Monday, June 27, 2011

Technology, Law, and the Workplace: Week in Review

This Week in Review illustrates the Wild West that is the world of technology.  Several stories from this week discuss events no one could have imagined ten years ago, including arrests of the members of the LulzSec hacking group, a looming FTC antitrust probe of Google for its dominance of the internet search market, and, of course, another take on the Rep. Anthony Weiner scandal.

In the midst of these developments, a story about the recent anniversary of the Listserv caught my attention.  Listserv, the first automatic email delivery software, just celebrated its 25th year.  In many ways, the Listserv was the precursor to social media, allowing email subscribers to share information interactively.

So what technological development will we be marking in 25 years?  One major change already underway in many workplaces is the use of social media for internal communications.  Imagine sending an instant message ("IM") to your colleague to ask a quick question, or participating in online discussions with co-workers from down the hall as well as around the world.  These changes, and more, are already underway in many workplaces.  And in the Wild West of technology, change is the name of the game.

Technology in the Workplace
Technology and the Law More Generally
  • Arrest Puts Spotlight on Brazen Hacking Group LulzSec (NY Times)
  • FTC Is Poised to Pursue Antitrust Probe re Google’s Web-Search Dominance (ABA Journal)
  • Winklevosses Drop Facebook Fight and Keep Settlement (Bits)
  • F.B.I. Seizes Web Servers, Knocking Sites Offline (Bits)
  • Does Your Sarbanes-Oxley Act Compliance Program Reflect Your Social Media Presence? (Social Media Law Update)
  • Prosecutor’s Facebook postings did not warrant overturning conviction (Internet Cases)
Technology in the News
  • Charity Goes Mobile To Appeal to Young (NY Times)
  • Email Everywhere: 25th Anniversary Of Listserv (Fast Company)
  • Security Professionals Say Network Breaches Are Rampant (Bits)
  • Upending Anonymity, These Days the Web Unmasks Everyone (NY Times)
  • Japanese ‘K’ Computer Is Ranked Most Powerful (NY Times)
  • Data for 1.3 Million Customers Stolen in Latest Game Maker Attack (NY Times)

Saturday, June 18, 2011

Technology, Law, and the Workplace: Week in Review (The Citigroup Edition)

Data security breaches have been in and out of the headlines recently, and the Citigroup breach has once again brought the topic to the forefront.  This week, Citi announced that more customers than originally announced had information stolen by hackers.  All told, Citi reports that approximately 360,000 customer accounts were compromised.  Even more troubling, Citigroup does not even know how the computer breach occurred, only that it affected hundreds of thousands of its credit card customers by revealing names, account numbers, and contact information.

Although Citigroup may not know the cause of the breach, the manner of discovery of the breach provides an important lesson.  Citigroup apparently discovered unauthorized access through routine monitoring of the system.  This story is a good reminder about the importance of monitoring and maintenance.  No one could possibly hope to predict every potential information security threat, whether from outside hackers or from employees or other authorized users within the network.  However, in many cases, the information about what's going on in the system can be just as valuable.

Technology in the Workplace
Technology and the Law More Generally
Technology in the News
  • Deploying New Tools to Stop the Hackers (NY Times)
  • Citigroup Data Breach Worse Than Initially Reported; CIA Website Also Hacked (Risk Management Monitor)
  • Connecting With Client Through the Power of Tech (NY Times)
  • Same Gaffes, But Now on Twitter (NY Times)
  • U.S. Underwrites Internet Detour Around Censors (NY Times)
  • I.M.F. Reports Cyberattack Led to 'Very Major Breach' (NY Times)
  • Negative Online Information Can Be Challenged, at a Price (NY Times)

Friday, June 10, 2011

Technology, Law, and the Workplace: Week in Review

This week, Facebook once again stirred controversy with its recent changes to its privacy policy. Once again pushing the boundaries of online privacy, Facebook now automatically opts users into facial-recognition technology. The technology compares pictures posted on Facebook to a central repository of identified photos, and then asks friends of the person it recognizes to "tag" the user in the photo.

So what does this development mean for employers? In the short term, more information. Users who have not opted out of the technology may find themselves identified and tagged by other users. As a result, employer searches of social networks may turn up even more detailed information about applicants and employees. Whether employers can act on those results is another matter entirely.

In the long term, the use of facial recognition technology has the potential to revolutionize the world of online information. There is a vast repository of electronic information already available on social networking sites, and that information increases exponentially each day. Facial-recognition technology has the ability to connect this information with the actual physical appearance of users, potentially destroying the anonymity of individuals on the web. Although reasonable minds can differ about whether that change would be good or bad policy, no one can deny that this shift represents a sea change in online privacy.

Technology in the Workplace
Technology and the Law More Generally
  • Top N.J. Court Says Bloggers May Not Qualify for State Shield Law Protection Against Revealing Sources (ABA Journal)
  • Family Sues Over Webcam Scandal in Philly Schools (Courthouse News)
  • Alaska Grants a Closer Look at Sarah Palin's Emails (Wall Street Journal)
  • Court dismisses class action against MySpace for violation of the Stored Communications Act (Internet Cases)
  • Court dismisses unfair competition claim against Facebook over alleged privacy violation (Internet Cases)
Technology in the News
  • Citi Confirms Data Breach at Citi Account Online (NY Times)
  • Facebook Changes Privacy Settings to Enable Facial Recognition (Bits)
  • Online Video Start Ups Seek to Carve Out a Place Beside YouTube (NY Times)
  • Data Grows, and So Do Storage Sites (NY Times)
  • Projects Use Phone Data to Track Public Services (NY Times)

Tuesday, June 7, 2011

Cloud Computing—The Workplace Norm?

Courtesy of Apple
The recent attention given to Apple’s announcement of its “iCloud” internet-based online storage service is yet another indicator of the growing popularity of “cloud” computing, or using online data storage for files that can be accessed and managed anywhere using an internet connection. Instead of saving your files and data to your own device, you save them in a “cloud,” or web-based file cabinet. Google has offered this service to consumers since 2005 with its Google docs service. Now Apple is joining in, offering a free service that will basically allow users to mirror their iTunes library, photos, and other files on Apple data centers and access them via the Internet, avoiding the hassle and expense of storage on separate devices.

Apple’s announcement will no doubt fuel the already rapid growth of cloud computing. Despite the many risks associated with this technology, the business of online data storage is booming.

Employers are increasingly shifting to cloud computing systems to enable workers to access work information and files from any computer, anywhere, anytime. There are many potential business benefits to this technology, including costs savings, but there are also inherent legal risks. Numerous laws, including HIPAA, trade secrets laws, and the Fair Credit Reporting Act, among others, could be implicated when an employer chooses to use online data storage for employment and business data. As usual, technology and businesses are well ahead of the law on this topic, and there is a shortage of clear guidance in this area. At a minimum, employers should make sure they put into place carefully crafted agreements (think trade secrets and confidentiality provisions), policies (is cloud computing described and covered in your technology and/or social media policies?) and employee communication strategies and plans (make sure employees know and understand your position on the issue) before venturing into the “cloud” in cyberspace.

Monday, June 6, 2011

Technology, Law, and the Workplace: Week in Review (The Hipster Edition)

Although this work week was shortened by the Memorial Day holiday, there were plenty of stories in the world of technology, law, and the workplace.  Maybe it's because I just (finally) saw The Social Network, but the news about San Francisco start-up Hipster's unique search for employees stood out to me.  Hipster, looking for engineers, has taken to the web with a hilarious (though somewhat concerning) pitch:  they are offering $10,000, a year's supply of Pabst Blue Ribbon beer, and an assortment of hilarious "hipster" accessories, such as a fixed gear bicycle, skinny jeans, and even "'stache grooming services."

I have to admit that this is a very clever marketing move by Hipster.  According to the New York Times, Hipster attracted a host of qualified candidates with little to no marketing costs.  However, I've written earlier on the blog about the EEOC's stance on the disparate impact of required technology in the hiring process.  If, as it appears, the advertising for this position is online only, Hipster could find itself in hot water with the EEOC.

But Hipster could face liability for a lot more than just disparate impact claims.  Mustache grooming services?  Are they trying to get sued for gender discrimination?  And a year's supply of beer?  I hope they are ready for the havoc that could unleash in the workplace!  I'm not just thinking about bad behavior fueled by alcohol.  What if employees develop substance abuse problems as a result of this workplace "perk"?  Who is liable for an employee's off-duty misconduct or accidents caused by on-duty drinking?  It doesn't take an employment lawyer to dream up the nightmare scenarios for an employer that offers unlimited alcohol to employees during working time!

In the end, Hipster may find that its marketing campaign was worth the risk.  I just hope that Hipster went into this 'viral' campaign with its eyes wide open on the employment law risks it could face.  

Below are some of the other articles and blog posts that I've read in the last week.  Although not as exciting as hipsters and free beer, I think they're still pretty interesting!

Technology in the Workplace
Technology and the Law More Generally
  • The FDA Pivots to Regulate Apps? (EntreView)
  • Pentagon to Consider Cyberattacks Acts of War (NY Times)
  • Congressman, Sharp Voice on Twitter, Finds It Can Cut 2 Ways (NY Times)
  • Ruling Spells Doom for Safety Suit (Courthouse News)
  • Former Lawyers for Courtney Love Claim She Libeled Them in a Tweet (ABA Journal)
Technology in the News
  • Groupon Plans I.P.O. With $30 Billion Valuation (DealBook)
  • YouEye's Cheap Eye Tracking Lets Brands Use Your Webcam to Watch What You Watch (Fast Company)
  • Twitter Goes Into Photo and Video Business (Bits)
  • Web Hackings Rattle Media Companies (NY Times)
  • iPad Finds a Place on Deck (NY Times)
  • Consumer Complaints Made Easy. Maybe Too Easy (NY Times)

Wednesday, June 1, 2011

Email and the Law of Unintended Consequences

The subject of employees' email privacy comes up a lot, both in this blog and in employment law and litigation generally.  Last week's Week in Review, for example, cited a federal court judge's decision that an executive's emails, sent to his wife from his work computer,  were not protected or privileged, and could be used as evidence in a securities fraud case.  Evidence gleaned from emails shows up in many, if not most, harassment cases, and emails are a common source of evidence about the legitimacy of an employer's "non-discriminatory business reason" for an adverse personnel action.  Given all the talk about it, it's amazing how often work email is used - by managers and non-supervisory employees alike - for inappropriate purposes.  I sometimes wonder whether sitting down in front of a computer screen diminishes common sense.

We had occasion recently to review hundreds of thousands of internal emails for a client.  Although we weren't looking for them, we ran across a remarkable number of emails that I'm sure the authors never wanted their employer to see.  A year-long affair between employees was documented in more than a thousand emails, ranging from sweet and silly to downright pornographic.  Another employee's feud with a neighbor was the subject of hundreds of long emails clearly written during work hours.  A supervisor wrote in detail about his efforts to undermine a subordinate because the subordinate's brother had crossed him.  Another supervisor wrote to employees spelling out instructions on how to game the employer's time-keeping system.  An employee sent out numerous emails, including bills, relating to a separate business he was running from the employer's computer.  We felt compelled to turn over many of these emails to our client, the employer, and the employer had to make a series of difficult decisions about what to do about them.  It caused us to wonder if all employers' email records would reveal such improprieties if they were reviewed.

Our experience suggests that inappropriate email communication comes from (and to) employees at all levels and in all industries.  It has come to replace lunchroom and water-cooler gossip, and unlike gossip, it lasts forever, exactly as written, on a hard drive.  Email and the internet offer employees unlimited communication with almost anyone, on any subject.  So what's an employer to do?

  • As discussed in earlier posts (here, here, and here), it's essential to have clear policies, consistently enforced, about email and internet use at work.
  • Employees need to be educated about the potential consequences of inappropriate emails.  Employers should consider training that includes examples - like the ones described above - of situations from other workplaces in which thoughtless communication has caused real trouble.
  • Managers and supervisors need to be part of the solution.  That means holding them accountable for their own email and internet use.  They should be encouraged to model good behavior and to be alert for inappropriate communication.
  • Employers should consider monitoring of email and internet use.  There are numerous monitoring programs available.  Although constant monitoring is often too time-consuming, random or targeted monitoring can yield good results. 
  • If monitoring reveals inappropriate communications, the employer should respond by letting the employee(s) involved know what's been found and why it's a problem.  Discipline may or may not be appropriate, but making employees aware of monitoring provides an important reminder of the employer's determination and ability to enforce its policies.