FTC Beat
Mar 15
2013

FTC Revises Online Advertising Disclosure Guidelines: Say It and Say It Clearly

This week, the FTC released updated guidance to its 2000 “Dot Com Disclosures,” a guide covering disclosures in online advertising. The online world has certainly changed in 13 years, and the new guidelines, available here, cover advances in online advertising, including mobile advertising.

One central theme still prevails: existing consumer protection laws and rules apply no matter where you offer products and services: newspapers, magazines, TV and radio commercials, websites, direct marketing, and mobile marketing. Thus, the basic principle applies that companies must ensure that their advertisements are truthful and accurate, including providing disclosures necessary to ensure that an advertisement is not misleading. Further, the disclosures should be clear and conspicuous – irrespective of the medium of the message.

In determining whether a disclosure is “clear and conspicuous” as the FTC requires, advertisers should consider the disclosure’s placement in the ad. Importantly, the 2000 guidelines defined proximity of disclosures to ads as “near, and when possible, on the same screen.” The new guidelines state that disclosures should be “as close as possible” to the relevant claim. The closer the disclosure is to the claim, the better it is for FTC compliance purposes.

Advertisers should also consider: the prominence of the disclosure; whether it is unavoidable (e.g., consumers must scroll past the disclosure before they can make a purchase); whether other parts of the ad distract attention from the disclosure; whether the disclosure should be repeated at different places on the website; whether audio message disclosures are of sufficient volume and cadence (e.g., too fast); whether visual disclosures appear long enough; and, whether the language of the disclosure is appropriate for the intended audience. The FTC suggests avoiding “legalese” or technical jargon.

Mobile marketers should take note that the FTC provided some additional guidance regarding disclosure issues particular to mobile marketing. In particular, the FTC stated that the various devices and platforms upon which an advertisement appears or a claim is made should be considered. For example, if the advertiser cannot make necessary disclosures because of the limit of the space (e.g., in a mobile app), then the claim should not be made on the platform.

The FTC does permit hyperlinks for disclosures in certain circumstances. However, hyperlinks must:
– be obvious
– be labeled appropriately to convey the importance, nature and relevance of the information they lead to (such as “Service plan required. Get service plan prices here”)
– be used consistently
– be placed as close as possible to the relevant information the hyperlink qualifies and made noticeable
– take consumers directly to the disclosure after clicking

Companies should assess the effectiveness of the hyperlink by monitoring click-through rates and make changes accordingly. The agency also suggests that advertisers design ads so that scrolling is not necessary to find a disclosure. The FTC discourages hyperlinks for disclosures involving product costs or certain health and safety issues (similar to its 2000 guidelines).

The FTC suggests that companies display disclosures before a consumer chooses to buy a product or service – in other words, the disclosure should appear before a consumer adds a purchase to his or her “shopping cart” or before the consumer clicks “buy now.” The FTC also cautions that necessary disclosures should not be relegated to general “terms of use” and similar contractual terms on a website. Further, because so many consumers have set their computers to prevent “pop ups,” the FTC discourages companies from placing disclosures in “pop ups.”

Probably the most helpful part of the new guidelines are the 22 different examples of proper/improper disclosures the FTC provides at the end of the guidelines. As companies move forward in promoting products and services online, particularly on mobile platforms, reviewing these examples along with the general principles of truthful and complete statements in advertising may save a company from an FTC enforcement action.

Organizations are increasingly marketing their products and services on mobile platforms. Advertisers should take note that special considerations apply in the mobile marketplace, especially the space and text size limitations. If a disclosure is necessary to prevent an advertisement from being deceptive, unfair, or otherwise violative of an FTC rule, it must be clear and placed next to the offer. If that can’t be done, the safest course would be to move the offer to another platform, such as a traditional website. The FTC and the states have demonstrated that they take a keen interest in mobile marketing and they will be watching claims and disclosures in the smartphone/tablet universe.

Ifrah Law is a leading white-collar criminal defense firm that focuses on e-commerce.

Mar 12
2013

Web Analytics Firm Settles FTC Charges Over Intrusive Data Tracking

The Federal Trade Commission recently announced that it has approved a final order settling charges against Compete, Inc., a Boston-based web analytics company. Compete, Inc. sells reports on consumer browsing behavior to clients looking to drive more traffic to their websites and increase sales. Compete, Inc. obtained the information by getting consumers to install the company’s web-tracking software in their computers. The FTC alleged that the company’s business practices were unfair and deceptive because the company did not sufficiently describe the types of information it was collecting from its users.

With all the heightened concerns among consumers about internet privacy, one might wonder why consumers would be willing to install web-tracking software in their computers in the first place. Well, Compete, Inc. sweetened the pot by offering gift cards, cash rewards, and other incentives to entice consumers.

The fact that Compete, Inc. was using web-tracking software to track consumers’ visits to websites was not the problem for the FTC. The major issue was that the software was recording far more than just which websites a consumer was visiting. It was recording everything the user entered on the websites – usernames, passwords, detailed credit card information, Social Security numbers, etc. – all without the consumer’s knowledge or consent.

Reports indicate that the company may not have known that its software was collecting all of this user information. Compete, Inc. representatives stated that in January 2010, when they first learned that there was a potential security issue, they immediately disabled data collection from affected versions of the software and deleted inadvertently-collected information from their servers. The company also responded by implementing new data filters and security measures. The company took these steps even before the order was handed down and said that it would continue to develop and uphold new standards of transparency and security.

Perhaps the company’s commitment to correcting its behavior is part of the reason that the FTC settlement order didn’t include a monetary sanction. Instead, the order focuses on ensuring that such intrusive data is not collected in the future. Pursuant to the order, Compete, Inc. must implement a comprehensive information security program with biannual audits from an independent third party for the next 20 years (a fairly typical obligation in recent FTC settlements of this type); disclose the types of information that will be collected and obtain consumers’ express consent through their website before collecting any data from its web-tracking software; delete or anonymize the use of the consumer data it has already collected; and provide consumers with directions on how to uninstall the web-tracking software. The settlement also bars the company from misrepresenting its privacy and data security practices.

In the age of affiliate marketing, web analytics are extremely valuable for merchants seeking to increase web traffic to drive revenue. However, FTC investigations and resulting sanctions are costly, time-consuming, and quite simply bad for business. Companies interested in using this technology should make sure they know exactly what information they are collecting and should ensure that they are following FTC guidelines regarding data privacy. Clear disclosures to the public as to what software is being installed, what information is viewed or collected, and how that information is used, are all critical. Taking steps to get it right in the beginning will help them avoid costly investigations and bad press in the end.

Ifrah Law is a leading white-collar criminal defense firm that focuses on data privacy.

Mar 08
2013

Is Equifax Selling Your Salary Information?

According to a recent NBC News report, Equifax, one of the three largest American credit reporting agencies, has assembled an enormous database containing employment and salary information for more than 190 million U.S. adults. Very few people knew of the existence of the database, but the information in it allegedly is being sold to third parties without consumers’ consent.

According to the report, an Equifax-owned company, The Work Number obtains substantial information– through the assistance of human resources departments and other sources around the country including government agencies and Fortune 500 companies. The Work Number then sells this information. According to The Work Number’s website, payroll information comes from over 2,000 employers. Reports have stated that the database is so detailed that for many individuals it has weekly pay information, as well as other sensitive information such as the identity of the individual’s health care provider and whether the individual has ever filed a claim for unemployment benefits.

Seven members of Congress recently wrote a letter to Equifax asking for more information on the legality of The Work Number. “What is most concerning to us is that this massive database appears to generate revenue using consumers’ sensitive personal information for profit,” the letter states.

Companies state that they agree to sign up for The Work Number because it gives them a simple way to outsource employment verification of former employees. Companies provide their human resources information to The Work Number and The Work Number automates the process. There is no longer a need for companies to spend the time to verify a former employee’s work history.

In 2009, according to the NBCNews.om report, Equifax said that the data The Work Number had amassed covered 30 percent of the working U.S. population, and the database is now adding 12 million records annually according to NBCNews.com.

It is not entirely clear what Equifax is doing with the data, where it is selling it, and what can be sold without consent. In a statement after NBCNews.com broke the story Equifax said, “The Work Number does not provide debt collectors with salary/pay rate/income information. They can request only employment verification data which The Work Number will provide if there is permissible purpose as detailed by the Fair Credit Reporting Act.” Equifax also denied reports that the salary information is sold to debt collectors.

Equifax did confirm that “pay rate” information is shared with third parties including mortgage, automobile, and other financial services companies — as authorized under the Fair Credit Reporting Act.

Since the data is considered a credit report, consumers are entitled to one free report every year, which shows the data contained in the reports and what entities have requested the data.

Companies that collect and share data will continue to face scrutiny from state and federal government agencies that have shown a consistent effort focused on protecting consumers’ privacy rights. Consumer protection laws continue to evolve and provide individuals with specific rights as well as restrictions on companies regarding information that can be shared. All companies that deal with consumer information need to take a proactive approach to make sure that they are in compliance with all governing laws. The FTC, in particular, has shown a willingness and focus to utilize laws such as the Fair Credit Reporting Act to take enforcement action against companies offering employment and credit data.

Ifrah Law is a leading white-collar criminal defense firm that focuses on financial services.

related practices at ifrah law:
Financial Services
tags:
Feb 27
2013

FTC Remains Tough on ‘Robocalls’ with New Enforcement Case

Once again, the FTC has completed a major enforcement action against the illegal use of robocalls, a form of prerecorded, computerized telemarketing calls. This time, the action resulted in a $1.1 million civil penalty against Roy M. Cox, an individual whom the FTC considered to be the architect of an illegal robocall operation. The FTC alleged that Cox and several companies he controlled were using robocalls to market credit card interest-rate reduction programs, extended automobile warranties, and home security systems. Due to Cox’s inability to pay, the dollar penalty has been waived and Cox has been permanently banned from participating in any telemarketing activities.

According to the December 2011 complaint, Cox and his co-defendants were not only making prerecorded sales calls to consumers without their consent, in violation of the Telemarketing Sales Rule, but they were also illegally disguising their identity on customers’ caller ID displays. Instead of displaying the companies’ actual name and contact information, generic names such as “CARD SERVICES,” “CREDIT SERVICES,” or “PRIVATE OFFICE” would appear on a recipient’s caller ID. This tactic, known as “caller ID Spoofing,” is also prohibited by law.

As we reported in October, the FTC has been struggling to keep pace with these technological advancements, so it called on the public to come up with a solution. The commission offered a $50,000 prize to whoever could design a program to screen out illegal robocalls. The challenge was open to the public for three months and garnered nearly 800 submissions. The agency expects to announce a winner in early April.

The case against Cox and many of the FTC’s previous enforcement actions indicate that the FTC may be most concerned with robocalls that use patently deceptive advertising to lure in vulnerable, unsuspecting customers. Companies offering fraudulent credit card services, auto-warranty protection, and medical plans have made themselves an easy mark for the FTC, because of the likelihood that they will be reported by recipients or advocacy groups. However, companies interested in using computerized telemarketing must remember that even innocuous content can violate the Telemarketing Sales Rule (and the Telephone Consumer Protection Act) if recipients have not given prior written consent to receive such calls. Also, any company engaging in telemarketing should be subscribing to the federal “do not call” list and scrubbing its calling lists against the federal list. Some states still maintain their own lists as well. In addition to FTC or FCC enforcement, illegal robocalling can result in costly civil litigation, including class actions.

Ifrah Law is a leading white-collar criminal defense firm that focuses on e-commerce.

Feb 08
2013

Blood Bank Settles FTC Complaint About Customer Data Privacy

Any company that collects personal information about individuals, such as credit card numbers and social security numbers, must be very careful about the way in which it stores and secures that information. Even a blood bank that stores umbilical cord blood needs to keep these privacy rules in clear view. That is one of the messages of a recent Federal Trade Commission action.

California-based Cbr Systems is one of the leaders in the growing field of umbilical cord storage. Umbilical cords are rich in stem cells, and new parents are paying to have the cord or cord blood stored away for the child’s possible medical use later in life. Cbr acquires and stores the cords for an annual fee.

Cbr also stores a vast amount of information related to these tissues, including names, dates and times of birth, Social Security numbers, credit card numbers, checking account numbers, addresses, and driver’s license numbers. In December 2010, a Cbr employee removed four backup tapes containing this sensitive information in order to transport them to a different office. Soon after, a thief stole the tapes and other company devices from the employee’s car. In all, personal information of nearly 300,000 Cbr customers was compromised. The tapes and other devices were not encrypted.

The FTC pursued this matter because it found that Cbr’s privacy policy was deceptive under the FTC Act. The privacy policy stated, “Whenever Cbr handles personal information, regardless of where this occurs, Cbr takes steps to ensure that your information is treated securely and in accordance with the relevant Terms of Service and this Privacy Policy.” FTC Chairman Jon Leibowitz said, “The FTC can and will take action to make sure that companies live up to the privacy promises they make to consumers, particularly when it comes to highly sensitive information like the health information collected by Cbr.”

Under the terms of the settlement, Cbr must establish an information security system, submit to security audits every other year for the next 20 years, and ensure that it does not misrepresent its privacy and security practices. A violation of the final order could result in Cbr paying up to $16,000 per violation.

In addition to the FTC action, Cbr clients filed a class action against the company alleging that the company failed to adequately protect the information, and belatedly notified customers of the privacy breach. On February 5, 2013, a federal judge in Johansson-Dohrmann v. CBR Systems Inc., in the U.S. District Court for the Southern District of California, No. 12-1115, granted preliminary approval of a proposed settlement in which CBR must provide credit monitoring and identity theft insurance to each affected class member, as well as make cash reimbursements for any losses resulting from identity theft. The settlement also provides up to $600,000 in payments to the plaintiffs’ lawyers.

Data privacy breaches are a serious concern for any company. They can result in serious reputational harm, as well as financial loss through costly legal actions initiated by the FTC, states, or class actions. The cost of developing and implementing an effective data privacy protocol is a worthwhile investment to guard against these losses. Companies should refer to the FTC’s guides and manuals for protecting consumers’ personal information. Implementing these procedures will serve to protect both consumers and the company itself.

Ifrah Law is a leading white-collar criminal defense firm that focuses on data privacy.

related practices at ifrah law:
Data Privacy
posted in:
Privacy
Feb 05
2013

Maryland AG Launches New Internet Privacy Unit, Plans Aggressive Enforcement

Maryland Attorney General Douglas Gansler (D) has announced that his office is launching a new Internet Privacy Unit designed to address issues related to online privacy and to ensure that companies are in compliance with state and federal consumer protection laws. The unit will also handle issues related to cyberbullying and cybersecurity.

Gansler, who also serves as the president of the National Association of Attorneys General (NAAG), has previously stated that online privacy was a priority. Gansler said in a statement that Internet privacy is “one of the most essential consumer protection issues of the 21st century.”

As president of the NAAG, Gansler is leading a campaign entitled “Privacy in the Digital Age,” which focuses on the best ways to manage data risks associated with online activity. Last year, Gansler led an effort by 36 state attorneys general to demand changes from Google when it unilaterally changed its user privacy policy.

The Internet Privacy Unit will also work with major industry stakeholders and privacy advocates to provide outreach and education to businesses and consumers. The unit may also pursue enforcement actions “where appropriate” to ensure that consumers’ privacy is protected.

One area of online privacy that the unit will examine is whether companies are complying with the Children’s Online Privacy Protection Act (COPPA), a federal law that restricts site operators from knowingly collecting personal data from children younger than 13. The Federal Trade Commission (FTC) announced in December that it adopted new rules governing COPPA that will go into effect in July 2013, which were the first significant revisions since the original rules went into effect in 2000. The new rules significantly increase the number of types of companies that are required to obtain parental permission before knowingly collecting personal details from children, as well as the types of information that will require parental consent to collect.

The unit will also “examine weaknesses” in online privacy policies. Not only will companies be required to have privacy policies in place, but these policies need to be thorough and comprehensive to ensure compliance with all relevant privacy laws. And, of course, companies need to be following in practice what they “preach” in their privacy policies.

Maryland is not the first state to create a privacy unit in its Attorney General’s office. California created such an office last July, and the office has aggressively pursued mobile app developers who do not display their privacy policies, including filing suit against Delta Airlines for allegedly failing to post a privacy policy on its mobile app.

The FTC and state attorney general offices will doubtless continue to be aggressive in their enforcement of privacy laws. Companies with an online presence should review their privacy policies and practices, particularly as affected by recent rule changes such as the COPPA revisions. Also, Maryland is signaling that it will be an active player in monitoring and enforcement of personal privacy and cybersecurity. While federal legislation continues to stall, the states are most definitely moving ahead.

Ifrah Law is a leading white-collar criminal defense firm that focuses on data privacy.

related practices at ifrah law:
Data Privacy
posted in:
Privacy
Jan 30
2013

NFL Sacks Football Fan’s Effort to Trademark ‘Harbowl’

When the Baltimore Ravens and San Francisco 49ers won their NFL conference championship games, a Super Bowl matchup emerged with a great storyline — the opposing head coaches are brothers. An interesting legal question has also developed regarding the right to trademarks associated with the match-up between brothers.

Last February, Roy Fox, a football fan in Indiana, said he spent more than $1,000 to file for the trademarks “Harbowl” and “Harbaugh Bowl” in anticipation that Jim Harbaugh’s San Francisco 49ers and John Harbaugh’s Baltimore Ravens might meet in the Super Bowl. Fox said he remembered how former Los Angeles Lakers Coach Pat Riley made money by trademarking the term “Three-Peat” and thought that if the brothers were to meet in the Super Bowl he could make some money selling some T-shirts.

Fox applied for a trademark in February. In July, the United States Patent and Trademark Office (USPTO) published the trademark request, which is the standard procedure used by the office to see if anyone is opposed to a request.

In August, the NFL got the USPTO to extend the period of time allowed for filing an objection. At the same time, the NFL sent Fox a note saying that it was concerned that his recent trademarks could be easily confused with the NFL’s trademark of the Super Bowl or that “it may cause the public to mistakenly believe that your goods and/or services are authorized or sponsored by or are somehow affiliated with the NFL or its Member Clubs.”

The NFL continued to push Fox to drop his trademark application and began using more aggressive language in its correspondence.

“If you are still interested in resolving this matter amicably and abandoning your trademark application, please contact me as soon as possible,” NFL Assistant Counsel Delores DiBella wrote to Mr. Fox in October. She warned that otherwise, the NFL “will be forced to file an opposition proceeding and to seek the recoupment of our costs from you.”

Fox said he made a few requests of the league including a reimbursement of money he spent on the trademark applications, Indianapolis Colts tickets, and an autographed picture of NFL Commissioner Roger Goodell. Fox said that all of his requests were denied. Fox said he then dropped the trademark applications in October when additional correspondence from the league became more threatening and because he did not want to go to court to fight the NFL.

Trademark law protects a trademark owner’s exclusive right to use a trademark when use of the mark by another would be likely to cause consumer confusion as to the source or origin of the goods.

In order for the NFL to prevail on a challenge to Fox’s trademark, the league would have to show that the use of the “Harbowl” or “Harbaugh Bowl” mark would “cause a likelihood of confusion” as to the affiliation, connection or association of the mark with the marks owned by the NFL, or as to the origin, sponsorship, or approval of defendant’s goods services or commercial activities. Generally speaking, a “likelihood of confusion” exists when consumers viewing the allegedly infringing mark would probably assume the product or service it represents is associated with the source of a different product or service identified with a similar mark.

The NFL’s strong-arm tactics were successful in getting Fox to abandon his trademark application. The threat of a lengthy and costly legal battle is often enough to deter people from pursuing trademarks that another trademark owner – in this case the NFL – considers to be possibly infringing, even if the USPTO or a court may not ultimately agree.

It is unclear who would have prevailed had this case been contested, but it seems unlikely that the NFL ultimately would have prevailed. While it is clear in some sense, with the benefit of knowing now that the Ravens and 49ers are in the championship game, that “Harbowl” or “Harbaugh Bowl” is referring to the “Super Bowl” (which is a trademark owned by the NFL), it likely would not have risen to the “likelihood of confusion” level that would be needed for the NFL to prevail before the USPTO or in court.

Ifrah Law is a leading white-collar criminal defense firm that focuses on a variety of practice areas. View all.

related practices at ifrah law:
View all
posted in:
Fraud
Jan 28
2013

A Cautionary Tale for Data Privacy Day

Angered by the recent tragic suicide of Internet activist Aaron Swartz, a group of hackers claiming to be from the group Anonymous, made threats over the weekend to release sensitive information about the United States Department of Justice. The group claimed to have a file on multiple servers that is ready to be released immediately.

Swartz’s suicide has served to mobilize the group Anonymous, a loosely defined collective of Internet “hacktivists” that oppose attempts to limit Internet freedoms. Anonymous is a staunch advocate of open access to information, as was Swartz. Anonymous said that Swartz “was killed” because he “faced an impossible choice.”

Swartz was facing federal computer fraud charges that carried a maximum sentence of 35 years in prison, although in reality he probably would not have been given a sentence anywhere near approaching the statutory maximum. Prosecutors told Swartz’s legal team they would recommend to the judge a sentence of six months in a low-security setting.

The charges arose from allegations that he made freely available an enormous archive of research articles and similar documents offered by JSTOR, an online academic database, through the computers at the Massachusetts Institute of Technology.

Swartz was a leading activist involved in the movement to make information more freely available on the Internet and is credited with helping to lead the protests that ultimately defeated the Stop Online Piracy Act (SOPA), a statute that would have significantly broadened law enforcement powers in policing Internet content that may violate U.S. copyright laws.

Earlier this month, Rep. Zoe Lofgren (D-Calif.) indicated that she is drafting a bill that she terms “Aaron’s Law,” which would limit the scope of the Computer Fraud and Abuse Act, a 1986 law that prosecutors used to help bring these charges against Swartz.

The hackers reportedly hijacked the website of the United States Sentencing Commission, the federal agency responsible for the federal sentencing guidelines for criminal offenses. They said that the Sentencing Commission’s website was chosen because of its influence in creating sentences that they deemed unfair. The hackers posted a message that demanded reform of the criminal justice system or threatening that sensitive information would be leaked. Anonymous also posted an editable version of the website, which invited users to edit it as they pleased.

Today is Data Privacy Day. These recent incidents serve to show that no organization – not even the U.S. Department of Justice – is immune from security breaches. Data breaches and data losses will occur and it is crucial for an organization to be prepared and have policies in place to allow a quick response when something does happen.

The legal ramifications and bad publicity that follow such an incident can be very damaging to an organization. However, by making sure that you are prepared, you can minimize your damages. Preparedness involves consultation across a range of specialties, including information technology, legal advice, and public relations. The impact that a data breach or loss can have on the bottom line of any organization is enormous and preparation is the best method to combat it.

A data breach or data loss can also have far-reaching legal consequences under international, federal and various state laws. For example, companies may not realize that if they have even a few employees or customers in a state, it may trigger a number of different requirements under state privacy laws. In order to avoid problems with federal agencies or state attorney general offices, it is best for companies to have a plan in place in advance and make sure they are already compliant with all relevant laws.

Ifrah Law is a leading white-collar criminal defense firm that focuses on data privacy, and online piracy.

related practices at ifrah law:
Data Privacy, Online Piracy
Jan 24
2013

Criminal Background Checks? The FTC Knows There’s an App for That

As we cautioned in a September post, the FTC is stepping up enforcement actions against mobile app developers for failure to comply with consumer protection principles. This month, the FTC took another major step in that direction with a groundbreaking settlement applying the Fair Credit Reporting Act (FCRA) to app developers Filquarian Publishing, LLC, Choice Level, LLC, and Joshua Linsk.

The FCRA is a consumer protection statute designed to regulate the collection, dissemination, and use by companies of consumer information. Filquarian markets mobile apps that run background checks using criminal records obtained from Choice Level, and Linsk is the owner and sole officer of both companies.

Although this was the first time that the FTC has applied the FCRA to a mobile app developer, the prospect has been on the horizon for quite some time. Last February, the Commission issued a press release announcing that it had issued official warning letters to marketers of six mobile apps for background screening. The warnings were explicit: “If you have reason to believe that your background reports are being used for employment or other FCRA purposes,” both you and those customers must comply with the FCRA. Additionally, the FTC posted a “Word of Warning” on its Business Center Blog, informing the public about the warning letters and cautioning app marketers that “disclaimers or not, the FCRA would still apply.”

According to the FTC, Linsk and his companies failed to heed these conspicuous warnings. As detailed in the FTC complaint, since at least 2010, Filquarian had been specifically targeting employers with ads like this one: “Are you hiring somebody and wanting to quickly find out if they have a record? Then Texas Criminal Record Search is the perfect application for you.” Instead of attempting to comply with the FCRA, the FTC’s complaint said, Filquarian and Choice Level posted a disclaimer stating that the companies were not complaint with the FCRA, that their reports were not to be considered screening products for the various FCRA-proscribed purposes, and that the users of their reports assume sole responsibility for FCRA compliance.

The complaint against them cited numerous FCRA violations: (i) regularly furnishing reports to individuals who did not have a permissible purpose to use them, (ii) failing to maintain any procedures for assuring maximum possible accuracy of information provided in the reports, and (iii) failing to provide required notices to users of the consumer reports. The agency concluded that the disclaimers were not enough to absolve the company of FCRA liability, especially when the disclaimer directly contradicts express representations in the company’s advertisements.

Again, we urge all mobile app developers to be aware of the following principles to reduce the likelihood of an FTC enforcement action: (i) an app is no different from an Internet website, which is no different from a print ad, (ii) you’d be smart to pay attention to the FTC’s warnings to other companies and their enforcement actions, and (iii) disclaimers are important but often they simply aren’t enough to avoid liability. Also, the FTC has definitely shown that it will use its broad statutory authority and apply existing laws and regulations – including the 1970s -era FCRA — to mobile apps and other online offerings.

Ifrah Law is a leading white-collar criminal defense firm that focuses on data privacy.

related practices at ifrah law:
Data Privacy
posted in:
Privacy
Jan 21
2013

NLRB: Use of Social Media Can Be Protected Employee Activity

The rise of social media has led to the application of old law to new forms of communication. For instance, an effort by the National Labor Relations Board to educate workers on their right to engage in protected concerted activity has left some employers feeling that the NLRB went too far in supporting employees’ rights – particularly their right to post disparaging work-related comments on social media forums without reprisal.

Section 7 of the National Labor Relations Act (NLRA) protects all private-sector employees’ absolute right to engage in protected concerted activity, including the right to discuss among themselves their wages, hours, benefits and other terms and conditions of their employment. Generally, this requires two or more employees acting together to improve wages or working conditions, but the action of a single employee may be considered concerted if he or she involves co-workers before acting, or acts on behalf of others. It also requires that the improvement sought benefit more than just the employee taking action, so as to distinguish protected concerted activity from mere individual complaints.

Last year, the NLRB launched a website seeking to educate workers on their right to engage in protected concerted activity. The site provides several examples of cases in which employers violated an employee’s right to engage in protected concerted activity over the Internet. For example, in one case the NLRB issued a complaint against an employer that terminated an employee who criticized her supervisor on Facebook. The Board also found that the employer’s Internet policy, which prohibited employees from making negative statements about the company or supervisors, interfered with the right to engage in concerted activity.

The NLRB has in fact ruled in workers’ favor in a number of social media cases. For example, in Hispanics United of Buffalo, the NLRB considered a case in which an employer discharged five employees because of their Facebook posts. In that case, an employee went on Facebook to solicit her coworkers’ thoughts on work-related criticism she received from a fellow employee. In response, four coworkers weighed in about working conditions, work load and staffing issues at the company. All of the employees’ posts were made off-duty on the employees’ personal computers. The employer terminated all five employees, claiming that their comments constituted harassment of the employee mentioned in the initial post.

An NLRB administrative law judge reviewed the case and found that the employees had been unlawfully discharged. The ALJ found that the NLRA protects employees in “circumstances where individual employees seek to initiate or to induce or to prepare for group action, as well as individual employees bringing truly group complaints to the attention of management,” even if that action takes place online. Since the employees were discussing the terms and conditions of their employment, the discussion was protected concerted activity within the meaning of Section 7 of the NLRA.

While cases like Hispanics United of Buffalo have served as a rallying cry for employers on the NLRB’s perceived overreaching in support of workers, a recent report on NLRB social and general media cases reveals that the NLRB actually sided with employers in slightly more than half the time by finding that employees’ statements on Facebook or Twitter did not constitute “protected concerted activity” under the NLRA. For example, in Karl Knauz Motors, Inc., the NLRB found that an employee was lawfully terminated for his Facebook postings about an accident that took place at a car dealership owned by his employer. The NLRB found that these comments were not protected because they were not related to the terms and conditions of his employment.

Similarly, in another case brought before the Board, an employee who had just been reprimanded by her supervisor posted a Facebook status that consisted of an expletive and the name of the company that employed her. One of her coworkers “liked” that status. Half an hour later the same employee posted a comment expressing her belief that the company did not value its employees. None of the employee’s coworkers responded to that posting. The company terminated the employee for her postings.

On review, the NLRB upheld the employee’s termination, finding that the posts were merely the expression of a personal gripe. The NLRB’s Associate General Counsel summarized the Board’s reasoning by stating, “The Charging Party had no particular audience in mind when she made that post, the post contained no language suggesting that she sought to initiate or induce coworkers to engage in group action, and the post did not grow out of a prior discussion about terms and conditions of employment with her coworkers. Moreover, there is no evidence that she was seeking to induce or prepare for group action or to solicit group support for her individual complaint. Although one of her coworkers offered her sympathy and indicated some general dissatisfaction with her job, she did not engage in any extended discussion with the Charging Party over working conditions or indicate any interest in taking action with the charging party.”

Despite the uproar over the NLRB’s application of “protected concerted activities” to social media, this does not represent a shift from the NLRB’s previous decisions. It merely applies existing policy to a new set of facts brought about by technological changes in how workers communicate. As before, employers may set limits on employee’s social media activities as long as they do not impinge on the employees’ protected concerted activities.

Ifrah Law is a leading white-collar criminal defense firm that focuses on online fraud and abuse.

related practices at ifrah law:
Online Fraud and Abuse
posted in:
Internet Law
Connect with Us Share

About Ifrah Law

Crime in the Suites is authored by the Ifrah Law Firm, a Washington DC-based law firm specializing in the defense of government investigations and litigation. Our client base spans many regulated industries, particularly e-business, e-commerce, government contracts, gaming and healthcare.

Ifrah Law focuses on federal criminal defense, government contract defense and procurement, healthcare, and financial services litigation and fraud defense. Further, the firm's E-Commerce attorneys and internet marketing attorneys are leaders in internet advertising, data privacy, online fraud and abuse law, iGaming law.

The commentary and cases included in this blog are contributed by founding partner Jeff Ifrah, partners Michelle Cohen, David Deitch, and associates Rachel Hirsch, Jeff Hamlin, Steven Eichorn, Sarah Coffey, Nicole Kardell, Casselle Smith, and Griffin Finan. These posts are edited by Jeff Ifrah. We look forward to hearing your thoughts and comments!

Visit the Ifrah Law Firm website

Popular Posts