Social Media Law Update

Companies Using Pinterest, Be Careful Not to Get Pricked

Sheppard Mullin — Thu, 26 Apr 2012 09:50:14 -0800

Pinterest has seen its number of daily visitors increase by 145 percent since the beginning of 2012, now counting 11 million users on its site, according to recent reports. It is a powerful social media tool by any standard, however, in recent months, with its meteoric rise, concerns have also surfaced about potential copyright issues. Needless to say, companies are clamoring to gain access to this vast and ever increasing pool of users, but they should (and can) proceed with caution in order to stay on the right side of the copyright issues.

What is Pinterest?

If you are not among the 11 million users, Pinterest is a site that allows users to "pin" content of their own and from around the internet on an attractive display that looks much like a corkboard you would have at home or in your office. In this format, users can then follow other users' "pinboards" and re-pin items they see on Pinterest on their own pinboards. Pinterest is linked through an app to Facebook and Twitter and provides a "Pin It" button for web browser tool bars and for websites allowing users to easily pin things to their pinboards as they see them. There is of course also a mobile phone app.

So What is the Problem?

Pinterest is set up to encourage users to pin content they find on the internet on their pinboards, but these users may not always have the right to post these images on Pinterest. It is still unclear what rights are necessary to be able to pin content on Pinterest. The pins usually involve posting entire images, so if users do not own or have a license to the image, they may not have the right to pin it. Some, however, have argued that the images are more like thumbnails with links and thus that it is potentially a fair use. In any event, the Terms of Use for Pinterest's site place responsibility for content posted by users with the user. Thus, a user represents and warrants that she has the right to pin the item and to grant the right to others to re-pin it and agrees to indemnify Pinterest from liability for infringement.

This policy creates several issues. First, it places the burden for any infringing activity on users. Second, it may not protect Pinterest in the first place. Pinterest could still be the subject of claims for contributory copyright infringement for its actions (encouraging or aiding infringement through the site) and inactions (not taking more affirmative steps to prevent infringement). Finally, re-pinners may also be at risk if they re-pin infringing content when it is highly unlikely that the original user who pinned the item had permission to do so.

Pinterest's Response

Pinterest has taken several steps to address concerns over copyright issues on its site. Pinterest has a Digital Millennium Copyright Act (DMCA) Policy in effect. The DMCA provides a safe harbor for organizations like Pinterest that potentially protects them from liability for infringement. The safe harbor applies when the site provides a mechanism for copyright holders to report alleged infringement to the site and then the site promptly removes the allegedly infringing content. Pinterest also offers a "no pin" code. Copyright holders can add the code to their content so that it cannot then be pinned on Pinterest, a so called opt out.

Recently, Pinterest has said that it (and its lawyers) feel that the site is protected by the DMCA. The company contends that its activities fall squarely under the safe harbor of the DMCA and that they are committed to responding efficiently to all reports of copyright infringement.

Pinterest also revised its terms of service on April 6, 2012, in addition to making other changes to its legal policies and other disclosures. The license grant from users to Pinterest no longer gives Pinterest the right to sell the pinned content. This change should alleviate some of the copyright concern. The license grant from users, however, is still fairly broad, although limited to the Pinterest site. Pinterest also made changes to make it easier for copyright holders to report copyright violations to Pinterest. Finally, Pinterest changed the Pin Etiquette rule encouraging pinners to avoid self promotion to now only encourage them to be authentic. This change comes in response to critiques that by telling pinners to avoid self promotion, Pinterest was encouraging them to post other people's content, possibly in violation of copyright laws.

Does That Settle the Issue?

Not really. If the DMCA protects anyone, it is Pinterest and not its users. The DMCA does not provide any protection against liability to users for copyright infringement and if a user frequently posts material that is the subject of complaints of infringement, the user can have her account disabled. But the DMCA may not even protect Pinterest. To come under the DMCA safe harbor, you cannot have actual knowledge of infringement on your site. It is unclear how the general knowledge standard would apply in the case of Pinterest.

The opt out code is helpful to users as it protects them (and Pinterest) from the copyright holders who are most concerned about their content being posted on Pinterest. It also protects people and businesses who do not want their content to be pinned on Pinterest. Simply not posting content with the opt out code may not be enough, however, to protect either Pinterest or users just because they post content that does not include the code. The DMCA policy also helps copyright holders who want to prevent unauthorized use of their content on Pinterest. If you find unauthorized pins of your content on Pinterest, you can notify Pinterest through the process posted in their legal section in order to have that content removed.

The "Pin It" button appearing on a website is likely the most promising development. If a copyright holder places a "Pin It" icon with her content, it may act as an implied license to pin that content on Pinterest.

The changes to the terms of service and other disclosure language will help alleviate some of the concern about copyright issues by making it easier to address copyright infringement, relieving concern about what Pinterest will do with images, and by removing some of the social pressure to pin other people's content. However, these changes are likely only a step in the right direction and not a panacea.

What Now?

The risks do not mean users cannot use Pinterest without violating copyright laws. So long as you own the rights to your content, you can pin it and others can re-pin it. When users pin content, they grant others the right to re-pin it on Pinterest. If you re-pin content that it is reasonable to believe was pinned by someone who can grant you the rights they are granting, then you are likely protected from infringement. For example if I post photographs that I take of a room in my home or a company posts images of its products, it is reasonable to rely upon the license I and that company are granting you to re-pin the image using the functionality of the Pinterest service. If I, on the other hand, pin one of Annie Leibowitz's photographs of Miley Cyrus on Pinterest, it is unlikely I had permission to do so, and thus it might be unreasonable for other users to rely on my license to re-pin that image. As noted above, a relatively safe practice is to Pin content that contains the Pin It button. Users on Pinterest should also be aware of the rights to their own content that they are giving away when they post on Pinterest. You are granting to other users the right to re-pin the item on Pinterest and thus are giving up some control over that content.

Users, businesses included, who use Pinterest carefully should be able to navigate the waters successfully and open their products, services, creations, and inspirations up to the rapidly growing base of Pinners. Like any new online service there is some uncertainty and some risk, but by exercising care, much can be mitigated.

Occupiers' Motion to Quash Subpoenas of Tweets Raises Privacy Questions

Sheppard Mullin — Tue, 03 Apr 2012 08:57:18 -0800

By Craig Cardon and Rachel Tarko Hudson

Occupy protesters in New York are attempting to quash the Manhattan District Attorney's subpoenas of their tweets and Twitter account information. The protesters were arrested for obstructing the Brooklyn Bridge during a protest in October. The District Attorney wants to use the tweets to show that the protesters knew their actions were not sanctioned by the police. The D.A. is also attempting to obtain account information in order to connect anonymous Twitter accounts to their real owners. The protesters' motions argue that the subpoenas violate their privacy rights and their right to speak anonymously.

Craig Cardon of Sheppard Mullin was quoted by Law 360 on this issue as saying that it is more of an urban myth than an actual privacy right that the anonymity of the internet provides unfettered privacy protection to users. While the First Amendment provides protection for anonymous speech the Tweets at issue here were not anonymous. The users Tweeted publicly under their own names, removing any expectation of privacy in the Tweet content. But even had the Tweets been anonymous or private, a court would engage in the traditional balancing test used in cases where an individuals' privacy rights must be weighed against a prosecutor's need for information for a criminal investigation. Nevertheless, subpoenas of internet service providers to reveal anonymous posters have readily been allowed for over a decade.

The district attorney's decision to refrain from requesting private direct messages that can not be publicly viewed or searched for and his explanation that the requested information would be used to disprove beyond a reasonable doubt that the protesters' defense that they believed their obstruction of the Brooklyn Bridge was authorized by the police should help mitigate any privacy concerns. The argument that allowing these subpoenas would allow investigators in the future to request direct messages and other information will not likely get a lot of traction in this case. As Law360 quoted Cardon, “Judges do not want to hear about a parade of horribles; they are focused on what's falling on us today.”

While the issue makes for good headlines, it is likely a tempest in a tea pot and simply a harbinger of challenges to come in the future. The law is fairly clear that subpoenas of the nature involved here (seeking public Tweet content and corresponding time log information for evidentiary purposes) are permitted where as here the prosecution has a well articulated need.

Do Your Social Media Accounts Belong To Your Business? Why Worry, When There Are Safeguards You Can Take Now

Sheppard Mullin — Thu, 29 Dec 2011 11:27:43 -0800

By Michelle Sherman

The world is closely watching a federal case in the Northern District of California where a mobile news and reviews resource company, PhoneDog, is suing a former employee Noah Kravitz (or independent contractor, depending on what news report you read) over who owns a Twitter account that was started in association with PhoneDog, and is now being used by Kravitz as his own Twitter account. The issues drawing so much attention include who owns a social media account – the employee who posts on it, or the employer on whose behalf the employee was posting. The other issue is what value, if any, can be placed on Twitter followers (or, by analogy Facebook likes), when social media attracts people who are portable and not "owned" by the social media account.

As will be discussed more fully below, PhoneDog does not enter court with the best of facts in order to decide these larger issues of interest to employers and the social media community. However, the shortcomings in PhoneDog's case are instructive in terms of steps employers should take to better demonstrate ownership over their social media sites.

1. PhoneDog Lawsuit

The crux of the lawsuit is that Kravitz was paid as a product reviewer and video blogger for PhoneDog from April 2006 through October 2010, and that this position included posting tweets on a Twitter account called @PhoneDog_Noah. After Kravitz left PhoneDog, he changed the name of the account to @noahkravitz, and kept its followers instead of relinquishing the account and its followers over to PhoneDog as was requested of him.

On November 28, 2011, the complaint survived a motion to dismiss filed by Kravitz with the magistrate judge allowing the claims for misappropriation of trade secrets and conversion to stand, and giving PhoneDog leave to file amended claims for intentional interference with prospective economic advantage and negligent interference with prospective economic advantage. On the tortious interference claims, the court held that PhoneDog failed to allege how Kravitz continuing to use the Twitter account in his own name disrupted the purported relationships between PhoneDog and the Twitter users, or how it resulted in economic harm – two essential elements for these claims.

In reviewing the complaint, and what it does not allege, PhoneDog has some formidable hurdles to prevailing on its remaining claims. For example, PhoneDog alleges that it took reasonable measures to protect the confidential information that it loosely describes as the Twitter account password and "many details of PhoneDog's relationships with its users that are not generally known or readily accessible to the public or PhoneDog's competitors." However, PhoneDog does not allege that it had an employment agreement or confidentiality agreement with Kravitz that would have protected this information, or clearly stated that this information should be treated as confidential, proprietary information.

2. The Importance Of Having Written Agreements With Your Employees Concerning Use Of The Company's Social Media Accounts

In a statistical study of trade secret litigation in federal courts with issued written opinions from 1950 through 2008, it was found that employees prevailed more often than the employers with employees winning 54.1% of the summary judgment motions, and employers winning 34.7%. The study also found that while there is no bright line rule for what reasonable measures an employer must take to protect its trade secrets, the most important thing an employer can do is to have a confidentiality agreement with its employees.

3. Social Media And The Internet Present Unique Challenges To Demonstrating Something Is A Trade Secret

With the growth of the internet, we are also finding that the universe of trade secret information is becoming smaller. This would seem to be especially true in the case of Twitter followers who are on a public list that can be viewed by anyone with a Twitter account. Indeed, a federal court in the Eastern District of New York held in August 2010, that a customer list of an executive search consulting firm was not a trade secret given the fact that the list and needs of the firm's clients could be pieced together through internet searches of FX Week, Google, Bloomberg.com, and LinkedIn:

"The information in Sasqua's database concerning the needs of its clients… may well have been a protectable trade secret in the early years of Sasqua's existence when greater time, energy and resources may have been necessary to acquire the level of detailed information to build and retain the business relationships at issue here. However, for good or bad, the exponential proliferation of information made available through full-blown use of the Internet and the powerful tools it provides to access such information in 2010 is a very different story." Sasqua Group, Inc. v. Courtney, 2010 WL 3613855 (E.D.N.Y. Aug. 2, 2010).

As the PhoneDog court held in its motion to dismiss order, PhoneDog also faces a hurdle in alleging "facts regarding how Mr. Kravitz's conduct disrupted its relationships and what economic harm it caused." It is worth noting that the complaint alleges a following of approximately 17,000 followers on Twitter when Kravitz was with PhoneDog. The account that is now used by Kravitz in his personal capacity shows followers numbering 23,578 as of December 28, 2011. In contrast, principals of PhoneDog have far less followers on their respective company Twitter accounts with the Editor in Chief, @PhoneDog_Aaron, having 12,603 Twitter followers as of December 29, 2011, and the President, @PhoneDog_TK, having only 846 as of the same date.

4. Act Promptly To Remove Employees From Social Media Accounts When You Know The Employment Relationship Is Ending

In the trade secrets study, another reasonable measure for protecting trade secrets that an employer should take is introducing computer-based protections. These protections may include requiring personalized logins and passwords for users having access to the information; monitoring their access and use of the information; and terminating access when a user no longer needs access to the confidential information or their employment has been terminated. In the PhoneDog action, the complaint is vague on who established the Twitter account, and whether the plaintiff PhoneDog had the login and password information for the account used by Kravitz. PhoneDog alleges that its confidential information included the passwords, but then alleges that it requested that Kravitz "relinquish use of the Account." If PhoneDog had the Twitter account login with password, then one of the reasonable measures that PhoneDog should have arguably taken was to change the password, and take back control of the Twitter account when Kravitz quit in October 2010.

In general, companies should to the greatest extent possible register social media accounts in their own names or through a senior marketing person and/or social media manager if the account needs to be in the name of a person. Further, on social media accounts such as Facebook pages, where you can have more than one administrator, companies should take advantage of this option and have several administrators. Having several administrators, and asserting control over the account, is another way to demonstrate "ownership" of the account, and also avoid some of the problems experienced by PhoneDog.

Indeed, the time gap between when Kravitz left the company in October 2010, and the filing of the legal action in July 2011 is another hurdle for PhoneDog in its case. Reading between the lines of the complaint, and theorizing from there, it appears that there may be some credence to Kravitz's argument that PhoneDog asked him to "tweet on their behalf from time to time," as reported in the December 25, 2011 New York Times article. In the complaint, PhoneDog also alleges that, "[o]n information and belief, from October 2010 and December 2010, Kravitz free-lanced for a variety of media outlets before obtaining a full-time position with TechnoBuffalo", who is described as a competitor of PhoneDog. In other words, PhoneDog also seems to be pursuing this action because Kravitz is now working for a competitor of PhoneDog. PhoneDog does not allege that there was a non-compete agreement with Kravitz.

5. If You Have A Social Media Non-Compete Or Confidentiality Agreement With Your Employees, Make Sure Your Intentions Are Clearly Stated

It does not appear that PhoneDog had any written agreement that would prevent Kravitz from continuing to tweet about mobile news and reviews after he left the company. If there was a non-compete agreement, or a confidentiality agreement concerning PhoneDog's purported trade secrets, then the agreement needs to be clear about what the parties intended, and the terms of their agreement.

For example, a federal court of appeals held that an ex-News Corporation employee did not breach his post-employment agreement in a trade secrets case by sending 55 pages of internal documents from his former employer to a U.S. Senate staffer because the documents were mailed one day before he signed the agreement in which he promised not to disclose NewsAmerica's confidential information or disparage the company. News America Marketing v. Emmel, D.C. Docket No. 07-00791-CV-TCB-1 (11^th Cir. June 8, 2011).The court's decision turned on the post-employment agreement only referring in the present tense to future acts. Robert Emmel agreed that he "will not disparage, denigrate or defame the company, " and that he "will maintain in complete confidence" the company's confidential information. The court held, "If it had wanted the agreement to cover past acts or future inaction, New America should have written the agreement to say that."

The News America Marketing case highlights the importance of having an agreement with employees concerning their access and use of social media accounts on behalf of the company, and ensuring that the agreement clearly spells out the relationship and the parameters for it because some courts will literally interpret agreements with employees.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Facebook's Settlement With The FTC Is A Wake Up Call For Businesses To Review And Update Their Website Privacy Policy And Agreements

Sheppard Mullin — Tue, 27 Dec 2011 11:41:27 -0800

By Michelle Sherman

The Federal Trade Commission ("FTC") is working hard to make sure consumers are not being misled about how websites and social networking sites are using their personal information. Companies that do not follow their own privacy policies are finding themselves the subject of FTC complaints. It is therefore even more important for businesses to review and update their "privacy policy," "terms of use," and other legal agreements on their websites. This review should also include any company apps.

1. When Businesses Do Not Comply With The Terms Of Their Website Privacy Policy, Then They May Be In Violation Of Section 5(a) Of The FTC Act

The recent consent decrees that the FTC entered into with Facebook, Google and online advertiser ScanScout highlight the need for businesses to make sure they are acting in accordance with their privacy policies. Businesses are well advised to take the following actions:

(1) Ensure that the published policies on their websites for terms of use and privacy reflect what information the businesses are collecting from consumers, and that the disclosures are clearly stated without unnecessary and lengthy legalese;

(2) Examine how the businesses are using personal information or anticipate using it, and that these uses are being fully disclosed to consumers; and

(3) Take reasonable measures to safeguard consumer information. Because of the risks of cyberhacking, it is also worthwhile to conduct an audit on how consumer information is being safeguarded, and what information is being stored and for how long a period. The FTC settled a complaint against Twitter for its alleged failure to take reasonable safeguards to protect users' accounts against hackers.

In all of these complaints, the FTC alleged that the respondents made false or misleading representations about their privacy policies in violation of Section 5(a) of the FTC Act. The FTC Act prohibits unfair or deceptive acts or practices. 15 U.S.C. § 45(a).

The consent decrees entered into by Facebook, Google and ScanScout in order to avoid more costly litigation and possibly stiffer penalties are similar in some key respects, and include some terms that will increase their costs of doing business. As is sometimes the case with the FTC, the FTC conditioned the settlements on these businesses agreeing to change their business practices in ways that may place them at a competitive disadvantage to their competitors because some of the additional privacy measures they must now take are not required under current law.

2. Lessons To Be Learned From The FTC Settlements With Facebook And Others

It is instructive to know how these businesses allegedly violated the terms of their privacy policies with users because the same may be true for many companies.

(a) Facebook Complaint

In its complaint against Facebook, the FTC alleged:

(1) Facebook told its users that third-party apps that users installed – such as Farmville by Zynga– would have access only to user information that they needed to operate. In fact, the apps could access nearly all of the users' personal data.

(2) Facebook told users that they could restrict sharing of data to limited audiences – for example, with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with the third-party applications their friends used.

(3) Facebook promised users it would not share their personal information with advertisers. Facebook did according to the FTC.

(4) Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible, when in fact Facebook allowed access to the content according to the FTC.

(5) Facebook also claimed that it complied with the U.S. – EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union, but it did not.

(b) Google Complaint

Google is also faulted for making use of its users' data in ways that was contrary to what Google was telling users about the launching of Google's Buzz social network through its Gmail web-based email product. The FTC alleged that "Google led Gmail users to believe that they could choose whether or not they wanted to join the [Buzz] network, [but] the options for declining or leaving the social network were ineffective." Google was apparently trying to immediately ramp up its social network in order to compete with Facebook. The Buzz launch ended up being a public relations nightmare for Google with thousands of consumers reportedly complaining that they were concerned about public disclosures of their email contacts from which Google tried to create immediate Buzz connections for users. In some cases, use of the emails disclosed ex-spouses, therapists, employers or competitors.

According to the FTC, Google breached its privacy policy when it launched Buzz, its social networking site, because Google's policy told Gmail users that "[w]hen you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use." According to the FTC, Google used Gmail users' information for a different purpose without telling them by starting a social networking site with the information.

(c) Online Advertiser ScanScout Complaint

The FTC is not just pursuing these actions against social media behemoths such as Facebook and Google. In November 2011, the FTC reached a settlement with an online advertiser ScanScout. ScanScout is an advertising network that places video ads on websites for advertisers. ScanScout collects information about consumers' online activities (aka behavioral advertising) in order to post video ads targeted to the people visiting the website. In ScanScout, the FTC alleged that there was a discrepancy between the online service and their website privacy policy:

"[F]rom at least April 2007 to September 2009, ScanScout's website privacy policy discussed how it used cookies to track users' behavior. The privacy policy stated, 'You can opt out of receiving a cookie by changing your browser settings to prevent the receipt of cookies.' However, changing browser settings did not remove or block the Flash cookies used by ScanScout…. The claims by ScanScout were deceptive and violated Section 5(a) of the FTC Act."

In the ScanScout action, the company Tremor Video, Inc. is also subject to the settlement order because ScanScout merged with Tremor Video. This settlement also highlights the importance of doing an audit of a target company's social media activity before acquiring or merging with it so your company will have more information concerning the legal risks of the deal.

3. Business Costs Of Not Updating Your Privacy Policy And Following It

In each of these cases, the FTC is making the settling party do some things that are more than they would have been required to do in the normal course of business, thereby, making it more challenging and expensive for them to do business.

These consent decrees require the settling party to do the following:

(1) Tell users what information is being collected and for what purpose, with the right to "opt out" of the targeted advertising (ScanScout);

(2) Obtain consumers' affirmative express consent before enacting changes that override their privacy preferences (Facebook; Google);

(3) Establish and maintain a comprehensive privacy program to address privacy risks associated with new and existing products and service, and protect the privacy and confidentiality of consumers' information (Facebook; Google); and

(4) Every two years, for the next 20 years, obtain independent, third party audits certifying that the privacy program meets or exceeds the requirements of the FTC order (Facebook; Google).

4. Conclusion

Considering that the vast majority of consumers simply click through the legal agreements to get to the applications on a website, there is no real downside to companies spending a little time and money to ensure that their privacy policy, terms of use and other legal agreements reflect their current practices. Similarly, updating these agreements should be a routine part of changing how the company is collecting and using information from its users. It should be coordinated between marketing, IT and legal with each checking off on the updates being accurate. And, finally, the website should clearly indicate that the privacy policy and/or agreements have been updated so users have the option to review any changes. If experience is any indicator, virtually all users will continue to visit the website notwithstanding the updated policy or agreements.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Using the Internet to Your Company's Advantage in Defending Against A Whistleblower Action

Sheppard Mullin — Tue, 29 Nov 2011 15:28:58 -0800

By Michelle Sherman

The wide dissemination of news on the Internet through “new media” online sites such as the Huffington Post, well recognized blogs like the Drudge Report, or social media sites such as Twitter is changing how we get our news today. The Internet is also making it harder for someone to be the first and original source for allegations of corporate malfeasance that can be the basis for a whistleblower or false claims action. In other words, businesses who are defending themselves against a whistleblower or qui tam (false claims) plaintiff (collectively, “whistleblower”) should exhaustively search the Internet for evidence showing that the whistleblower is not the “original source” of the information.

1. Section 922 Of The Dodd-Frank Wall Street Reform And Consumer Protection Act.

Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act provides that the Securities and Exchange Commission (“SEC”) shall pay awards to eligible whistleblowers who voluntarily provide the SEC with original information that leads to a successful enforcement action yielding monetary sanctions of over $1 million. Whistleblowers can recover from 10 to 30 percent of the total monetary sanctions collected in the SEC’s action or any related action, so there is a real financial incentive for someone to report suspected wrongdoing. Section 922 of Dodd-Frank also added Section 21F to the Securities Exchange Act of 1934, and Section 21F reflects these incentives to whistleblowers.

According to the SEC’s May 25, 2011 press release, Section 922 defines original information as information that “must be based upon the whistleblower’s independent knowledge or independent analysis, not already known to the Commission and not derived exclusively from certain public sources” such as the news media.

Because the public policy behind whistleblower statutes is to reward the reporting of alleged wrongdoing that may otherwise go undetected, the statutes do not allow for bounty rewards to plaintiffs who are not the original source of the information.

Thus, a whistleblower, who provides information that is already known and discoverable through a blog post, Twitter or other social network activity, may have trouble satisfying an essential element to recovering the mandatory award under Section 922.

2. The False Claims Act And The Public Disclosure Bar.

Similarly, the False Claims Act includes a public disclosure bar which provides that courts shall dismiss qui tam suits when the relevant information has already entered the public domain through certain channels, including the news media, unless the action is being brought by the Attorney General or by a person who is the original source of the information. 31 U.S.C. § 3730(e)(4)(A). Section 3730(e)(4)(A) also allows the government to stop dismissal of the action by opposing the dismissal.

The public disclosure bar was added by Congress to the False Claims Act “in an effort to strike a balance between encouraging private persons to root out fraud and stifling parasitic lawsuits.” Graham County Soil and Water Conservation District v. United States ex rel. Wilson, 559 U.S. __, 130 S. Ct. 1396 (2010).

Recent amendments to the False Claims Act left unchanged the defense that information available in the news media cannot form the basis for a qui tam plaintiff being able to maintain his action.

3. Why The Public Disclosure Bar Should Include Activity On The Internet Including Blogs, Online News, And Social Network Sites Such As Twitter.

With the exponential growth of the Internet, the meaning of news media has expanded and, thereby, created more opportunities for a company to assert the public disclosure bar. The definition of “news media” in Wikipedia highlights this broad scope:

“The news media are those elements of the mass media that focus on delivering news to the general public or a target public. These include print media (newspapers, newsmagazines), broadcast news (radio and television), and more recently the Internet (online newspapers, news blogs, etc.)” (emphasis provided).

The New York Times has also reported on how many stories are being covered online these days instead of through print editions:

“Crucial to the Times’s approach in a time of less print space is City Room, the fourth most popular blog on the NYTimes.com. It is where The Times dishes breaking news and a creative menu of features, columns and digital novelties. In City Room, a whole new kind of metro report emerges, with most of its 3,000 plus blog posts a year never surfacing in print.” Arthur S. Brisbane, New York Times, Covering Its Own Backyard (Oct. 23, 2011).

In Graham County, the Supreme Court specifically cited to the broad scope of the news media component of the public disclosure bar when the Court recognized it includes “a large number of local newspapers and radio stations.” As we have seen with online news sources such as the Huffington Post, which AOL acquired for $315 million, and which had an estimated 25 million monthly users at the time of the sale, new media can have a far greater reach than a small town local newspaper that is included in the news media category of the public disclosure bar.

WikiLeaks is also a good example of how confidential information was first publicized through the Internet, and ahead of an alleged whistleblower. A New York Times article described how much WikiLeaks (and the use of the Internet to dump confidential information) has changed the whole nature of whistle blowing:

“Whistle-blowers in possession of valuable and perhaps incriminating corporate and government information now had a global dead drop on the Web. Traditional news organizations watched, first out of curiosity and then with competitive avidity, as WikiLeaks began to reveal classified government information that in some instances brought the lie to the official story.” David Carr, New York Times, “Is This the WikiEnd?” (Nov. 6, 2011).

4. Conclusion.

Consequently, a company is well advised to search the Internet for discussions concerning the allegations that form the basis for a whistleblower’s action. Industry specific blog sites are a good starting point since they often carry gossip concerning companies in that industry. Twitter is also a good resource since it has the most real time news updates, and often scoops the mainstream media as we saw with reports of the earthquake in Japan and its aftermath, the United States finding and killing Osama bin Laden (with a local resident live tweeting the storming of the compound), and the political upheaval in Egypt (described as the “Twitter revolution”). YouTube is also a good resource as evidenced by the video that quickly went viral in which University of California, Davis campus police were seen spraying students with pepper spray.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Protect IP Act: One Approach to Dealing with Internet Piracy

Sheppard Mullin — Tue, 29 Nov 2011 10:58:14 -0800

By Michelle Sherman

Digital media theft or piracy, as it is more commonly called, is a serious and pervasive problem with countries taking different approaches to address it. It is estimated that copyright piracy and the sale of counterfeit goods costs US creators and producers billions of dollars every year.

Click here to read the full article as published in the Journal of Internet Law.

Legal Issues Surrounding Social Media Background Checks

Sheppard Mullin — Mon, 03 Oct 2011 10:04:12 -0800

By Michelle Sherman

Agatha Christie had a novel take on invention being the mother of necessity. She disagreed and said, “[I]nvention, in my opinion, arises directly from idleness, possibly also from laziness. To save oneself trouble.” She may have been onto something when you think about businesses that are turning to outside vendors to research employees and job candidates for them. Whether or not these outside vendors are the best solution, however, remains to be seen.

Companies Should Have An Internal Procedure For Researching Job Candidates And Employees On The Internet

We recommended earlier this year that businesses establish an internal procedure for making employment decisions based on Internet research, so they would not run afoul of state and federal laws that prohibit job discrimination based on protected factors. The protected factors include, for example: (1) Race, color, national origin, religion and gender under Title VII of the Civil Rights Act of 1964; and (2) Sexual orientation, marital status, pregnancy, cancer, political affiliation, genetic characteristics, and gender identity under California law. Most states have their own list of protected factors, which should be considered depending on where your company has employees.

Not surprisingly, the legal risks of making employment decisions using the Internet have become a real concern for businesses, especially when you consider that 54% of employers surveyed in 2011 acknowledged using the Internet to research job candidates. The actual number of employers using the Internet is probably higher, and sometimes companies may not even be aware that their employees are researching job candidates and factoring that information into their evaluations. This is yet another reason to establish an internal procedure for researching job candidates, and communicating your procedure to employees who are participating in the employment process.

There is nothing wrong with researching people on the Internet so long as it is done properly. The Internet has a wealth of useful information, some of it intentionally posted by job applicants for employers to consider such as LinkedIn profiles.

With this “necessity” to do Internet searches properly, some businesses have turned to outside vendors to do the research for them, and, thereby, try to reduce their legal exposure and the administrative inconvenience of doing it themselves. At least one of these vendors has received letters concerning its business practices from the Federal Trade Commission (“FTC”) and, more recently, two U.S. Senators.

The Business Practices Of Outside Vendors That Provide Social Media Background Checks Are Being Examined For Compliance With Privacy And Intellectual Property Laws

On May 9, 2011, the staff of the FTC’s Division of Privacy and Identity Protection sent a “no action” letter to Social Intelligence Corporation (“Social Intelligence”), “an Internet and social media background screening service used by employers in pre-employment background screening.” The FTC treated Social Intelligence as a consumer reporting agency “because it assembles or evaluates consumer report information that is furnished to third parties that use such information as a factor in establishing a consumer’s eligibility for employment.” The FTC stated that the same rules that apply to consumer reporting agencies (such as the Fair Credit Reporting Act (“FCRA”)) apply equally in the social networking context. These rules include the obligation to provide employees or applicants with notice of any adverse action taken on the basis of these reports. Businesses should also be mindful of similar state consumer protection laws that may be applicable (e.g. California Investigative Consumer Reporting Agencies Act).

The FTC concluded by stating that information provided by Social Intelligence about its policies and procedures for compliance with the FCRA appears not to warrant further action, but that its action “is not to be construed as a determination that a violation may not have occurred,” and that the FTC “reserves the right to take further action as the public interest may require.” This FTC “no action” letter was reported fairly widely, and probably increased the comfort level of businesses that wanted to use an outside service for Internet background checks.

On September 19, 2011, Senators Richard Blumenthal (D-Conn) and Al Franken (D-Minn) sent a letter to Social Intelligence with 13 questions regarding whether the company is taking steps to ensure that the information it is gathering from social networks is accurate, whether the company is respecting the guidelines for how the websites and their users want the content used, and whether the company is protecting consumers’ right to online privacy. The letter raises some legitimate concerns, and requests a prompt response from Social Intelligence to the questions presented.

Legal Assurances That Your Company May Want To Seek If Using An Outside Vendor

Some of the questions also warrant due consideration on the part of businesses receiving reports from outside vendors about how much weight they want to give the information provided. Further, what the business may want in the form of legal assurances from the outside vendor that no laws (e.g. FCRA, privacy, copyright, or other intellectual property laws) have been violated in gathering the information or providing screenshot copies of pages from social networking sites.

Some of the questions from the Senators which raise these concerns include, for example:

1. “How does your company determine the accuracy of the information it provides to employers?” [Social Intelligence is reportedly collecting social networking activity dating back 7 years, and, therefore, may capture something that was later removed, or was a “tag” post through a picture that the job candidate was not responsible for making public, and may have removed once it came to his attention.]

2. “Is your company able to differentiate among applicants with common names? How?” [e.g. Have they researched the correct “Jane Smith” of the hundreds on Facebook since social security numbers or other specific identifying information is not useful on social networking sites as it is with the standard background check.]

3. “Is the information that your company collects from social media websites like Facebook limited to information that can be seen by everyone, or does your company endeavor to access restricted information.”

4. “The reports that your company prepares for employers contain screenshots of the sources of the information your company compiles…These websites are typically governed by terms of service agreements that prohibit the collection, dissemination, or sale of users’ content without the consent of the user and/or the website….. Your company’s business model seems to necessitate violating these agreements. does your company operate in compliance with the agreements found on sites whose content your company compiles and sells?”

5. There appears “to be significant violations of user’s intellectual property rights to control the use of the content that your company collects and sells. …. These pictures [of the users], taken from sites like Flickr and Picasa, are often licensed by the owner for a narrow set of uses, such as noncommercial use only or a prohibition on derivative works. Does your company obtain permission from the owners of these pictures to use, sell, or modify them?”

Conclusion

Establishing an internal procedure for using the Internet to make employment decisions is one more piece of a sound ethics and compliance program that addresses how your company is using social media. If using an outside vendor to perform social media background checks is part of that policy, you should assure yourself that the company is acting in compliance with the relevant laws.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Your Social Media Policy May Need Revamping

Sheppard Mullin — Mon, 03 Oct 2011 09:36:07 -0800

By Michelle Sherman

If your company adopted a social media policy more than two months ago, or, if your company modeled its policy after one of the sample policies available on the Internet, then there is a very good chance that your social media policy is overbroad and needs to be revised. For example, if your social media policy prohibits social media activity that disparages the company without making it very clear that this prohibition does not include protected concerted activity (as more fully described below), then your policy needs to be amended.

An Overbroad Social Media Policy Can Hurt Your Company’s Bottom Line

The financial incentive for making sure your policy, and how you apply it to your employees’ social media activity, is done correctly is underscored by a September 2, 2011 administrative law judge opinion. In Hispanics United of Buffalo, Inc., the ALJ ordered the non-profit Hispanics United of Buffalo, Inc. (“HUB”) to rehire and provide back pay to five employees who were fired over Facebook posts in which they were complaining about criticisms of their job performance by another HUB employee. Their posts were held to be “concerted activity” on a subject matter protected by Section 7 of the National Labor Relations Act (“NLRA”), and their termination was in violation of Section 8(a)(1) of the NLRA. Individual action is concerted if it is engaged in with the object of initiating or inducing group action. In terms of dollars for a company, this type of ruling can mean hundreds of thousands of dollars in salary to the employees hired to replace the terminated employees, back pay and attorneys’ fees and costs in defending the action.

The NLRB Has Issued Helpful Guidelines For How To Respond To Your Employees’ Social Media Activity

This is the first decision involving the firing of employees for work related social media activity. However, it is not the first time that the National Labor Relations Board (“NLRB”) has communicated its official position on the parameters for a social media policy. On August 18, 2011, the Acting General Counsel for the NLRB reported on the outcome of investigations into 14 cases involving the use of social media and employer’s social media policies. Acting General Counsel Lafe Solomon stated, “I hope that this report will be of assistance to practitioners and human resource professionals.” In four cases, the NLRB found that the employees were engaged in “protected concerted activity” because their social media activity was an online discussion of the terms and conditions of their employment with co-workers. The NLRB report also stated that employers had the most problems with overbroad policies.

Another helpful guide for employers was issued on August 5, 2011 by the U.S. Chamber of Commerce (Labor, Immigration & Employee Benefits Division) in which the Chamber reported that the NLRB has reviewed more than 129 cases involving social media in some way. “The issues most commonly raised in the cases before the Board allege that an employer has overbroad policies restricting employee use of social media or that an employer unlawfully discharged or disciplined one or more employees over contents of social media posts.”

The relevant law for HR professionals and businesses to consider when speaking to employees about their social media activity are Sections 7 and 8(a)(1) of the NLRA. Section 7 provides in pertinent part that: “Employees shall have the right to self-organization, to form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection”. In practice, this means that employers cannot chill, or penalize communications between employees concerning work conditions, terms and conditions of employment (salary, benefits), managers and management.

A further wrinkle added by social media to this statutory protection of employees is that most employees who are on a social networking site, such as Facebook, are connected with other employees, and those employees may comment on their co-worker’s online complaint about work, thereby, giving possibly rise to “protected concerted activity.” Even a “like” of the co-worker’s post – short of a comment – may possibly give rise to protected activity. The NLRB has even held that a comment that seems on its face to be outside the scope of protected activity is off limits for sanctioning an employee. For example, the NLRB has held that employees should not have been terminated for the following content on a social networking site:

1. An employee complained about the cheap food that his luxury car dealership employer gave away at a sales event for customers. The rationale was that the employee and the co-workers, who commented on his Facebook post, were concerned that giving away cheap food would result in a negative impression of the car dealership, less cars being sold, and thus reduced sales commissions for them.

2. An employee used profanity and sarcasm in soliciting comments from her work colleagues on Facebook about a victim advocate who worked with them and was critical of the client services they were providing. Her comments did not lose their protected status even with the strong language she used.

Section 8(a)(1) provides that employers cannot “interfere with, restrain, or coerce employees in the exercise of the right guaranteed in Section 7 of this Act.” Employers are also prohibited from “unlawful surveillance” of their employees, which means that employers should not try to access social media activity of their employees that is not public and concerns protected activity.

Not All Social Media Activity Is Protected: Employees Cannot Harass Or Bully Other Employees, Or Defame Their Employers Indiscriminately

This does not mean that employers cannot take action against employees for social media posts concerning the company and its management if: (1) the employee is bad mouthing the company and/or management, and the statements clearly do not concern work conditions, benefits, wages and other terms and conditions of employment – employers are entitled to loyalty from their employees; (2) the employee is discussing privileged and confidential client communications; and (3) the employee is harassing, threatening, or making racist statements directed at a co-worker.

Conclusion

The good news is that the revision or drafting of a social media policy by an attorney who stays current with social media legal issues is relatively inexpensive and easily executed. Companies do not need to resort to boilerplate policies that may be overbroad, and create unnecessary legal exposure for the company.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Anonymous Bloggers And The First Amendment: When And How Your Company Can Identify Its John Doe Defendants

Sheppard Mullin — Mon, 25 Jul 2011 15:13:10 -0800

By Michelle Sherman

The exponential growth of the internet is also seeing an increase in the number of legal actions against “John Doe” defendants. John Doe is really synonymous with an anonymous speaker (blogger), who may be liable for claims such as copyright infringement, trademark infringement, or defamation. Fortunately, there is guidance from the courts so your company can increase its chances of identifying these anonymous bloggers, if necessary.

If you are fortunate enough to have the anonymous blogger’s IP address, then there are online services through which you can get more information concerning the computer, tablet or smartphone from which the post was made, such as the city, and possibly the name of the organization. However, to get the name on the account with the internet service provider (ISP) (such as WordPress, or Google), your company will need to get a court order. The ISPs are not required to connect the dots for you.

The most common approach for identifying an anonymous blogger is typically a motion for leave to take discovery prior to the Federal Rules of Civil Procedure Rule 26(f) conference of the parties, and an order allowing discovery from the ISP through a subpoena served on the ISP. In the discovery order, courts generally require the ISP to give notice to its subscriber (the anonymous blogger) before turning over their contact information. The discovery order will typically include a cutoff date for the notice to be given, and for the subscriber to file a motion to quash the subpoena.

It cannot be overemphasized that the First Amendment protections afforded anonymous speech on the internet present a tremendous hurdle for getting relief from the courts. At the same time, courts are issuing discovery orders in recognition that speech is not absolutely protected. Political speech receives the highest level of protection as the essence of the First Amendment. Speech that can be characterized as “commercial” speech does not receive the same protections, and is protected only so long as “the communication is neither misleading nor related to unlawful activity.” Central Hudson Gas & Elec. Corp. v. Public Serv. Comm’n of N.Y., 447 U.S. 557, 564 (1980). Fighting words and obscenity are not a protected form of speech. Thus, how the speech is characterized will affect the merits of your discovery motion.

5 FACTORS IN FAVOR OF IDENTIFYING THE ANONYMOUS BLOGGER

Your company can make a prima facie showing of its claim against the anonymous speaker. There is not a single standard that is applied uniformly by all of the federal district courts. However, the prima facie case standard is applied by many courts, including California district courts. The most rigorous standard that some courts apply is that the legal claim, on which the discovery motion is based, could survive a motion for summary judgment. The lowest standard is the motion to dismiss or good faith standard. Thus, where you file your action may affect your chances of identifying the anonymous blogger.

The Ninth Circuit, citing to a Supreme Court decision, has held that the type of speech at issue (political vs. commercial) should be considered in deciding what standard to apply, with a more relaxed standard being applied to commercial speech: “[W]e suggest that the nature of the speech should be a driving force in choosing a standard by which to balance the rights of anonymous speakers in discovery disputes.” In re Anonymous Online Speakers, 2011 WL 61635, *6 (9th Cir. Jan. 7, 2011).
The anonymous blogger is a defendant (as opposed to a non-party).
The nature of the claim, and the interest being protected. For example, courts have held that when a plaintiff has made a prima facie claim of copyright infringement, the plaintiff’s need for disclosure outweighs any First Amendment rights. Arista Records LLC v. Does 1-19 (“a defendant’s First Amendment privacy interests are exceedingly small where the ‘speech’ [at issue] is the alleged infringement of copyrights”). Cases involving the disclosure of confidential insider information online is another area in which courts seem more inclined to issue a discovery order. In defamation cases, it is more difficult to overcome the First Amendment protections. However, discovery orders are being issued in these cases as well.
The identity of the anonymous blogger is not available from other, less intrusive sources, such as deposing the person who is reasonably believed to have posted the objectionable material.
There has been some effort to give the blogger notice of the subpoena before filing the motion .

5 FACTORS THAT CONTRIBUTE TO COURTS DENYING THESE DISCOVERY MOTIONS

The anonymous blogger is being sued for speech that can be characterized as political speech, which is entitled to the highest level of First Amendment protection.
The blogger is someone whose identity should be protected under the relevant state shield law – reporter’s privilege. Blogs, chat rooms, websites can potentially be encompassed within the spectrum of a shield law extended to the news media. For example, the electronic publication called the Drudge Report has successfully asserted the reporter’s privilege.

Media companies have also asserted the reporter's privilege in response to subpoenas seeking the identity of anonymous posters, with some success in states such as Colorado, North Carolina, Oregon, Montana, Florida and Illinois.
The basis for the subpoena is stated in a cursory manner without any evidence to support the elements of the claim on which it is based.
The subpoena is overbroad, and does not specifically seek information that is necessary to identify the anonymous blogger.
The subpoena seeks information that is cumulative of other evidence. For example, your company has a reasonable idea about who posted the speech at issue and can confirm its suspicions by deposing the person, or serving less intrusive discovery.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

10 Social Media Must Haves For Your Corporate Compliance And Ethics Program

Sheppard Mullin — Mon, 18 Jul 2011 08:59:55 -0800

By Michelle Sherman

Companies would be legally remiss not to add a social media component to their corporate compliance and ethics program. As we have seen and reported on, agencies such as FINRA, the FTC, and the NLRB are bringing complaints against companies arising from their social media activity or employee related activity, thus, highlighting the need for companies to demonstrate that they are exercising due diligence to promote ethical conduct and prevent criminal conduct in the context of social media activity [e.g. Federal Sentencing Guidelines, § 8B2.1].

The following list is a good starting point, however, there may be additional items that a social media attorney will recommend you include in your policy depending on the nature of your business. A companion article to this one, for example, includes additional items that government contractors should have in their social media policies.

Adopt a social media policy. Include the basic list of “Dos” and “Don’ts” in your policy. Don’t try to prohibit lawful protected activity such as complaining about work conditions or compensation/benefits, or whistle blowing. However, employees should be advised of the importance of communicating possible wrongdoing at the company through established internal channels so an appropriate investigation can be conducted.
Implement an effective training program on how your employees should use social media, with emphasis on areas of particular concern for your company which may include, for example, protecting the privacy interests of your company clients, complying with FINRA/SEC social media guidelines, antitrust compliance, not disclosing confidential, proprietary information, and brand protection.
Update your e-discovery approach and make sure that you include social media activity and cloud computing because it is discoverable.
Update your document retention policy to make sure you are capturing and storing the social media activities of your company, and don’t forget employees conducting business from their smart phones and tablets.
Update your Sarbanes-Oxley Act compliance program to ensure that financial information posted on your Facebook fan page, Twitter, website, etc., is updated to reflect material changes in financial condition and operations. Do not release financial information on social networking sites that you have not also published in a press release.
Audit the social media activity of potential targets for mergers and acquisitions to identify any legal risks and liabilities, including, without limitation, the target failing to comply with the Sarbanes-Oxley Act.
Train your HR department, managers and anyone making employment decisions so they do not use information from social networking sites to discriminate against anyone based on protected factors under federal or state law. Set up protocols so protected factors are not considered.
Take reasonable measures to protect your trade secrets. Update your confidentiality agreements and computer use policies with employees. Clearly communicate what are the company’s trade secrets and the ways in which use of them is restricted. One of the essential elements for a misappropriation of trade secrets case is that the company has taken reasonable measures to protect its trade secrets, which would include, in the social media era, a social media policy with training for employees so they are not inadvertently disclosing the company's trade secrets.
Incorporate privacy protections into your business practices such as data security, the collection of a reasonable amount of information and not more, sound retention practices (not an unduly long period of time), and data accuracy (so misinformation is not reported on consumers).
Review the FTC guidelines for online endorsements with employees, including the prohibition on employees giving reviews for the company’s products (or the products of it’s competitors) without disclosing their biased relationship with their employer company.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Does Your Sarbanes-Oxley Act Compliance Program Reflect Your Social Media Presence?

Sheppard Mullin — Tue, 21 Jun 2011 13:59:06 -0800

By Michelle Sherman

A sound social media governance program means more than having a social media policy, or updating your document retention policy to include social media activity. It may also mean updating your Sarbanes-Oxley Act (“SOX”) compliance program to ensure that your company is complying with Section 409. Section 409 of SOX requires companies to disclose material changes in their financial conditions or operations, by updating information on your social media networking sites. Credit Suisse Securities was fined $4.5 million by FINRA last month, and one of the reasons for the fine was failing to update its website with relevant and accurate disclosures concerning the performance of some residential subprime mortgage securitizations (“RMBS”).

In its May 26, 2011 press release, FINRA described its findings and the basis for its fine:

FINRA found that in 2006, Credit Suisse misrepresented the historical delinquency rates for 21 subprime RMBS it underwrote and sold. Although Credit Suisse knew of these inaccuracies, it did not sufficiently investigate the delinquency errors, inform clients who invested in these securitizations of the specific reporting discrepancies or correct the information on the website where the information was displayed. Credit Suisse also failed to name or define the methodology used to calculate mortgage delinquencies in five other subprime securitizations. Additionally, Credit Suisse failed to establish an adequate system to supervise the maintenance and updating of relevant disclosure on its website (emphasis added).

Credit Suisse is reported in the FINRA press release as not admitting or denying the charges but consenting to the entry of FINRA’s findings.

For public companies, the SEC could seek similar sanctions through Section 409 of SOX. Section 409 requires public companies to “disclose to the public on a rapid and current basis such additional information concerning material changes in the financial condition or operations of the [company], in plain English.” “Material changes” may include, for example, events that would require a company to issue a Form 8-K or Regulation FD disclosure.

Companies are not permitted to forego the traditional press release or other broad-based public disclosure concerning material changes. However, companies have been authorized to post financial statements on their websites and the Internet through social networking sites such as Twitter or Facebook fan pages. To the extent your company is already doing so, it is equally important to make sure these social networking sites reflect the most current information including changes in your public financial reporting.

It is not a stretch for regulators or plaintiffs’ attorneys to begin arguing that social media, in particular Twitter, is the most “rapid” means by which a company can publicize its material changes. As evidenced by the earthquake in Japan and its aftermath, the United States finding and killing Osama bin Laden (with a local resident live tweeting the storming of the compound), and the political upheaval in Egypt (described as the “Twitter revolution”), Twitter has become the source of breaking news for many people. If your company is using Twitter for business purposes, then you may want to include Twitter as another vehicle for posting the press release that you have issued in order to comply with SOX.

The lessons to be learned from the $4.5 million fine of Credit Suisse are:

Have an audit done of your website and social media sites to make sure the information posted there is not arguably outdated, incorrect, or misleading.
Before acquiring a company, conduct a similar audit to identify any potential risks of your company being financially responsible for pre-acquisition violations of FINRA regulations or SOX on the target company’s respective websites or social media accounts.
Update your company compliance practices and safeguards to ensure that disclosures are being made to all disclosure venues including the less conventional ones such as Facebook and Twitter. This should ideally include coordination between legal, PR and finance.
Do not disclose financial information on Twitter or Facebook that is not available elsewhere.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Is Your Company's Social Media Launch Ahead Of Its Compliance Program

Sheppard Mullin — Tue, 17 May 2011 13:04:57 -0800

By Michelle Sherman

Many businesses are still coasting along enjoying the marketing advantages of social media without making sure they have a good compliance program in place. For every company with a Facebook fan page or Twitter account roughly 65 percent would admit they do not have a social media policy. For companies with a social media policy, many of those policies have been lifted from online samples that may be over broad, and include provisions that have been challenged with some success in court.

"Penny wise and pound foolish," companies are not having their social media business practices reviewed by knowledgeable legal counsel. Companies invest time and money putting together a Facebook fan page that is promoted throughout the company without training their employees on the Do's and Don'ts of posting comments on the fan page, or using social media in general.

Another risk of social media was highlighted by settlements that the FTC reached with Twitter and Google concerning shortcomings in their privacy guidelines. The consent decrees reached by each of the companies highlight how seriously the FTC takes the safeguarding of consumer information. In the case of Twitter, the FTC put the responsibility for hackers gaining administrative access to Twitter personal accounts on Twitter. One hacker gained access to non-public information such as users email addresses and mobile phone numbers. The same hacker changed the passwords for approximately 45 high profile Twitter users including President Obama and sent phony tweets from those accounts.

The hacker found his way into the system because Twitter did not have a feature that is commonly used with online stock brokerage accounts where the system will lock you out after a few unsuccessful attempts to enter the correct password. The hacker used an automated password guessing tool which submitted thousands of guesses until finding the correct password. The FTC identified other shortcomings in Twitter's security system including: (1) Not requiring that passwords be unique and different from what a Twitter employee, who also had administrative control of the Twitter system, used to access third-party programs and networks; (2) not requiring periodic changes of administrative passwords; and (3) not requiring that Twitter passwords in personal email accounts be stored encrypted instead of the plain text that some Twitter employees used.

The FTC framed the complaint as Twitter not living up to its representations to consumers on its security practices. Twitter's privacy policy stated, "Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access."

Twitter settled with the FTC and agreed, among other things, to establish and maintain a comprehensive information security program so that nonpublic consumer information cannot be hacked into. This security information program will be assessed by an independent third-party auditor every other year for the next ten years. Twitter must also maintain records regarding its privacy practices and policies. Each violation of the settlement order may result in a civil penalty up to $16,000.

The recent Google Buzz settlement is a perfect example of a company forgetting to read and take into account its own privacy policy. Google's Gmail privacy policy assured users of its email service that the information was being stored for the user's purposes, and that Google would seek permission in advance of using the user's personal information for a different purpose.

In launching Google Buzz, a social networking platform that Google hoped would compete with Facebook, the FTC alleged that Google tried to create instant networks of friends for its users by pulling from their email contact lists without considering this information may be very sensitive to the individual users (imagine, clients of therapists and attorneys, abusive ex-husbands, children and job recruiters).

As a result, Google has had to enter into a comprehensive settlement that goes beyond the current regulatory requirements, and will likely hamstring Google's efforts to compete with Facebook and other social networking sites that are not subject to similar restrictions. Among other things, Google must get affirmative consent to any new or additional uses of previously collected data. Google must also implement a comprehensive privacy program that is reduced to writing, and includes an employee designated to manage the privacy program; and implement privacy controls and procedures with regular audits to make sure it is effective. Every two years, Google must have an independent auditor review the privacy program and prepare a written report. Google must comply with this comprehensive privacy program for 20 years, and that time period can be extended if Google violates the settlement consent order.

These FTC consent orders underscore the importance of making sure companies have their social media practices reviewed by knowledgeable legal counsel, risks identified and addressed, employees trained on correct usage, and new social media marketing strategies coordinated with legal counsel.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Social Media Activity In The Workplace And The Computer Fraud And Abuse Act

Sheppard Mullin — Tue, 17 May 2011 13:01:48 -0800

By Michelle Sherman

It should come as no surprise that employers are trying to assert a claim for violation of the Computer Fraud and Abuse Act (“CFAA”) based on employees accessing social networking sites such as Facebook from work computers. While one employer was unsuccessful in stating a claim, employers should not give up on opportunities to assert the CFAA as a claim in an employment related action.

The CFAA is a criminal statute that also allows for civil action claims. To state a claim, an employer has to assert the following elements: (1) an employee intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer (e.g. used in or affecting interstate commerce) [18 U.S.C. § 1030(g)]. The other essential requirement for stating a claim under this federal statute is that the employer suffers a computer related loss totaling at least $5,000 in value.

In United States v. Nosal, the Ninth Circuit held on April 28, 2011, that the government in a criminal action stated a CFAA claim against former employee David Nosal and his co-conspirators. Nosal is alleged to have started a competing business, and conspired with current employees of Korn/Ferry, a premier executive search firm, to have them copy Korn/Ferry’s confidential database of executive candidates. The Nosal court held that Korn/Ferry took considerable measures to protect its confidential database, including a screen notification that appeared with every login which stated in essence:

“This computer system and information it stores and processes are the property of Korn/Ferry. You need specific authority to access any Korn/Ferry system or information and to do so without the relevant authority can lead to disciplinary action or criminal prosecution...”

The Nosal Court held that “an employee ‘exceeds authorized access’ under § 1030 when he or she violates the employee’s computer access restrictions - including use restrictions.” Further, the Court held that the majority of computer crimes prohibited by the CFAA involve taking specified forbidden actions, ranging from obtaining information to damaging a computer or computer data.

In an employment case decided on May 6, 2011, Lee v. PMSI, a federal district court in Florida granted a motion to dismiss a CFAA claim because the employee’s alleged excessive use of the company computers to access Facebook and her personal email was not alleged to have caused damage to the company’s computers. The Court held that lack of productivity due to an employee accessing Facebook does not constitute damage to a computer as required by the CFAA. Further, the Court held that since the employee was only accessing her personal information through the company’s computer, PMSI could not allege that Lee accessed or damaged any PMSI information.

On the other hand, an employer may be able to state a claim under the CFAA by alleging that the employee infected the company's computer(s) with a virus that is traceable to Facebook or another social networking site. An Internet search shows a number of viruses that have been targeted to Facebook users. For example, there was a password stealing virus which urged Facebook users to open an attachment to obtain new login credentials, which once opened downloaded several types of malicious software including a program that stole banking passwords and other sensitive information from the user’s computer. McAfee, an antivirus software maker, estimated that the virus would succeed in affecting millions of computers. Another virus named the Koobface virus invited people to watch a funny video with an additional prompt to upgrade their Flash player. This upgrade was actually the means for unleashing the virus, which reportedly turned “victim machines into zombie computers to form botnets.” More recently, Facebook users are warning their friends not to click on invitations “to see who has been viewing you,” or to “win a free iPad,” because they are suspected to be vehicles for spreading viruses and other malware.

In other words, an employer with a clear computer use policy that prohibits use of company computers to access social networking sites for personal business may be able to state a claim under the CFAA. If the facts are there, the employer may want to allege that the computer system was damaged by a computer virus which resulted in a loss of at least $5,000 in value, and that company data was compromised. The loss provision requirement can be satisfied by costs associated with a forensic assessment of how the computer was being accessed improperly, consequential damages incurred because of interruption of service, and costs to remove the virus and remedy any damage to the computer.

Application of the CFAA to social media activity is a new area of the law with few reported cases. With Nosal, the Ninth Circuit is now in accord with other circuits. The CFAA can be applied to employees who abuse their company’s computer access rules to the detriment of the company. As a preliminary step to being able to state a claim under the CFAA, however, businesses should consult with knowledgeable legal counsel to update their computer use policies.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

CLE Programs Available For Scheduling

Sheppard Mullin — Tue, 17 May 2011 12:49:48 -0800

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Starting Up the Start-Up: Approaching the Angel Financing Round

Sheppard Mullin — Wed, 06 Apr 2011 15:47:12 -0800

By Riaz Karamali

This blog post picks up where the last post in this start-up series left off, with the assumption that the start-up has been in incorporated, completed its founders' round of financing, created an executive summary and pitch deck and is ready to begin the hunt for "angel" investors (as used in this post, the term angel investors will include all types of potential investors in a company's initial or seed round of funding, including founders' friends and family, "super-angels" and early stage funds). There are several different structures an angel or "seed round" can take -- among them, sale of common stock, sale of convertible notes, and sale of a "light" preferred stock. While ultimately, the investor group may have the final say over the structure of the financing, it makes sense to understand the alternatives in advance and approach investors with a clear plan in mind.

Sale of Common Stock. Historically, a start-up's very first round of financing was raised was raised from a small circle often including (if not limited to) the founders, their immediate friends and family and early advisors who have been providing input and guidance to the founders. For the sake of simplicity, this round was often structured as a sale of Common Stock at an agreed valuation. While this is an easy and inexpensive way to go, it provides investors with none of the rights that later investors in the company's preferred stock will have, and leaves them at risk of significant dilution if, in hindsight, the agreed valuation turns out to be too high in comparison with the next round of financing. From the company's perspective, you have now set a valuation for the common stock which acts as a precedent for the exercise price of stock options to be issued to advisors, consultants and early advisors. In practice, this may mean that these options will need to be priced at an exercise price that is higher than would have been the case if the company had pursued one of the alternative financing structures discussed below.

Sale of Convertible Notes (Uncapped). Probably the most widely used mechanism for angel financing rounds is the sale of convertible notes which automatically convert into the company's first round of preferred stock financing that meets certain threshold requirements. The conversion typically takes place at an agreed discount from the price paid by the new investors in the preferred stock financing to help compensate the note purchasers for the early investment risk they incurred. Sometimes the notes come with warrant coverage and/or other features that are designed to provide additional benefits to the early investors. Documenting and negotiating a convertible note round is relatively inexpensive and straightforward, and generally fits well into the current "lean startup" model. A great advantage of this structure for the company is that it is not necessary to agree upon a valuation, and the company receives investment today that can be used to help grow the business and justify a healthy valuation for its first priced round. One minor complication for the company is that when it completes its round of preferred stock financing and these angel noteholders convert in at a discount, they will have the benefit of the full liquidation preference granted to the preferred stock investors. So, if the preferred stock investors are paying $1.00 per share and the notes carry a 20% discount enabling the note holders to effectively pay $0.80 per share, then on a liquidation or sale event, both sets of investors will typically be entitled to a liquidation preference of $1.00 per share, which the new preferred investors may view as inequitable. On a separate note, from the perspective of the angels, there is a potential downside posed by the fact that we are living in an age when the hottest social media start-ups can quickly go viral and achieve profitability on a much smaller initial investment than in the past. If the preferred stock round is at a very high valuation, then the angel investors, although getting the agreed discount, may feel that they have largely funded the company's meteoric growth but are not able to share equitably in the ensuing increase in valuation. Also, if the company does not outperform expectations, then there is a risk that the preferred stock investors will, as a condition to closing, require the angel note holders to relinquish their conversion discount, warrants and other negotiated benefits.

Sale of Convertible Notes (Capped). As sophisticated angels began to understand the double-edged nature of a meteoric rise in valuation (as described in the preceding paragraph), they often began to ask for a cap on the conversion price of the note. In this structure, the convertible notes convert into the preferred stock financing at either an agreed discount or at the agreed capped valuation, whichever is better for the note holders. So, for example, if a note specifies a 20% discount and a $5 million conversion cap, then if the subsequent preferred stock financing occurred at a $4 million pre-money valuation, the notes would convert to preferred stock at the per share price that implied a $3.2 million pre-money valuation. If, on the other hand, the subsequent preferred stock financing occurred at an $8 million pre-money valuation, then the cap would kick in and the notes would convert into preferred stock at the per share price that implied a $5 million pre-money valuation, rather than the $6.4 million valuation that would otherwise apply based on a 20% discount. Depending on where the cap is set, a capped convertible note round can provide the company with most or all of the same benefits of an uncapped round, while ensuring the investors that they will have a fair share of the company if it turns into a huge success. From the company's perspective, the cap amount should be set not at the company's fair market value at the time of the investment, but at a healthy premium from that value assuming that reasonable milestones can be achieved by the company prior to its financing round.

"Light" Preferred Financing. In the past many players in the start-up ecosystem believed that it did not make sense to do a preferred stock financing at less than a certain threshold amount (perhaps around $1 million) in light of the inherent transaction costs. In light of some of the issues involved with convertible notes in the current financing climate, there is an increasing trend towards seed preferred or “light” preferred rounds instead of convertible note financing. While most law firms active in the space always had their own versions of these “light” documents, various angel groups and law firms have come forward with their own “open source” forms, which they are encouraging all parties to use in an attempt to create a standard that does not need to be negotiated if the accompanying term sheet is used in an un-modified form. While this is a laudable concept, the reality of getting these deals done is often different from the stated ideal. To begin with, there are at least four different sets of these documents being circulated (TechStars Model Seed Funding Documents, Y Combinator Series AA Equity Financing Documents, Founders Institute Plain Preferred Term Sheet and Series Seed Financing Documents), with the result that none has truly become a standard. Consequently, there is a fair amount of mixing and matching and negotiations involved in many of these light preferred deals, all of which tend to drive up the transaction costs and the time required to get a deal done. Also, venture capital firms investing in these seed deals will often have additional requirements for management rights or legal opinions which will also increase the costs.

Conclusion. The right deal structure for your seed round really depends on a host of factors, including the size of the round and the identities and motivations of all parties involved. In our opinion, the best of the above alternatives for a small financing round often proves to be uncapped convertible notes. If the investors are uncomfortable with such a structure, the next best choice would, in our opinion, be a close call between convertible noted capped at a reasonable level (not current fair market value) and "light" preferred stock. On balance, when dealing with sophisticated investors and their counsel, we find that there is still a lot to be said for capped convertible notes.

This is the fourth installment of a series of blog posts addressing start-up matters specifically.

For further information, please contact Riaz Karamali at (650) 815-2603. (Follow me on Twitter!)

Protecting Trade Secrets In A Post-WikiLeaks World

Sheppard Mullin — Wed, 06 Apr 2011 15:24:51 -0800

By Michelle Sherman

It is not enough in a post-WikiLeaks world to hope that an admonition not to disclose sensitive company information in a social media policy will be enough. If company trade secrets are posted on the Internet they cannot be taken back, and if newsworthy, they will go viral. A perfect example of this is the prototype 4G iPhone that was mistakenly left in a Redwood City bar by an Apple software engineer celebrating his birthday. The iPhone ended up a few days later with Gizmodo, a tech website, that dismantled the smart phone, and shared its features in a blog article that quickly ended up with over 13 million views. In the case of WikiLeaks, it is reported that the 100,000s of pages of highly sensitive government documents were copied onto a Lady Gaga CD and leaked with disastrous results and world changing ramifications.

The story of the Apple iPhone and WikiLeaks highlight two different ends of the spectrum of confidential information being disclosed. First, there is the case of the accidental, unintentional disclosure. Second, there is the intentional taking of company trade secrets.

Identify What The Business Considers To Be Trade Secrets Using The Broadest Available Definition, And Communicate With Specificity To Employees.

In the first case, a well drafted and communicated social media policy can reduce the risk of these disclosures. By well drafted, the policy should ideally identify the categories of information the company considers to be a trade secret. Speaking in generalities is not enough. The company should use the broadest definition of trade secrets, which can found in a criminal statute, the Economic Espionage Act ("EEA"), 18 U.S.C. § 1831 et seq., to identify and list its trade secrets. Congress enacted the EEA in recognition of the importance of protecting intellectual property and trade secrets and to address the growing problem of the theft of trade secrets.

The EEA defines trade secrets as all types of information, however stored or maintained, which the owner has taken reasonable measures to keep secret and which have independent economic value. 18 U.S.C. § 1839. This definition is broader than other definitions of “trade secrets,” including the Uniform Trade Secrets Act which has been adopted by many states.

Using the definition from the EEA, a business should clearly communicate in its confidentiality agreements with employees what the business means by do not disclose confidential, proprietary information. Because the different departments of the business - sales, manufacturing, finance, R&D - will be working with different kinds of proprietary information, the employee training should be done on a department by department basis so the trade secrets can be identified, and the ways in which they should be safeguarded can be discussed. This employee training should also include a discussion of the risks of social media and the Internet with respect to compromising the business' trade secrets.

The business should also assume that a competitor, who is thinking of hiring the employee, will ask the employee for a copy of any confidentiality agreement that may restrict what the employee can bring with him. The confidentiality agreement should clearly list the categories of trade secrets without disclosing the trade secret information itself. It is also worth including in the agreement that the business treats protection of its trade secrets as the highest priority, and that the company will pursue all civil and criminal (e.g. the EEA) legal remedies against the employee or any third party who induces or enables the disclosure of trade secrets. Let your competitors know that your business will not take the theft of its confidential and proprietary information lightly.

Sound draconian? Think again about WikiLeaks, and how the pages were picked up by the New York Times and other news organizations, and circulated over the Internet. Even if Bradley Manning, the computer operator in Iraq, who is charged with burning the classified files onto his Lady Gaga CD, had a change of heart and tried to get them back from Julian Assange, it would be too late. Daniel Ellsberg, who leaked the top secret report casting doubt on the Vietnam War in 1971 (Pentagon Papers), which he had through his job as an analyst at RAND Corporation, reportedly said that if he had it to do again today, he "would have gotten a scanner and put them on the Internet" and would not have waited for the press to analyze them before the Pentagon Papers were published.

Know More About The Employees Who Will Have Access To Company Trade Secrets - Do Lawful Background Checks.

Businesses may want to do background checks before an employee has access to trade secrets as part of their job responsibilities. Any background check should be done with the employee's written consent and in accordance with applicable laws including the Fair Credit Reporting Act, and, in California, the California Investigative Consumer Reporting Agencies Act. If there are red flags, and you will know them when you see them, then the business may want to think again about having the employee in a position where he has access to company trade secrets.

Monitor Internet Mentions Of The Company And Quickly Demand The Removal Of Any Trade Secrets Posted On It.

A business should monitor how it is being discussed on the Internet through one of several services (e.g. Google Alerts). If the business appears in the context of the disclosure of a trade secret, the business needs to act immediately to send a written demand letter to the website, Internet service provider, or social networking site to remove the trade secret information immediately. If the demand letter clearly sets forth that the intellectual property rights of the business are being violated, most Internet sites will comply with the request and remove the material. The Internet service provider does not have a "safe harbor" from copyright infringement and intellectual property claims, and, therefore, needs to respond appropriately to requests to remove the content at issue. For example, YouTube's Terms of Service provide:

"YouTube does not permit copyright infringing activities and infringement of intellectual property rights on the Service, and YouTube will remove all Content if properly notified that such Content infringes on another's intellectual property rights. YouTube reserves the right to remove Content without prior notice."

Section 230 of the Communications Decency Act makes it clear that immunity does not extend to any Federal criminal statute, or to any intellectual property law. 47 U.S.C. § 230(e). Consequently, it is unlikely that immunity extends to the disclosure of trade secrets since the EEA provides criminal penalties for the intentional disclosure of trade secrets (18 USC § 1832).

These recommendations serve two purposes. First, to reduce the risk of trade secrets being disclosed and shared all over the Internet. Second, to maintain the trade secret status of the company's information by demonstrating that the company is taking measures to keep it secret.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Before You Hire That Online Reputation Manager, Consider Your Legal Alternatives

Sheppard Mullin — Wed, 06 Apr 2011 14:42:09 -0800

By Michelle Sherman

“Sticks and stones may break my bones, but words will never hurt me.” Think again. No one wants their reputation, the name of their business, or their products dragged through the mud on the Internet. There are now web specialists called “online reputation managers,” who claim to manipulate Internet search results so the negative links will appear further down the list of results, and hopefully be missed. The lead story in the New York Times, Sunday Styles Section (April 3, 2011), “Erasing The Digital Past,” describes a few companies in this business, and their fee structures which can average from $5,000 to $10,000 a month for high level executives or celebrities, to $120 to $600 a year for run of the mill cases.

For a business with a high profile, public relations nightmare; a single embarrassing incident that received lots of media attention; or a vocal critic that keeps posting on the Internet, an online reputation manager may be the preferred business approach. However, for businesses, who are the victim of an unscrupulous competitor, its rogue employees or its overzealous but uninformed public relations company, there is a legal alternative worth considering.

The FTC’s Guides Concerning The Use Of Endorsements And Testimonials In Advertising Prohibit Negative Reviews With An Undisclosed Bias.

In October 2009, the FTC revised its Guides Concerning the Use of Endorsements and Testimonials in Advertising (“Guides”) to include reviews posted on the Internet, such as endorsements by bloggers. For example, the Guides require bloggers to disclose if they have received any freebies or other benefits for their posts. The Guides also require that someone endorsing a product needs to disclose any material connections between the endorser and the advertiser. The same guideline would apply to someone who works for a competing business and posts a negative review.

The FTC is enforcing these Guides, and recently settled an administrative complaint against Tennessee-based Legacy Learning Systems Inc. and its owner, Lester Gabriel Smith (collectively, “Legacy Learning”). In its complaint, the FTC alleged that Legacy Learning was responsible for misleading online reviews that were represented to be posted by “consumers”, who endorsed the company’s series of guitar lesson DVDs. According to the FTC’s complaint, Legacy Learning hired people to write positive reviews of its guitar courses on websites and online publications. On March 15, 2011, the FTC announced a proposed administrative settlement with Legacy Learning agreeing to pay $250,000. Legacy Learning also agreed, among other things, to monitor and submit monthly reports about its 50 revenue-generating affiliate marketers to ensure the affiliates are not misrepresenting themselves as independent users or ordinary consumers.

Similarly, if a business reasonably believes that it is the target of fake, negative reviews, the business may want to take the following steps to have the fake reviews removed, and the unlawful advertising practice stopped.

Identify With Reasonable Certainty The Source Of The Negative Reviews, And Seek Their Removal.

If a business is finding itself the target of negative reviews that sound remarkably the same, or reviews that point consumers from the business to its competitor, then there is a good chance that the business is the victim of unfair and deceptive advertising practices in violation of the FTC's statutory prohibitions. 15 U.S.C. § 45. Other indicators of a fake review include: (1) clumps of like-minded negative reviews written within days of each other; and (2) a number of reviews with only one star in an attempt to bring down the business’ legitimate positive ratings. There are several actions that a business can take to address these negative, fake reviews.

First, once the competing business is identified with reasonable certainty, consider sending a letter to its in house counsel and CEO. It may be that senior management is not aware of what is happening, and will take steps to make it stop. This letter should make them aware of the reviews, why you believe the company is responsible for the reviews, and how these reviews are unlawful and can result in civil liability under federal and state unfair competition and false advertising statutes (e.g. Lanham Act § 43; and California Business and Professions Code Sections 17200 et seq., and Sections 17500 et seq.).

Second, send a letter to the Internet service provider asking them to remove the suspect reviews or blog posts on the grounds that the reviews appear to be unlawful under the FTC Guides. Under Section 230 of the Communications Decency Act, the Internet service provider (e.g. WordPress, Amazon, Yelp) is not required to take action in response to your request. However, most of these Internet service providers include in their Terms of Service the right to remove content, and it is in their interest to ensure that their sites are viewed as credible sources of information by consumers. For example, Yelp expressly provides in its Terms of Service that a review can be removed if Yelp believes the review violates Yelp’s content guidelines. Yelp’s Content Guidelines prohibit, among other things, someone taking part in the “writing [of] a fake or defamatory review, trading reviews with other businesses, or writing a review that you were paid for either directly or indirectly by the business being reviewed.”

Third, if neither of the above approaches results in the fake reviews being removed, then your company may want to lodge a complaint with the FTC. However, this alternative is unlikely to result in immediate action since the FTC is inundated with complaints. Nevertheless, the complaint letter should provide the FTC with as much information and evidence of the fake reviews as possible. If there are any ways in which consumers are being harmed by the fake reviews, especially if it is a harm relating to public safety, be sure to highlight this in your communications with the FTC as well. The FTC has a process for entering complaints into a centralized online database that is used by civil and criminal law enforcement authorities worldwide. The FTC site states that it does not resolve individual consumer complaints.

And, finally, your business can file a legal action against its competitor and anyone acting on its behalf, because fake, negative reviews are unlawful and can be the basis for damages and injunctive relief.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Why Companies Want Arbitrators Who Have A Public Profile On LinkedIn And The Internet

Sheppard Mullin — Wed, 09 Mar 2011 16:26:07 -0800

By Michelle Sherman

Your company has a dispute with a vendor or customer, and the terms of the agreement between the company and the person you are about to sue provide for binding arbitration. It is common for contracts to have arbitration provisions. Arbitration is viewed as less expensive and more expeditious than litigating a dispute in court. Arbitration provisions also allow the parties to agree that consequential (e.g. down time, finance fees, lost profits) and/or punitive damages cannot be awarded. Arbitration also gives the parties more control in deciding who will adjudicate their dispute, rather than having a judge randomly assigned to your case. There are many positives to arbitrating a dispute.

The only real downside that comes to mind is that arbitration awards are extremely difficult to set aside. In California, an arbitration award will stand unless the party challenging the decision can show (1) "the award was procured by corruption, fraud, or other undue means"; (2) "the rights of the party were substantially prejudiced by the misconduct of a neutral arbitrator"; or (3) an arbitrator failed to make a timely disclosure of a conflict which would be a ground for disqualification. Cal. Civ. Proc. Code § 1286.2. The Federal Arbitration Act includes similar limited grounds for vacating an award, with "evident partiality or corruption in the arbitrators, or either of them," being one ground. 9 U.S.C. § 10.

Consequently, companies assume a significant risk when choosing an arbitrator to decide their dispute. Arbitrators also charge rates ranging from $350 – $625 per hour. It behooves the company and its counsel to research the prospective arbitrators before settling on one or a panel of arbitrators. Before the Internet, legal counsel would rely on word of mouth, and seek input from attorneys at their firm. With the Internet and the professional networking site, LinkedIn, there is much more information available.

On LinkedIn, for example, the potential arbitrators can make their connections available to anyone who is connected to them, which is easy enough to do by accepting a request to connect. This is one way to disclose if they are affiliated with anyone who is a party, witness, or interested party in the action. And, it is an easy way to invite questions if anyone is concerned about a connection, which will not be a problem in most instances. Being "connected" on LinkedIn does not necessarily mean there is a relationship that would "cause a person aware of the facts to reasonably entertain a doubt that the proposed neutral arbitrator would be able to be impartial…" Cal. Civ. Proc. Code § 1281.9(a). It is also worth looking at what LinkedIn groups the prospective arbitrators have joined to see if there is anything that would indicate a potential bias in your case. LinkedIn profiles usually include the employment history of the person, and also websites if they have one.

Information from the Internet has resulted in one judge disqualifying himself when it became public. In the Ninth Circuit, a judge was in the middle of an obscenity trial when the Los Angeles Times broke a story that the judge had an extensive collection of suggestive or explicit images and videos on his personal computer server. It turned out that the server was connected to the Internet, and, through that connection, the images on his personal website had become publicly available. The judge, the Honorable Alex Kozinski, disqualified himself from hearing the obscenity case. Judge Kozinski also declared a mistrial in the case. The newspaper story had raised a suspicion that the court could be biased in favor of the defendants.

In another case, a motion to vacate an arbitration award was granted because the arbitrator Sean SeLegue did not disclose that his legal practice centered on representing law firms in disputes with their clients, and that he was currently involved in representing a law firm in a fee dispute with it former client. Benjamin, Weill & Mazer v. Kors. The perceived conflict could have been avoided if the arbitrator had disclosed the case. Alternatively, if the party moving to vacate the award had done her due diligence, she would have found numerous Google hits showing the nature of the arbitrator's practice, including his profile on his law firm's website, and his membership in the Association of Discipline Defense Counsel, an organization that describes itself as the "bar association for lawyers who represent lawyers and others in disciplinary, admissions and regulatory proceedings before the State Bar of California and the California Supreme Court." Since Kors was in a fee dispute with her prior counsel, she would have probably asked SeLegue to withdraw as one of three arbitrators if she had known about his potential conflicts. A motion for rehearing has been granted in this case, so the case cannot be cited.

At a February 2011 conference for arbitrators in Los Angeles, one speaker reportedly told his audience that arbitrators should avoid social networking sites altogether, including LinkedIn because of the risk of perceived conflicts. This advice is misguided and shortsighted. The problem does not rest in having a presence on LinkedIn or the Internet. In fact, this may be one of the best ways for professionals to make themselves known and visible. This is especially true in fields where there is lots of competition, and a wide range of choices. It is unreasonable and unfair to discourage arbitrators, who are drawn from retired judges, law professors, litigators and trial attorneys, from having websites, participating in LinkedIn groups, or taking advantage of the resources on the Internet to market themselves. Also, information on the Internet benefits parties who are trying to find the most suitable arbitrator(s) for their dispute.

The better wisdom is for arbitrators to immediately disclose to parties who are considering their services where they appear on the Internet (websites, professional associations, blog articles), and invite the parties upfront to connect if they want to see a list of their LinkedIn connections.

When choosing an arbitrator, remember the Internet and LinkedIn are wonderful resources that can possibly provide more information than word of mouth, and second hand information. The upside is possibly avoiding an arbitration award that will be binding and final, if a better "neutral" had been selected with a little investment of time and knowledge of the Internet.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Why Social Media Activity May Mean Updating Your Insurance Coverage

Sheppard Mullin — Wed, 09 Mar 2011 15:45:35 -0800

By Michelle Sherman

It is now cliché to say that social media activity by companies is growing exponentially. Companies, hospitals, non-profits, the armed services, insurance companies…. every type of entity can be found on social networking sites with Facebook fan pages and Twitter accounts. The marketing opportunities for companies continue to manifest themselves with directed marketing campaigns, discounts on Foursquare and other location based networking sites, and data mining to analyze social networking activities.

What is not keeping pace with this exponential growth appears to be companies making sure their social media activity is covered by their current insurance policies. An informal survey was conducted in late February 2011 of 700 executives from large companies and associations. Of the people surveyed, only 49 said that they had checked to see if their commercial general liability (CGL) insurance policies cover social media related risks. This number is not that surprising. The majority of companies are still in the process of implementing social media policies, and communicating them to their employees. An even larger number of companies need to update their document retention policies to address their social media activity.

Whether or not an insurance policy will provide coverage or a duty to defend depends on the facts of a particular case. However, companies can do something to increase their chances of being protected. First, companies can identify the ways in which they have a greater risk of being sued for doing business on social networking sites and Web 2.0. These claims include: (1) Invasion of privacy; (2) Privacy breaches through the leaking of credit card or other personal information (e.g. hacking, unauthorized internal access or inadvertent disclosure); (3) Copyright and trademark liability as it relates to online text, videos, cartoons, photographs; and (4) Defamation.

Second, insurance companies in the last several years have been adding coverage for Web 2.0 and social media activity, including cyber liability, Internet; e-commerce, network security, media and invasion of privacy. In addition, some CGL policies issued after 2001 include coverage for “personal and advertising injury” offenses committed “through the Internet or similar electronic means of communication,” with coverage for any part of the world in which the injury or damage takes place. Thus, there are policies worth exploring with an experienced broker.

Third, companies can reduce their exposure to claims, and make it easier to get coverage by having a social media policy in place. Underwriters are looking at whether or not companies have a social media policy, and whether the policy is being communicated to all employees. Because the law is evolving in this area, it is recommended to have any social media policy reviewed by experienced legal counsel. Having an overbroad social media policy can cause the company to be sued. The National Labor Relations Board (NLRB) recently settled an action it filed against American Medical Response of Connecticut in connection with a social media policy that was alleged to be overbroad in that it violated Section 7 of the National Labor Relations Act by seeking to preclude employees from complaining about their wages, hours, and working conditions on social networking sites. As part of the settlement, American Medical Response agreed to amend its policy. The law continues to evolve in this area so it makes sense to involve legal counsel in the drafting of your company policy.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)

Social Media Research + Employment Decisions: May Be a Recipe for Litigation

Sheppard Mullin — Tue, 18 Jan 2011 14:23:24 -0800

By Michelle Sherman

We are the Google generation. We meet someone interesting, then search the Internet to learn more about them. There is nothing wrong with doing this in the context of networking, making new friends, or pitching for business. However, searching the Internet for information about someone who is trying to get a job with your company is another matter entirely. This is not to say you cannot Google them. In fact, it is estimated that 45% of companies research a job candidate on the Internet. In a December 2009 survey commissioned by Microsoft, 70 percent of the 275 U.S. recruiters, human resources professionals and hiring managers who responded said they have rejected candidates based on information found online. Thirty-five percent of those employers said they rejected applicants based on membership in certain groups.

You might be thinking, "what could possibly be wrong with finding public information that the job candidate has freely shared on the Internet?" "Having shared that information, the company should be able to ask him about it. After all, the job applicant is not making a secret of it."

Protected Classes Under Federal and State Law

Now, step back and think for a moment. There are subjects that are considered off limits for employers to ask job applicants about. Under federal law, Title VII of the Civil Rights Act prohibits discrimination when making employment related decisions. A company cannot make hiring, discipline and termination decisions based on any of the following protected factors: race, color, national origin, religion and gender. The Age Discrimination in Employment Act (ADEA) adds to the list with a prohibition on discrimination against individuals who are 40 years or older. And, finally, the Americans With Disabilities Act of 1990 prohibits discrimination against "qualified disabled" individuals. Employment decisions are defined broadly and include promotion, demotion, compensation, and transfers.

Many states add additional areas that are off limits for making employment decisions. For example, California also gives protected status to: sexual orientation, marital status, pregnancy, cancer, political affiliation, genetic characteristics, and gender identity.

It is very easy to see how someone with a Facebook page may post about these protected factors. Thus, the challenge for employers who are researching job applicants, or monitoring the social media activity of their employees, is not to let this protected status information bleed into their employment decisions. Under federal and state law, employers should not make employment decisions that are "motivated by" a person's membership in a protected class.

Lawsuit Filed After Internet Search Resulted in Religious Inquiry of Job Candidate

This lesson was learned the hard way by the University of Kentucky ("University"). The University is being sued for religious discrimination under Title VII of the Civil Rights Act. The case, Gaskell v. University of Kentucky, has been covered in the news media as a rare example of a lawsuit by a scientist for religious persecution.

Gaskell also demonstrates that there are legal risks to looking at a prospective or current employee's social media activity. In an order denying the University's motion to dismiss in late November 2010, the federal district court for Kentucky summarized the facts of the case.

In 2007, the University established a search committee to find a director for the University observatory. The Committee included members of the Physics and Astronomy Department, including the Chair of the Department, Dr. Michael Cavagnero, and staff member Sally Shafer. The Committee was considering 7 applicants with Dr. C. Martin Gaskell ranked as the number one candidate.

"There is no doubt that based on his application, Gaskell was a leading candidate for the position. In fact, Dr. Cavagnero wrote to the [Search] committee that 'Martin Gaskell is clearly the most experienced..." and pointed out that 'Keith [MacAdam] and I visited him last year to learn how to build an observatory on a parking structure.". A few weeks later, Troland [Chair of the Search Committee] wrote the committee that Gaskell 'has already done everything we could possibly want the observatory director to do.'"

During the search process, Committee member Shafer decided to research Dr. Gaskell on the Internet. Shafer found his University of Nebraska-Lincoln ("UNL") website which linked to Dr. Gaskell's personal website. This website contained an article entitled "Modern Astronomy, the Bible, and Creation."

Shafer circulated the article to the Search Committee. The Committee also found notes on Dr. Gaskell's personal website from a lecture he gave at the University in 1997 on "Modern Astronomy, the Bible, and Creation." The Committee showed these notes to members of the University's biology department because the notes discussed biological principles. The biologists expressed concern about Gaskell's "creationist" views and the impact of these views on the University. The biologists warned that the Biology Department would refuse to cooperate with the Physics and Astronomy Department on the building of an "outreach science team" if the Department hired one of "these types of individuals."

In his complaint, Dr. Gaskell alleges that Dr. Cavagnero asked about his religious beliefs, and allegedly said that Dr. Gaskell's religious beliefs and his "expression of them would be a matter of concern" to the dean.

Days before the Search Committee recommended someone else for the position, Professor Thomas Troland, Chair of the Committee sent an email with the subject line, "The Gaskell Affair":

It has become clear to me that there is virtually no way Gaskell will be offered the job despite his qualifications that stand above those of any other applicant. Other reasons will be given for this choice when we meet Tuesday. In the end, however, the real reason why we will not offer him the job is because of his religious beliefs in matters that that are unrelated to astronomy or to any of the duties specified for this position (For example, the job does not involve outreach in biology.)... If Martin were not so superbly qualified, so breathtakingly above the other applicants in background and experience, then our decision would be much simpler. We could easily choose another applicant, and we could content ourselves with the idea that Martin's religious beliefs played little role in our decision. However, this is not the case. As it is, no objective observer could possibly believe that we excluded Martin on any basis other than religious....."

The University managed to avoid the Court granting Gaskell's motion for partial summary judgment based on the "mixed motives" provision of Title VII. In mixed motives cases, the plaintiff can still win by showing that the defendant's consideration of a protected characteristic "was a motivating factor for the employment practice, even though other factors also motivated the practice." 42 U.S.C. S 2000e-2(m).

At trial, which is presently scheduled for February 2011, the University is expected to argue that its hiring decision was based on legitimate concerns that Dr. Gaskell would violate University policy by linking the University website to his personal website as he did at UNL. Further, that the University's decision was not motivated by concerns over his religious beliefs, but with his public comments that there were scientific problems with the theory of evolution. According to the University, these views would impair his ability to serve as the Observatory Director.

Suggested Guidelines for HR Departments and Managers

Whatever the outcome of this litigation, it has been costly and perhaps damaging to the reputation of the University. Some lessons to be learned from the case are: (1) HR department training on interview skills and managing employees should include the ways in which information taken from social media and Internet searches can possibly give rise to allegations of employment discrimination; and (2) Internet searches of job applicants or employees should be done ideally by people who are removed from making employment decisions so they can filter out information that are protected factors before the search results are forwarded to the company employees who are giving performance reviews or making recommendations on hiring, promotions, or downsizing. Alternatively, if the information is considered relevant to a bona fide occupational qualification ("BFOQ"), and shared, then it should be communicated under the guidance of experienced legal counsel. The BFOQ is a narrow exception and applies to a limited number of cases.

For further information, please contact Michelle Sherman at (213) 617-5405. (Follow me on Twitter!)