Legal Implications of a Mobile Enterprise

2nd Annual IT Symposium

“Legal Implications of a Mobile Enterprise”

Brad FrazerSeptember 20, 2011

bfrazer@hawleytroxell.com@bfrazjd

208.388.4875

208.388.4875 bfrazer@hawleytroxell.com

Introduction—The IT Manager’s Perspective

Assumes harmony between IT and Legal

Importance to the Enterprise?– Legal Exposures– Bandwidth Impact– HR Impact

208.388.4875 bfrazer@hawleytroxell.com

Why?

Why is this a problem?Look to the Board . . .

208.388.4875 bfrazer@hawleytroxell.com

Some recent cases . . .

Each of these implicates a mobile platform.

Each thus indicates a legal exposure or issue for the enterprise.

Court Permits Discovery of Text Message Contents

A plaintiff who did not invoke any specific privilege being violated, but rather a vague notion of “privacy,” did not meet the burden to quash a document request to her cell phone company that included the contents of her text messages, the U.S. District Court for the District of Maryland ruled Aug. 17. Corsair Special Situations Fund LP v. Engineered Framing Systems Inc., D. Md., No. 09-1201-PWG, 8/17/11.

Court Rules That Instant Message Conversation Modified Terms of

Written Contract A federal district court found that an instant message conversation between an employee of CX Digital, an online advertising referral provider, and the Vice President of Marketing at Smoking Everywhere, an electronic cigarette manufacturer, constituted a modification of the companies’ contract for CX Digital to provide online advertising referrals for Smoking Everywhere’s promotional sales offer.  The verdict resulted in an award of over $1.2 million in damages plus accrued interest and attorney’s fees for CX Digital. CX Digital Media, Inc. v. Smoking Everywhere, Inc., No. 09-62020-Civ (S.D. Fla. Mar 23, 2011)

Court Rules that Messages Sent via Facebook Covered by CAN-

SPAM Act On March 28, 2011, the U.S. District Court for the Northern District of California held in Facebook, Inc. v. MaxBounty, Inc., that messages sent by Facebook users to their Facebook friends’ walls, news feeds or home pages are “electronic mail messages” under the CAN-SPAM Act. The court, in denying MaxBounty’s motion to dismiss, rejected the argument that CAN-SPAM applies only to traditional e-mail messages. Facebook, Inc. v. MaxBounty, Inc., No. CV-10-4712-JF, 2011 WL 1120046 (N.D. Cal. Mar. 28, 2011).

208.388.4875 bfrazer@hawleytroxell.com

Yes, this is a “SoMe” issue, but . . .

Mobile devices and apps inherently multiply the opportunities for mischief.

A mobile enterprise will thus inherently have more legal issues than a “static” enterprise.

208.388.4875 bfrazer@hawleytroxell.com

Legal Implications

Security– Lost device = increased network vulnerability?

Data Breach– Lost device = lost trade secrets?– Unsecured Wi-Fi or other network = lost trade

secrets?– Exposure to breach of contract for NDA violations?– Mandatory disclosure obligations– Resulting customer and shareholder lawsuits

E-discovery

208.388.4875 bfrazer@hawleytroxell.com

Legal Implications (cont’d)

Ease of circumvention of corporate policies– Document retention/destruction policies– SoMe policies

Geolocation and the Right of Privacy Click-wrap “Hell” Texting and driving Creation of Warranties/False Advertising Copyright Infringement

208.388.4875 bfrazer@hawleytroxell.com

Legal Implications (cont’d)

Expansive license grants (e.g., Twitpic) Defamation Insider Trading Trademark Infringement and Cybersquatting Content issues, e.g., obscenity (open WiFi?) Contract Modifications (remember $1.2 million) CAN-SPAM; privacy

208.388.4875 bfrazer@hawleytroxell.com

The CIO / CTO / IT Manager’s Role

Implement bandwidth restrictions Firewalls Restricted URLs Antivirus measures Email protocols (e.g., Postini) Data and Email Backups (“Proof Packet”) Document Retention Policies Server IP Logs Privacy Policies These are limited, obviously, to “the enterprise”

environment.

208.388.4875 bfrazer@hawleytroxell.com

Response: What can the Enterprise/CIO/CTO do?

Top-down controls at Board level– How do you address this at your company?

Training InsuranceEmployee accountability for device

security and use--with consequences for noncompliance.

208.388.4875 bfrazer@hawleytroxell.com

Response: What can the Enterprise/CIO/CTO do? (cont’d)

The Importance of Policies. For example:Company employees who accessed data stored on corporate networks in violation of prominently displayed warnings about restrictions on their use and disclosure of information stored there can be prosecuted under the Computer Fraud and Abuse Act, the U.S. Court of Appeals for the Ninth Circuit ruled April 28. The court held that an employee “exceeds authorized access” to a computer network when he or she obtains data and uses it for a purpose that violates company restrictions on data use (United States v. Nosal, 9th Cir., No. 10-10038, 4/28/11).“[The employees in this case] were subject to a computer use policy that placed clear and conspicuous restrictions on the employees' access both to the system in general and to the [compromised] database in particular,” the court noted.

208.388.4875 bfrazer@hawleytroxell.com

Response: What can the Enterprise/CIO/CTO do? (cont’d)

Important Acronym!

D N M Y W G S

208.388.4875 bfrazer@hawleytroxell.com

The Moral of the Story

Whose problem is this? IT? Legal? Board?Cooperative strategies should be developed

and implemented in a multidisciplinary fashion involving IT, HR, Management, and Legal

Otherwise, just hope you don’t get caught and don’t get sued.

208.388.4875 bfrazer@hawleytroxell.com

Q & A

Questions?For a copy of the slide deck, e-mail

me at bfrazer@hawleytroxell.comTwitter: @bfrazjdCall: 208.388.4875