Successfully reported this slideshow.
Your SlideShare is downloading. ×

The Dark Side of Digital Engagement


Check these out next

1 of 52 Ad

More Related Content

Slideshows for you (20)

Similar to The Dark Side of Digital Engagement (20)


More from Shawn Tuma (20)

Recently uploaded (20)


The Dark Side of Digital Engagement

  1. 1. Spencer Fane LLP | The Dark Side of Digital Engagement Shawn Tuma | Partner & Co-Chair, Data Privacy and Cybersecurity | Spencer Fane LLP
  2. 2. Spencer Fane LLP |
  3. 3. Spencer Fane LLP | Branding  Overall Goal Overall perception that you create Everything about you • social media is one tool, but others • dress, present yourself • office décor • activities, events, sponsorships • work quality, efficiency, craftsman v. mass producer • work subject matter Can be good or can be bad If your lawyer is talking on a flip phone and suit ≠ fit, = jail! The Dark Side of Digital One slip can destroy all good How do we protect our brand? Common pitfalls
  4. 4. Spencer Fane LLP |
  5. 5. Spencer Fane LLP | “An ounce of prevention is cheaper than the first day of litigation”
  6. 6. Spencer Fane LLP | OWNERSHIP / CONTROL
  7. 7. Spencer Fane LLP | Ownership: PhoneDog v. Kravitz • PhoneDog (employer) / Kravitz (employee / blogger) • @PhoneDog_Noah had 17,000 followers • Kravitz resigned, refused to turn over his Twitter account, changed handle to @noahkravitz and grew to 24,000 followers • PhoneDog sued (7/15/11), heavy litigation, settled (12/12) = 1.5 yrs of fees & Kravitz still has @noahkravitz THE TAKEAWAY: Every company needs a contractual agreement that clearly states who owns social media accounts used on behalf of the company.
  8. 8. Spencer Fane LLP | Other Ownership / Control Issues • Sale / M&A / Bankruptcy = company asset • Personal – who updates when you pass? – Facebook: designate legacy contact – Google: designate up to 10 legacy contacts – Twitter: delete account (lawful rep / family member) – LinkedIn: delete account (lawful rep / family member) – Pinterest: delete account (lawful rep / family member)
  10. 10. Spencer Fane LLP | Your IP: Trade Secrets, Confidential and Proprietary Information? • Do you want to tell your competitors? • Customer / vendor lists – Who are you talking to or following? • Secret business alliances, strategies, plans • Business situational awareness • Intellectual property law
  11. 11. Spencer Fane LLP | Others’ IP • Infringement of trademark • Right to publicity – name, voice, signature, photo, likeness (statutory after death) – common law while living if for value – commercial v. educational or newsworthy – audience picture v. company promo video • Infringement of copyright – attribution isn’t enough – DMCA Takedown Request – Google penalizes for too many • Must have a license or use creative commons
  12. 12. Spencer Fane LLP | Attribution: prthugp @ License: Creative Commons Attribution 3.0 Copyright Example
  13. 13. Spencer Fane LLP | Common Pitfalls • IP Rights – Others – Yours • Be proactive (client brand w/o TM)
  14. 14. Spencer Fane LLP | ONLINE SMACK TALKING
  15. 15. Spencer Fane LLP | Reputation Management • Responding – Sensitive information – HHS / healthcare • Outing the Anonymous Defamer – Email ping-back – Communications Decency Act (must dispute) • Be nice – if legit, address • Best – pay good PR firm ≠ litigate • Litigation??? Who “are” you ? Church w/ TM Bullyville? – or –
  16. 16. Spencer Fane LLP | Someone Talking Bad About Your Business Online? Defamation rules apply online but… • The “Streisand Effect” • Anti-SLAPP (Strategic Lawsuits Against Public Participation) • ≠ assign copyright of reviews • ≠ charge $500 per bad review
  17. 17. Spencer Fane LLP | EVIDENCE
  18. 18. Spencer Fane LLP | Social Media as Evidence • “The law has a right to every man’s evidence.” • Courts look to social media for public posts, private messages, “Likes”, etc. – Club’s SM before Cowboys’ Josh Brent wreck killing Jerry Brown: “I have 12 #Cowboys in theeee building!!!!!!!!!! #Privae” … “These fools buying Ace on top of Ace!!!!!!!” – Danielle Saxton’s Facebook “selfie” wearing stolen merchandise – easy evidence! – Daughter’s $80,000 Facebook “brag” • So, we had this trial recently …
  19. 19. Spencer Fane LLP | Social Media as Evidence Objection! Overruled.
  20. 20. Spencer Fane LLP | Minimizing the Risk • Monitor, Regulate & Archive SM – Necessary if regulated industry • finance, insurance, energy & utilities, healthcare, government, legal • Do not delete if in or anticipating litigation – Cannot permanently delete account, may be able to “take down” – Cannot selectively delete posts – Archiving may be an option • Document Retention Policy – Have it; follow it; comply with litigation holds
  22. 22. Spencer Fane LLP | How I Am Using PR / Marketing / Branding in Practice • PR / marketing / branding in Cybersecurity & Privacy – Engaging in Controversial Issues = Anon DDoS Attack – Privacy Policies & TOS – PR critical in Incident Response • Manage the message • Ensure accuracy • Engaging with critics after data breach
  23. 23. Spencer Fane LLP | While We’re Talking “Hacking” No, your Facebook Account was not “hacked,” it was likely “cloned”
  24. 24. Spencer Fane LLP | Speaking of Not “Hacking” No, the Russians did not “hack” the 2016 election, they did run a very successful information warfare campaign using social media! • Sun Tzu, The Art of War (512 B.C.) – “The whole secret lies in confusing the enemy, so that he cannot fathom our real intent.” – “If his forces are united, separate them. If sovereign and subject are in accord, put division between them.” – “Supreme excellence consists of breaking the enemy's resistance without fighting.” • Dezinformatsia – why? How to we protect against? • Greatest “cyber” threat? • [Russia / Iran / China / N. Korea / Syria / et al] will likely try to actually “hack” aspects of future elections.
  25. 25. Spencer Fane LLP | One More Thing About “Hacking” If you are using for business and haven’t changed your password since creating your account, was it really “hacked”? • i.e, – Message 1: “yes, please process my tax return like you did last year” – Message 2: “oh, but send the refund to this bank account instead”
  26. 26. Spencer Fane LLP | One More One More Thing About “Hacking” If you are using MS O365 – you had better be using Multi-Factor Authentication! TRUST ME!!!
  27. 27. Spencer Fane LLP | AGENCY ISSUES
  28. 28. Spencer Fane LLP | WHO IS RESPONSIBLE IF THE CONTRACT DOES NOT SAY? The dispute in Travelers Casualty and Surety Co. of America v. Ignition Studio, Inc. reveals that their contract did not address several important cybersecurity issues. This case began with Alpine Bank, a financial institution, hiring Ignition Studio, a professional website design company, to design and host its website. Ignition Studio designed and, apparently, hosted the website for Alpine Bank. Some time later, hackers attacked the website and caused a data breach that caused Alpine Bank to incur $154,711.34 in expenses to comply with its data breach response obligations.
  30. 30. Spencer Fane LLP | • What your company’s employees say or do can hurt you! – communications – tortious interference – defamation (libel, slander, bus. defamation) – false advertising & false warranties – privacy / data breaches – online impersonation – harassment and cyber-bullying – “puffery” of facts Tort Claims
  31. 31. Spencer Fane LLP | Federal Agencies are Watching • FTC – Investigated Hyundai for not disclosing incentives given to bloggers for endorsements – Google (Fed. Ct. in Oracle v. Google) • HHS & OCR – could have investigated hospital worker who posted patient “PHI” on Facebook  “Funny, but this patient came in to cure her VD and get birth control.” • SEC – false statements in raising funds (SEC v. Imperia Invest. IBC) or insider information  “Board meeting. Good numbers = Happy Board.” before official release • Regulatory law
  32. 32. Spencer Fane LLP | CONTRACT LIABILITY
  33. 33. Spencer Fane LLP | Potential Trouble Spots? • Giveaways and contests can be trouble for many reasons – do not do them on social media without careful consideration and vetting – Some sites’ TOS prohibit – Jurisdiction gambling and contest rules • Example: Facebook’s Page Terms
  34. 34. Spencer Fane LLP | WHAT CAN YOU DO?
  35. 35. Spencer Fane LLP | SHOW DILIGENCE
  36. 36. Spencer Fane LLP | SOCIAL MEDIA POLICIES
  37. 37. Spencer Fane LLP | General Strategy for Policies • Recognize and appreciate potential issues • Decide how to handle those issues • Educate your team on those issues • Collaborate and train on how to comply with and resolve issues • Create and outline procedures for using social media • Monitor (to some degree) to ensure compliance
  38. 38. Spencer Fane LLP | Social Media Policies Are a “Must Have” • Ounce of prevention: less than 1 day of litigation • If have, must enforce • Trying to predict issues – but evolving – can’t get all • Contractually resolve issues such as ownership and authority • Great opportunity to set rules and document expectations • Training – greater opportunity to explain and ensure understanding of expectations • Put on notice of monitoring – and actually monitor! • Should address employment issues
  39. 39. Spencer Fane LLP | POLICY BUZZ-KILL
  40. 40. Spencer Fane LLP | Will the National Labor Relations Board Allow It? • NLRB jurisdiction = impacts interstate commerce • National Labor Relations Act (NLRA) sec. 7 gives employees right to engage in “concerted activities for the purpose of … mutual aid and protection” • NLRB finds illegal any policy provision that (a) restricts or (b) an employee would reasonably construe to chill concerted activities • On 5/30/12 NLRB General Counsel issued its 3rd Report on Social Media Policies in 1 year period (8/11 & 1/12) • Has continued – with several since then
  41. 41. Spencer Fane LLP | Can You Guess Who the NLRB is Pulling For? • Making it very difficult for businesses to protect themselves • Social media policies must now be carefully tailored to – Address unique business and legal needs of your business – Be enforceable and lawful in a court of law – Be legal in the eyes of the NLRB • Examples of provisions found illegal by NLRB
  42. 42. Spencer Fane LLP |
  43. 43. Spencer Fane LLP |
  44. 44. Spencer Fane LLP |
  45. 45. Spencer Fane LLP | Richmond Dist. Neighborhood Center v. Callaghan “The question is whether the conduct is so egregious as to take it outside the protection of the Act, or of such character as to render the employee unfit for further service.”
  46. 46. Spencer Fane LLP | 56 Pier Sixty, LLC (NLRB March 31, 2015) • Employee on Facebook: called his manager a “NASTY MOTHER F****R” and a “LOSER,” said “f**k his mother and his entire f***ing family,” and ended the post by saying “Vote Yes for the Union!” • Company fired him. • NLRB: Firing improper. Feeling of mistreatment motivated statements and employees were simultaneously seeking redress through upcoming union election which made statements protected, concerted activity. • Comments not egregious enough.
  47. 47. Spencer Fane LLP | What is the NLRB Really Looking For? • Clarity and precision • Examples of do’s and don’ts that give context and real-life meaning to the rules • Implementation + training = 
  48. 48. Spencer Fane LLP | CYBER INSURANCE
  49. 49. Spencer Fane LLP | Cyber Insurance • If you are doing anything in cyberspace, you need it. Period. • Most traditional insurance does not cover cyber-events, even if you think it does (really!) • Cyber-Insurance is relatively inexpensive • Many policies include a cyber-risk audit before being underwritten • Policies can cover social media risk, computer fraud risk, and data breach / hacking risk • You must get your vendors / law firm’s pre-approved!
  50. 50. Spencer Fane LLP | SUMMARY
  51. 51. Spencer Fane LLP | • Social Media is wonderful! • Must find proper balance within the rules • Communicate – yep, just talk about it internally, like, over coffee! • Spend time with employees to help them understand and possibly collaborate on the rules • Create a social media policy – Address unique business and legal needs of your business – Be enforceable and lawful in a court of law – Be legal in the eyes of the NLRB • Enforce your social media policy • Seriously consider cyber-insurance!
  52. 52. Spencer Fane LLP | Shawn Tuma Co-Chair, Cybersecurity & Data Privacy Spencer Fane LLP 972.324.0317 • 20+ Years of Cyber Law Experience • Practitioner Editor, Bloomberg BNA – Texas Cybersecurity & Data Privacy Law • Council Member, Southern Methodist University Cybersecurity Advisory • Board of Advisors, North Texas Cyber Forensics Lab • Policy Council, National Technology Security Coalition • Board of Advisors, Cyber Future Foundation • Cybersecurity & Data Privacy Law Trailblazers, National Law Journal (2016) • SuperLawyers Top 100 Lawyers in Dallas (2016) • SuperLawyers 2015-19 • Best Lawyers in Dallas 2014-19, D Magazine • Chair-Elect, Computer & Technology Section, State Bar of Texas • Privacy and Data Security Committee of the State Bar of Texas • College of the State Bar of Texas • Board of Directors, Collin County Bench Bar Conference • Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association • Information Security Committee of the Section on Science & Technology Committee of the American Bar Association • North Texas Crime Commission, Cybercrime Committee & Infragard (FBI) • International Association of Privacy Professionals (IAPP)