current overview of legal liability presented by: neil bortnak internet consultant to insert your...
TRANSCRIPT
Current Overview of Legal Current Overview of Legal LiabilityLiability
Presented By:
Neil Bortnak
Internet Consultant
2
OverviewOverview
- Liability
- Workplace Privacy
- Useful Legal Resources
3
DisclaimerDisclaimer
- I am not a lawyer
- You must seek counsel in your home state or
country
- The following slides and lecture are the result of
my own research and opinions
- Neil Bortnak does not hold any
responsibility for your actions in regard
to this information
4
LiabilityLiability
- Definitions
- Issues- Trade Secret
- Frames & Links
- Defamation
- Sexual Harassment
- Protecting Yourself
- Cases
5
DefinitionsDefinitions
Negligence: The failure to use such care as a reasonably prudent and careful person would use under similar circumstances.
Foreseeability: The reasonable anticipation that harm or injury is a likely result from certain acts or omissions.
6
DefinitionsDefinitions
Vicarious Liability: Imposition of liability on one person for the acts of another based solely on their relationship. An example is the responsibility of an employer for the actions of an employee.
7
Trade SecretTrade Secret
If a company receives confidential data from a business partner, identified as such by a Non Disclosure Agreement or similar means, the company is responsible for caring for that data as if it were it’s own, but with no less care than would be deemed reasonably prudent.
8
Trade SecretTrade Secret
- Insecure Corporation receives confidential information from Unwitting Inc.
- Insecure stores the information in a general purpose directory that is accessible my most staff.
- An employee sends an e-mail to a competitor of Unwitting.
9
Trade SecretTrade Secret
- The employee accidentally attaches Unwitting’s file, which is similar in name to the intended file.
- The competitor receives the information
- Insecure could be held liable
10
ExampleExample
- ISP Ltd. offers a web hosting service for large companies
- News Inc and SportsCo contract ISP to host and maintain their respective sites
- ISP is aware that security is an issue but chooses to ignore the issue due to the high cost
11
ExampleExample
- A cracker breaks into ISP’s site and defaces the home pages and steals credit card numbers
- News Inc and SportsCo lose reputation, customer confidence, sales and monies related to the cost of downtime
- HugeISP can be found liable
12
Frames & LinksFrames & Links
- External content presented as own
- Crosses many legal issues
- Copyright Infringement
- Trademark Infringement
- Trademark Dilution
- False Designation
- Misappropriation
13
Types of Linking at IssueTypes of Linking at Issue
StealingSite
OriginalContent
SiteOriginal
Text
Original
Stolen
HTML Page
In-Line Linking
Example: The Dilbert Hack Page
14
Types of Linking at IssueTypes of Linking at Issue
StealingSite
OriginalContent
Site
HTML Page
Framed Linking
Example: TotalNEWS
15
Frames & LinksFrames & Links
- Direct Linking is also a problem
- Advertising revenue is the major
source of contention
- Case Law
- Ticketmaster vs. Microsoft
- Washington Post vs. Total NEWS
16
DefamationDefamation
Defamation: Is a statement that harms the reputation of another person in the eyes of the community. Possibly eliciting unpleasant feelings against the victim or exciting hatred, ridicule or contempt.
Libel: Defamation by writing
Slander: Defamation by speaking
17
Defamation DefensesDefamation Defenses
- Truth: A true statement is not defamation.
- Absolute Privilege: Statements made to family members or as a witness in court, a legislative hearing or an executive hearing are immune from prosecution.
18
Defamation DefensesDefamation Defenses
- Qualified Privilege: Protection for statements made without malice under certain circumstances.
- Opinion: If the statement is a matter of opinion, such as “Bill Gates is a terrible businessman”, there is no defamation. Phrasing a fact as though it were an opinion confers no protection.
19
Defamation DefensesDefamation Defenses
- Service Providers: No provider can be held liable for content originating from third parties over which it exercises no control.
- Public Figures: They can’t sue for defamation unless they can show the writer/publisher knew the statement was false, or did not adequately confirm the information stated.
20
DefamationDefamation
Possible Outlets- E-Mail
- Newsgroup Posting
- Chat Rooms
- Web Pages
Cases- Zeran vs. America Online
- Wade Cook Financial Corp vs. John Doe
21
Downstream LiabilityDownstream Liability
- If your computers are insecure and an attacker uses them to inflict damage upon another company, the victim could sue you for some or all of the damages as a result of your negligence
- To my knowledge, there have not yet been any cases of downstream liability but it is only a matter of time
22
Sexual HarassmentSexual Harassment
- E-Mail can be used to harass someone directly
- E-Mail can be used to create a sexually hostile work environment, often stemming from “jokes” sent to distribution lists or all staff.
- E-Mail is often used as evidence
23
Sexual HarassmentSexual Harassment
Cases
Strauss vs. Microsoft
Harley vs. McCoach
24
Other Important IssuesOther Important Issues
- Jurisdiction
- Whose laws apply?
- Professional Ethics
- Does a lawyer or doctor need to
encrypt e-mail containing client
information
25
Protecting YourselfProtecting Yourself
- Exercise “due diligence”
- Use policy to prevent employees from making costly mistakes
- Policies are an exercise in diligence
- Classify information and apply security controls appropriately
- Policies are enforced
26
Protecting YourselfProtecting Yourself
- If linking to an external site:
- “Is an ordinary user going to be
confused as to the origin of the
content?”
- “Am I affecting the sites advertising
revenue?”
- Don’t link too deeply
27
Protecting YourselfProtecting Yourself
- Protect data from business partners
with extra care
- Use strong policy to mitigate e-mails
with sexual or libelous content
- Consult a lawyer in your native
jurisdiction
28
Workplace PrivacyWorkplace Privacy
- Definitions
- How cases are decided
- Other factors
- ECPA
- Protecting Yourself
- Cases
29
DefinitionsDefinitions
- Tort: A civil or private wrongdoing
- Intrusion Upon Seclusion: One of four torts protecting the right to privacy. The act of intentionally intruding upon the solitude of another’s private affairs or concerns. Must be highly offensive to a reasonable person in order to constitute a tort.
30
How cases are decidedHow cases are decided
- To determine if the intrusion is offensive enough to be a tort the court examines
- Degree of Intrusion
- Context
- Conduct and circumstances
- Intruders motives and objectives
- Setting
31
How cases are decidedHow cases are decided
- The critical aspect of most cases is measuring the Reasonable Expectation of Privacy vs. the Legitimate Business Need.
- Business need can override personal privacy but bears the burden of proof
32
Other FactorsOther Factors
- Laws vary from state to state
- Clear policy can decide issue
- Burden of proof higher for public sector employers due to 4th Amendment protection against unreasonable search and seizure by a state entity
- Private sector can be held to 4th if acting under color of government
33
Other FactorsOther Factors
- Email is discoverable. Consider your retention and retrieval policies
34
ECPAECPA
- Electronic Communications Protection
Act
- Affects only interstate commerce
- Has several exceptions
- Can affect commerce in one state if
traffic flow moves outside
- Unlikely to apply to internal mail systems
35
Protecting YourselfProtecting Yourself
- Reduce the employee’s Reasonable Expectation of Privacy as far as possible
- Best way to accomplish that is to have strong policy
- Even with policy, limit intrusion
- If you must intrude, limit disclosure
36
Protecting YourselfProtecting Yourself
- A good policy would include:
- Business use only
- Not for improper communication
(i.e. sexual jokes, hate literature)
- No solicitation, you may need to
provide and alternative
- Right to review e-mail
37
Protecting YourselfProtecting Yourself
- Do not limit the reasons for checking
- Tell employees that deleting a
message does not necessarily delete it
- Allowance for disciplinary action and
employee discharge for policy breach
- Have employees sign for it
38
CasesCases
- O’Connor vs Ortega
- Bourke vs Nissan Motor Co
- K-Mart Corp. Store No. 7441 vs Trotti
- Shoars vs Epson of America
- Michael and Lisa Huffcut vs McDonalds
- Nader vs General Motors
39
Ortega vs. O’ConnorOrtega vs. O’Connor
- Ortega’s office was searched when he
was suspected of mismanagement
- Ortega had a private office containing
personal effects
- Ortega sued hospital
- Hospital won summary judgement
- Ortega appealed and won
40
Ortega vs. O’ConnorOrtega vs. O’Connor
- O’Connor appealed to Supreme Court
- Supreme Court remanded the case to
the appeals court for further
proceedings and wrote a very split
decision
- Appeals court retried case
- Remanded for new trial due to errors
41
Bourke vs NissanBourke vs Nissan
- Bonita Bourke’s personal e-mails of a
sexual nature were discovered by
another employee during an e-mail
training session for new employees
- Nissan issued a written warning
- Bonita resigned and sued for invasion
of privacy amongst others
42
Bourke vs NissanBourke vs Nissan
- Court issued summary judgement in
favor of Nissan because:
- Bonita signed a waiver regarding
company e-mail policy
- Bonita knew others had access
- Appeals court upheld decision
43
Useful ResourcesUseful Resources
FindLaw
www.findlaw.com
FindLaw Cyberspace Law Center
cyber.findlaw.com/clc
Perkins Coie Internet Case Digest
www.perkinscoie.com/resource/ecomm/netcase/
Cyberspace Law for Non-Lawyers
www.ssrn.com/update/lsn/cyberspace/
csl_lessons.html
44
Contact InformationContact Information
Neil Bortnak & Associates
#144 - 1657 128th St.
Surrey, BC
Canada V4A 3V2
A copy of this presentation can be obtained at:
http://www.bortnak.com/library