HHS”), hadn’t been on the job even two months when she found herself a defendant in a class-action lawsuit brought in the Southern District of New York. A registered nurse had brought the action against Ms. Sebelius, as well as the White House Office of Health Reform Director and the Administrator of the Centers for Medicare & Medicaid Services, alleging that certain provisions of the American Recovery and Reinvestment Act (“ARRA”) violate privacy rules central to the Health Insurance Portability and Accountability Act (“HIPAA”) and the federal Privacy Act.

The suit claims that pursuant to the ARRA, the development and implementation of a new health care information technology system that will create an electronic medical records database by 2014 will include Americans who are not covered by either Medicare or Medicaid (according to the lawsuit, Medicare and Medicaid only cover approximately 23 percent of the American population). This system, according to the complaint, poses a major threat to individual privacy, placing individuals’ personal health information “just a mouse click away from being accessible to an intruder.”

The action takes issue with ARRA’s provision allowing HHS to determine what constitutes the “minimum necessary” amount of personal health information allowed to be disclosed under HIPAA. According to the suit, “This technology will be used to deprive the Plaintiff and others of their fundamental right to privacy by requiring that their medical records be released by their health care providers and upon entry into the Health Information Technology maintained under the supervision of the Secretary will be made available without the permission of the Plaintiff to an unknown and potentially unlimited number of persons.” The action seeks an injunction to prevent distribution of payments for the purchasing of the electronic health care systems.

The standard of “minimum necessary” is a central tenet of the HIPAA laws, which require that when a health care provider uses or discloses personal health information, or requests personal health information from others, the provider must undertake reasonable efforts to limit itself to “the minimum necessary amount of PHI to accomplish the intended purpose of the use, disclosure, or request.” Under this standard, providers must develop policies and procedures that limit information uses, disclosures and requests to those necessary to carry out the organization’s work. That includes identification of those within the provider’s workforce that need access to carry out their duties, and reasonable efforts to limit access accordingly. HHS has been clear that the minimum necessary standard that health care providers are required to follow calls for the employment of a “reasonableness” analysis, so that a provider’s functions are not unduly restricted.

Few elements of HIPAA have generated more controversy than this standard, but if this court elects to embrace that standard, the likelihood of the success of this action on its merits may seem remote. HIPAA places a heavy emphasis on maintaining the privacy of an individual’s personal health information, and if the ARRA regulations applicable to the manner by which health information electronic systems are permitted to collect and share personal health information are consistent with HIPAA’s standard of reasonableness, there will be a substantial burden of proof for the plaintiffs to overcome.

If you need to know, you need to contact Adam Snukal—or you can always contact your favorite Rimon attorney who will be more than happy to help you.

Useless But Compelling Facts – July 2009

Now this month, those of you who follow golf may have been disappointed by Tom Watson’s second-place finish at the British Open. But some of you traditionalists may know that his loss actually preserved a 142-year-old record set by someone else at the British Open. In fact, the very same gentleman actually holds two records—both of which have withstood the test of more than a century of challenges. Can you identify both of the records held and who holds them?

Remember, please send your answers directly to me at Good luck.

Useless But Compelling Facts – June 2009 Answer

Last month we tried to stimulate your thinking about the origins of the privacy provisions of Gramm-Leach-Bliley—an afterthought to the original purposes of the Act. Congratulations to Matthew Krigbaum, Assistant General Counsel of Transamerica Capital Management, a long-time fan and loyal Legal Bytes follower, for getting the right answer, first. Originally, GLBA did not contain privacy provisions (Title V), but during a “mark up” session in the Commerce Committee, Rep. Markey (D-Col.) introduced an amendment adding these privacy protections. While it originally looked as if the amendment might not get anywhere, Rep. Joe Barton (R-Tex.) unexpectedly announced his support and . . well, you know the rest. It appears that Rep. Barton became concerned about his own privacy when Victoria’s Secret catalogs began to show up at his Washington, D.C., residence, raising his suspicion that his credit union had shared his address with Victoria’s Secret.

Online Gaming Laws Survey – Free (Yes, You Read Correctly)

With the help of one of our trusty Summer Associates, and stimulated in part by our desire to update and consolidate research we have done over the years in a variety of different contexts, we have prepared a Survey of U.S. Federal and State Gaming Laws & Regulations that apply or may apply to “Online Gaming.” We defined “gaming” relatively loosely, and tried to cover promotions and contests involving money or consideration of any kind, the potential implications of related gambling statutes, “amusement gaming,” and anything related that popped onto our radar screen. With the proliferation of Internet-web-based online advertising, promotions, games and interactive entertainment, these gaming laws will increasingly be implicated and potentially used by state and federal authorities to regulate how these activities are conducted.

Now you may ask, “Why would a law firm be giving away such valuable research for free online, on the web, for everyone to see?” Well you may ask – but first read on:

This is an area in which Rimon has both U.S. and international experience, and as complex gaming, promotional activities and in-game advertising—involving proprietary and user-generated content—proliferate, the convergence and intersection of these laws and regulations with advertising, promotional and marketing regulation will surely increase over time. Contact Joseph I. Rosenbaum if you would like to know more about our experience, our resources, or our ability to help you.

We also maintain a similar chart and database relating to Gift Cards and Gift Certificates, covering both traditional and online payment instruments that are increasingly blurred with prepaid debit cards, stored value cards, smart or chip-cards, reward cards, discount certificates, and traditional credit, charge and debit cards. In the online world, often a simple code or account number, rather than a physical piece of plastic, is the only evidence that a “gift card” exists. Not only are there advertising disclosure regulations and restrictions on expiration dates or the imposition of dormancy or inactivity fees, but escheat and abandoned property laws are implicated as well. It’s a complex area of marketing and the law. In addition, in collaboration with our Security & Data Protection Group, we maintain a database of data breach, information security and identity theft statutes, which is an increasingly handy tool related to prevention and compliance and, of course, knowing what to do when you suffer a breach.

The Survey of U.S. Federal and State Gaming Laws & Regulations chart, which you can refer to at any time, lists each state (including the District of Columbia) in the United States, and a citation to the relevant statutes and regulations (organized so that amendments are cross-referenced by date and relevant citation), followed by a brief summary of the salient provisions of the law or regulation itself. We have also noted, where there was current activity, any pending legislation that may apply. For example, the relevance of federal gambling legislation appears in the notes at the introduction of the chart, referencing the recent introduction of bills that would potentially defer enforcement of the UIEGA and seek to establish a federal licensing scheme for online gambling. We will continue to update our research regularly for our clients, and if you want to know more about any of the databases, reference tools, or our teams of professionals who can help you—well you know what to do next. Oh, and if you want to know why we are giving this research to you at no charge—well I did say “you may ask.” So go ahead and ask.

Free CLE? Free To Travel? Start Packing!

“Advertising Law in the United States and Europe: The Challenges Ahead” is the subject of a CLE Conference organized and sponsored by the University of Limerick Law School and the Franklin Pierce Law School that is being held July 24 and 25 in Limerick, Ireland (Limerick is 20 minutes from Shannon). Douglas J. Wood and Joseph I. Rosenbaum, Co-Chairs of Rimon’s global Advertising Technology & Media Law Group, are among the distinguished faculty, which includes some of our clients, as well as scholars and government leaders from both sides of the Atlantic.

What’s more, these institutions have graciously agreed to allow us to invite our clients to attend at no charge. Yes, you read correctly. Free! Now you must be a client to take advantage of this promotional offer, and although you will have to pay your own way to join us and stay for the two-day course, what better time and excuse to visit Ireland? Yes, it’s short notice, but airfares are favorable, and if you are in Europe you literally have no excuse not to get away and take advantage of this great opportunity. Just click to learn more about the Agenda, the Faculty, the University of Limerick Law School, where the conference will be held; or nearby accommodations. Being a client does have its privileges, so if you are interested, email either Doug Wood or Joe Rosenbaum as soon as possible to take advantage of this opportunity. And start making your travel arrangements now!

Stimulus Package Includes Broadband Opportunities

This post was written by Amy Mushahwar and Judith Harris.

On Feb. 17, 2009, President Obama signed into law the American Recovery and Reinvestment Act of 2009 (otherwise known as the Stimulus Package) with two broadband deployment grant funding opportunities. As a follow-up to this statute, the Departments of Agriculture and Commerce recently released a Notice that will apply to awarding the first $4 billion of the total $7.2 billion in federal Stimulus Package broadband funds.

Broadband providers are already devising applications to serve rural, unserved and underserved geographic areas. But, did you know that other opportunities in the Notice could be of interest to you? For example, the Notice provides funding to conduct education campaigns in order to stimulate broadband uptake, and local broadband providers may need to partner with regional educators or advertisers to assist with these grass roots education campaigns. Or, broadband deployment applicants receive preferences for linking “community institutions” (which would include schools, universities and hospitals, to name a few) to their proposed broadband networks. The community institution preference would provide unique opportunities for those companies facilitating telemedicine or distance learning to partner with local telecommunications providers.

A link to a nuts-and-bolts Alert regarding the basic components of the NOFA and helpful deadlines is provided below. The Obama administration seems determined to move things along expeditiously. Applications will be accepted on a rolling basis from July 14 until Aug. 14, 2009, so you would have to work quickly on this, if you have any interest in riding this particular train.

You can view Rimon’s full Alert by clicking the link below:

Broadband Stimulus Notice Released with Application Details

If you need to know, you need to contact Amy Mushahwar, Judith Harris or your favorite Rimon attorney—who will be more than happy to help you.

Advertising Industry Collaboration Releases Self-Regulatory Online Behavioral Advertising Principles

A group of the nation’s largest media and marketing trade associations today released self-regulatory principles to protect consumer privacy in ad-supported interactive media that will require advertisers and websites to clearly inform consumers about data collection practices, and enable them to exercise control over that information.

In an extraordinary show of industry cooperation and collaboration, the American Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau last week released a series of self-regulatory principles, intended to be implemented by 2010 and designed to protect consumer privacy in advertising-supported interactive media. As part of the announcement, the Council of Better Business Bureaus along with the DMA, has agreed to implement accountability programs relative to these principles.

These self-regulatory guidelines come on the heels of a recently released study commissioned by the IAB entitled “Economic Value of the Advertising-Supported Internet Ecosystem,” which reported that the advertising-supported Internet represents 2.1 percent of the total U.S. gross domestic product (GDP), contributing $300 billion to the economy, and has created 3.1 million U.S. jobs.

“Guided by the seven Principles we have announced today, the advertising community is developing one of the most comprehensive self-regulatory programs ever undertaken by the business community. The fast-changing online marketing environment is best addressed by a self-regulatory framework that is transparent, flexible and accountable to consumers’ needs and concerns. On behalf of our 360 members, who collectively invest more than $200 billion annually in marketing communications, we look forward to jointly developing a comprehensive business system that respects and honors these Principles,” said Bob Liodice, President and CEO, (ANA).

“This historic collaboration represents businesses and trade associations working together to advance the public interest,” said Randall Rothenberg, President and CEO, IAB. “Although consumers have registered few if any complaints about Internet privacy, surveys show they are concerned about their privacy. We are acting early and aggressively on their concerns, to reinforce their trust in this vital medium that contributes so significantly to the U.S. economy.”

The seven Principles designed to address consumer concerns about use of personal information without wreaking havoc to advertising that subsidizes and supports the vast array of free online content relate to:

  • Education
  • Transparency
  • Consumer Control
  • Data Security
  • Material Changes
  • Sensitive Data
  • Accountability

We will be highlighting each of these principles separately in Legal Bytes over the weeks ahead, but if you would like to read the “Self-Regulatory Principles for Online Behavioral Advertising” report now, in its entirety, just follow the link.