Running for office, Starr Struuck sent out a campaign newsletter extolling her qualifications and a list of reasons why she should be elected rather than her incumbent opponent. Prominently displayed in her newsletter and website was a personalized and autographed Comic-Con convention photograph of Starr Struuck perched beside wildly popular and well-known Captain Kurff of Star Warp’d. When advised of her campaign literature, Captain Kurff tweeted Struuck demanding that she destroy all copies of the campaign newsletter and remove his likeness from any of her campaign materials as he was not endorsing her. Protesting that she was merely publicly confessing her affection for the Captain and geeky shows generally, Starr resisted. Is Captain Kurff right?
Dr. Nole Specs created a website for his successful optometry practice. Over the holidays, Dr. Specs received a threatening letter from Mo Dougherty, a plaintiff’s lawyer. Dougherty’s letter claims Specs’ website is not ADA compliant, and demands that Specs fix the problem immediately and pay Dougherty $2,500 or Dougherty will sue. While Specs knows the ADA applies to the brick and mortar aspect of his business, he’s never heard of it applying to websites and thinks it’s a scam. Should Specs just ignore Dougherty’s letter?
The Federal Government Believes Websites are Governed by the ADA
Title III of the Americans with Disabilities Act (ADA) prohibits discrimination on the basis of a disability in places of public accommodation, such as a restaurant, movie theater, school, doctor’s office, or other business. Recently, 60 Minutes ran a story on “Drive-By Lawsuits,” where plaintiffs’ lawyers or people hired by them will drive around looking for businesses that are not ADA compliant. Typically, the public considers this prohibition applying to wheelchair access. But in 2010, the Department of Justice (DOJ), which enforces the ADA, issued a notice stating it would amend the language of the ADA to ensure accessibility to websites for individuals with disabilities. As a result of this notice there has been a proliferation of demand letters from plaintiffs’ lawyers threatening to sue businesses for having non compliant websites, and offering to settle if the business will bring the website into compliance and pay the lawyer a few thousand dollars to go away.
How do you ensure ADA Compliance?
First, it’s important to know that the DOJ has not issued binding rules on regulations on ADA compliance for websites. The DOJ is not expected to issue binding rules until sometime in 2018, unless the new administration changes course on this issue. However, the DOJ and plaintiffs’ lawyers consistently suggest that websites will be considered ADA compliant if they follow the Web Content Accessibility Guidelines (WCAG-2.0) Level AA. For example, if the website includes live audio content, Level AA guidelines call for the website to also provide captioning.
Tilting the Scales in Your Favor
Although the DOJ has not issued binding rules and regulations, you should take steps to bring your website within the WCAG-2.0 Level AA guidelines now. Some plaintiffs have filed lawsuits against plaintiffs even without the binding rules in place and successfully argued that the website was a place of public accommodation that was not accessible to disabled individuals. This is especially important for businesses that sell goods online, because courts have routinely considered those businesses’ websites to be places of public accommodation.
Breathing a sigh of relief that he neither works for U.S. agencies requiring security clearances nor do his hiring policies require the details of mental illnesses, drug and alcohol use, past arrests, bankruptcies, Joe Hyre was oblivious to the ranting of Dez Grunteld, a whining employee who he fired last week. Over the weekend Dez hacked into the Ten U Us Employment records and downloaded personnel files containing social security numbers, dates of birth and credit histories of Ten U Us Employment’s people. Not satisfied, Dez deliberately crashed five of the company’s eight network servers as further retribution, permanently erasing all of the information, and forcing Ten U Us to shut down operations in its headquarters for two days sustaining losses in excess of $100,000. Can Joe Hyre instruct his Ten U Us employees to access Dez Grunteld’s old email account to investigate the damage Dez caused? Is Ten U Us responsible to the employees whose information was stolen?
Hack Grunteld Back?
Maybe Hyre can access Dez’s old email account to investigate the damage he caused. Among other things, the Electronic Communications Privacy Act (ECPA) regulates private individuals and businesses, arguably giving employees of private entities a right to privacy in their e-mail. While there are equally good arguments that employers who own the computer system used by their employees have the right to monitor employees’ e-mail, the simplest solution is for Ten U Us to follow the terms to which Dez Grunteld agreed in his employee handbook.
Responsible for Employee Files?
Yes, Ten U Us is almost certainly responsible to its employees for the loss of their sensitive personal information. The Texas Business & Commerce Code obligates businesses to implement reasonable procedures, including taking any appropriate corrective action, to protect the unlawful use or disclosure of any sensitive personal information collected or maintained by a company in the regular course of business, both for customers and employees. Moreover, Texas law imposes notification requirements for the breach and disclosure of sensitive personal information, even if only potentially exposed, for employees and customers alike.
Although the cyberbreach of more than 14 million U.S. government personnel records detailing, among other things, military records, job and pay histories and life insurance and pension information was the clever work of Chinese hackers, most business cyber breaches are inside jobs. Speaking of China, did you know that, over the centuries of repelling Mongolian invaders, the only time that the Great Wall of China was breached was in 1644? The gates at Shanhaiguan were opened by Wu Sangui, a Ming border general who disliked the activities of rulers of the Shun Dynasty. Whether in 1644 or 2015, the most likely breaches of your secure walls – whether they be fortifications or computers – is a dissatisfied employee like Wu Sangui or Dez Grunteld.
Tilting the Scales in Your Favor
Ideally? Immediately address resentful or disgruntled employees in a fair and benevolent way. For double coverage, however, plan for a possible separation or firing by implementing the following recommendations:
- Cyber Insurance. The detailed insurance company evaluation of your company’s IT department should become the blueprint for internal company protection of sensitive information. Premium costs, depending upon coverage and current IT protection systems can vary dramatically.
- IT Policy. Create and enforce an acceptable use policy for your Internet, Email and Computer systems.
- Content Filtering. With a content filtering device, monitor internet usage to restrict websites accessible to employees. Consider restricting access to personal emails – a common vehicle for “stealing” company files.
- Social Networking Sites. Deny, or at least limit, free access to social networking sites like, Facebook, Twitter and the like, as they invite inappropriate content, viruses, and theft.
- Password Integrity. Require separate and regular changed passwords for each employee who accesses a company computer and server. The password should not be known by anyone else.
- Regular Audits. Audit computer files for user access and deletion.
- Monitor server event logs.
- Use Terminal Servers if possible.
- Back up at least once a month. Test your backup because restoration data is frequently corrupted, or worse was never backed up at all.
Past Related Articles: Cyber Security: Forewarned is Fair-Warned
Sony vs. N. Korea – Let Capitalism Fight Totalitarianism!
- Take it Seriously. A week ago, when asked about the “elephant in the room,” New England Patriots quarterback Tom Brady replied before 4,000 cheering and laughing Patriots fans “Where? When I digest it fully, I’ll be sure to let you know how I feel about it… This is like a Patriots pep rally.”
Last March Blue Bell announced a product recall for the first time in 108 years after discovering what was then believed to be a single machine producing a limited amount of frozen snacks with a potential listeria problem. Crisis Communication Rule 1: Treat Serious Matters Seriously.
2. Actions Count. Although Brady appeared for an interview and voluntarily answered questions, his failure to cooperate contributed to his punishment when he refused to produce texts and emails even with his attorney being allowed to screen and limit production strictly to responsive materials.
Last April Blue Bell reiterated its commitment “…to doing the 100 percent right thing, and the best way to do that is to take all of our products off the market until we are confident that they are all safe…. [bringing] in one of the world’s most respected food safety microbiologists to inspect our plants and systems to help us get to the bottom of this issue.” Crisis Communication Rule 2: Actions Speak Louder than Words.
3. Accountability is Critical. Brady’s agent blasted the 243 page Wells report and vowed to appeal the decision. Patriots’ owner Bob Kraft, who last week said he would accept any punishment despite his serious misgivings about the Wells report’s findings, denounced both the penalties and the initial report.
In its latest May press release, Blue Bell reported that it collected approximately 8 million gallons of ice cream sold domestically and internationally, and closed production plants in Brenham, Texas, Oklahoma and Alabama to thoroughly clean and sanitize each facility and review all operating procedures and its production process to eliminate possible contamination pathways. Crisis Communication Rule 3: When You are Wrong, Admit it and Take Your Medicine.
Tilting the Scales in Your Favor. Nothing is more important than your reputation, and a key ingredient to reputation is trustworthiness. Rather than denying outright any knowledge or participation in “Deflategate,” had Brady first communicated that he was a fierce competitor who looked to take advantage of every opportunity to help his team win and later acknowledged that the air pressure was below recommendations, Brady might have preserved his reputation as a fierce yet forthright competitor.
When challenged by a crisis, you must have a plan– Failing to Plan is Planning to Fail.
*Paul Kruse, CEO & President of Blue Bell Creameries in March 27, 2015 letter to customers
Special thanks to guest blogger Alex Fuller for this month’s post.
Who steals my purse steals trash; ’tis something, nothing;
‘Twas mine, ’tis his, and has been slave to thousands;
But he that filches from me my good name
Robs me of that which not enriches him,
And makes me poor indeed.
While on a date to the Laugh Factory Comedy Club, Terry Tellsall busted a gut laughing and was rushed to Texas General Hospital. Incensed by the treatment and bedside manner he received from Dr. B.D. Manner, Terry barraged his friend Cindy Cussin with texts detailing Dr. Manner’s inability to remember critical surgical procedures and his comments that “with a belly that size, you’re lucky you only busted one gut.” The next day, Terry posted his accusations on a popular doctor-rating website.
Luckily for Terry, the attending Nurse Nancy smelled Dr. Manner’s whiskey breath, heard his comments, and thankfully reminded him of the right procedure. However, Terry’s friend Cindy Cussin was Dr. Manner’s cousin and forwarded Terry’s texts to him. When Dr. Manner read the texts and received the early morning Google Alert with Terry’s website posts, he immediately instructed Able Attorney, Esq., to file a defamation lawsuit against Terry. Is Terry liable for libel?
Probably not. Truth is still a defense to any claim of verbal (slander) or written (libel) defamation. Better yet, the 2011 Texas Anti-SLAPP statute makes it harder for defamation lawsuits to be used as a bullying tactic.
Fresh off his last Tonight Show monologue, Jay Lento is scouring the vintage car dealers’ websites to find replacement wheel hubs for his antique BMW. Searching worldwide, he finds none. When his friend N. Gennyus mentions that he can make exact computer replicas with a 3D printer to create a cast to manufacture the vintage wheel hub, Jay wonders if it’s legal?
As 2013 was winding down, the law firm of Dewey, Cheatum & Howe also known as www.BestLawfirmEver.com was calculating its partners’ year end distributions. Before the ink was dry, Dewey announced he was leaving, taking an associate AND the law firm website www.BestLawfirmEver.com. Cheatum and Howe were convinced that the domain name and the website stayed with them and the other lawyers at the firm because their client was the web designer Dee Sine. Who wins?
Billy Bob Cooter is spending a Sunday doing what he loves most – attending a NASCAR race to watch his favorite driver Ricky Bobby pilot the #26 Wonder Bread car. It’s a close and exciting race as the drivers begin the final lap towards the checkered flag. With Ricky Bobby in contention, Cooter decides to video the race’s final seconds. As the car rounds the final turn, Ricky Bobby and another driver “trade paint.” The collision sends the #26 car violently into the wall which showers the crowd in debris and seriously injures several spectators. Cooter catches the entire incident on his iPhone and then proceeds to post the graphic video on YouTube, which immediately receives thousands of views. NASCAR executives see the video on YouTube and have it removed on copyright grounds. They argue that posting the video violates the limited license granted to Cooter (and all attendees) on the back of his ticket because NASCAR owns the intellectual property of the race and all of its associated images. Is Cooter within his right to post the video?
Yes. While NASCAR owns the portion of the video dealing with the race, “facts” and “news” are not subject to copyright protection. This issue was addressed in 1997 when the Second Circuit Court of Appeals ruled that the NBA could not prevent Motorola from broadcasting scores and stats from a game, because while the broadcast was protected, facts and news were not. While NASCAR could argue that the broadcast of the race was their property, at some point the race changed from a copyrighted event to a non-copyrighted “news” event when the accident occurred.
Earlier this year, Tyler Anderson, a high school student, posted his 1 minute, 16 second video of a horrific NASCAR crash on YouTube. It was initially reported that NASCAR believed the video infringed on its copyrights and YouTube removed the video stating “This video contains content from NASCAR, who has blocked it on copyright grounds.” However, NASCAR later maintained that the request was made out of respect to the dozens of injured spectators. Subsequently, YouTube reposted the video stating “Our partners and users do not have the right to take down videos from YouTube unless they contain content which is copyright infringing, which is why we have reinstated the video.”
As observed by John McQuaid in his blog for Forbes Magazine:
There are inescapable contradictions between asserting a legal claim over recording everything that happens in a certain place, and then filling that place with tens of thousands of people with the capacity to shoot video and instantly upload it to the Internet, especially when something newsworthy happens, and when your organization is already managing a strong social media effort that depends on interaction with fans. This is where the privatization and monetization of everything meets with the democratization of the digital age.
If they’re smart, the NASCARs of the world will make just enough allowances for news events, while doing what they can to keep a tight lid on video sharing and other forms of fan reporting, from photos to tweets, when nothing out of the ordinary is going on.
But even this safety valve approach is probably untenable as devices get smaller and sharing becomes more a seamless part of life. You cannot contain that urge. You cannot shut down thousands of devices, or paralyze thousands of tweeting thumbs. The notion that no information except the official kind can escape the legal-gravitational black hole of the Daytona Speedway is absurd. It’s not like everyone doesn’t already know that.
Anderson’s video raises all sorts of interesting legal issues and highlights the difficulty of preventing the dissemination of images and video in this age of ubiquitous iPhones and social media. The issue is particularly interesting given the way NASCAR and other sports have embraced the internet and the posting of fan videos on social media.
Local dermatologist Dr. Nomo Ackney’s former patient Idgy Skinn is posting derogatory comments and inferior ratings on HealthGrades.com, Rate MDs.com, Vitals.com, AngiesList.com, TopIx.com and Ackney’s Google Places. He is even calling out and speaking ill of Ackney’s family members and posting Ackney’s home address on Facebook. The complaints detail Ackney’s treatment and allege she is an incompetent doctor, that she committed malpractice and that she got away with it. Does Dr. Ackney have a claim? Who can she sue?
Defamation on the Internet
Yes, Ackney has a claim – for some of the comments – against Idgy Skinn. Saying that Ackney committed malpractice is actionable. Opining that Ackney is incompetent or that she did a bad job probably is not actionable.
Libel. Written defamation (libel) is a catch-all term for any statement that hurts someone’s reputation. Just like plain ‘ole gossip, it must be false, “published” to someone else (like on the internet) and damaging to your business or reputation. In addition, it must cross over the line from protected free speech where you may freely speak your opinion (even if it’s wrong) into the realm of “gone too far.” Some examples of communications that cross the line are those that:
- Suggest a serious crime involving moral turpitude or a felony was committed
- Expose Dr. Ackney to hatred
- Reflect negatively on Dr. Ackney’s character, morality or integrity
- Suggest that Dr. Ackney suffers from a physical or mental defect that would cause others to not associate with her
Idgy Skinn Can Be Sued, But NOT the Internet Site
Many websites permit anonymous postings making it extremely difficult to know who to stop. Knowing that the offender is Idgy Skinn overcomes Ackney’s first obstacle. The 1996 Communications Decency Act, originally intended to slow pornography, also protects any Internet Service Provider from libelous posting damages.
Texas Cases on Internet Libel
Two Texas cases awarded damages for internet libel. Mark and Rhonda Lesher of Clarksville were awarded more than $13 million (later overturned by the Tarrant County trial court judge) for writing anonymous online comments on Topix.com about an alleged sexual assault at their Texas ranch. The second was a $12.5 million jury verdict in favor of Orix Capital Markets, LLC in a complicated defamation case involving statements published on the defendants cleverly named “gripe site” Predatorix.com. The case was settled after the judgment for undisclosed terms.
Tilting the Scales in Your Favor
Consider carefully your options and the time and expense that are likely to be related to each. As the saying goes, “you can sue someone for just about anything.” There are other options before you pull the pin on the litigation hand grenade. Consider –
- Be Proactive – consider releasing your side of negative information first. If it is reasonable, it will be believed. “Nip it in the bud.”
- Be Upfront – consider contacting and offering to meet with the online poster if the negative comments have already been posted. Be conciliatory.
- Apologize if Necessary – consider ‘fessing up to your mistakes. A quick apology is less painful and costly than years of litigation, and is likely to put you in a better light as one who owns up rather than appearing to be clueless and defiant.
- Negotiate to Get the Post Down – consider the cost to get it down. Words are forgotten. Even newsprint fades. The permanence of the web creates a major branding challenge.
- Own Your SEO (Search Engine Optimization) – consider creating your own content and drive the bad stuff down in search engine rankings. Only your worst enemy will look for dirt on you past the first Google search page. See Reputation Repair below.
Managing your internet reputation is not a new idea. In fact Looper Reed regularly works with some of our clients on crisis communications and dealing with damaging or misinformation on the internet. There are also internet service providers and websites like Reputation Changer, Reputation Management Consultants, Integrity Defenders,and Online Reputation Management that promote their ability to clear negative search results arising from an internet search engine.
Dirty Dick’s Crab House is in a dither. Dirty Dick’s owners Pierce Lipp and Gimmy Amira just learned that late last year a completely new domain name – XXX domains – became available. They hear that all sorts of big companies and universities have jumped on the rush to protect themselves from some off color group grabbing their restaurant’s name for prurient purposes. What should Pierce and Gimmy do?First approved by the ICANN in September, open season on the new XXX domains was unveiled to the public late last year. Universities and countless other schools and business rushed to prevent their good names from falling into the hands of the pornography industry. Fearing that they might be exploited by the adult entertainment business, tens of thousands of “.xxx” website names were snapped up. The University of Kansas bought up http://www.kugirls.xxx/ and http://www.kunurses.xxx/ to avoid the clutches of “some unscrupulous entrepreneur.” Kansas University spent nearly $3,000 to protect the names and do nothing with them. Is it a good idea to buy the .xxx suffix domain name to protect your brand?
Tilting the Scales in Your Favor. Many like last Wednesday’s Dallas Morning News columnist Cheryl Hall think that “Triple X Websites Can Cause Super-size Headaches.” They promote protecting your business trademark / trade name. No doubt, that’s the safest advice.
We say, “not necessarily.” You don’t have to buy the domain names to protect your trademark or trade name says our local Looper Reed trademark expert Carol Wilhelm. Like Ms. Hall both Carol and our internet expert Travis Crabtree suggest that there are those who might benefit from purchasing the Triple X sites – Fortune 500 companies, those with unique brand names, churches, schools and other not for profit institutions.
Some businesses complain they are being forced to buy domain names unnecessarily to protect their brand. The cost to protect the name for several decades is less than the $5,000 average cost to litigate with the World Intellectual Property Association the release of a domain name registered by someone other than the trademark owner. The complainers argue that GoDaddy’s “Defensive Registrations” are costing them thousands per year to protect their trademarks against domain squatters. The only winners of this new domain idea, they contend, are the domain registrars who demand $80 to $125 per year for a Triple X domain name.
Practically speaking, unlike “.org” or “.net” it is not likely that someone seeking your website would mistakenly type “.XXX.” And, if someone truly wants to spoof your brand name to create an adult website, they wouldn’t need to buy an “.XXX” domain name. They could find other ways to do so. Curiously, the ones complaining the loudest are the sex sites. They neither would choose to run a live XXX domain website nor do they wish to be forced to use them. Why? Because businesses and parents can block all access to XXX domains, and these companies often get noticed by a slip of the typing finger or a misspelled word.
As is often the case, the legal risk assessment is the relative value of the cost of protection versus the risk and resulting cost from having to later protect your good name. You make the call.