legal implications of a mobile enterprise
TRANSCRIPT
2nd Annual IT Symposium
“Legal Implications of a Mobile Enterprise”
Brad FrazerSeptember 20, 2011
[email protected]@bfrazjd
208.388.4875
208.388.4875 [email protected]
Introduction—The IT Manager’s Perspective
Assumes harmony between IT and Legal
Importance to the Enterprise?– Legal Exposures– Bandwidth Impact– HR Impact
208.388.4875 [email protected]
Some recent cases . . .
Each of these implicates a mobile platform.
Each thus indicates a legal exposure or issue for the enterprise.
Court Permits Discovery of Text Message Contents
A plaintiff who did not invoke any specific privilege being violated, but rather a vague notion of “privacy,” did not meet the burden to quash a document request to her cell phone company that included the contents of her text messages, the U.S. District Court for the District of Maryland ruled Aug. 17. Corsair Special Situations Fund LP v. Engineered Framing Systems Inc., D. Md., No. 09-1201-PWG, 8/17/11.
Court Rules That Instant Message Conversation Modified Terms of
Written Contract A federal district court found that an instant message conversation between an employee of CX Digital, an online advertising referral provider, and the Vice President of Marketing at Smoking Everywhere, an electronic cigarette manufacturer, constituted a modification of the companies’ contract for CX Digital to provide online advertising referrals for Smoking Everywhere’s promotional sales offer. The verdict resulted in an award of over $1.2 million in damages plus accrued interest and attorney’s fees for CX Digital. CX Digital Media, Inc. v. Smoking Everywhere, Inc., No. 09-62020-Civ (S.D. Fla. Mar 23, 2011)
Court Rules that Messages Sent via Facebook Covered by CAN-
SPAM Act On March 28, 2011, the U.S. District Court for the Northern District of California held in Facebook, Inc. v. MaxBounty, Inc., that messages sent by Facebook users to their Facebook friends’ walls, news feeds or home pages are “electronic mail messages” under the CAN-SPAM Act. The court, in denying MaxBounty’s motion to dismiss, rejected the argument that CAN-SPAM applies only to traditional e-mail messages. Facebook, Inc. v. MaxBounty, Inc., No. CV-10-4712-JF, 2011 WL 1120046 (N.D. Cal. Mar. 28, 2011).
208.388.4875 [email protected]
Yes, this is a “SoMe” issue, but . . .
Mobile devices and apps inherently multiply the opportunities for mischief.
A mobile enterprise will thus inherently have more legal issues than a “static” enterprise.
208.388.4875 [email protected]
Legal Implications
Security– Lost device = increased network vulnerability?
Data Breach– Lost device = lost trade secrets?– Unsecured Wi-Fi or other network = lost trade
secrets?– Exposure to breach of contract for NDA violations?– Mandatory disclosure obligations– Resulting customer and shareholder lawsuits
E-discovery
208.388.4875 [email protected]
Legal Implications (cont’d)
Ease of circumvention of corporate policies– Document retention/destruction policies– SoMe policies
Geolocation and the Right of Privacy Click-wrap “Hell” Texting and driving Creation of Warranties/False Advertising Copyright Infringement
208.388.4875 [email protected]
Legal Implications (cont’d)
Expansive license grants (e.g., Twitpic) Defamation Insider Trading Trademark Infringement and Cybersquatting Content issues, e.g., obscenity (open WiFi?) Contract Modifications (remember $1.2 million) CAN-SPAM; privacy
208.388.4875 [email protected]
The CIO / CTO / IT Manager’s Role
Implement bandwidth restrictions Firewalls Restricted URLs Antivirus measures Email protocols (e.g., Postini) Data and Email Backups (“Proof Packet”) Document Retention Policies Server IP Logs Privacy Policies These are limited, obviously, to “the enterprise”
environment.
208.388.4875 [email protected]
Response: What can the Enterprise/CIO/CTO do?
Top-down controls at Board level– How do you address this at your company?
Training InsuranceEmployee accountability for device
security and use--with consequences for noncompliance.
208.388.4875 [email protected]
Response: What can the Enterprise/CIO/CTO do? (cont’d)
The Importance of Policies. For example:Company employees who accessed data stored on corporate networks in violation of prominently displayed warnings about restrictions on their use and disclosure of information stored there can be prosecuted under the Computer Fraud and Abuse Act, the U.S. Court of Appeals for the Ninth Circuit ruled April 28. The court held that an employee “exceeds authorized access” to a computer network when he or she obtains data and uses it for a purpose that violates company restrictions on data use (United States v. Nosal, 9th Cir., No. 10-10038, 4/28/11).“[The employees in this case] were subject to a computer use policy that placed clear and conspicuous restrictions on the employees' access both to the system in general and to the [compromised] database in particular,” the court noted.
208.388.4875 [email protected]
Response: What can the Enterprise/CIO/CTO do? (cont’d)
Important Acronym!
D N M Y W G S
208.388.4875 [email protected]
The Moral of the Story
Whose problem is this? IT? Legal? Board?Cooperative strategies should be developed
and implemented in a multidisciplinary fashion involving IT, HR, Management, and Legal
Otherwise, just hope you don’t get caught and don’t get sued.
208.388.4875 [email protected]
Q & A
Questions?For a copy of the slide deck, e-mail
me at [email protected]: @bfrazjdCall: 208.388.4875