data breach, privacy and cyber insurance

It’s fascinating to me how something designed to do one thing ends up solving an unrelated problem. Its well known that technology developed for one purpose frequently and ultimately serves different and altogether unexpected purposes and benefits: text-to-voice services come immediately to mind. These technologies were developed with those who are partially sighted in mind, but now have far broader applications, such as voice recognition technology like Siri and Amazon. Continue Reading CLOC, A2J and Mediation For All

I was looking forward to today at CES. The Acting Commish of the FTC, Maureen Ohlhausen, was to be interviewed by the CEO of CTA, Gary Shapiro. Three of the FCC Commissioners of the FCC, Brendan Carr, Mignon Clyburn and Michael O’Rielly were scheduled to participate in a roundtable moderated by Julie Kearney, VP of regulatory affairs for CTA.  Ajit Pai was supposed to be here but was a no show.

CTA is the largest consumer tech association. CES is one of the most well attended tech conference in the world. What’s the hottest topic in tech these days: the overturning of net neutrality. I thought at least we will get some insight on the pros and cons of this issue by those most directly involved in the decision. Wrong. Instead we got abbreviated wave to and acknowledgment of the issue and a recitation of slogans with little real explanation. Continue Reading Net Neutrality: CES Discussion Disappoints

Earlier this month, the 9th Circuit dealt online anonymous reviewing services a chilling blow when it decided United States v. Glassdoor. Faced with an online service which allowed people to post employer reviews for the benefit of others, the Court determined that those who posted on the service were like newspaper reporters and reverted to an analysis used for print media some 40 years ago.

Specifically, the Court ruled that the government could compel Glassdoor to reveal the identity of anonymous reviewers of employers by employees who posted on the site even if those who had posted didn’t consent. What this means for other online services that rely on similar anonymous posts could be significant. At the very least, use of outmoded legal concepts for new technological driven will be chilling and is unfortunate.

This means the government could compel Glassdoor to reveal the identity of anonymous reviewers of employers by employees who posted on the site even if those who had posted didn’t consent.


The case started when the government served a subpoena on Glassdoor, an online forum where current and former employees can anonymously post reviews about the salaries and work environments of their places of employment. The subpoena asked for identifying information for more than one hundred accounts that had posted reviews of an employer whose contracting practices were apparently under criminal investigation by a federal grand jury. The investigation centered on alleged wire fraud by one of the companies that was under investigation by a Grand Jury.
Glassdoor refused to reveal its users’ identity to the Grand Jury citing among other things the First Amendment right of its users to speak anonymously. Continue Reading When Anonymous Isn’t Really: Government Threats to Online Reviews

Fear of new technology sometimes creates strange legislative results and perhaps unintended consequences.

In 2008, Illinois passed the Biometric Information Privacy Act (BIPA), designed to protect employees and consumers against perceived abuses associated with the collection of bio metric data by businesses and providing a statutory cause of action for its violation.

Fearing how such technology might be used and worried about the privacy implications of how data might be used, (the Preamble actually provides “the full ramifications of biometric technology are not fully known”), the Illinois Legislature enacted a law requiring businesses planning to maintain any sort of databases of these identifiers enact policies to receive written authorization from customers or employees before scanning fingerprints, retinas or other biometric identifiers. It also requires businesses to share with those whose biometrics are being scanned information on how those identifiers would be stored and even disposed of. Continue Reading Illinois Biometric Information Privacy Act: Legitimate Privacy Protection or Pandora’s Box?

Under a new law recently proposed in Ohio, businesses that take steps to secure data could be protected from lawsuits if a hack occurs. The bill, Senate Bill 220, was the first bill to emerge from the Ohio attorney general’s office’s and its cyber-security task force of business leaders, information technology experts, and law enforcement created in the wake of high-profile hacks of consumer information. The bill is an effort to help businesses with cyber related claims, encourage them to be proactive and recognize the difficulty in creating standards for constantly evolving technologies. It’s a valid effort to balance law and technology.

According to Ohio Attorney General Mike DeWine, a member of the task force, “Those business that take reasonable precautions and meet these important standards will be afforded a safe harbor against claims should a data breach occur…To trigger the safe harbor provision, businesses must create their own cyber-security programs that meet certain standards.” Continue Reading New Ohio Bill Proposes Data Breach Protections

“No stop signs, speed limit
Nobody’s gonna slow me down
Like a wheel, gonna spin it
Nobody’s gonna mess me around”

This blog is directed toward examining the tensions that arise as technology runs square into the law and the practice of law. Often the fit between the two doesn’t exist, or isn’t great mainly because the law looks backward and cant see solutions to problems that didn’t exist before. And sometimes the opposite occurs: we try to change the law to attack a new kind of problem and in doing so create a whole host of unintended consequences.

One glaring example is the ACDC Act which was proposed earlier this year by Rep. Tom Graves of Georgia. Continue Reading Highway to Hell: The ACDC Act

Smart Home Exhibit @ The Museum of Science and Industry

We have all heard about smart homes and the nirvana they may create. But we hear little about the risks, exposure and liability smart homes may pose. These risks stem from the fact that the standards governing smart home devices and the Internet of Things (IoT) simply don’t yet exist. And to the extent any do, they are not necessarily consistent and the law is not well developed. Nor has it addressed many of the issues raised by the new technologies. So we have a bunch of new devices that are popular, that carry some risks with few standards or laws governing them. Sound like a recipe for litigation? Continue Reading Smart Homes: Risky Business?