Crime in the Suites: An Analyis of Current Issues in White Collar Defense
Author Archive
May 09
2014

Zealous Counsel or Unethical Social Media Maven – How Far Can a Lawyer Go?

Social media has opened a Pandora’s box of information about just about everyone today, including jurors, witnesses, opposing counsel, defendants and plaintiffs.  As lawyers we want to leave no stone unturned in pursuing a client’s interest, but just how far can we go without jeopardizing our case?  For instance, can counsel (or someone acting at counsel’s direction, such as a paralegal) review a publicly available Facebook page to learn about the background and likes of a potential witness or party?  (Most likely, yes).  May attorneys “friend” that witness to gain access to the witness’s full Facebook page?  (It depends).  Can an in-house lawyer advise an employee to remove posts from the employee’s Facebook page because the lawyer thinks the post could be damaging in an ongoing lawsuit? (Most likely, not).  Can a lawyer “friend” a potential juror? (No).  All counsel need to be cognizant of evolving trends in ethics rules on social media use and contacts.

The New York State Bar Association recently released extensive “Social Media Ethics Guidelines” to address lawyers’ utilization of social media, particularly as to interactions with clients, prospective clients, witnesses, and jurors.[i] The Guidelines are a non-binding advisory publication based on New York’s Rules of Professional Conduct (and precedent in other states) and issued by the Social Media Committee of the New York State Bar Association’s Commercial and Federal Litigation Section. While the Guidelines provide instruction to New York lawyers, they represent the most comprehensive statements on the ethical constraints on lawyers’ use of social media to gather information in litigation. Consequently, other states will likely use the Guidelines in crafting their own policies.

Several other states have either provided some limited guidance as to social media accounts and parties/witnesses/jurors, or are reviewing these issues.  This article provides a brief summary of recent developments, utilizing the New York Guidelines as a guide and an example of how other states may view similar situations.

Reviewing Public Posts

New York Guideline No. 3.A provides that a lawyer may review the “public portion” of a person’s social media profile or public posts, even if that person is represented by counsel.  Under the Guidelines, such access is permissible for obtaining information about the person, including impeachment material for use in litigation. “Public” means: “information available to anyone viewing a social media network without the need for permission from the person whose account is being viewed.” (Comment to New York Guideline No. 3.A). The Guideline cautions, however, that attorneys should be aware that some social media automatically notify a person when someone views that person’s account. 

Reviewing Restricted Posts – Unrepresented Parties

Going one step further, New York Guideline No. 3.B allows a lawyer to request permission to view the restricted portion of an unrepresented person’s social media account.  The lawyer must use his or her full name and an accurate profile.  Attorneys may not create fake or different profiles to mask their identities.  If the person asks for additional information in response to the request, the lawyer is required to accurately provide that information, or withdraw the request.  Earlier, the New York City Bar Association, in Formal Opinion 2010-2, ruled that an attorney or agent may ethically “friend” an unrepresented party without disclosing the true purposes, but may not use trickery.[ii]

Reviewing Restricted Posts – Represented Parties               

New York Guideline No. 3.C bars lawyers from contacting represented persons to seek to review the restricted portion of a person’s social media profile unless the person (presumably, through counsel) furnished an express authorization.  This includes persons represented individually or through corporate counsel.  Interestingly, the Guideline advises that lawyers should use caution before deciding to view “a potentially private or restricted social media account or profile of a represented person which a lawyer rightfully has a right to view, such as a professional group where both the lawyer and represented person are members or as a result of being a ‘friend’ of a ‘friend’ of such represented person.”[iii]

Instructing Others

Lawyers may not direct others, such as paralegals and office staff, to engage in conduct through social media in which the lawyer may not engage. (New York Guideline No. 3.D).  The comment to the Guideline makes clear that this prohibition includes a lawyer’s investigator, legal assistant, secretary, other agent, or even the lawyer’s client.

Using Information Provided by Clients

In situations where a client provides to his lawyer the contents of a restricted portion of a represented person’s social media profile, that the lawyer may review the information, provided certain criteria are met.  (Guideline No. 4.D). The lawyer may not have caused or assisted the client to: inappropriately obtain confidential information from the represented party; invited the represented person to take action without the advice of his or her lawyer; or otherwise overreach regarding the represented person.  “Overreaching” in this context means situations where the lawyer is “converting a communication initiated or conceived by the client into a vehicle for the lawyer to communicate directly with the nonclient.”  Lawyers should be very careful not to advise a client to “friend” a represented person to obtain private information.

Deletion of Social Media Information

The New York Guidelines also address whether a lawyer can advise a client to remove content on the client’s social media account (whether posted by the client or someone else).  A lawyer may advise a client as to what content may be taken down or removed, as long as there is no violation of law – whether statutory or common law – or of any rule or regulation relating to the preservation of information.  If the party or nonparty is subject to a duty to preserve, he or she may not delete information from a social media profile unless an appropriate record of the data is preserved.

Special Considerations Regarding Jurors         

The New York Guidelines allow lawyers to research and view a prospective or sitting juror’s public social media website, account, profile and posts.  However, Guideline No. 5.B cautions that lawyers should be careful to ensure that no communication with the juror takes place – including automatic notices sent by social media networks.  The Guidelines also preclude attorneys from making misrepresentations or engaging in deceit to be able to view a juror’s social media account, profile, or posts, or directing others to do so.  An earlier opinion of the New York City Bar, Formal Opinion 2012-2, concluded that attorneys may use social media websites for juror research as long as no communication occurs between the lawyer and the juror as a result of the research.  Attorneys may not research jurors if the result of the research is that the juror will receive a communication.  Further, neither the lawyer, nor anyone acting at her direction, may use deception to gain access or to obtain juror information.

In April, the American Bar Association (“ABA”) issued Formal Opinion 466, concluding that lawyers may look at information available to everyone on a potential or actual juror’s social media accounts or website.  In other words, observing postings on a public portion of a social media account does not constitute improper ex parte contact with a juror.[iv]  However, ABA Formal Opinion 466 states that lawyers may not send access requests to jurors.  Such a “communication” would constitute a prohibited ex parte contact.[v]  However, under the ABA’s opinion, a social media network’s automatic notification to an individual that an attorney has reviewed that person’s social media account is not violative of the prohibition on communicating with jurors (thus differing from the New York City Bar opinion 2012-2).  The ABA considers the notification to be made by the social media platform, not the attorney. Both the New York Guidelines and ABA Formal Opinion 466 advise lawyers to review the terms of use of social networks regarding automatic subscriber notifications.  Some social networks allow viewers to anonymize their viewing, for instance, which may be a useful course of action.

New York Principles Followed and Expanded in Other Jurisdictions

Other states take a similar approach to public information, generally permitting a lawyer to review the public information of a party, witness, or juror, and prohibiting a friend request or similar request to access non-public information of a juror.  As to witnesses, some Bar authorities (such as those in New Hampshire) specifically allow lawyers to request access to the non-public social media profiles of witnesses, provided the attorney does not use deception.  Virginia bar rules prevent lawyers from “pretextually ‘friending’ someone online to garner information useful to a client or harmful to the opposition,” as pretexing violates Virginia Rule 8.4(c) prohibition against “dishonesty, fraud, deceit or misrepresentation.”  In New Hampshire, a lawyer must also inform the witness of the lawyer’s involvement in the matter.  In Oregon, the State Bar Ethics Committee ruled that a lawyer may access an unrepresented individual’s publicly available social media information but “friending” a known represented party is impermissible absent express permission from party’s counsel.[vi]  The San Diego Bar opined that an attorney attempting to access the non-public Facebook pages of certain high-ranking employees of the opposing party without disclosing the motivation of the friend request violates California Rule of Professional Conduct 2-100 (prohibiting communication with a represented party unless the attorney has the consent of the other lawyer).  Interestingly, the opinion concluded “high-ranking employees” of a represented corporate adversary are considered “represented parties” for purposes of the rule.[vii]

As a general rule, deceptive practices used to gain access to private social media pages may result in proceedings by bar authorities or other adverse actions.  An Ohio prosecutor was fired after his office found out he had created a fake Facebook profile and “friended” a defendant’s alibi witnesses, seeking to influence them against the defendant.[viii]

On the subject of deleting social media pages, a Virginia court sanctioned a plaintiff and his attorney for deleting a Facebook profile and pages that contained photographs that could have negatively impacted a widowed husband’s claim for damages from the wrongful death of his wife in an automobile accident.[ix]  While counsel denied having instructed his client to delete the postings, testimony supported a claim that the attorney directed his paralegal to tell the Plaintiff to “clean up” his Facebook entries.  The court sanctioned the Plaintiff $180,000, and the Plaintiff’s counsel $542,000. Plaintiff’s counsel later agreed to a five year suspension.  The suspension order stated that the attorney violated ethics rules that govern candor toward the tribunal, fairness to opposing party and counsel, and misconduct.[x]

The New York Guidelines provide a useful reminder to practitioners that social media communications cross state lines and may implicate other states’ ethics rules. Counsel should consider Bar rules in states where counsel is admitted, as well as the jurisdiction of any pending case.  In the case of misconduct in a state where counsel is not admitted, it is certainly possible for that state to make a referral to a state where an attorney is barred.  While social media presents a trove of potentially useful information, all counsel need to be aware of, and abide by the ethical restrictions and to tread carefully, particularly as to non-public information.  Bar rules and opinions in this area continue to develop to keep pace with technology trends.  Counsel should continue to monitor further ABA and state bar rulings, particularly before conducting any research pertaining to non-public social media profiles and pages or seeking to communicate with parties, witnesses or jurors.

_____________________________

[i]              The Guidelines are available at: https://www.nysba.org/Sections/Commercial_Federal_Litigation/ Com_Fed_PDFs/Social_Media_Ethics_Guidelines.html.

 [ii]               See “Obtaining Evidence from Social Networking Websites,” Formal Opinion 2010-2, available at http://www.nycbar.org/pdf/report/uploads/20071997-FormalOpinion2010-2.pdf.

 [iii]              Comment to New York Guideline No. 3.C.

[iv]              Formal Opinion 466 is available at: http://www.americanbar.org/content/dam/aba/administrative/ professional_responsibility/formal_opinion_466_final_04_23_14.authcheckdam.pdf/  (“ABA Formal Opinion 466”).

[v]               ABA Formal Opinion 466 at 4.

 [vi]              Oregon State Bar Ethics Committee Op. 2013-189 (available at https://www.osbar.org/_docs/ethics/2013-189.pdf).               

 [vii]             See San Diego County Bar Association Legal Ethics Opinion 2011-2, available at https://www.sdcba.org/index.cfm?pg=LEC2011-2.

 [viii]             See Ifrah Law’s blog coverage at http://crimeinthesuites.com/prosecutor-fired-for-lying-on-facebook-to-wtinesses-in-murder-case/.     

 [ix]              Lester v. Allied Concrete Co., Case No. CL09-223 (Va. Cir. Ct. Sep. 1, 2011); Lester v. Allied Concrete Co., Case Nos. CL08-150, CL09-223 (Va. Cir. Ct. Oct. 21, 2011).

 [x]               SeeIn the Matter of Matthew B. Murray, available at http://www.vsb.org/docs/Murray-092513.pdf.

 

 

posted in:
Uncategorized
tags:
Apr 16
2014

Offshore Accounts? IRS is Watching

If you have unreported income from offshore accounts, now may be the best time to come forward and report those earnings; otherwise, you may be susceptible to criminal prosecution.

The IRS initially began this open-ended Offshore Voluntary Disclosure Program (OVDP) in 2009 and later renewed it in 2011. Due to strong interest from previous years, the IRS rolled the 2012 Offshore Voluntary Disclosure Program back out in January. This program provides a way for taxpayers to come forward voluntarily and report their previously undisclosed foreign accounts and assets. The program is designed to resolve an inordinate amount of cases without the IRS having to take the time to conduct independent, thorough investigations of alleged tax fraudsters.

Despite the name, and unlike its predecessors, the 2012 OVDP has no set deadline for taxpayers to apply. However, citizens should be cognizant of the fact that the IRS can change the terms at any given time. For example, the program’s tax penalty could increase, or worse – the program could completely end without any notice, leaving taxpayers as fair game for IRS crosshairs. Those choosing to not report their offshore assets could be prosecuted under the fraud penalty and foreign information return penalties, in addition to increasing their risk of criminal prosecution.

Additional and possible criminal charges that could stem from undisclosed tax returns include tax evasion, filing a false return and failure to file an income tax return. A person convicted of tax evasion is subject to a prison term of up to five years and a fine of up to $250,000. Taxpayers should understand that the likelihood of undisclosed offshore accounts being found is increasing through information available to the IRS by tax treaties, information from whistleblowers and more revealing information by way of the Foreign Account Tax Compliance Act (FATCA), which we’ve blogged on before.

Citizens are wising up and taking advantage of the program. Since 2013, more than 39,000 citizens have utilized OVDP and disclosed unreported earnings. This has netted over $5.5 billion in recovered tax revenues for the IRS.

A few citizens, such as Ty Warner, have ignored the ODVP. The creator of Beanie Babies saw this enforcement first hand when the IRS came knocking on his door, alleging that he hid a secret offshore bank account. In September 2013, a federal court in Chicago issued tax evasion charges against Warner. The court fined Warner a civil fine of $53 million and he was sentenced to two years of probation. Additionally, Warner paid $14 million in back taxes.

While some citizens will surely be tempted to allow their offshore earnings go unreported, we are here to tell you that decision (and risk) may come at a high price.

Mar 31
2014

Employers Seeking to Curb Employee Mobile Phone Use at Work? Don’t Use Illegal Signal Jammer – FCC is “Listening”

Some employers, particularly those in manufacturing, health care, and other situations where mobile phone use could interfere with employee safety, have come up with novel approaches to curbing employees’ uses of mobile phones.  While a policy restricting personal phone calls and texting may be acceptable, installation of a signal jammer to prevent employees from accessing the network is unlawful and can subject the employer to significant penalties.  R&N (“RNM”) Manufacturing, Ltd.  In Houston, Texas learned this lesson the hard way when the Federal Communications Commission  (“FCC”) showed up at its manufacturing facility.

As background, RNM purchased a signal jammer online in February 2013, to prevent employees from placing wireless calls from the factory, by blocking cell phone communications.  With very limited exceptions, the Communications Act and the FCC’s rules bar the importation, use, marketing, manufacturing, and sale of jammers.  Jammers may be available for sale all over the Internet, but they are prohibited.  The reason behind this prohibition is that jammers can interfere with emergency and other communications services, including GPS. Signal jammers typically transmit high-powered radio signals that interfere with authorized communications.  The interference can, among other dangers, place first responders and the public at risk if critical communications cannot be transmitted.

AT&T determined that a signal originating from RNM’s Houston facilities was interfering with AT&T’s signal, and reported the interference to the FCC’s Enforcement Bureau. FCC field agents in Houston conducted an investigation and found strong signals coming from RNM’s Houston facility.  The agents subsequently visited the facility to determine the source of the interference and to notify a corporate officer.  RNM’s CFO confirmed the jammer and promised to discontinue the jammer’s use. A formal enforcement action followed.

After analyzing the facts and the agency’s forfeiture guidelines, the FCC imposed a forfeiture on RNM of $29,250 for the 10-day operation (and the voluntary relinquishment of the illegal device).  While this is not a huge penalty, the FCC noted that it could have imposed a forfeiture in excess of $337,000 had it imposed a straightforward application of the statutory maximum.

There are a few important points to note here. First, employers seeking to curb employee mobile use should rely on policies and enforcement, rather than “self-help” through installation of their own devices.  While jammers are available for purchase online – they are illegal irrespective of what a website might advertise. 

Second, while companies might not expect an FCC official to show up at their door for an investigation, the agency (like many other agencies) has field agents and they do conduct on-site investigations – including without notice.  All organizations should have a designated officer or senior employee who is trained to interface with investigators.  Outside counsel can also be key here to interact with the agents and help guide the company through the audit.

Third, monetary penalties can be steep.  A mere 10 days’ use of the signal jammer cost RNM a nearly $30,000 penalty plus likely legal fees and employee time. Had RNM been using the cell jammer over a longer time period, it could have faced a six-figure fine.

Fourth, even though RNM was not an “FCC-regulated” entity such as a broadcast station, telecom company, etc., it understood the need to be responsive and to take the matter seriously.  Just because a company is not regularly under an agency’s jurisdiction doesn’t mean it is not subject to the agency’s enforcement powers.  Federal agencies such as the FCC and FTC enforce laws with wide-ranging implications and can subject companies in various industries to their jurisdiction.

The FCC’s Notice of Apparent Liability for Forfeiture is available here.

Feb 26
2014

Jeff Ifrah Presents on the Future of Online Gaming at J.P. Morgan Global High Yield & Leveraged Finance Conference

Yesterday, at the annual J. P. Morgan Global High Yield & Leveraged Finance Conference in Miami Beach, Florida, Ifrah Law Founding Member Jeff Ifrah shared his predictions for the growing online gaming industry in the U.S. and in Europe.  Susan Berliner, an analyst with J.P. Morgan who covers gaming and lodging, moderated the panel, which also included Marc Falcone, CFO of Fertitta Entertainment/Station Casinos, and Eamonn Toland, President of Paddy Power.  The panelists addressed the potential for online gaming’s additional expansion in the states as well as payment and logistical issues.

J.P. Morgan’s conference attracted a crowd of over 1,000 CEOs, CFOs and other C-Suite executives from high-growth companies across an array of industries, including gaming, entertainment, energy, and transportation and institutional investors. Questions from attendees at Tuesday’s panel indicated that investors were most interested in the rollout of online gaming in the three states that presently permit it:  Delaware, Nevada, and New Jersey.

Ifrah noted that one study predicts online gaming revenues in the U.S. to reach approximately $670 million. According to Ifrah, how online gaming grows depends on what the states do to permit gaming and their licensing processes and what other states come online in the near future.  Ifrah shared that just a couple hours before, Delaware and Nevada announced an historic agreement to pool their liquidity to increase their prize pool, allowing poker players in those states (and any other states which may subsequently sign on to the agreement) to play online poker offered by operators in either state, and to play against players in the other state. Governor Sandoval of Nevada and Governor Markell of Delaware met in Wilmington yesterday to announce this exciting development.  The State of Delaware, an Ifrah Law client, launched online gaming in November.

Marc Falone of Station Casinos observed that run rate revenues for online gaming are estimated at $150 million in 2014.  While online gaming is still in the early stages, it has the potential to be a much larger business with significant long-term growth potential. Falcone pointed out five challenges to online gaming growth, about which the panel generally agreed:

* General awareness – many consumers still do not understand that online gaming is legal in Delaware, Nevada, and New Jersey, which hinders participation and growth.

* Payments – despite online poker’s legality in the three states, Mastercard, Visa and other payment processors nevertheless decline to make deposits on online gaming sites.

* Geolocation – the states utilize geolocation technology to confirm that only residents in those states play.  Many individuals have found the geolocation confirmation process unwieldy and difficult with which to interact, causing them to choose another activity.  Falcone, Ifrah and the other panelists agreed geolocation technology and ease would improve over time.

* Security – in the age of high profile data breaches at Target, Neiman Marcus and elsewhere, and a reported breach on the Sands website, consumers’ interest in online gaming may be chilled.  New Jersey requires a player enter a social security number. Consumers are understandably reluctant to provide that type of sensitive personal information in a website form.  Industry needs to continue to work on secure procedures that will boost consumer confidence.

* Offshore gaming – licensed operators in the three states still compete with offshore gaming sites.

Eamonn Toland of Paddy Power stressed that online gaming revenues are currently as anticipated; growth takes time as consumers become more aware and some of the “wrinkles” identified above are ironed out.  He sees a significant revenue growth of 28% month-to-month.  As to whether online gaming “cannibalizes” land-based casinos, Toland and the other panelists concurred that the online gaming player is an entirely different demographic and they did not see the cannibalism effect.  Toland believes online gaming will grow significantly as states contract with each other like Delaware and Nevada just announced.

As to other states that may authorize online gaming, Ifrah and the other panelists mentioned California, Illinois, New York, and Pennsylvania as potential markets.  The panel participants cautioned that while these are exciting developments at the state level, the federal government would be monitoring online gaming operations to see if there are any significant issues, such as consumer protection issues.  However, at least one panelist believes that online gaming has extensive protections – such as age verification, protections for problem gamblers  – that result in fewer losses for consumers than in land-based casinos.

posted in:
Internet Law
Jan 16
2013

Bitcoins: Online Currency’s Uncharted Frontier

Bitcoin – it sounds like a token you might use to play skeeball at a beachside arcade. It is actually a relatively new, virtual online “currency” being used for payments across the Internet. While some observers have noted that the Bitcoin has been utilized primarily for purchases in the Internet “underworld,” the Bitcoin actually has gained traction more recently as a legitimate payment exchange. The Bitcoin might just be the surprise of the next generation of e-commerce and its progeny, mobile commerce.

The Bitcoin originated in 2009 with the issuance of the first Bitcoins by Satoshi Nakamoto, the pseudonymous person or group of people who designed the original protocol and created the peer-to-peer network. Users connect with other users rather than with a central issuer or server. This makes the Bitcoin attractive for illegal activities – authorities can’t pounce on a central office or simply seize one organization’s assets. The Bitcoin has no central issuing bank. Prices fluctuate a great deal; this past summer one Bitcoin traded at around $10. It is estimated that the monetary base of the Bitcoin is around $110 million.

There are several advantages to Bitcoins. They are largely unregulated. Also, payments can be made anonymously, leaving a minimal or no paper trail. Unlike credit cards, merchants do not face the hassle and uncertainty of “charge backs.” However, because of its past “underground” use, the Bitcoin lacks a reputation and general acceptance by mainstream merchants. For instance, the website “Silk Road” allowed users to buy and sell heroin and other illegal drugs provided they paid for their purchases using Bitcoins. Online gambling services have utilized Bitcoins with relative success.

While the past use of the Bitcoin has been limited, the new currency is picking up steam. Just a few days ago, BitPay, a payment solutions company, announced a large investment by a group of well-known tech investors. They see the Bitcoin as the next “PayPal” offering a fast payment method without the exchange of sensitive personal information that goes along with traditional credit card payments. Investors also see the benefits for small businesses, which can much more easily take payments from overseas using Bitcoins. Today, we can use Bitcoins to buy a wide array of products and services. This website provides links where we can purchase, for instance, jewelry, electronic cigarettes, natural cosmetics, and even survival products and dry cleaning, just to name a few offerings.

Just last month, the Bitcoin gained further acceptance when the Bitcoin-Central exchange owned by Paymium announced that it is partnering with registered PSP Aqoba and Frank Bank Credit Mutuel Arkea in order to legally hold balances in payment accounts within the European regulatory framework. However, as Bitcoins have not to date been backed by a governmental entity and several users have reported losses from fraud and hacking into their computers where they stored Bitcoins, continued use and acceptance will be affected by the reliability of the payment network, as well as any attempts to regulate it.

As use of the Bitcoin expands, regulators (particularly in the United States) may seek to regulate the currency. U.S. prosecutors tend to view anonymous payments with skepticism and suspicion.

Our view is that use of the Bitcoin network has expanded in large part as a natural reaction to overly zealous authorities enforcing anti-money laundering rules and policies against banks and individuals. Parties facing onerous reporting obligations and over-the-top fines have been seeking alternative payment methods. The FBI has shown some interest in Bitcoin (in an April 2012 report the FBI expressed concern about cyber criminals using Bitcoins). Last year, a spokesman for FinCEN stated that “The anonymous transfer of significant wealth is obviously a money-laundering risk, and at some level we are aware of Bitcoin and other similar operations, and we are studying the mechanism behind Bitcoin.”

However, we think the law will take some significant time to catch up with the fast-moving network. It remains to be seen whether current U.S. law can be applied to cover Bitcoins, or if specific legislation would be needed. Further, even if U.S. authorities seek to regulate Bitcoins, actual enforcement would be difficult as there are no stationary “assets” to be seized (not even a domain name or website). Bitcoins are typically stored in a “wallet” on a user’s computer. Authorities would in many instances be required to pursue each “peer” in the peer to peer network, which does not seem terribly practicable. In the interim, Bitcoins appear to be growing in use across industries and geographic locations.

Jul 24
2012

Ifrah Law Partner Michelle Cohen: Don’t Consider Yourself Immune to Data Breaches

Michelle Cohen recently joined Ifrah Law as a partner. Here is an edited transcript of a recent interview with Ms. Cohen.

Question:  What are some of your legal experiences and strengths that you’d like to highlight?

Answer: I have many years of experience representing clients engaged in various industry sectors before state attorney generals, the FTC and the FCC, particularly in investigations and enforcement matters. I have a deep knowledge of marketing law and have counseled and defended clients in dozens of matters involving the Telephone Consumer Protection Act, the federal Can Spam Act, and state and federal telemarketing laws and regulations. I also sat for and passed the Certified Information Privacy Professional examination administered by the International Association of Privacy Professionals. This demonstrates my broad capabilities in the field of privacy law.

Some recent matters of note include managing a data loss incident for a client that entailed notifications to several state attorney generals’ offices, assisting the client with remediation and public relations management, and reviewing existing data retention policies, as well as a follow-up investigation at the state level. The client was able to move forward without any enforcement activity.

On the Telephone Consumer Protection Act side, I have supervised teams of attorneys in defending class and individual actions and resolved FCC enforcement matters (including without any penalties).

My training as both a litigator and a regulatory/corporate advisor allows me to offer a wide range of services to clients. I take great pride in knowing that my regulatory advice to clients in how to craft their business practices and establish meaningful policies has resulted in these clients avoiding enforcement actions and litigation.

Question: There has been a lot of publicity these days about data breaches that have caused serious harm to a number of retailers, credit card companies, banks, and others. Do you think there has been a real uptick in the number of such breaches, and if so, why has it occurred?

Answer: I think the increased publicity stems more from the growing awareness on the part of companies and the press that there are various types of data breaches and data losses that are covered by federal and state laws and that need to be reported and remediated. Some years back, if a laptop containing sensitive information was stolen from an employee’s car, the company might disable the account and report the theft, but the event did not necessarily trigger potentially thousands of notices to those affected, state attorney generals and consumer protection offices, publicity (via news reports and blogs that cover daily breaches) and possible lawsuits and enforcement activity. Today, that one event can result in all of those actions occurring.

Question: What is your advice to companies that may someday face a data breach?

Answer: A couple of months ago, I wrote an article regarding data breaches. The central point was that no organization should consider itself immune. Rather, a data breach (in the form of a bad actor) or a data loss (for instance, by negligent but unintentional employee action) WILL occur, no matter how many precautions a company takes. The key is to have policies in place regarding data security, to train employees in an effort to prevent negligent actions, and to be prepared for actions that will need to be taken when an event occurs. Organizations should have a team in place (human resources, legal, public relations, etc.) for dealing with these types of problems. Data loss events require swift, but considered action. In particular, some of the state breach laws have deadlines, and companies have found themselves under investigation (or involved in litigation) when their responses to a breach have been too slow or failed to meet the requirements of the law. These legal ramifications, combined with the negative publicity that WILL follow, can often be much worse than the actual data loss event.

Question: Are some companies failing to put the best safety provisions in place?

Answer: Most large companies have incorporated data safety policies; however, many medium size and smaller businesses have not done so. In addition, I think that many companies, both large and small, do not realize the scope and applicability of many of the laws. For example, consider a large company based in Texas, with most of its employees in that state. Its managers may not realize that if the company has three employees in Massachusetts, they are covered by Massachusetts’ data protection law. This statute has very specific requirements, including a requirement for a Massachusetts-specific information security plan. Let’s say the Texas company has a data loss and has to notify the Massachusetts employees and the Massachusetts Attorney General’s office along with all of its other employees. The company may get a follow-up inquiry from the Massachusetts AG asking for a copy of that company’s Massachusetts-compliant written information security policy. If the company does not have one, because it never realized it fell within that state’s law, it may find itself in some hot water there.

Accordingly, all organizations need to be proactive in their data security planning and must provide continuing updates to their policies, training, and understanding of what federal, state, and international laws may apply to their operations.

posted in:
Internet Law
Connect with Us Share

About Ifrah Law

Crime in the Suites is authored by the Ifrah Law Firm, a Washington DC-based law firm specializing in the defense of government investigations and litigation. Our client base spans many regulated industries, particularly e-business, e-commerce, government contracts, gaming and healthcare.

Ifrah Law focuses on federal criminal defense, government contract defense and procurement, health care, and financial services litigation and fraud defense. Further, the firm's E-Commerce attorneys and internet marketing attorneys are leaders in internet advertising, data privacy, online fraud and abuse law, iGaming law.

The commentary and cases included in this blog are contributed by founding partner Jeff Ifrah, partners Michelle Cohen and George Calhoun, counsels Jeff Hamlin and Drew Barnholtz, and associates Rachel Hirsch, Nicole Kardell, Steven Eichorn, David Yellin, and Jessica Feil. These posts are edited by Jeff Ifrah. We look forward to hearing your thoughts and comments!

Visit the Ifrah Law Firm website