Trade SecretIf a company receives confidential data from a business partner, identified as such by a Non Disclosure Agreement or similar means, the company is responsible for caring for
Trang 1Current Overview of Legal Liability
Presented By:
Neil Bortnak Internet Consultant
Trang 3- I am not a lawyer
- You must seek counsel in your home state or country
- The following slides and lecture are the result of
my own research and opinions
- Neil Bortnak does not hold any
responsibility for your actions in regard
to this information
Trang 5Negligence: The failure to use such care as a
reasonably prudent and careful person would use
under similar circumstances
Foreseeability: The reasonable anticipation that harm or injury is a likely result from certain acts or omissions
Trang 7Trade Secret
If a company receives confidential data from a
business partner, identified as such by a Non
Disclosure Agreement or similar means, the company
is responsible for caring for that data as if it were it’s own, but with no less care than would be deemed
reasonably prudent
Trang 8Trade Secret
- Insecure Corporation receives confidential
information from Unwitting Inc
- Insecure stores the information in a general purpose directory that is accessible my most staff
- An employee sends an e-mail to a competitor of
Unwitting
Trang 9Trade Secret
- The employee accidentally attaches Unwitting’s file, which is similar in name to the intended file
- The competitor receives the information
- Insecure could be held liable
Trang 10- ISP Ltd offers a web hosting service for large
companies
- News Inc and SportsCo contract ISP to host and
maintain their respective sites
- ISP is aware that security is an issue but chooses to ignore the issue due to the high cost
Trang 11- A cracker breaks into ISP’s site and defaces the home pages and steals credit card numbers
- News Inc and SportsCo lose reputation, customer
confidence, sales and monies related to the cost of downtime
- HugeISP can be found liable
Trang 12Frames & Links
- External content presented as own
- Crosses many legal issues
Trang 13Types of Linking at Issue
Stealing
Site
OriginalContentSiteOriginal
Text
OriginalStolen
HTML Page
In-Line Linking
Example: The Dilbert Hack Page
Trang 14Types of Linking at Issue
Stealing
Site
OriginalContentSite
HTML Page
Framed Linking
Example: TotalNEWS
Trang 15Frames & Links
- Direct Linking is also a problem
- Advertising revenue is the major
Trang 16Defamation: Is a statement that harms the reputation
of another person in the eyes of the community
Possibly eliciting unpleasant feelings against the
victim or exciting hatred, ridicule or contempt
Libel: Defamation by writing
Slander: Defamation by speaking
Trang 17Defamation Defenses
- Truth: A true statement is not defamation
- Absolute Privilege: Statements made to family
members or as a witness in court, a legislative
hearing or an executive hearing are immune from
prosecution
Trang 18Defamation Defenses
- Qualified Privilege: Protection for statements made without malice under certain circumstances
- Opinion: If the statement is a matter of opinion, such
as “Bill Gates is a terrible businessman”, there is no defamation Phrasing a fact as though it were an
opinion confers no protection
Trang 19Defamation Defenses
- Service Providers: No provider can be held liable for content originating from third parties over which it
exercises no control
- Public Figures: They can’t sue for defamation
unless they can show the writer/publisher knew the statement was false, or did not adequately confirm
the information stated
Trang 20- Zeran vs America Online
- Wade Cook Financial Corp vs John Doe
Trang 21Downstream Liability
- If your computers are insecure and an attacker uses them to inflict damage upon another company, the victim could sue you for some or all of the damages
as a result of your negligence
- To my knowledge, there have not yet been any cases
of downstream liability but it is only a matter of time
Trang 22Sexual Harassment
- E-Mail can be used to harass someone directly
- E-Mail can be used to create a sexually hostile work environment, often stemming from “jokes” sent to
distribution lists or all staff
- E-Mail is often used as evidence
Trang 23Sexual Harassment
Cases
Strauss vs Microsoft
Harley vs McCoach
Trang 24Other Important Issues
- Jurisdiction
- Whose laws apply?
- Professional Ethics
- Does a lawyer or doctor need to
encrypt e-mail containing client
information
Trang 25Protecting Yourself
- Exercise “due diligence”
- Use policy to prevent employees from making costly mistakes
- Policies are an exercise in diligence
- Classify information and apply security controls
appropriately
- Policies are enforced
Trang 26Protecting Yourself
- If linking to an external site:
- “Is an ordinary user going to be confused as to the origin of the content?”
- “Am I affecting the sites advertising revenue?”
- Don’t link too deeply
Trang 27Protecting Yourself
- Protect data from business partners
with extra care
- Use strong policy to mitigate e-mails
with sexual or libelous content
- Consult a lawyer in your native
jurisdiction
Trang 29- Tort: A civil or private wrongdoing
- Intrusion Upon Seclusion: One of four torts protecting
the right to privacy The act of intentionally intruding
upon the solitude of another’s private affairs or
concerns Must be highly offensive to a reasonable person in order to constitute a tort
Trang 30How cases are decided
- To determine if the intrusion is offensive enough to be
a tort the court examines
- Degree of Intrusion
- Context
- Conduct and circumstances
- Intruders motives and objectives
- Setting
Trang 31How cases are decided
- The critical aspect of most cases is measuring the
Reasonable Expectation of Privacy vs the Legitimate Business Need
- Business need can override personal privacy but
bears the burden of proof
Trang 32Other Factors
- Laws vary from state to state
- Clear policy can decide issue
- Burden of proof higher for public sector employers due
to 4th Amendment protection against unreasonable search and seizure by a state entity
- Private sector can be held to 4th if acting under color
of government
Trang 33Other Factors
- Email is discoverable Consider your retention and
retrieval policies
Trang 34- Electronic Communications Protection
Act
- Affects only interstate commerce
- Has several exceptions
- Can affect commerce in one state if
traffic flow moves outside
- Unlikely to apply to internal mail systems
Trang 35Protecting Yourself
- Reduce the employee’s Reasonable Expectation of Privacy as far as possible
- Best way to accomplish that is to have strong policy
- Even with policy, limit intrusion
- If you must intrude, limit disclosure
Trang 36Protecting Yourself
- A good policy would include:
- Business use only
- Not for improper communication
(i.e sexual jokes, hate literature)
- No solicitation, you may need to
provide and alternative
- Right to review e-mail
Trang 37Protecting Yourself
- Do not limit the reasons for checking
- Tell employees that deleting a
message does not necessarily delete it
- Allowance for disciplinary action and
employee discharge for policy breach
- Have employees sign for it
Trang 38- O’Connor vs Ortega
- Bourke vs Nissan Motor Co
- K-Mart Corp Store No 7441 vs Trotti
- Shoars vs Epson of America
- Michael and Lisa Huffcut vs McDonalds
- Nader vs General Motors
Trang 39Ortega vs O’Connor
- Ortega’s office was searched when he
was suspected of mismanagement
- Ortega had a private office containing
personal effects
- Ortega sued hospital
- Hospital won summary judgement
- Ortega appealed and won
Trang 40Ortega vs O’Connor
- O’Connor appealed to Supreme Court
- Supreme Court remanded the case to
the appeals court for further
proceedings and wrote a very split
decision
- Appeals court retried case
- Remanded for new trial due to errors
Trang 41Bourke vs Nissan
- Bonita Bourke’s personal e-mails of a
sexual nature were discovered by
another employee during an e-mail
training session for new employees
- Nissan issued a written warning
- Bonita resigned and sued for invasion
of privacy amongst others
Trang 42Bourke vs Nissan
- Court issued summary judgement in
favor of Nissan because:
- Bonita signed a waiver regarding
company e-mail policy
- Bonita knew others had access
- Appeals court upheld decision
Trang 43csl_lessons.html