Published on:

As mobile technology improves, we all do more on our mobile devices—e.g., banking, shopping, and gaming are just a few examples.  The Wall Street Journal estimates the mobile apps market as a $25 billion industry.  New businesses and entrepreneurs may want to jump into this growing market. When new developers enter the market they must consider the privacy rights of users.  The law protects consumers and their privacy from intrusion, and there are even stricter guidelines for apps used by children.  Are you interested in starting a mobile app business?  Are you ready to begin marketing your new mobile app?  If so, then there are steps you must take to ensure you are in compliance with the law and respecting the privacy rights of your customers.

What Is a Mobile Application?

A mobile application is software that can be downloaded and accessed using a mobile device, such as a smartphone or tablet. Apps can be paid or free.  Developers of free apps usually make a profit through advertisements, in-app purchases, and/or paid versions that offer more features than a free trial or “lite” version. Further, apps may collect data from the user.  Apps can access a user’s contacts, call logs, internet data, calendar, and device location.  Usually, this data is collected so that the app can perform what it is designed to do, such as make a bank transfer or direct the user to a destination through GPS.  Data collection must conform to consumer protection guidelines and developers will be held responsible to those guidelines.

What Do Developers Need To Know?

The Federal Trade Commission (“FTC”) has recently released a comprehensive video to help developers comply with the legal rights of consumers when developing and marketing mobile applications.  The FTC enforces the federal Truth In Advertising laws, which apply to advertisements.  An advertisement is any communication about a product to consumers.  This could be a description within the app or an online app store description.  The FTC requires that a developer tell the truth about his app in any of these descriptions.  Any data an app collects or utilizes must be clearly disclosed to the user.  The law requires that this information be presented clearly and conspicuously. Developers should consider these privacy concerns when they first begin development on a new app. From the beginning of the design phase, the information collected should be limited, securely stored, and any unneeded data disposed of safely.  To be safe, the app should ask for express permission for any data collected or used. Developers should be transparent about any data collected and what it will be used for. The Children’s Online Privacy Protection Act (“COPPA”) requires that app developers comply with additional security requirements when the app is directed at children under 13, or developers have actual knowledge that children under 13 will be using the app.  It requires that developers post clear privacy policies, obtain parental consent, and provide parents access to their child’s information.  This federal law also requires that information collected be stored confidentially and securely only as long as necessary for the app to function.  The market for new mobile apps is booming, and developers must take the proper steps to ensure they are in compliance with consumer privacy laws.

You may contact us to speak to attorney about your new mobile app and its compliance with consumer privacy laws.

Published on:

Today, most companies are dependent on technology and their computer systems, and there are entities whose primary focus is to hack into these systems. On the other hand, a company might experience an internal breach of its network system, which causes the unauthorized release of sensitive information. Any breach into or out of these systems could be catastrophic. The computer network for a company may contain important data, intellectual property, and consumer information. All industries are susceptible to a data breach. To help protect against these risks, companies must insure themselves with the correct policy. Traditional insurance policies may not be enough to cover all the risks. In recent years, insurance companies have begun to issue specific cybersecurity policies. What kinds of claims are covered under these cybersecurity insurance policies? How can an insurance company ensure that it is mitigating its own risks in underwriting a cyber policy? If you are concerned with these questions, then the effectiveness and scope of these cybersecurity policies is relevant to your company.

What Is Cybersecurity Insurance?

Cybersecurity insurance is an insurance policy that helps mitigate the risks posed by incidents such as “data breaches, business interruptions, and network damages.” The market for this kind of policy is still in development, and insurance companies and consumers are unsure how far reaching the policy protections are. Department of Homeland Security has stated that a more developed cybersecurity insurance market would lead to fewer successful cyber attacks—i.e., by implementing preventive measures in conjunction with policies and lowering premium prices based on the level self-protection. There are steps that companies and individuals can take to reduce their risk level to a cyber attack, and these steps may actually help prevent attacks. Preventive measures can at least lower the risk an insurance company must take in underwriting a cyber policy.

Why Do We Need Specialized Policies?

Traditional or general liability policies may not cover all the risks of a cyber attack or network breach. In the past, it may have been unclear whether these types of policies covered cyber risks.  For example, in Eyeblaster, Inc. v. Federal Insurance Co., a federal court held that an insurance company was liable for data breaches under general liability and error and omissions policies. But, another federal court in America Online Inc. v. St. Paul Mercury Insurance Co., held that an insurance company was not liable for software that caused damage to consumer computers. Therefore, insurance companies must make it clear that traditional insurance policies do not cover cyber risks and instead direct their customers to a tailored cyber policy. Insurance companies must communicate clearly to their customers what is included in a cybersecurity policy because there are so many scenarios wherein a breach can occur. They should also disclose what type of data is covered—i.e., whether it is consumer data or trade secrets stored on computer networks. Also, a policy may cover external breaches into a network and/or internal mistakes that release sensitive information. The market for cybersecurity insurance is new, but growing and the legal protections for consumers and insurance companies are not always clear.

You may contact us to speak to an attorney regarding cybersecurity breaches and related issues.

Published on:

In recent years, every aspect of our lives has become dominated by technology—and now people are beginning to wear their technology. For example, Google has released Google Glass, a wearable computer in the form of glasses. Samsung has released the Galaxy Gear smart watch, a device that one wears as a watch and functions as a phone. This new technology is creating a class of its own—“wearable technology” or “wearable computing.”  By utilizing this technology, a person can walk on the street wearing glasses or a watch while recording the images and sounds around him. Are you concerned with being recorded without notice? Do you want a person to be able to gather your personal information in an instant with facial recognition software? If these issues concern you, then wearable computing is relevant to your privacy rights.

What is Wearable Computing?

Wearable computing describes a class of computer-powered devices that can be worn by a user. There are many kinds of wearable computing devices, and some raise few concerns because they are as simple as a step counter or a heart rate monitor. Other devices can perform the same functions as a smartphone, but in a much more discrete manner. The more advanced wearable devices can take pictures, record video and sound, and respond to voice commands to read text messages, emails, and surf the web. Probably the most well-known and discussed technology, Google Glass, has been subject to criticism. If someone wears a Google Glass and looks at you, your first thought might be that you are being recorded or investigated.  In fact, some restaurants and bars in San Francisco have already banned this device because of their customers’ privacy concerns. Even with the concerns over privacy, this technology is likely to become even more pervasive.

What are the Legal Issues Associated With Wearable Technology?

Facial recognition software raises one of the most important privacy concerns. Apps such as NameTag can match a person’s picture against a database to gather personal information. If a device like Google Glass has an app like this installed, then a user could obtain another person’s information quickly.   However, the one thing the average person has on his side is that these databases still need to be created.  Facebook and Twitter already manage massive databases of personal information and they are required to work with the Federal Trade Commission (FTC) to conform to its privacy policies. It is possible that NameTag would also be required to cooperate with the FTC. What about wearing these devices while driving? In California, Vehicle Code Section 27602 makes it illegal to drive while operating a video screen except for GPS and navigation systems. A device like Google Glass would fall into this category. But, is it not safer to drive with a hands-free, voice-controlled device like Google Glass than looking down at a navigation map or smartphone for directions? In general, state laws are not up-to-date when it comes to new technologies.

You may contact us to speak to an attorney about how wearable technology and computing may affect your privacy rights.

Published on:

Computers are learning to do it all—even surf the Web. These computers, or programs, explore the World Wide Web, gathering information and processes for use in other forums. This technology, which is known as “web scraping” may also threaten website and consumer privacy concerns. Indeed, websites have a proprietary interest in their content and others are not authorized to access and reuse this information. Consumer information that is available online is not necessarily available for any use.  As such, web scraping has become a concern as regulators attempt to outline the parameters. Do you operate a website? Are you a consumer with personal information available over the Internet—such as your name, address, salary, or work history?  Do you have an interest in gathering information from various sites for your personal use? Do you wish to revise your terms of service in light of these advancements? If so, web scraping is relevant to your business and privacy concerns.

What Is Web Scraping?

Web scraping is the process of using computer software to extract information from websites. Usually, this type of software simulates web browsing that is performed by a human. This technique is used to automatically gather information from various websites. This is an effective tool in several fields such as online price comparisons. Often, the aggregate website will have agreements with other websites allowing web scraping to gather pricing data. Additionally, web developers often use this technique to copy website content and reuse it when designing a new site. However, this process can also be used in ways that press against privacy concerns. For example, web scraping can be used to gather a consumer’s personal information. This includes contact information, personal websites, and professional histories. Web scraping can also gather an online user’s comments on discussion boards. All such information is valuable to businesses that want to know how consumers feel about their products or services. Web scraping has increased drastically over the last few years. In 2013, web scraping made up 23% of all online browsing traffic.

What Are The Legal Issues Associated With Web Scraping?

Until 2000, it was generally unclear whether web scraping is legal. Then, eBay filed an injunction against Bidder’s Edge to stop the online auction site from using a web crawler to gather information from eBay’s website. In eBay, Inc. v. Bidder’s Edge, Inc., eBay’s successful effort drew attention to the potential legal implications of web scraping.  Now, many websites will state, in their terms of service, that web scraping is not permitted on their site. Although, continued web scraping may not qualify as a criminal offense, websites can still seek legal remedies to stop web scraping that is in violation of their terms of service. Indeed, some websites install services to prevent web scraping entirely—such as requiring users to duplicate a combination of distorted letters, numbers, and symbols (a/k/a “Captchas”) before accessing the site to ensure the user is human. Until the law in this area becomes clearer, websites can save the time and effort of filing a lawsuit in the future by taking preventive steps against web scraping.

You may contact us to speak with an attorney about how web scraping may affect your online operations or how you can better prepare for the technology.

Published on:

Companies, old and new, now have the opportunity to raise funds through a unique technique—crowdfunding. Although, this is a twist on the traditional investment model, crowdfunding allows companies and individuals to fund their new ideas and business ventures by seeking investments from the general public. This unconventional approach to the well-known investment structure allows new business to gain financial support. Do you have a new idea that you would like to fundraise? Are you a company that would like to launch a new product? Do you need financial support to help propel your latest venture? If so, then crowdfunding may help your entrepreneurial efforts.

What Is Crowdfunding?

Crowdfunding is the practice of fundraising a new company, idea, project, or venture through large numbers of people. These people typically donate small amounts that add up in the aggregate. Unlike the investment structure that appeals to traditional investors, the general public fundraises projects. Crowdfunding has begun to gain momentum and exposure after the passage of the Jumpstart Our Business Startups (“JOBS”) Act. This law was passed to help small businesses and entrepreneurs jumpstart their business. Both private and public companies may take advantage of this capital-raising model. Crowdfunding is unique because although it does allow for a company to use outside resources to fund a project, however, the company does not have to make an initial public offering, register as a public company, or meet the requirements of a traditional publicly-traded company. Also, unlike a public company, which receives outside investments on an on-going basis, crowdfunding efforts are limited in time. That is, they may not continue forever. An entity must raise its goal amount by a specified end date. Otherwise, the company must offer to return all investments made under that project.

What Are The Limitations To Crowdfunding?

As with all other financial efforts, a government agency regulates the process. In this case, the Securities and Exchange Commission (“SEC”) defines the parameters of crowdfunding. Currently, the JOBS Act and the SEC proposed crowdfunding rules provide some guidance for crowdfunding. First, companies cannot raise more than $1 million during any single year. Companies that require more funds to startup will need to turn to other fundraising efforts for the remainder of the capital. This is limiting because companies will often skip over crowdfunding and turn to the other fundraising techniques. There are also very stringent disclosure requirements that companies must abide by before they raise funds. Satisfying all of these requirements is a costly endeavor for any company, but especially a company that is new and does not have the capital. Additionally, crowdfunding appeals to the common consumer and not necessarily to the experienced investor. Therefore, there are strict regulations in place to ensure that crowdfunders properly educate potential investors about the parameters of their project. These regulations aim to protect the investors if the project does not become successful. Ultimately, in the face of an entirely new form of investment structure, these regulations hope to protect the parties.

You may contact us to speak with an attorney about how this innovative investment tool may help with your next fundraising or startup efforts.

Published on:

Where you visit online seems to say a lot about you. Online privacy has been in the spotlight recently, as consumers come to terms with the reality that their online tracks define who they are to marketers and government agencies.  By studying this data, third parties can paint a picture about consumers—i.e., where they go, what they do, their preferences, and even any illegal conduct.  Now, data brokers can also compile and study large bodies of data to find patterns in behavior. While this carries huge potential for technological advancement, it also comes with greater threats to consumer privacy.

What Is Data Mining?

Data mining is the intricate process whereby data brokers collect, store, and study large sets of data for patterns.  The data includes everything from shopping habits, healthcare records, online practices, and public records (e.g., court and property records). This data is then used in a variety of fields, including intelligence gathering, statistics, database systems, and machine learning. Usually, data mining is used to compile lists for targeted marketing purposes—such as lists of diabetics, smokers, and political affiliations. However, recent reports indicate that data mining has been used to compile more personal lists—rape victims, addicts, and AIDS victims. The U.S. government has used data mining in various surveillance projects. These projects were ultimately terminated because of rising concerns that they violate the Fourth Amendment protection against unreasonable searches and seizures. It is most shocking that the subjects never know they are victims to data mining. At a glance, most of these categories seem harmless. However, the underlying threat is that data brokers conduct mining projects without notifying consumers and without obtaining consent.

What Are the Potential Privacy Concerns Associated With Data Mining?

In its basic form, data mining does not carry any ethical implications. However, in application, this procedure has been used in a variety of ways that threaten individual privacy. For example, when the government uses data mining for national security purposes, it leads to several constitutional implications. Generally, individuals must receive notice that they will be subject to data mining in advance. Adequate notice includes the purpose of the project, who will have access to the data, how the data will be secured, and whether the data will be updated in the future. Furthermore, when data brokers store the information they gather, they run the risk that hackers will breach the database. There are serious cybersecurity concerns related to the storage of personal information.

The National Security Agency has protocols in place that require the destruction of irrelevant information in order to prevent breaches. However, a recent report by the Privacy and Civil Liberties Oversight Board identified that this practice is rarely followed. The United States Congress has taken steps to secure privacy in certain areas of data mining. For instance, it passed the Health Insurance Portability and Accountability Act to protect privacy in medical records. Earlier this month, the Federal Trade Commission recommended that Congress also require that data mining ensure consumer control over their personal information. Meanwhile, Facebook is set to provide advertisers increased access to user data, such as browsing habits.

You may contact us to speak with an experienced and knowledgeable attorney to discuss data mining and the applicable privacy rights.

Published on:

In recent years, consumers have received numerous emails from merchants, all trying to sell a service or a product. While marketing and commercial activity is central to the American economy, the recipients of these emails must also enjoy their privacy. In an effort to protect against these disruptive emails, the California Legislature passed anti-spam laws in order to regulate commercial email activity. In addition, a recent district court opinion further clarified the types of emails that are implicated by these statutory standards.

What Are California’s Anti-Spam Laws?

In general, California’s anti-spam laws are codified under Business & Professions Code sections 17529 et seq. First, commercial email advertisements must come from a domain name registered to the sender. Commercial email advertisements include any email sent for the specific purpose of selling or advertising a product or service. The purpose of these laws is to limit promotional emails with false or misleading subject information. These laws apply to any U.S.-based company that sends emails to California consumers. It does not matter whether the sender is located in California. In fact, it may not even matter whether the sender knew the recipient was in California. Furthermore, California’s anti-spam laws provide a greater degree of protection than their federal equivalent—i.e., Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM”). For example, CAN-SPAM requires that each email contain an “opt-out” option that allows consumers to quickly unsubscribe from future emails. The sender must comply with such a request within ten business days. In California, there are no such requirements. Indeed, the recipient can collect these emails and sue the sender for up to $1,000 per email.  So, the charges can quickly add up. If the sender of commercial emails is faced with a lawsuit, it bears the burden of proving that it was in compliance with both the state and federal standards.

What Did the Court Find in Bontrager v. Showmark Media, LLC, et al.?

In Bontrager v. Showmark Media, LLC, et al., the United States District Court for the Central District of California clarified the meaning of a “misleading subject line” under California’s anti-spam law. The plaintiff, Nicholas Bontrager, sued Showmark Media, LLC alleging that the merchant sent over 10,000 emails with misleading subject lines. The subject lines to these emails suggested that Bontrager had won an award. The presiding judge granted the motion to dismiss, holding that the subject lines would not deceive a reasonable consumer. The subject lines at issue stated “Lawyer Media, Top Lawyers in California.” The body of the email contained details of a commemorative plaque that the reader could purchase. The court held that while at a glance the subject lines suggested the reader was being recognized in the legal industry, the subject lines were consistent with the body of the emails. Therefore, there was no violation of California’s anti-spam laws because there were no misleading subject lines. Indeed, the subject line did not suggest that plaintiff would earn a reward simply by opening and reading the email.

You may contact us to speak with a knowledgeable attorney to discuss whether the emails you receive have violated state or federal anti-spam laws and the applicable remedies.

Published on:

On July 11, 2014, the privacy watchdog, Electronic Privacy Information Center (“EPIC”) filed a formal complaint with the Federal Trade Commission (“FTC”) against Facebook. EPIC alleged that Facebook broke the law by secretly monitoring users’ emotions in response to news feeds. The complaint explains that Facebook deceived users through its psychological experiment because the users did not give prior consent to participate in the experiment and they were not aware that an experiment was taking place. EPIC stated that this could also be a violation of the guidelines for experiments involving humans. In a world where social media and online presence dominate interaction, such social experiments threaten to undermine privacy and expose the most personal information to marketing and commercial techniques.

What Was the Nature of Facebook’s Experiments?

Facebook conducted surveys to determine whether seeing positive or negative updates in news feeds impacted users’ emotions and altered their browsing tendencies. It controlled the newsfeed of nearly 700,000 members to study whether positive and negative news reports impacted online behavior. The findings from this study were reported in the Proceedings of the National Academy of Sciences. The issue underlying the EPIC complaint arose because Facebook did not warn users in their Data Use Policy that it would be using their data for research purposes. Other agencies have also threatened to take action against Facebook. The Center for Digital Democracy and regulators in the United Kingdom have stated an intent to file complaints. Indeed, the United Kingdom’s Information Commissioner’s Office intends to address its concerns with Facebook after it reviews the study and its findings. Facebook responded to these allegations by explaining that all users consent to this type of research when they sign up. Representatives did apologize to the public for the misunderstanding.

What Are the Privacy Implications of These Experiments?

Part of the EPIC complaint also points out that the study may have violated a 2012 agreement between Facebook and the FTC. The agreement came after Facebook was caught violating users’ privacy and led to improved privacy notifications by the website. The FTC also required Facebook to gather user consent prior to gathering or releasing personal information. EPIC also alleged that Facebook violated the Institutional Review Board’s (“IRB”) standards for experiments involving humans. The IRB evaluates research proposals prior to the conduct of the study. This prior review is necessary to ensure that humans are protected in the course of experiments. Indeed, most prestigious scientific journals will only publish research that received prior approval by the IRB. In the case of the Facebook experiments, the website did not consult with the IRB prior to or during its study. Since the focus of the study was individual users, EPIC alleges that Facebook was required to apply for approval from the IRB.

Online privacy is a central concern in cyberspace. At the Law Offices of Salar Atrizadeh, we are experienced and knowledgeable in the various aspects of internet and cyber laws. You may contact us to speak with an attorney who can explain your privacy rights and how you can protect yourself in cyberspace.

Published on:

The smartphone has brought a world of possibility to the average consumer’s fingertips. Now, this has come to include mobile banking. With fast-paced lifestyles and long lines at the banks, mobile banking has emerged as a thrilling convenience. However, this convenience brings cybersecurity concerns. Therefore, consumers who have turned to mobile banking for their financial needs must protect their financial privacy from cybersecurity breaches.

What Is Mobile Banking?

Mobile banking allows customers to access their financial institutions and conduct transactions through their mobile devices. Initially, this began with SMS Banking, which allowed customers to conduct various financial transactions by sending and accepting SMS messages or “texts.” In its most basic form, mobile banking allows customers to access their bank accounts and check on financial transactions. However, as the systems have progressed, customers can now make bill payments, transfer funds, and monitor deposits. Indeed, customers can now manage their investment portfolios and rearrange their investments through a smartphone or tablet. This has certainly increased everyday conveniences. However, it has also contributed to the speed with which finances can shift. Although, customers can review and monitor their accounts faster and more regularly, this also means greater security threats for the underlying financial information. This expansive access may lead to greater unauthorized breaches.

What Are The Security Threats Related to Mobile Banking?

US News reported in a recent poll that only 31 percent of companies have a mobile banking security strategy in place.  Mobile banking is less secure than in-person banking, or banking on a computer, because mobile security is divided between the various companies involved in providing the application.  For example, in the case of an application for mobile banking, this can involve the operating system designers, manufacturers of the application, banking agency, company that provides the smartphone or tablet, and even the company that provides web access.  Therefore, while each of these intermediaries may take steps to provide safety, it is important to have a comprehensive security system in place to fully protect mobile banking.  While financial institutions are prominent leaders in the movement to provide greater cybersecurity, mobile users can take steps to ensure their financial privacy remains private.  For instance, it is important to carefully review banking information through the mobile device.  The smaller screen has been reported to lead to greater mistakes, which allows more un-noticed breaches. Furthermore, always make sure to require a password at every login. When you are done accessing your account, log out of your account and close the application. Applications that remain running in the background allow for easier access to cyber-criminals. Of course, if you detect an error or discrepancy in your account, contact your financial institution immediately.  As with all cybersecurity breaches, early detection and action is the key to a fast resolution.

At the Law Offices of Salar Atrizadeh, we are experienced and skilled in the legal and practical implications of cybersecurity.  You may contact us to speak with an attorney who can explain how you can take steps to better protect your mobile security.

Published on:

In the aftermath of high profile cybersecurity breaches, businesses and consumers are alert to the real dangers of cyber vulnerability. In response, various government agencies have taken up efforts to protect against future breaches. Thus, consumers and businesses must continue to take steps to protect themselves and their private information. Accordingly, the office of California’s Attorney General has issued Cybersecurity Guidelines aimed at reducing the threat of electronic security leaks. Furthermore, these guidelines set the standard that businesses must meet to protect customer privacy.

What Are Attorney General’s Cybersecurity Guidelines?

The Attorney General outlined the basics steps to “minimize cyber vulnerability.”  First, anyone could be a target. Therefore, assume cybersecurity could affect you and take preemptive steps to protect your network.  Also, it is important to know where you store your data. The guidelines are directed towards small to medium-sized firms.  So, they focus on the importance for businesses to know which third parties hold company information. It is important to be familiar with these third-party security measures. If a data storage company is not taking proper steps to protect cybersecurity, it may be time to seek different storage options or take steps to counter the vulnerabilities. Alternatively, if your business stores information on the cloud, make sure to back up information, and store data only with secure entities. The overall point is that in the event of a breach, the level of preparedness will limit the consequences.  Next, encrypt your data as an added measure of security. It is also helpful to include firewall and antivirus protection on all devices.  Additionally, make sure to conduct banking and other financial transactions with reliable vendors.  Especially when dealing with third party financial information, the safety and security of those transactions are vital to ongoing business.  Finally, it is important to note that these guidelines are the minimum requirements. It is not a comprehensive list and companies must take care to implement personalized measures based on their cybersecurity needs.

What Additional Steps Will Improve Cyber Protections?

Before putting together any comprehensive cybersecurity plan, an entity must understand the threats it faces. This includes reviewing where data is stored and assessing particular and potential threats. Determining the dangers will help put together an accurate risk-based safety plan that best addresses your specific needs. Additionally, it is important to evaluate a business’s cybersecurity plan in context. In general, each business exists in relation to its manufacturers, suppliers, distributers, and customers. And, each link is implicated in the event of a breach. Therefore, it is important to consider how reasonable measures will help protect their information and security. It is also important because if there is a cybersecurity breach, the appropriate measures will help protect those links and limit the spread of the breach. This is a crucial step for businesses that hope to return to their regular course of business and maintain business relationships.

At our law firm, we help our clients review their cybersecurity needs and potential threats. Then, with the help of an experienced and knowledgeable attorney, we help you put together a cybersecurity plan to protect your business and customers. You may contact us to discuss your cyber protection needs today.