Social Media & The Internet

Mark Eting is one of Duncey’s Caps top outside sales agents. Because the company is based in Texas, but Mark lives in Cleveland and sells for the company in the northeast, Mark purchased a personal computer and a laptop to use for work purposes, but did not get reimbursed by the company. He did, however, provide the computer to Duncey’s IT department to install the company’s sales tracking program. Unbeknownst to Mark, the IT department also installed software that allowed the company to determine when Mark accessed the sales tracking program and what information he accessed. Duncey’s employee handbook – which Mark acknowledged – stated the company could monitor his use and access of company data on personal devices. For the laptop, Mark purchased software called “LogMeIn” which allowed him to remotely access the home personal computer while he was on the road. Thus, Mark could use his laptop while traveling, access the home computer, and enter the sales data. At a team sales retreat, Mark casually mentioned to his boss, Tom Prior, how he logged his sales data on the road by using LogMeIn.    

When Mark quit, Duncey’s IT department investigated his use of the sales program, and found he had been logged in more than usual. Suspicious of this activity, Tom went into LogMeIn and successfully guessed his username and password. While perusing Mark’s personal computer, Tom found Mark had set up a Google Mail account and was emailing Duncey’s customer information to one of its competitors. Duncey filed suit against Mark for various claims. When Mark read the lawsuit’s allegations, he realized the only way Duncey’s learned that information would have been by accessing his personal computer or laptop. Mark fired off a counterclaim for computer hacking. Does Mark’s claim stand a chance?  

Continue Reading An Employer’s Spooky Interpretation of its Bring Your Own Device (BYOD) Policy

Excited about closing on his new house, Furst Thyme Byer received emailed wire transfer instructions for his full $250,000 payment from his broker Chad at Chase N Rainbows Realtors. Complying with Chad’s instructions in the letter, Furst emailed Schneckner at Schneck’s Loans who wired the closing funds, as instructed, to what they both thought was In-O-Cent Title Company’s account. The next day, Ida at In-O-Cent Title called Furst looking for the money. Checking with Schneck’s Loans, Furst confirmed the funds were wired to the In-O-Cent Title account as directed. But In-O-Cent Title never received the money. The wiring instructions were bogus. They came from a similar email address, but it was not Chase N Rainbows’ – nor was it In-O-Cent Title’s bank account. Is anyone besides Furst responsible for the missing funds? If so, who? The title company? The mortgage broker? The real estate broker? Continue Reading Who Loses When Hacked Emails Send Wire Transfers to the Wrong Account?

Having just fired up her Amazing Alexis and connected it with her other “smart” devices handling her heat, lights and security, Honor was sharing with her husband some troubling, sensitive health information about her trip that day to the doctor’s office. Honor’s tale was interrupted by a call from her brother who demanded “unplug your Alexis devices right now, You’re being hacked!” Sadly, Honor’s recorded tale also made its way to the editor of the neighborhood news-blog Gladys Gravits, who shared it in the community email, along with her effusive professions of sympathy. Does Honor have any recourse? Continue Reading Privacy Alert – Alexa (and Friends) is Listening!

Having won her primary, Starr Struuck is ready to update her campaign website and Instagram feed to jazz up her image and promote the reasons why she should win the general election. Having been chastised by Captain Kurff of Star Warp’d who tweeted Struuck to take her personalized and autographed photograph of the two of them at the Comic-Con convention off her newsletter and website, she remains determined to stick with her Star Warp’d theme. A Getty image photograph of the Starship Enterprise circling an unknown planet is now pasted across her social media. This time Getty images complains. Again, Struuck insists that she was merely publicly confessing her affection for geeky space adventure shows. Is Getty in the right to complain and demand to be paid?

Continue Reading Online Images – Free to Use?

Running for office, Starr Struuck sent out a campaign newsletter extolling her qualifications and a list of reasons why she should be elected rather than her incumbent opponent. Prominently displayed in her newsletter and website was a personalized and autographed Comic-Con convention photograph of Starr Struuck perched beside wildly popular and well-known Captain Kurff of Star Warp’d. When advised of her campaign literature, Captain Kurff tweeted Struuck demanding that she destroy all copies of the campaign newsletter and remove his likeness from any of her campaign materials as he was not endorsing her. Protesting that she was merely publicly confessing her affection for the Captain and geeky shows generally, Starr resisted. Is Captain Kurff right?

Continue Reading Great Pic! But Can You Use It?

Dr. Nole Specs created a website for his successful optometry practice.  Over the holidays, Dr. Specs received a threatening letter from Mo Dougherty, a plaintiff’s lawyer.  Dougherty’s letter claims Specs’ website is not ADA compliant, and demands that Specs fix the problem immediately and pay Dougherty $2,500 or Dougherty will sue.  While Specs knows the ADA applies to the brick and mortar aspect of his business, he’s never heard of it applying to websites and thinks it’s a scam. Should Specs just ignore Dougherty’s letter?

The Federal Government Believes Websites are Governed by the ADA

Title III of the Americans with Disabilities Act (ADA) prohibits discrimination on the basis of a disability in places of public accommodation, such as a restaurant, movie theater, school, doctor’s office, or other business.  Recently, 60 Minutes ran a story on “Drive-By Lawsuits,” where plaintiffs’ lawyers or people hired by them will drive around looking for businesses that are not ADA compliant.  Typically, the public considers this prohibition applying to wheelchair access.  But in 2010, the Department of Justice (DOJ), which enforces the ADA, issued a notice stating it would amend the language of the ADA to ensure accessibility to websites for individuals with disabilities.  As a result of this notice there has been a proliferation of demand letters from plaintiffs’ lawyers threatening to sue businesses for having non compliant websites, and offering to settle if the business will bring the website into compliance and pay the lawyer a few thousand dollars to go away.

How do you ensure ADA Compliance?

First, it’s important to know that the DOJ has not issued binding rules on regulations on ADA compliance for websites.  The DOJ is not expected to issue binding rules until sometime in 2018, unless the new administration changes course on this issue.  However, the DOJ and plaintiffs’ lawyers consistently suggest that websites will be considered ADA compliant if they follow the Web Content Accessibility Guidelines (WCAG-2.0) Level AA.  For example, if the website includes live audio content, Level AA guidelines call for the website to also provide captioning.

Tilting the Scales in Your Favor

Although the DOJ has not issued binding rules and regulations, you should take steps to bring your website within the WCAG-2.0 Level AA guidelines now.  Some plaintiffs have filed lawsuits against plaintiffs even without the binding rules in place and successfully argued that the website was a place of public accommodation that was not accessible to disabled individuals.  This is especially important for businesses that sell goods online, because courts have routinely considered those businesses’ websites to be places of public accommodation.

cyber securityBreathing a sigh of relief that he neither works for U.S. agencies requiring security clearances nor do his hiring policies require the details of mental illnesses, drug and alcohol use, past arrests, bankruptcies, Joe Hyre was oblivious to the ranting of Dez Grunteld, a whining employee who he fired last week. Over the weekend Dez hacked into the Ten U Us Employment records and downloaded personnel files containing social security numbers, dates of birth and credit histories of Ten U Us Employment’s people. Not satisfied, Dez deliberately crashed five of the company’s eight network servers as further retribution, permanently erasing all of the information, and forcing Ten U Us to shut down operations in its headquarters for two days sustaining losses in excess of $100,000. Can Joe Hyre instruct his Ten U Us employees to access Dez Grunteld’s old email account to investigate the damage Dez caused? Is Ten U Us responsible to the employees whose information was stolen?

Hack Grunteld Back?

Maybe Hyre can access Dez’s old email account to investigate the damage he caused. Among other things, the Electronic Communications Privacy Act (ECPA) regulates private individuals and businesses, arguably giving employees of private entities a right to privacy in their e-mail. While there are equally good arguments that employers who own the computer system used by their employees have the right to monitor employees’ e-mail, the simplest solution is for Ten U Us to follow the terms to which Dez Grunteld agreed in his employee handbook.

Responsible for Employee Files?

Yes, Ten U Us is almost certainly responsible to its employees for the loss of their sensitive personal information. The Texas Business & Commerce Code obligates businesses to implement reasonable procedures, including taking any appropriate corrective action, to protect the unlawful use or disclosure of any sensitive personal information collected or maintained by a company in the regular course of business, both for customers and employees. Moreover, Texas law imposes notification requirements for the breach and disclosure of sensitive personal information, even if only potentially exposed, for employees and customers alike.

Inside Jobs

Although the cyberbreach of more than 14 million U.S. government personnel records detailing, among other things, military records, job and pay histories and life insurance and pension information was the clever work of Chinese hackers, most business cyber breaches are inside jobs. Speaking of China, did you know that, over the centuries of repelling Mongolian invaders, the only time that the Great Wall of China was breached was in 1644? The gates at Shanhaiguan were opened by Wu Sangui, a Ming border general who disliked the activities of rulers of the Shun Dynasty. Whether in 1644 or 2015, the most likely breaches of your secure walls – whether they be fortifications or computers – is a dissatisfied employee like Wu Sangui or Dez Grunteld.

Tilting the Scales in Your Favor

Ideally? Immediately address resentful or disgruntled employees in a fair and benevolent way. For double coverage, however, plan for a possible separation or firing by implementing the following recommendations:

  1. Cyber Insurance. The detailed insurance company evaluation of your company’s IT department should become the blueprint for internal company protection of sensitive information. Premium costs, depending upon coverage and current IT protection systems can vary dramatically.
  2. IT Policy. Create and enforce an acceptable use policy for your Internet, Email and Computer systems.
  3. Content Filtering. With a content filtering device, monitor internet usage to restrict websites accessible to employees. Consider restricting access to personal emails – a common vehicle for “stealing” company files.
  4. Social Networking Sites. Deny, or at least limit, free access to social networking sites like, Facebook, Twitter and the like, as they invite inappropriate content, viruses, and theft.
  5. Password Integrity. Require separate and regular changed passwords for each employee who accesses a company computer and server. The password should not be known by anyone else.
  6. Regular Audits. Audit computer files for user access and deletion.
  7. Monitor server event logs.
  8. Use Terminal Servers if possible.
  9. Back up at least once a month. Test your backup because restoration data is frequently corrupted, or worse was never backed up at all.

Past Related Articles: Cyber Security: Forewarned is Fair-Warned

Don’t Be a Target: Mitigating Liability From Cyber Attacks

Weighing in – 1.2 Billion Usernames and Passwords. What, Me Worry About CyberSecurity?

Sony vs. N. Korea – Let Capitalism Fight Totalitarianism!

  1. Tom_Brady_vs._Vikings_2014Take it Seriously. A week ago, when asked about the “elephant in the room,” New England Patriots quarterback Tom Brady replied before 4,000  cheering and laughing Patriots fans “Where? When I digest it fully, I’ll be sure to let you know how I feel about it… This is like a Patriots pep rally.”

Last March Blue Bell announced a product recall for the first time in 108 years after discovering what was then believed to be a single machine producing a limited amount of frozen snacks with a potential listeria problem. Crisis Communication Rule 1: Treat Serious Matters Seriously.

2.  Actions Count. Although Brady appeared for an interview and voluntarily answered questions, his failure to cooperate contributed to his punishment when he refused to produce texts and emails even with his attorney being allowed to screen and limit production strictly to responsive materials.

Last April Blue Bell reiterated its commitment “…to doing the 100 percent right thing, and the best way to do that is to take all of our products off the market until we are confident that they are all safe…. [bringing] in one of the world’s most respected food safety microbiologists to inspect our plants and systems to help us get to the bottom of this issue.” Crisis Communication Rule 2: Actions Speak Louder than Words.

3.  Accountability is Critical. Brady’s agent blasted the 243 page Wells report and vowed to appeal the decision. Patriots’ owner Bob Kraft, who last week said he would accept any punishment despite his serious misgivings about the Wells report’s findings, denounced both the penalties and the initial report.

In its latest May press release, Blue Bell reported that it collected approximately 8 million gallons of ice cream sold domestically and internationally, and closed production plants in Brenham, Texas, Oklahoma and Alabama to thoroughly clean and sanitize each facility and review all operating procedures and its production process to eliminate possible contamination pathways. Crisis Communication Rule 3: When You are Wrong, Admit it and Take Your Medicine.

Tilting the Scales in Your Favor. Nothing is more important than your reputation, and a key ingredient to reputation is trustworthiness. Rather than denying outright any knowledge or participation in “Deflategate,” had Brady first communicated that he was a fierce competitor who looked to take advantage of every opportunity to help his team win and later acknowledged that the air pressure was below recommendations, Brady might have preserved his reputation as a fierce yet forthright competitor.

When challenged by a crisis, you must have a plan– Failing to Plan is Planning to Fail.

*Paul Kruse, CEO & President of Blue Bell Creameries in March 27, 2015 letter to customers

Special thanks to guest blogger Alex Fuller for this month’s post.

            Who steals my purse steals trash; ’tis something, nothing;

            ‘Twas mine, ’tis his, and has been slave to thousands;

            But he that filches from me my good name

            Robs me of that which not enriches him,

            And makes me poor indeed.

                        –Othello Act 3, Scene 3

While on a date to the Laugh Factory Comedy Club, Terry Tellsall busted a gut laughing and was rushed to Texas General Hospital. Incensed by the treatment and bedside manner he received from Dr. B.D. Manner, Terry barraged his friend Cindy Cussin with texts detailing Dr. Manner’s inability to remember critical surgical procedures and his comments that “with a belly that size, you’re lucky you only busted one gut.” The next day, Terry posted his accusations on a popular doctor-rating website.

Luckily for Terry, the attending Nurse Nancy smelled Dr. Manner’s whiskey breath, heard his comments, and thankfully reminded him of the right procedure. However, Terry’s friend Cindy Cussin was Dr. Manner’s cousin and forwarded Terry’s texts to him. When Dr. Manner read the texts and received the early morning Google Alert with Terry’s website posts, he immediately instructed Able Attorney, Esq., to file a defamation lawsuit against Terry. Is Terry liable for libel?

Probably not. Truth is still a defense to any claim of verbal (slander) or written (libel) defamation. Better yet, the 2011 Texas Anti-SLAPP statute makes it harder for defamation lawsuits to be used as a bullying tactic.

Continue Reading The Case of the Defamed Doctor – SLAPP’ing Down Defamation Cases in Texas

Fresh off his last Tonight Show monologue, Jay Lento is scouring the vintage car dealers’ websites to find replacement wheel hubs for his antique BMW. Searching worldwide, he finds none. When his friend N. Gennyus mentions that he can make exact computer replicas with a 3D printer to create a cast to manufacture the vintage wheel hub, Jay wonders if it’s legal?

Continue Reading There’s a Printer for That!