Presentation is loading. Please wait.

Presentation is loading. Please wait.

Legal Compliance and Web 2.0 Applications Presented by: Jeffrey C. Neu, Esq.

Published byAshley Clark Modified over 10 years ago

Similar presentations

Presentation on theme: "Legal Compliance and Web 2.0 Applications Presented by: Jeffrey C. Neu, Esq."— Presentation transcript:

1 Legal Compliance and Web 2.0 Applications Presented by: Jeffrey C. Neu, Esq.

2 US Privacy and Security Principles 1 1 Federal Oversight 2 2 Federal Legislation 3 3 (c) 2008 J. C. Neu and Associates Table of Contents

3 The 8 U.S. Privacy and Security Principles Knowledge 1 1 Notice 2 2 Choice 3 3 Onward Transfer 4 4 Access 5 5 (c) 2008 J. C. Neu and Associates 6 6 Data Integrity Enforcement Security 7 7 8 8

4 Knowledge (c) 2008 J. C. Neu and Associates 1 1 2 2 3 3 6 important questions to ask yourself when collecting personally identifiable information What information do I need? What information do I have? Why do I need/want that information? What information do I want? What legal restrictions govern that information? Is it better not to know? 4 4 5 5 6 6

5 Notice and Onward Transfer What do I have to disclose? (c) 2008 J. C. Neu and Associates 1 1 2 2 3 3 4 4 5 5 The purpose of collecting the information How that information is going to be used How Users inquire and complain Data sharing with 3 rd parties Any standards or methods for limiting use of the information 6 6 Related 3 rd party responsibilities

6 Access and Security Who has access and why? Generally required to grant users access to personal information Depending on the information, can be required to allow users to amend, delete, or alter personal information when it is inaccurate. - Generally speaking this is limited to instances where it is not cost prohibitive Can be required to take reasonable precautions to protect private information from misuse. Security is particularly scrutinized based upon representations - Limit access to personal information based on need - Do not allow unnecessary disclosure of personal information - What data is being transmitted in an open text vs encrypted format - How is that data being stored? Open text vs. encrypted - What type of information is it? Different information has different storage requirements (c) 2008 J. C. Neu and Associates

7 Data Integrity Title Ensure the accuracy and completeness of the data. Personal Information collected must be relevant to the purposes for which it is collected. Enforcement Depending on Application, can be required to provide enforcement mechanisms to protect an individual’s privacy rights, including dispute resolution system. Title Subtitle can go here (c) 2008 J. C. Neu and Associates

8 FTC FTC gains its powers under the FTC Act 15 U.S.C.A. §§ 45 and 52 § 45 regulates unfair and deceptive trade practices § 52 regulates false advertising Broadened by the U.S. Safe Web Act of 2006 to incorporate internet activities Penalties can range from severe monitoring and reporting requirements, as long as 20 years, to fines, sometimes in excess of $10,000,000.00 FTC use of private information for behavioral marketing. Haven’t really said anything other than saying “We are watching you, and reserve the right to come after you.” Comes back to transparency. (c) 2008 J. C. Neu and Associates

9 FTC Sphere Security Policies In the Matter of Petco Animal Supplies. Potentially misleading statements about how information was stored Deceptive Trade Practices False Advertising False statements in security and privacy policies Privacy Policies In the Matter of Gateway Learning Corp. Privacy Policy purported that 1. It would not share information with 3 rd parties and 2. If changed, Privacy Policy was changed, users would be able to opt-out. Unfair Business Practices In the Matter of BJ’s Wholesale Club, Inc. Failure to encrypt information while in transit or stored on the network FTC Control (c) 2008 J. C. Neu and Associates

10 Federal Legislation Digital Millennium Copyright Act - “DMCA” 1 1 Children’s Online Privacy Protection Act – “COPPA” 2 2 Communications Decency Act – “CDA” 3 3 Health Insurance Portability and Accountability Act – “HIPAA” 4 4 (c) 2008 J. C. Neu and Associates 5 5 Electronic Communications Privacy Act – “ECPA” 6 6 Computer Fraud and Abuse Act – “CFAA” 7 7 Graam – Leach Bliley Act – “GLB” 8 8 Fair Credit Reporting Act – “FCRA”

11 DMCA The DMCA provides “Safe Harbors” and not requirements. If you do not comply, you are not necessarily guilty, but you are simply left to standard copyright infringement. Only applies to copyright liability. Does not apply to Trademark liability, or others. (c) 2008 J. C. Neu and Associates The Services are interpreted very broadly, and covers such services as Ebay and Amazon. Protects the following services: Conduit Services – providing internet access itself. Caching – Specific types of caching. Hosting Data on behalf of Users – Web Hosts Information Location Tools – linking and search engines.

12 User Generated Content – DMCA Requirements Step 1Step 2Step 3 Policy of Terminating Repeat Infringers. It is important to have this policy when you begin this service. Have an Obligation to take Standard Measures which Copyright Owners Implement The good news is that this standard does not currently exist. Register a Copyright Agent Notice and Take down Procedure: Statute gives specific requirements as to what the notice of infringement must contain. Final thoughts can go here (c) 2008 J. C. Neu and Associates Step 4 Notice and Take down Procedure: Statute gives specific requirements as to what the notice of infringement must contain. Disqualifiers: 1.Actual Knowledge (red flag knowledge) of infringing material on your site. What is actual knowledge? 1.If you derive a direct financial benefit from infringement and can control infringement. Very easy, yet often overlooked

13 DMCA Safe Harbors Flow Chart (c) 2008 Jeffrey C. Neu and Associates

14 A Few Examples to Avoid Xanga Allowed users to self report their ages. The minute the Users disclosed their age, they had knowledge of their age, and really it shouldn’t have been collected at all. ConnectU/Facebook Gathering data from another person’s server Heavily regulated event, and can be very problematic. Facebook/Beacon Facebook combined with Beacon to offer individuals the ability to see the purchases of their “friends” Peer Marketing was the intent – Tough to regulate (i.e Tupperware)‏ Problem with transparency. Users do not like to find out about privacy issues from Slashdot Standard Marketing and Email Campaign Laws still apply WholeFoods Founder blogged under an alias about the company. Reprimanded and fined by the FTC. (c) 2008 J. C. Neu and Associates

15 Final Tips It is important to have a document retention and destruction policy written down. The new rules of Federal Civil Procedure in litigation require a documented regime for both. Without the policy, you are likely to be fined and penalized. Under the CDA and the DMCA, it is important that the Service Provider not be the publisher or add any content, including comments or notes to the content. One of the biggest single exposures to companies is employee off-duty conduct, via blogging, use of company assets, etc. Training is required, a manual is generally speaking not enough. (c) 2008 J. C. Neu and Associates

16 Jeffrey C. Neu, Esq. J. C. Neu and Associates 318 Newman Springs Road Red Bank, NJ 07701 jneu@jeffreyneu.com 732-978-4053

Download ppt "Legal Compliance and Web 2.0 Applications Presented by: Jeffrey C. Neu, Esq."

Similar presentations

Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.

Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.
The Digital Millennium Copyright Act and Liability for Hosting and Linking Mark D. Robins Nixon Peabody LLP.

The Digital Millennium Copyright Act and Liability for Hosting and Linking Mark D. Robins Nixon Peabody LLP.
EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.

© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
4. Intellectual Property and Ethics on the Web 59.

4. Intellectual Property and Ethics on the Web 59.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.

Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009

5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009
Copyright 2014 TOP TEN LEGAL ISSUES WITH. NUMBER 10: Are we friends?

Copyright 2014 TOP TEN LEGAL ISSUES WITH. NUMBER 10: Are we friends?
1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, 2010 10:45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.

1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, :45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
School of Risk Control Excellence Employee Use of Social Media The Impact of the Virtual World on Disciplining and Firing Employees Laura Lapidus, Esq.

School of Risk Control Excellence Employee Use of Social Media The Impact of the Virtual World on Disciplining and Firing Employees Laura Lapidus, Esq.
Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.

Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.

Similar presentations

Ads by Google