Month: July 2012

Data Breach Notification – Leahy Proposes A Federal Law – New York Already Has a Law

Senator Patrick Leahy (D-Vt.) has introduced legislation to enhance protections for Americans’ personal information and privacy. According to Sen. Leahy’s web site, he first sponsored the Personal Data Privacy and Security Act in 2005, and has reintroduced the legislation in each of the last three Congresses. The Personal Data Privacy and Security Act will establish a national standard for data breach notification, and require American businesses that collect and store consumers’ sensitive personal information to safeguard that information from cyber threats. Leahy’s bill provides for criminal penalties for individuals who intentionally or willfully conceal a security breach involving personal data when the breach causes economic damage to consumers. Many states already have data breach notification laws.  New York’s law is codified at Section 899-aa of the General Business Law.  Under the law, any person or business which conducts business in New York State, and which owns or licenses computerized data which includes “private information,” must disclose any breach of the security of the system following discovery or notification of the breach to any resident of New York whose private information has been, or is reasonably believed to have been, acquired without valid authorization. “Private Information” is defined as personal information of a natural person consisting of any information in combination with any one or more of the following data elements, when either  the personal information or the data element...

Read More

Governments Need to Adopt Social Media Policies

I will be presenting to the Westchester Bar Association in October on the legal issues involving government use of social media.   The talk will build on the foundation I laid in March, when I spoke about this matter to the Land Use Training Institute (Copy of the handout is hereGOVERNMENT USE OF SOCIAL MEDIA).  The topic is quite interesting – and this is all new law!  As discussed below, all local governments should consider these issues and should develop social media policies prior to developing social media sites! The problems are presented (a) when government adopts social media to reach out to constituents, for example, when it starts a Facebook page or a Twitter account, (b) when government employees use social media to speak about government matters whether inside or outside the scope of their employment, and (c) when the public posts messages to government social media sites. Governments need to focus in 3 principal areas (this relates to NY law, but the issues are universal): 1. Freedom of Information Act The Public Officers Law (§89(3)(a)) provides that government entities must make “records” available to the public.  But what’s a record: According to Public Officers Law §86(4), a “‘Record’ means any information kept, held, filed, produced or reproduced by, with or for an agency or the state legislature, in any physical form whatsoever including, but not limited to …...

Read More

Twitter Case Shows that Social Media Sites Should Review Their Terms to Determine if Users Own Their Content

Bloomberg News has reported that Twitter is appealing a Court order requiring it to turn over information about an Occupy Wall Streeter’s posts.  The appeal is to an order by NYS Supreme Court Judge Matthew Scarrino which denied Twitter’s request to quash a subpoena from Manhattan DA Vance.   A coalition including the ACLU, EFF and Public Citizen teamed up to file an amicus brief in this case arguing that “that granting the subpoena seriously threatens the First Amendment and privacy rights of everyone on the Internet.” The issue is whether Twitter – not the tweeter – must respond to subpoenas for its users.   Judge Scarrino held that Harris had no standing because Twitter, not he, owned the tweets – so Twitter must respond.  This puts Twitter in the unenviable position of having to act on behalf of its users to object to subpoenas, because they cannot. Twitter updated its terms effective May 17 to say that “You retain your rights to any Content you submit, post or display on or through the Services.” Social media sites should follow Twitter’s example – and at least review their terms to determine who owns content – the site or the user.  If the site, apparently it alone will have standing to move to quash the many subpoenas that will be coming their way as law enforcement focuses on social...

Read More

Important for App Developers: Facebook Signs on to California “Joint Principles” on Privacy

On June 19, 2012, Facebook became the 7th company to sign the Joint Statement of Principles proposed by the California Attorney General to strengthen privacy protection for consumers who use apps on the smartphones, tablets and other electronic devices. Facebook joins an agreement that was first announced in February 2012 when a group of 6 signed the Joint Statement: Amazon, Apple, HP, Microsoft, Google and RIM. The Joint Statement (available along with the AG’s announcement at sets forth non-binding principles that are, nevertheless, expected to become standard and that are meant to comply with California’s pro-consumer Online Privacy Protection Act.  The Act requires mobile apps that collect personal data from California consumers to conspicuously post a privacy policy. It is important for app developers to know what this group of 7 expects of them (this group is referred to by the AG as the “Mobile Apps Market Companies”): 1. Where applicable law requires, an app that collects personal data must conspicuously post its privacy policy that provides information on how personal data is collected, used and shared. 2. The Mobile Apps Market Companies will include, in their submission process for new and updated apps, an optional data field for a link to, or the text of, the app’s privacy policy. 3. The Mobile Apps Market Companies will have or implement a means for users to report apps that do...

Read More

Senator Franken To Hold Hearings on Facial Recognition

One of the scarier things about Facebook is its use of facial recognition technology.  This may be considered an enjoyable exercise, or an invasion of privacy, depending on whether you like it or you don’t.  Some (younger) people I know don’t mind that they can be “tagged” in Facebook through facial recognition. The problem, however, is when the technology is abused for nefarious, or unethical, or improper ends.  A prime example is the app “girlsaroundme,” a controversial phone app, since pulled by Apple, which allowed a user to identify girls nearby who have permitted their location to be recorded in Facebook or Foursquare. According to PC World,, one person reported that “he was able to use Girls Around Me to find one person he found attractive (for the purposes of the article), and was then able to discover the woman’s full name, age and birthday, current location (based on a recent Foursquare check-in), marital status, where she went to school, political views, her favorite drink (based on Facebook photos), recent travels, her parents’ and her brother’s full names. That’s certainly a lot more information than you can get by just peeking in a bar or restaurant window.” And as reported by Lori Andrews in her fantastic book, “I Know Who You Are and I saw What You Did “, in 2011 Carnegie Mellon researchers found that by combining...

Read More