Ready, Set, Negotiate - Jackson Walker L.L.P.
Download
Report
Transcript Ready, Set, Negotiate - Jackson Walker L.L.P.
Technology Related
Policies and Procedures:
Employee Policies, Document
Retention, Privacy and Intellectual
Property Policies
5th Annual Advanced In-House Counsel Course
Stephanie L. Chandler, Esq.
Jackson Walker L.L.P.
Stephanie L. Chandler
• Business Transactions
and Technology
University of Nebraska
B.S.B.A. in Finance
University of Virginia
Juris Doctorate
Articles Editor, Virginia Journal of Law and Technology
Community Involvement Highlights: Chair – Jackson Walker’s Technology
Section, Texas State Bar Association Business Law Section Committee on
eCommerce, San Antonio Technology Accelerator Initiative Board Member
Technology Impacts All Aspects
of Your Role as General Counsel
• Employees -- monitoring employee activities;
performance enhancement
• Marketing -- SPAM, protecting your brand
• Litigation Avoidance/Litigation Expense -data leaks, document retention
• Intellectual Property -- controlling
dissemination of trade secrets, infringement
(BSA, cutting and pasting)
Employees Use of Technology
• 76% of Employers monitor web activity
(blogging, chat and message boards,
porn/gambling sites)
• 55% of Employers retain and review email
messages
• 36% of Employers track content/keystrokes/
time spent at keyboard
Source: 2005 Electronic Monitoring & Surveillance Survey by American Management Association and The ePolicy institute
Employer-Employee Policies
• Adopting a Policy is Key
• Employers, especially after notice, are free to
broadly monitor internet usage (Smith v. Pillsbury Co.;
McLaren v. Microsoft)
• Employers may monitor phones (Solely for business
purpose; employee consent can be based on company policies; Watkins v. L.M. Berry & Co.)
• Employers may record calls where they are
on the call (so can employees…)
• Employers can implement GPS tracking
Section I-A
New Development – CFAA to
protect Trade Secrets
• Computer Fraud and Abuse Act - law passed by the
United States Congress in 1986 intended to reduce
"hacking" of computer systems
• Employers filing civil claims against employees in
federal court; alternative to misappropriation of trade
secrets
•
•
Yonkers v. Celebrations the Party and Seasonal Superstore, 428 F.3d 504
(Nov 2005) – used against employees who set up a competing store,
alleged that using data obtained before and after they left the company
International Airport Centers v. Citrin, 440 F.3d 418 (March 2006) – employer
used against former employee who allegedly stole trade secrets then
wiped his company’s laptop clean
Marketing Through the Internet:
Don’t Unintentionally Become a SPAMMER
• No false or materially misleading header information.
• No misleading subject headings.
• Must contain a clear return address or other Internet-based
mechanism that functions for opt-out
• No more messages 10 business days after the recipient
submitted a request to unsubscribe.
• No selling mailing lists including people who have opted out
• No use of automated address generation means or a third party
who collected the addresses with misleading automated means,
i.e., notification that the address would not be distributed.
* Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003" (the “CAN-SPAM Act").
Marketing Through the Internet:
Don’t Unintentionally Become a SPAMMER
•
•
•
No registering for multiple e-mail accounts to send prohibited
commercial e-mail messages.
No relaying or re-transmitting prohibited commercial e-mail messages.
Do not fail to take reasonable steps to prevent or report the transmission
of such messages.
* Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003" (the “CAN-SPAM Act").
•
Marketing that Works:
– clear and conspicuous identification that the message is an advertisement or
solicitation (unless the recipient has given prior express consent to receive
such messages)
– clear and conspicuous notice of the opportunity to opt-out of receiving
messages from the sender
– valid physical postal address of the sender
Marketing Through the Internet
“Employees Who Cut and Paste”
Types of Intellectual Property
• Patents -- gives the inventor the right to exclude
others from making the invention
• Trade Secrets/Know How -- protection by virtue of
secrecy
• Trademarks/Service Marks -- identifies a unique
source of goods or services
• Copyrights -- protects from copying of original works
(music, books, software code)
Example: Ownership of Site Content
Avoiding Copyright Infringement
• Myth: Pictures and text on the Internet are
available for use since they have been made
available on the Web
• Example: Use of Source Code from Websites
• Special Cases:
– The content of a database is not protected by
copyright (U.S.)
– Open source development: Linux, Apache, Tomcat
web server, Eclipse IDE, JBoss Application Server,
etc.
Acquiring Intellectual Property
• Work for Hire Doctrine (Copyright)
– Employee works – owned by employer
– Independent Contractor work – more difficult
• Recommendation: Include “Assignment
Clause” and “Work for Hire Clause”
Software Usage Policies
• The BSA* and SIIA** are not your friends
– May 2006 – Losses from piracy - $34B
– 35% of all copies of PC software installed worldwide in 2005
pirated
– They want their money!!!
• Gartner:
– 40 percent of all medium-to-large U.S. businesses will face an
external software audit by the end of 2006
– less than 25 percent of public companies have mature software
asset management processes
• What to do: This is a Legal Matter, not an IT matter;
Educate your C-levels
*BSA: Business Software Alliance (Membership Examples: Microsoft, Cisco, Symantec)
**SIIA: Software and Information Industry Association (Membership Examples: Adobe, Intuit, McAfee )
Software Usage Policies
• Adopt a Software Usage Policy (see Appendix I)
• Periodically audit internal compliance
• Develop a Records System – all receipts indicating the included
software (even in hardware purchases)
• In rare circumstances employee PC ownership may be an answer
• Federal Rule of Evidence 408* governs the admissibility of the audit
results – Have an Agreement prior to producing the audit materials
• Settlement:
– Enter and inspect the company’s facilities/officers certification
– Release based on officer’s certifications
* http://www.law.cornell.edu/rules/fre/ACRule408.htm
Document Retention Policies
• Why????
– Save valuable computer and physical storage space
– Reduces volume of stored documents and data
– Avoiding spoliation claims
• In re Prudential Ins. Co. of Am. Sales Practices Litigation: Prudential had
“no record of any written manual that would evidence that Prudential
possesses a clear and unequivocal document preservation policy capable
of retention by Prudential employees and available for easy reference.”
• Linnen v. A.H. Robins: The Defendant sent emails and voicemails to all of
its employees advising them to save all relevant documents. The
Defendant, however, failed to stop its back-up tapes from being recycled
or taped-over. Jury instructed to assume smoking gun.
• Default or dismissal possible.
– Lowering Litigation Costs – be sure your policies address both
Hard Copy and Electronic Files
Document Retention Policies
• Why????
– Removing “Smoking Guns”
• Prior to Litigation: Arthur Anderson LLP v. U.S., 544 U.S.
696 (2005): that “under ordinary circumstances, it is not
wrongful for a manager to instruct his employees to
comply with a valid document retention policy, even
though the policy, in part, is created to keep certain
information from others, including the govt.”
• After Litigation Filed: Zubulake v. UBS Warburg LLC:
Counsel failed to warn its client to not delete or recycle
back-up dates of technological data. The Court ordered
the Defendant to bear the substantial cost of restoring the
back-up tapes.
– Fines - $2.75M – Philip Morris USA
Document Retention Policies
• What Should be Included:
– Lewy v. Remington Arms Co.
• whether the policy is reasonable considering the facts and
circumstances surrounding the relevant documents
• whether the destroyed documents are relevant to pending
or probable lawsuits; and
• whether the policy was instituted in bad faith
• Consistency is the Key
• Company wide – this is not just an accounting or
legal department issue
Document Retention Policies
• Review all applicable law [See Appendix V]
• Take into account statute of limitations
• Clearly describe the class of documents to which
the policy will apply (i.e. drafts, finals; backup
tapes)
• Specify the retention period for each class of
documents
• Create procedures detailing how the program
will be implemented and enforced
• Identify the staffer responsible for policing and
maintaining the program; Train them
Document Retention Policies:
When Litigation Arises
• Allow alternatives to, or even suspension of, documentdestruction procedures when a duty to preserve arises
• The “Litigation Hold”
– Prevent Your System from Automatically Deleting Data
– Stop the Automatic Recycling of Backup Tapes
– Stop the Automatic Recycling of Personal Computers
•
•
•
•
Reissue the “Litigation Hold” – New Employees!
Identify Key Players/Employees – Special Notice
Consider Forensic Images of PC’s
Designate one IT person who will be your Companies
Federal Rule of Civil Procedure 30(b)(6) deposition
witness (document preservation, chain of custody, etc.)
Appendix IV of Article:
Document Retention Policies
My example
ABA - form of Document Retention Policy
available at http://www.abanet.org/lpm/lpt/
articles/sampledocretentionpolicy.pdf
Arthur Andersen Document Retention Policy
Privacy Policies
Review Posted Privacy Policies – Are they accurate?
Be aware of legal requirements (i.e. GLB, HIPAA,
COPPA)
Ooops …. We had a leak
June 2006 - Veterans Administration loss of 26.5 million
personal records of veterans lawsuit - seeks $1,000 in damages
for each person, a payout that could reach $26.5 billion
Comply with state law requirements (Article – III.C.)
Privacy Policies
Limit the data you retain
Secure personal data (Consider: Mobile devices)
Train your employees (Consider: Background checks)
Train your vendors (Consider: NDA’s, policy intro)
Test your systems (Consider: Social Engineering)
Plan for breaches
Questions?
Stephanie L. Chandler, Esq.
Jackson Walker L.L.P.
210.978.7704
[email protected]
112 E. Pecan Street, Suite 2400
San Antonio, Texas 78205
www.jw.com
Sign up for eAlerts at http://www.jw.com/site/jsp/subscribe.jsp