One of the emerging threats in the digital era is online security breaches. Today, millions of people use social media platforms to post information about their lives online. In doing so, they often provide sensitive personal information to various platforms, including credit card information, personal preferences, and other information that is otherwise protected by various privacy legislation. A security breach from an unknown hacker can lead to millions of users’ accounts being compromised. In addition, many users now use one social media platform to host a variety of applications. In those circumstances, a security breach of the main platform could … Continue Reading
The United States Department of Homeland Security (“DHS”) published, on September 18, 2017, in the Federal Register, a notice that it would begin collecting certain information relating to immigrants’ use of social media as part of the National File Tracking System of Records. Since 1944, so-called Alien Files have been the official record system of immigrants, who have each received an Alien Registration Number. These files have historically contained basic information, such as each immigrant’s name, date of birth, date of entry into the United States, country of birth, parents’ names, and naturalization information, if applicable. The files … Continue Reading
What does brand protection have to do with cybersecurity? A study earlier this year demonstrates the connection.… Continue Reading
What is social engineering fraud?
Social engineering fraud is defined as the art of influencing people to disclose sensitive information or granting the fraudster unauthorized access. As opposed to exploiting a secure computer system to access information, criminals are now exploiting a person’s trust through avenues such as email, social media, and mobile apps. While social engineering fraud could involve the classic “advance-fee scam” such as when a vulnerable individual is tricked into sending money to a “prince” in a foreign land, there has been a rapidly increasing amount of sophisticated scams, such as Business Email Compromise (BEC) scams that … Continue Reading
The Social Media Law Bulletin is back!
The ongoing interest of our readers as well as the increasing impact of social media led us to re-launch the Social Media Law Bulletin. We will be bringing you coverage of one or two items approximately each week, but in the meantime, we thought we would give you a brief summary of some of the most significant social media stories from 2015:
Schrems v Facebook
Facebook earned the top spot in our social media impact list, due to a court ruling that only indirectly affected it. In October 6, 2015, the European Court … Continue Reading
We had previously written about the U.S. Federal Trade Commission’s proposed complaint and consent with mobile messaging service Snapchat, best known for promoting its “ephemeral” photo messaging site. The FTC alleged the Snapchat violated the Federal Trade Commission Act through six false or deceptive acts or practices, including Snapchat’s claim that messages can “disappear forever.” Under the proposed FTC consent, Snapchat does not admit or deny any liability. If approved and to settle the matter, Snapchat would be:
- Prohibited from misrepresenting its products and services and treatment of personal information, or their privacy and security; and
- Required to implement a
From clicking “like” on Facebook to the +1 button on Google+ to the “Follow” or “Retweet” buttons on Twitter, the use of endorsements in social media has exploded since 2009. “Like” buttons and retweeting are growing trends in social media. While the use of third-party endorsement type functionality in social media has obvious benefits in marketing and advertising, the increasing use of a “like” option in social media outlets may have legal implications for businesses.
A “like” button or similar type of “like” option is a feature in social media outlets such as social networking services, Internet forums and blogs … Continue Reading
When you tweet you:
- grant Twitter a licence to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute content in any manner or method. Twitter may sublicense these rights to third parties without restriction.
- allow Twitter and any third party to share your content with the rest of the world.
- agree that Twitter and third party sites can use your content (including information about you shared by other users) to provide you with targeted
If your social media page permits a user to purchase goods or services from you, a December 20, 2013 ruling from the Northern District of California may be of interest.
The case involves minors using their parents’ credit cards without authorization (in 2011) in order to purchase several hundred dollars’ worth of Facebook Credits.I.B. v. Facebook, Inc., No. C 12-1894 CW (N.D. Cal. Dec. 20, 2013).
When the parents discovered the unauthorized purchases, they asked Facebook to refund the purchase price. Facebook refused, and both the parents and minors instituted a putative class action against Facebook in 2012.… Continue Reading
There are three distinct aspects of cyber-security that should be addressed by directors: prevention, detection and, if a company is publicly traded, disclosure to the Securities and Exchange Commission. Part I of our posting addressed prevention and detection matters. This Part II addresses disclosures and some questions to consider.
Public disclosure of a security breach is not mandated by securities laws, although it may be required by other state or federal laws. The Securities and Exchange Commission said the following in 2011:
Although no existing disclosure requirement explicitly refers to cybersecurity risks and cyber incidents, a number of disclosure … Continue Reading
The use of cloud computing, mobile devices and social media add significant corporate risks beyond the traditional security risks arising from networks, databases and e-mail. A cyber security breach can cause serious operational disruptions, create financial costs and damage a company’s brand and reputation. As part of risk management, a company’s board of directors should proactively identify, delegate and monitor the security risks presented by networked businesses. Numerous studies have concluded that directors are lagging in anticipating and preparing for cyber security risks. Boards Are Still Clueless About Cybersecurity, Jody Westby, Forbes.com, dated May 16, 2012.
While directors are … Continue Reading
On July 10, 2013, U.S. Representative John Duncan (R-Tenn.) and co-sponsor Ileana Ros-Lehtinen (R-FL) introduced H.R. 2645, the “Forbidding Advertisement Through Child Exploitation Act of 2013.”
The stated purpose of this short bill is to “prohibit providers of social media services from using self-images uploaded by minors for commercial purposes.”
Under the bill, a “social media service” is defined as “any online service that allows an individual to upload, store, and manage personal content in order to share the content with other individuals.”
Section 5 of the bill also defines the key term “self-image” as: “with respect to … Continue Reading
Many brand owners use their websites to promote their goods and services, as well as to promote their brands. Brand owners also frequently use social media to promote their brands. Indeed, it’s common for a website to include links to social media platforms such as Twitter and Pinterest. But if your site is directed to children, linking your site to social media platforms could be problematic.
Any website directed to children is potentially subject to the Children’s Online Privacy Protection Act (COPPA), and the Federal Trade Commission’s (FTC) regulations. COPPA and its regulation impose restrictions on companies that operate … Continue Reading
An employee’s personal social media page may offer prospective hackers a backdoor into company protected information. Many companies are moving towards lengthy and complex passwords, which has placed additional strain on password recovery procedures.
Many of these “forgot password” security procedures ask for pseudo personal information such as a user’s high school mascot or mother’s maiden name.
Social media, however, can make this type of information readily available to the nefarious and arguably low-tech hacker. In the case where Governor Sarah Palin’s e-mail account was hacked, the indictment claimed that the hacker required just 45 minutes to locate the information … Continue Reading