Saturday, June 22, 2013

Suits Alleging Google and Viacom Invaded Kids' Privacy Land in N.J.

Redirecting. Click Here to view the article

Sorry, I could not read the content fromt this page.

View the original article here

Corporate Cyberattacks Come Out of the Shadows

Since the dawn of cybercrime in the late 1990s, public companies have largely operated under the notion that, while they have an essential responsibility to guard their data with appropriate security measures, they have little duty to report attacks to investors and regulators. That is all about to change.
A full-fledged cyber war is now completely out of the shadows and was put on center stage during the June 8-9 summit between President Barack Obama and Chinese President Xi Jinping. While little specific progress came out of the meeting, National Security Adviser Tom Donilon said afterwards that cybercrime is the “key to the future” of the U.S.-China relationship, making it ever more clear that each cyber-incident is now part of a high-level military and diplomatic dance.
This escalating, and highly publicized, battle over cybercrime is going to force U.S. businesses to be more forthcoming about attacks, exposing them to significant new legal and regulatory threats.
While it might seem obvious that companies would consider nearly any significant cyber-attack a material event to require proper disclosure, the reality is that the legal and regulatory implications of attacks are extremely murky. In fact, organizations are faced with intensely conflicting interests. A company trying to decide what and how much to disclose, and whom to disclose it to, faces a decision much like the one facing the kid who gets his lunch money stolen from the bully: Is there more risk in telling the authorities or in remaining silent?
Guidelines previously issued by the Securities and Exchange Commission are far from comprehensive and leave many details to the discretion of individual companies, which have been slow to alert investors, if at all. Why? Because saying too much is a very dangerous proposition.
Public disclosure can actually undermine a company’s cybersecurity efforts or jeopardize an ongoing law enforcement investigation. The SEC itself acknowledged that providing too much detail could provide a “roadmap” for infiltrators.
And with that, companies have often chosen non-disclosure or vague disclosure as the best options. But in the new cyber reality, those options are quickly disappearing.
With blame for many recent cyber-attacks being put squarely on the Chinese government, it is clear that the battle against international hackers is being escalated—and each attack on a public company will be intertwined with broader diplomatic efforts. Businesses that once dealt behind closed doors with cyber-breaches will now find themselves on the front lines. The exposure that will come with this changing landscape will create rich opportunities for investors, lawyers, and regulators to seize upon any organization that has not taken adequate measures to shore up—and communicate about—its digital infrastructure.
In recent months, companies such as Google, AIG, and Quest Diagnostics have all filed revised cybercrime disclosures after being called out by the SEC. But a regulatory slap on the wrist is just the start; the potential legal liability for a company, its executives, and its board is staggering. With the new, more public reality of the global cyber-battle, prosecutors and plaintiffs’ lawyers will be sharpening their knives to hold corporations responsible for the inevitable losses caused by cybercriminals.
When you break down all of the issues at play, it starts to feel like doing technological battle with Chinese hackers is merely the opening act to what is sure to be a much larger drama. Businesses have no easy answers to this complex challenge, but there are two things that should happen immediately:

The SEC must step up with guidance that is more direct and detailed, and that takes into account the significant competing interests companies face, especially if public disclosure would jeopardize ongoing law enforcement efforts or expose critical vulnerabilities. If the federal government is going to embark on a high-profile cyber-campaign, it must give businesses clear direction and guidance.Regardless of regulatory guidance, corporations need to get specific with their cybersecurity preparedness—not only to protect themselves against attack, but to shield themselves from lawsuits that are in the offing.

Simply having the best technology in place isn’t enough. Companies must adopt and articulate clear policies that outline the steps being taken to protect sensitive data, along with their responsibilities and plans for disclosing breaches. They should clearly define the roles of senior management and directors, address and explain their insurance coverage, and specify the frequency with which security policies are updated.

The new cybercrime reality is likely to put businesses in the middle of a global diplomatic battle and bring an end to the days in which a hacked business can lurk just outside the spotlight. It’s a dangerous new reality, but a company that proactively adopts and publicizes sound cybersecurity policies will find it far easier to meet investor and regulatory obligations without compromising security or law enforcement efforts.
Craig A. Newman and Daniel L. Stein are litigation partners with Richards Kibbe & Orbe, a New York-based law firm. Stein is a former federal prosecutor in New York. Newman also serves as chief executive of the Freedom2Connect Foundation, a nonprofit group focused on promoting Internet freedom through the use of technology.

A browser or device that allows javascript is required to view this content.

You must be signed in to comment on an article

Sign In or Subscribe
">

View the original article here

Corporate Counsel 123: September 2012

Corporate Counsel

September 10, 2012

In the September 2012 episode of Corporate Counsel 123, web editor Brian Glaser highlights three things in-house counsel will want to know about:

The big Apple vs. Android IP battle.Potential changes to FAA regulations on using electronics on airplanes.The ACC's upcoming annual event in Orlando, FL.View More Multimedia

View the original article here

Minority-Owned Firm Makes Microsoft's Premier List

Microsoft has updated its Premier Provider Program (PPP) slate of preferred outside counsel, and there’s a significant new player on the 2013 roster. Gonzalez Saggio & Harlan, one of the largest minority-owned firms in the U.S., has been included in Microsoft’s biennial list of 12 go-to firms, taking its place alongside Am Law 100 firms Sidley Austin and Perkins Coie.

“Breaking into that very select group,” said firm Chairman Emery Harlan, has been “transformative for the firm and represents a ‘Jackie Robinson moment’ for the legal profession.” Of the 122 lawyers at GSH, 70 percent are minorities or women. The American Lawyer’s recent diversity survey of the largest law firms in the country (which does not include women as a minority group) found that in 2012, minority lawyers comprised 13.9 percent of the 228 responding firms.

“[This is] by far the most meaningful commitment that we have been able to develop with a corporation,” Harlan said.

Founded in Milwaukee in 1989, GSH now has 16 offices throughout the U.S. and has been assisting Microsoft with legal matters such as complex employment, IP litigation, and patent licensing since 2010, according to Harlan. The relationship began when Harlan met Brad Smith, Microsoft’s executive vice president and general counsel, through the National Association of Minority and Women Owned Law Firms. Harlan credits Smith with being, “the biggest proponent of diversity within the legal profession.”

In a 2008 letter from Smith to Microsoft’s PPP law firms, the GC wrote, “Despite good intentions, the legal profession has not yet achieved impressive results in expanding diversity that fully reflects equal opportunity for the available pool of qualified talent.” He then went on to outline how the Redmond-based tech company would incentivize firms to expand their talent pools to include more women and minorities.

“We believe that diversity in our legal teams is a business necessity,” Horacio Gutierrez, corporate vice president and deputy general counsel of intellectual property and licensing at Microsoft told CorpCounsel.com. Gutierrez works directly with GSH and described the relationship between the firm and Microsoft as “an innovative approach in the way that legal departments engage with minority firms. By deeply partnering and mentoring, that helps [the firms] develop the expertise they need to broaden the services they provide.”

Gutierrez said he made a deliberate decision to work more closely with GSH and together with Harlan helped the firm expand certain practice groups to match Microsoft’s needs. “Their inclusion in the PPP program has been a culmination of three years of close work with” Microsoft, according to Gutierrez.

The PPP dozen is selected by the senior leadership team of Microsoft’s legal department. Criteria for consideration include: high quality of work, particular subject area expertise, broad geographic scope, familiarity with Microsoft’s business, and a proven track record working with the company. Once selected, the corporation commits to driving a significant portion of its legal work to the PPP firms. GSH is amongst the smallest of the firms on the list and is the first ever minority-owned firm on the list. “The fact that they’ve put themselves in the position to be considered and admitted,” said Gutierrez, “is very significant.”

A browser or device that allows javascript is required to view this content.

You must be signed in to comment on an article

Sign In or Subscribe
">

View the original article here

Friday, June 21, 2013

No Child Endangerment Civil Claim in Church Abuse Cases

Redirecting. Click Here to view the article

Sorry, I could not read the content fromt this page.

View the original article here

Judge: Massive Toyota Settlement Needs to Cook Longer

Home > Judge: Massive Toyota Settlement Needs to Cook Longer

Font Size: increase font decrease font

By Amanda BronstadContactAll Articles

The National Law Journal

June 17, 2013

Concerns about the allocation of possible excess cash appear to have held up for now the proposed $1.6 billion settlement between Toyota and consumers asserting economic damages tied to sudden acceleration defects.

This article requires free registration to Law.com. Please sign in or register to read the full text.


View the original article here

Steve Fletcher on BYOD

Redirecting. Click Here to view the article

Sorry, I could not read the content fromt this page.

View the original article here

Smartphone Overtime: The FLSA Knows No Bounds

? cdrcom - Fotolia.com

The advent of remote connectivity has fundamentally changed the landscape of the American workplace and increased the potential wage-and-hour risks for employers. Modern technology, such as smartphones and virtual private networks (VPNs), provides many workers with the flexibility to conduct business from anywhere and at any time. A recent study by the Pew Research Center found that 45 percent of American adults own a smartphone, giving them access to email and the Internet at their fingertips on a 24/7 basis. The constant connectivity of today's American workforce could signal the end of the 9-to-5 work day as we know it and correspondingly could create the potential for enormous overtime pay liability for employers.

While a connected workforce certainly could result in a more productive and focused workforce, it also may become more costly. For many employers, allowing employees to remain connected to their work email during non-working hours could create significant legal risks when those employees are non-exempt workers under the federal Fair Labor Standards Act. The FLSA, like many state wage-and-hour laws, requires employers to pay all non-exempt employees at least the minimum wage for all hours worked. If a non-exempt employee works more than 40 hours in a given work week, the FLSA requires that the employer pay that employee an overtime rate of one-and-a-half times his or her regular hourly rate for all hours worked in excess of 40 for that work week.

Non-exempt employees are entitled to overtime pay for those hours worked over 40 regardless of whether the employer asked or required that the employee perform such work. If the employer had actual or constructive knowledge that the employee performed work that is an "integral and indispensable" part of the employee's principal job functions after regular hours, it must compensate the employee for that time, as in Steiner v. Mitchell, 350 U.S. 247, 256 (1956). Essentially, employers are held responsible for "suffering or permitting" a non-exempt worker to work.

Employers who provide (or allow) their non-exempt employees access to company email through either a company-issued or personal mobile device need to be vigilant about tracking the time their employees spend working on or via these devices during non-working hours. Employees who spend time checking and responding to email on their smartphones after work or on the weekends are indeed doing work and likely need to be compensated for this time, unless the amount of time the employee spends checking the emails is de minimis. While there is no bright-line rule to determine what is considered de minimis, courts have found that work that takes less than 10 minutes to perform is de minimis and does not count as hours worked for overtime purposes.

Recently, several major corporations, including T-Mobile, Verizon, Black & Decker and LoJack, have felt the sting of FLSA collective actions brought by non-exempt employees, on behalf of themselves and all those "similarly situated," claiming that their employers failed to compensate them for after-hours work performed using mobile devices. In January, a federal court in Illinois granted conditional certification for a collective action brought by a Chicago police officer who claims he and his fellow officers were not compensated for time spent regularly checking and responding to email on a department-issued smartphone, in Allen v. City of Chicago, Case No. 10-3183 (N.D. Ill.). The plaintiff, Henry Allen, claims that checking and responding to email while off-duty was a requirement of his job and that he was never compensated for this time. That case is still pending, but the likelihood of success has increased tremendously. Where collective actions arise against employers with hundreds or thousands of employees, the potential liability can grow exponentially, and the plaintiffs attorney fees become enormous and extremely relevant under a fee-shifting statute such as the FLSA.

The best course of action for employers seeking to avoid these types of FLSA overtime claims is to develop and implement a policy establishing that the company does not issue smartphones to non-exempt employees (or allow them access to the company's email, for example, via their own personal smartphones) and does not provide remote access through a VPN to its non-exempt employees. However, such a policy may not be practical, or desired, by many employers.

An alternative, and perhaps more practical, method to minimize the wage-and-hour risks associated with non-exempt employees' after-hours work-related use of smartphones is for the employer to establish and clearly communicate the parameters for the employee's use of company-issued or personal devices to access work email systems. Employers must create a clear, written policy setting forth exactly how and when company systems and email may be accessed using smartphones and VPNs, and then communicate this policy to its employees. All remote-access policies should require that non-exempt employees document and report all of their hours worked, including any time they spend reviewing and responding to work-related email and working remotely from home.

While requiring (and monitoring) employee self-reporting is a critical aspect of FLSA compliance, employers must also take proactive measures to track any off-duty, remote work performed by their non-exempt employees. To ensure that employees comply with any remote-access policy that is implemented, employers should track their non-exempt employees' usage of smartphones and VPN access for business-related purposes during non-working hours. Additionally, if the employer allows employees to access their work email from their own personal mobile devices, then the employer should monitor the emails that the employees send during non-working hours to ensure that these emails are not work-related.

Employers must also train their entire staff, exempt and non-exempt employees alike, on the relevant policies and the proper use of mobile devices for business-related purposes. In addition to being advised of the company's policy, non-exempt employees should be trained on the proper procedures for using mobile devices for business purposes during non-working hours (and, of course, be trained on the proper procedure to report such time worked).

Exempt employees, especially those who supervise non-exempt employees, should be trained on the proper procedures for communicating with non-exempt employees, either by telephone or email, during non-working hours. If a supervisor requests that a non-exempt employee respond to an email or participate on a telephone call for business purposes during non-working hours, the supervisor should be trained to document this request and confirm that the employee was properly compensated for this working time.

A browser or device that allows javascript is required to view this content.

Subscribe to The Legal Intelligencer

You must be signed in to comment on an article

Sign In or Subscribe
">

View the original article here

Thursday, June 20, 2013

Eric Turkewitz on Legal Blogging

Redirecting. Click Here to view the article

Sorry, I could not read the content fromt this page.

View the original article here

Corporate Counsel 123: October 2012

Corporate Counsel

In the October 2012 episode of Corporate Counsel 123, web editor Brian Glaser highlights three things in-house counsel will want to know about:

The growing role of the law firm pricing director (read here and here).Tracing corporate campaign contributions with MapLight.org.Reporting from the ACC's annual event in Orlando, FL (read here and here).View More Multimedia

View the original article here

The 'Patent Troll' Initiative

Texas Lawyer

June 18, 2013

David Carstens of Carstens & Cahoon discusses some implications of President Obama's new initiative on "patent trolls."

This video originally appeared in Texas Lawyer.

View More Multimedia

View the original article here

Justices Strike Down Arizona Voter Law

Home > Justices Strike Down Arizona Voter Law

Font Size: increase font decrease font

By Marcia CoyleAll Articles

The National Law Journal

June 17, 2013

The U.S. Supreme Court on Monday struck down an Arizona law that required residents to provide proof of citizenship when using federal forms to register to vote.

This article requires free registration to Law.com. Please sign in or register to read the full text.


View the original article here