Technology Related Policies and Procedures: Employee Policies, Document Retention, Privacy and Intellectual Property Policies Stephanie L. Chandler, Esq.

Slides:



Advertisements
Similar presentations
/0403 © 2004 Business & Legal Reports, Inc. BLRs Training Presentations Privacy Issues in the Workplace.
Advertisements

The Evolving Law of E-Discovery Joseph J. Ortego, Esq. Nixon Peabody LLP New York, NY Jericho, NY.
Saving Your Documents Can Save You Anne D. Harman, Esq. Bethany B. Swaton, Esq. Dinsmore & Shohl LLP 2100 Market Street, Wheeling (304)
United States District Court for the Southern District of New York, 2004 District Justice Scheindlin Zubulake v. UBS Warburg LLC Zubulake V.
and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Considerations for Records and Information Management Programs in Light of the Pension Committee and Rimkus Consulting 2010 Decisions.
Drafting and Reviewing Confidentiality Agreements West LegalEdcenter 2012.
Litigation Holds: Don’t Live in Fear of Spoliation Jason CISO – University of Connecticut October 30, 2014 Information Security Office.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
INDIANA UNIVERSITY OFFICE OF THE VICE PRESIDENT AND GENERAL COUNSEL Indiana Access to Public Records Act (APRA) Training.
A PROACTIVE APPROACH TO E-DISCOVERY March 4, 2009 Presented to the Corporate Counsel Section of the Tarrant County Bar Association Carl C. Butzer Jackson.
COPYRIGHT NOTICE: This presentation contains copyrighted and/ or trademarked material the use of which has not always been specifically authorized by.
Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.
Records Management and Document Retention Stephanie L. Chandler, Esq. Jackson Walker L.L.P. North San Antonio Chamber of Commerce CFO Forum.
Developing a Records & Information Retention & Disposition Program:
Electronic Communication “ Litigation Holds” Steven Raskovich University Counsel California State University PSSOA Conference – March 23, 2006.
Copyright © 2009 by Pearson Prentice Hall. All rights reserved. PowerPoint Slides to Accompany CONTEMPORARY BUSINESS AND ONLINE COMMERCE LAW 6 th Edition.
INTERNET and CODE OF CONDUCT
Copyright © 2004 by Prentice-Hall. All rights reserved. PowerPoint Slides to Accompany BUSINESS LAW E-Commerce and Digital Law International Law and Ethics.
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Standards and Guidelines for Web Page Publishing December 9, 2009.
EMPLOYEE USE OF COMPANY MONITORING & PRIVACY ISSUES.
The Social Context of Computing Foundation Computing Never underestimate the power of human stupidity.
Records Management Overview. Why? It’s the Law It’s the Law It’s University Policy It’s University Policy Fiscal and Legal Compliance Fiscal and Legal.
I DENTIFYING AND P ROTECTING I NTELLECTUAL P ROPERTY Tyson Benson
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
Conditions and Terms of Use
Software Piracy and Copyright Considerations Laura Larsson Research Librarian Health Services University of Washington revised October 21, 1998
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Discussion Peggy Beeley, MD 2/11/14 Mitigating Medical Malpractice Risks Through Documentation.
Rewriting the Law in the Digital Age
Dangerous Documents. Legal Compliances State and federal laws Contractual obligations Subject to an affirmative legal duty to establish and maintain certain.
Advanced Civil Litigation Class 11Slide 1 Production of Documents Scope Scope Includes documents of all types, including pictures, graphs, drawings, videos.
Against: The Liberal Definition and use of Litigation Holds Team 9.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
PROTECTING YOUR IP RIGHTS Waldo Steyn, Senior Associate, Intellectual Property December 2012.
Intellectual Property Laws and Fair Use Guidelines for Educational Multimedia.
Chapter 11.  Electronic commerce (e-commerce)  The sale of goods and services by computer over the Internet  Internet (Net)  A collection of millions.
Digital Government Summit
SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.
All Employee Basic Records Management Training. Training Overview 1.Training Objectives 2.Clark County RIM Program 3.Key Concepts 4.Employee Responsibilities.
INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.
© 2010 Pearson Education, Inc., publishing as Prentice-Hall 1 INTERNET LAW AND E-COMMERCE © 2010 Pearson Education, Inc., publishing as Prentice-Hall CHAPTER.
U.S. District Court Southern District of New York 229 F.R.D. 422 (S.D.N.Y. 2004)
Record Retention to Manage Risk F. Jay Meyer Vice President & Senior Attorney TD Banknorth, N.A. Portland, Maine.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
Cyberlaw. “The moving finger writes; and, having writ Moves on: nor all thy piety nor wit Shall lure it back to cancel half a line. Nor all thy tears.
Heartland Surgical Specialty Hospital, LLC v. Midwest Division, Inc 2007 WL (D. Kan. Apr. 9, 2007)
From Facebook to Mugshots Facebook/MySpace EDD: Legal, social & ethical issues in use of modern personal posting technologies in law enforcement and academic.
[ Direct marketing – an introduction to data protection and privacy] For [insert name of organisation] presented by [insert name of presenter] on [date]
SOFTWARE PIRACY & WORKPLACE ETHICS. What Is Software Piracy? Unauthorized copying/installation/use Unauthorized distribution or sale.
Technology Transfer Office
Indiana Access to Public Records Act (APRA) Training
Ogletree, Deakins, Nash, Smoak & Stewart PC
Chapter 15 Internet Law and E-Commerce
Records Management and Document Retention
Data Protection Legislation
Obtaining Electronic Evidence For Use in Litigation
Chapter 3: IRS and FTC Data Security Rules
Red Flags Rule An Introduction County College of Morris
Litigation Holds: Don’t Live in Fear of Spoliation
Current Privacy Issues That May Affect Your Credit Union
Health Care: Privacy in a Digital Age
Chapter 13 E-Commerce Contracts
Government Data Practices & Open Meeting Law Overview
Government Data Practices & Open Meeting Law Overview
Presentation transcript:

Technology Related Policies and Procedures: Employee Policies, Document Retention, Privacy and Intellectual Property Policies Stephanie L. Chandler, Esq. Jackson Walker L.L.P. 5 th Annual Advanced In-House Counsel Course

Stephanie L. Chandler Business Transactions and Technology University of Nebraska B.S.B.A. in Finance University of Virginia Juris Doctorate Articles Editor, Virginia Journal of Law and Technology Community Involvement Highlights: Chair – Jackson Walkers Technology Section, Texas State Bar Association Business Law Section Committee on eCommerce, San Antonio Technology Accelerator Initiative Board Member

Technology Impacts All Aspects of Your Role as General Counsel Employees -- monitoring employee activities; performance enhancement Marketing -- SPAM, protecting your brand Litigation Avoidance/Litigation Expense -- data leaks, document retention Intellectual Property -- controlling dissemination of trade secrets, infringement (BSA, cutting and pasting)

Employees Use of Technology 76% of Employers monitor web activity (blogging, chat and message boards, porn/gambling sites) 55% of Employers retain and review messages 36% of Employers track content/keystrokes/ time spent at keyboard Source: 2005 Electronic Monitoring & Surveillance Survey by American Management Association and The ePolicy institute

Employer-Employee Policies Adopting a Policy is Key Employers, especially after notice, are free to broadly monitor internet usage (Smith v. Pillsbury Co.; McLaren v. Microsoft) Employers may monitor phones (Solely for business purpose; employee consent can be based on company policies; Watkins v. L.M. Berry & Co.) Employers may record calls where they are on the call (so can employees…) Employers can implement GPS tracking Section I-A

New Development – CFAA to protect Trade Secrets Computer Fraud and Abuse ActComputer Fraud and Abuse Act - law passed by the United States Congress in 1986 intended to reduce "hacking" of computer systems Employers filing civil claims against employees in federal court; alternative to misappropriation of trade secrets Yonkers v. Celebrations the Party and Seasonal Superstore, 428 F.3d 504 (Nov 2005) – used against employees who set up a competing store, alleged that using data obtained before and after they left the company International Airport Centers v. Citrin, 440 F.3d 418 (March 2006) – employer used against former employee who allegedly stole trade secrets then wiped his companys laptop clean

Marketing Through the Internet: Dont Unintentionally Become a SPAMMER No false or materially misleading header information. No misleading subject headings. Must contain a clear return address or other Internet-based mechanism that functions for opt-out No more messages 10 business days after the recipient submitted a request to unsubscribe. No selling mailing lists including people who have opted out No use of automated address generation means or a third party who collected the addresses with misleading automated means, i.e., notification that the address would not be distributed. * Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003" (the CAN-SPAM Act").

No registering for multiple accounts to send prohibited commercial messages. No relaying or re-transmitting prohibited commercial messages. Do not fail to take reasonable steps to prevent or report the transmission of such messages. Marketing that Works: –clear and conspicuous identification that the message is an advertisement or solicitation (unless the recipient has given prior express consent to receive such messages) –clear and conspicuous notice of the opportunity to opt-out of receiving messages from the sender –valid physical postal address of the sender * Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003" (the CAN-SPAM Act"). Marketing Through the Internet: Dont Unintentionally Become a SPAMMER

Types of Intellectual Property Patents -- gives the inventor the right to exclude others from making the invention Trade Secrets/Know How -- protection by virtue of secrecy Trademarks/Service Marks -- identifies a unique source of goods or services Copyrights -- protects from copying of original works (music, books, software code) Marketing Through the Internet Employees Who Cut and Paste

Example: Ownership of Site Content

Avoiding Copyright Infringement Myth: Pictures and text on the Internet are available for use since they have been made available on the Web Example: Use of Source Code from Websites Special Cases: –The content of a database is not protected by copyright (U.S.) –Open source development: Linux, Apache, Tomcat web server, Eclipse IDE, JBoss Application Server, etc.

Acquiring Intellectual Property Work for Hire Doctrine (Copyright) –Employee works – owned by employer –Independent Contractor work – more difficult Recommendation: Include Assignment Clause and Work for Hire Clause

Software Usage Policies The BSA* and SIIA** are not your friends –May 2006 – Losses from piracy - $34B –35% of all copies of PC software installed worldwide in 2005 pirated –They want their money!!! Gartner: –40 percent of all medium-to-large U.S. businesses will face an external software audit by the end of 2006 –less than 25 percent of public companies have mature software asset management processes What to do: This is a Legal Matter, not an IT matter; Educate your C-levels *BSA: Business Software Alliance (Membership Examples: Microsoft, Cisco, Symantec) **SIIA: Software and Information Industry Association (Membership Examples: Adobe, Intuit, McAfee )

Software Usage Policies Adopt a Software Usage Policy (see Appendix I) Periodically audit internal compliance Develop a Records System – all receipts indicating the included software (even in hardware purchases) In rare circumstances employee PC ownership may be an answer Federal Rule of Evidence 408* governs the admissibility of the audit results – Have an Agreement prior to producing the audit materials Settlement: –Enter and inspect the companys facilities/officers certification –Release based on officers certifications *

Document Retention Policies Why???? –Save valuable computer and physical storage space –Reduces volume of stored documents and data –Avoiding spoliation claims In re Prudential Ins. Co. of Am. Sales Practices Litigation : Prudential had no record of any written manual that would evidence that Prudential possesses a clear and unequivocal document preservation policy capable of retention by Prudential employees and available for easy reference. Linnen v. A.H. Robins : The Defendant sent s and voic s to all of its employees advising them to save all relevant documents. The Defendant, however, failed to stop its back-up tapes from being recycled or taped-over. Jury instructed to assume smoking gun. Default or dismissal possible. –Lowering Litigation Costs – be sure your policies address both Hard Copy and Electronic Files

Document Retention Policies Why???? –Removing Smoking Guns Prior to Litigation: Prior to Litigation: Arthur Anderson LLP v. U.S., 544 U.S. 696 (2005) : that under ordinary circumstances, it is not wrongful for a manager to instruct his employees to comply with a valid document retention policy, even though the policy, in part, is created to keep certain information from others, including the govt. After Litigation Filed: After Litigation Filed: Zubulake v. UBS Warburg LLC : Counsel failed to warn its client to not delete or recycle back-up dates of technological data. The Court ordered the Defendant to bear the substantial cost of restoring the back-up tapes. –Fines - $2.75M – Philip Morris USA

Document Retention Policies What Should be Included: – Lewy v. Remington Arms Co. whether the policy is reasonable considering the facts and circumstances surrounding the relevant documents whether the destroyed documents are relevant to pending or probable lawsuits; and whether the policy was instituted in bad faith Consistency is the Key Company wide – this is not just an accounting or legal department issue

Document Retention Policies Review all applicable law [See Appendix V] Take into account statute of limitations Clearly describe the class of documents to which the policy will apply (i.e. drafts, finals; backup tapes) Specify the retention period for each class of documents Create procedures detailing how the program will be implemented and enforced Identify the staffer responsible for policing and maintaining the program; Train them

Document Retention Policies: When Litigation Arises Allow alternatives to, or even suspension of, document- destruction procedures when a duty to preserve arises The Litigation Hold –Prevent Your System from Automatically Deleting Data –Stop the Automatic Recycling of Backup Tapes –Stop the Automatic Recycling of Personal Computers Reissue the Litigation Hold – New Employees! Identify Key Players/Employees – Special Notice Consider Forensic Images of PCs Designate one IT person who will be your Companies Federal Rule of Civil Procedure 30(b)(6) deposition witness (document preservation, chain of custody, etc.)

Appendix IV of Article: Document Retention Policies My example ABA - form of Document Retention Policy available at articles/sampledocretentionpolicy.pdf Arthur Andersen Document Retention Policy

Privacy Policies Review Posted Privacy Policies – Are they accurate? Be aware of legal requirements (i.e. GLB, HIPAA, COPPA) Ooops …. We had a leak June Veterans Administration loss of 26.5 million personal records of veterans lawsuit - seeks $1,000 in damages for each person, a payout that could reach $26.5 billion Comply with state law requirements (Article – III.C.)

Privacy Policies Limit the data you retain Secure personal data (Consider: Mobile devices) Train your employees (Consider: Background checks) Train your vendors (Consider: NDAs, policy intro) Test your systems (Consider: Social Engineering) Plan for breaches

Stephanie L. Chandler, Esq. Jackson Walker L.L.P E. Pecan Street, Suite 2400 San Antonio, Texas Sign up for eAlerts at Questions?