Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Southern Methodist University Digital Branding Class on October 27, 2020.
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
The Dark Side of Digital Engagement
1. Spencer Fane LLP | spencerfane.com
The Dark Side of Digital Engagement
Shawn Tuma | Partner & Co-Chair, Data Privacy and Cybersecurity | Spencer Fane LLP
3. Spencer Fane LLP | spencerfane.com
Branding Overall Goal
Overall perception that
you create
Everything
about you
• social media is one tool, but others
• dress, present yourself
• office décor
• activities, events, sponsorships
• work quality, efficiency, craftsman v. mass producer
• work subject matter
Can be good or
can be bad
If your lawyer is
talking on a flip phone
and suit ≠ fit, = jail!
The Dark Side of Digital
One slip can destroy all good
How do we
protect our
brand?
Common
pitfalls
7. Spencer Fane LLP | spencerfane.com
Ownership: PhoneDog v. Kravitz
• PhoneDog (employer) / Kravitz (employee / blogger)
• @PhoneDog_Noah had 17,000 followers
• Kravitz resigned, refused to turn over his Twitter account, changed handle to
@noahkravitz and grew to 24,000 followers
• PhoneDog sued (7/15/11), heavy litigation, settled (12/12) = 1.5 yrs of fees &
Kravitz still has @noahkravitz
THE TAKEAWAY:
Every company needs a contractual agreement that clearly states who owns social media
accounts used on behalf of the company.
8. Spencer Fane LLP | spencerfane.com
Other Ownership / Control Issues
• Sale / M&A / Bankruptcy = company asset
• Personal – who updates when you pass?
– Facebook: designate legacy contact
– Google: designate up to 10 legacy contacts
– Twitter: delete account (lawful rep / family member)
– LinkedIn: delete account (lawful rep / family member)
– Pinterest: delete account (lawful rep / family member)
10. Spencer Fane LLP | spencerfane.com
Your IP: Trade Secrets, Confidential and Proprietary
Information?
• Do you want to tell your competitors?
• Customer / vendor lists
– Who are you talking to or following?
• Secret business alliances, strategies, plans
• Business situational awareness
• Intellectual property law
11. Spencer Fane LLP | spencerfane.com
Others’ IP
• Infringement of trademark
• Right to publicity
– name, voice, signature, photo, likeness (statutory after death)
– common law while living if for value
– commercial v. educational or newsworthy
– audience picture v. company promo video
• Infringement of copyright
– attribution isn’t enough
– DMCA Takedown Request
– Google penalizes for too many
• Must have a license or use creative commons
15. Spencer Fane LLP | spencerfane.com
Reputation Management
• Responding
– Sensitive information – HHS / healthcare
• Outing the Anonymous Defamer
– Email ping-back
– Communications Decency Act (must dispute)
• Be nice – if legit, address
• Best – pay good PR firm ≠ litigate
• Litigation???
Who
“are”
you ?
Church w/
TM
Bullyville?
– or –
16. Spencer Fane LLP | spencerfane.com
Someone Talking Bad About Your Business Online?
Defamation rules apply online but…
• The “Streisand Effect”
• Anti-SLAPP (Strategic Lawsuits
Against Public Participation)
• ≠ assign copyright of reviews
• ≠ charge $500 per bad review
18. Spencer Fane LLP | spencerfane.com
Social Media as Evidence
• “The law has a right to every man’s evidence.”
• Courts look to social media for public posts, private messages, “Likes”, etc.
– Club’s SM before Cowboys’ Josh Brent wreck killing Jerry Brown: “I have 12
#Cowboys in theeee building!!!!!!!!!! #Privae” … “These fools buying Ace on top of
Ace!!!!!!!”
– Danielle Saxton’s Facebook “selfie” wearing stolen merchandise – easy evidence!
– Daughter’s $80,000 Facebook “brag”
• So, we had this trial recently …
19. Spencer Fane LLP | spencerfane.com
Social Media as Evidence Objection!
Overruled.
20. Spencer Fane LLP | spencerfane.com
Minimizing the Risk
• Monitor, Regulate & Archive SM
– Necessary if regulated industry
• finance, insurance, energy & utilities, healthcare, government, legal
• Do not delete if in or anticipating litigation
– Cannot permanently delete account, may be able to “take down”
– Cannot selectively delete posts
– Archiving may be an option
• Document Retention Policy
– Have it; follow it; comply with litigation holds
22. Spencer Fane LLP | spencerfane.com
How I Am Using PR / Marketing / Branding in Practice
• PR / marketing / branding in Cybersecurity & Privacy
– Engaging in Controversial Issues = Anon DDoS Attack
– Privacy Policies & TOS
– PR critical in Incident Response
• Manage the message
• Ensure accuracy
• Engaging with critics after data breach
23. Spencer Fane LLP | spencerfane.com
While We’re Talking “Hacking”
No, your Facebook Account was not “hacked,” it was likely “cloned”
24. Spencer Fane LLP | spencerfane.com
Speaking of Not “Hacking”
No, the Russians did not “hack” the 2016 election, they did run a very
successful information warfare campaign using social media!
• Sun Tzu, The Art of War (512 B.C.)
– “The whole secret lies in confusing the enemy, so that he cannot fathom our real intent.”
– “If his forces are united, separate them. If sovereign and subject are in accord, put division
between them.”
– “Supreme excellence consists of breaking the enemy's resistance without fighting.”
• Dezinformatsia – why? How to we protect against?
• Greatest “cyber” threat?
• [Russia / Iran / China / N. Korea / Syria / et al] will likely try to actually “hack” aspects
of future elections.
25. Spencer Fane LLP | spencerfane.com
One More Thing About “Hacking”
If you are using ImADinosaur@aol.com for business and haven’t changed your
password since creating your account, was it really “hacked”?
• i.e,
– Message 1: “yes, please process my tax return like you did last year”
– Message 2: “oh, but send the refund to this bank account instead”
26. Spencer Fane LLP | spencerfane.com
One More One More Thing About “Hacking”
If you are using MS O365 – you had better be using Multi-Factor
Authentication!
TRUST ME!!!
28. Spencer Fane LLP | spencerfane.com
WHO IS RESPONSIBLE IF THE CONTRACT DOES NOT SAY?
The dispute in Travelers Casualty and Surety Co. of America v. Ignition Studio, Inc. reveals that their
contract did not address several important cybersecurity issues. This case began with Alpine Bank, a
financial institution, hiring Ignition Studio, a professional website design company, to design and host
its website.
Ignition Studio designed and, apparently, hosted the website for Alpine Bank. Some time later, hackers
attacked the website and caused a data breach that caused Alpine Bank to incur $154,711.34 in
expenses to comply with its data breach response obligations.
30. Spencer Fane LLP | spencerfane.com
• What your company’s employees say or do can hurt you!
– communications
– tortious interference
– defamation (libel, slander, bus. defamation)
– false advertising & false warranties
– privacy / data breaches
– online impersonation
– harassment and cyber-bullying
– “puffery” of facts
Tort Claims
31. Spencer Fane LLP | spencerfane.com
Federal Agencies are Watching
• FTC – Investigated Hyundai for not disclosing incentives given to bloggers
for endorsements
– Google (Fed. Ct. in Oracle v. Google)
• HHS & OCR – could have investigated hospital worker who posted patient
“PHI” on Facebook “Funny, but this patient came in to cure her VD and get
birth control.”
• SEC – false statements in raising funds (SEC v. Imperia Invest. IBC) or
insider information “Board meeting. Good numbers = Happy Board.”
before official release
• Regulatory law
33. Spencer Fane LLP | spencerfane.com
Potential Trouble Spots?
• Giveaways and contests can be trouble for many reasons – do not do them
on social media without careful consideration and vetting
– Some sites’ TOS prohibit
– Jurisdiction gambling and contest rules
• Example: Facebook’s Page Terms
37. Spencer Fane LLP | spencerfane.com
General Strategy for Policies
• Recognize and appreciate potential issues
• Decide how to handle those issues
• Educate your team on those issues
• Collaborate and train on how to comply with and resolve issues
• Create and outline procedures for using social media
• Monitor (to some degree) to ensure compliance
38. Spencer Fane LLP | spencerfane.com
Social Media Policies Are a “Must Have”
• Ounce of prevention: less than 1 day of litigation
• If have, must enforce
• Trying to predict issues – but evolving – can’t get all
• Contractually resolve issues such as ownership and authority
• Great opportunity to set rules and document expectations
• Training – greater opportunity to explain and ensure understanding of
expectations
• Put on notice of monitoring – and actually monitor!
• Should address employment issues
40. Spencer Fane LLP | spencerfane.com
Will the National Labor Relations Board Allow It?
• NLRB jurisdiction = impacts interstate commerce
• National Labor Relations Act (NLRA) sec. 7 gives employees right to engage
in “concerted activities for the purpose of … mutual aid and protection”
• NLRB finds illegal any policy provision that (a) restricts or (b) an employee
would reasonably construe to chill concerted activities
• On 5/30/12 NLRB General Counsel issued its 3rd Report on Social Media
Policies in 1 year period (8/11 & 1/12)
• Has continued – with several since then
41. Spencer Fane LLP | spencerfane.com
Can You Guess Who the NLRB is Pulling For?
• Making it very difficult for businesses to protect themselves
• Social media policies must now be carefully tailored to
– Address unique business and legal needs of your business
– Be enforceable and lawful in a court of law
– Be legal in the eyes of the NLRB
• Examples of provisions found illegal by NLRB
45. Spencer Fane LLP | spencerfane.com
Richmond Dist. Neighborhood Center v. Callaghan
“The question is whether the
conduct is so egregious as to
take it outside the protection
of the Act, or of such
character as to render the
employee unfit for further
service.”
46. Spencer Fane LLP | spencerfane.com
56 Pier Sixty, LLC (NLRB March 31, 2015)
• Employee on Facebook: called his manager a “NASTY MOTHER F****R”
and a “LOSER,” said “f**k his mother and his entire f***ing family,” and ended
the post by saying “Vote Yes for the Union!”
• Company fired him.
• NLRB: Firing improper. Feeling of mistreatment motivated statements and
employees were simultaneously seeking redress through upcoming union
election which made statements protected, concerted activity.
• Comments not egregious enough.
47. Spencer Fane LLP | spencerfane.com
What is the NLRB Really Looking For?
• Clarity and precision
• Examples of do’s and don’ts that give context and real-life meaning to the
rules
• Implementation + training =
49. Spencer Fane LLP | spencerfane.com
Cyber Insurance
• If you are doing anything in cyberspace, you need it. Period.
• Most traditional insurance does not cover cyber-events, even if you think it
does (really!)
• Cyber-Insurance is relatively inexpensive
• Many policies include a cyber-risk audit before being underwritten
• Policies can cover social media risk, computer fraud risk, and data breach /
hacking risk
• You must get your vendors / law firm’s pre-approved!
51. Spencer Fane LLP | spencerfane.com
• Social Media is wonderful!
• Must find proper balance within the rules
• Communicate – yep, just talk about it internally, like, over coffee!
• Spend time with employees to help them understand and possibly
collaborate on the rules
• Create a social media policy
– Address unique business and legal needs of your business
– Be enforceable and lawful in a court of law
– Be legal in the eyes of the NLRB
• Enforce your social media policy
• Seriously consider cyber-insurance!
52. Spencer Fane LLP | spencerfane.com
Shawn Tuma
Co-Chair, Cybersecurity & Data Privacy
Spencer Fane LLP
972.324.0317
stuma@spencerfane.com
• 20+ Years of Cyber Law Experience
• Practitioner Editor, Bloomberg BNA – Texas
Cybersecurity & Data Privacy Law
• Council Member, Southern Methodist University
Cybersecurity Advisory
• Board of Advisors, North Texas Cyber Forensics Lab
• Policy Council, National Technology Security Coalition
• Board of Advisors, Cyber Future Foundation
• Cybersecurity & Data Privacy Law Trailblazers,
National Law Journal (2016)
• SuperLawyers Top 100 Lawyers in Dallas (2016)
• SuperLawyers 2015-19
• Best Lawyers in Dallas 2014-19, D Magazine
• Chair-Elect, Computer & Technology Section, State Bar of
Texas
• Privacy and Data Security Committee of the State Bar of
Texas
• College of the State Bar of Texas
• Board of Directors, Collin County Bench Bar Conference
• Past Chair, Civil Litigation & Appellate Section, Collin
County Bar Association
• Information Security Committee of the Section on
Science & Technology Committee of the American Bar
Association
• North Texas Crime Commission, Cybercrime Committee
& Infragard (FBI)
• International Association of Privacy Professionals (IAPP)