Tag Archives: privacy

From the “Who Did This, Anyway?” File: Wisconsin Now Prohibits Employers from Requesting Employee Personal Social Media Passwords.

Blog Pic - WI CapitolIn what strikes me as a solution in search of a problem, Wisconsin law was recently changed to prohibit employers from “request[ing] or requir[ing] an employee  or applicant for employment, as a condition of employment, to disclose access information for the personal Internet account of the employee or applicant or to otherwise grant access to or allow observation of that account.” While I’m guessing that some employer somewhere in the state requested this information at some point (or someone just imagined they might do it some day), I am not aware of any employers who actually requested employees’ private social media passwords.

With all the hype about this new employee privacy right, I think it’s important for employees and employers alike to realize that employers still have many rights when it comes to social media, IT, and what employees may do on the employer’s time and equipment.

What does the new law prohibit?

Wisconsin employers cannot request or require user name and password information (among other security information) that protects access to fingerprintemployees’ personal Internet accounts. Continue reading From the “Who Did This, Anyway?” File: Wisconsin Now Prohibits Employers from Requesting Employee Personal Social Media Passwords.

Online Privacy, Do Not Track, and the “Post-Cookie” World: New Guidance from the IAB

115562673_03b7fceea6_nEven as website owners and operators struggle with how to comply with recent changes to the law governing Online Privacy Policies, changes to the underlying technology are in the works, bringing about the so-called “Post-Cookie World” and begging the question of how to adapt your online privacy policy to meet this new technology. I won’t pretend to understand the intricacies of cookie or post-cookie technology; my concern is drafting online privacy policies for my clients that adequately address whatever technology is currently in vogue and understanding just enough of it to do so.

In an effort to understand the underlying technology just enough to be dangerous (and glean some drafting principles that may follow from it), I recently came across guiding principles for developing cookie replacement technology published by the Interactive Advertising Bureau (“IAB”) entitled “Privacy and Tracking in a Post-Cookie World.” In developing its guiding principles, the IAB begins by “Imagining a world where HTTP cookies were never invented” and suggests that, in developing alternatives to the cookie for tracking consumers, it is important to bear in mind what the consumer wants.  In my experience dealing with regulators who have no concept of something being outside their regulatory authority (particularly with consumers complaining to them), the IAB is correct that a proactive approach could keep the regulatory wolves at bay: Continue reading Online Privacy, Do Not Track, and the “Post-Cookie” World: New Guidance from the IAB

Record Retention Policy: Why It is in Your Company’s Best Interest to Have One

Bunch of Papers by Seiichi Kusunoki - Visual Maintenance*
Bunch of Papers by Seiichi Kusunoki – Visual Maintenance*

There are good legal and practical reasons for your company not to hold onto every document that comes across its proverbial desk. There are also good reasons not to destroy documents too hastily. Instead,  you can adopt a well-considered record retention policy that dictates which documents are retained, for how long, and when to destroy them. Working with your legal counsel to draft the policy will help ensure the proper timeline for document destruction and help you avoid legal headaches.

First Things First – What is a Record?

Records include essentially all documents created or kept by the business in paper (or other tangible format) or electronic form. This includes paper-based documents, e-mails, electronic files and programs, desk calendars and appointment books, photographs, plans, maps, diagrams, and various other vehicles for the transmission of language, images, plans, and numbers.             Continue reading Record Retention Policy: Why It is in Your Company’s Best Interest to Have One

Shedding Light on the Importance of Having an Accurate Privacy Policy

Brightest Flashlight2Goldenshores Technologies, LLC developed The Brightest Flashlight Free app, which allowed users to use their mobile devices as a flashlight by simultaneously activating all of the device’s
light sources. According to the FTC, this app was downloaded millions (tens of millions, actually) of times.  At the same time it was lighting up the user’s world, The Brightest Flashlight Free app was enlightening third parties to the user’s personal information, including precise geolocation and unique device identifiers. As described by the FTC:

While running, however, the application also transmits, or allows the transmission of, data from the mobile device to various third parties, including advertising networks. The types of data transmitted include, among other things, the device’s precise geolocation along with persistent device identifiers that can be used to track a user’s location over time.

All of which would be fine and dandy if the app had appropriately disclosed to users what it was doing, but the FTC says it didn’t – and filed a complaint against Goldenshores. According to the FTC’s complaint, Goldenshores told users in its privacy policy that personal information collected by the Brightest Flashlight Free app would be used by the company for various internal purposes, but “failed to disclose or failed to adequately disclose” that the app transmitted that personal information to third parties, including advertising networks. Continue reading Shedding Light on the Importance of Having an Accurate Privacy Policy

Quick! Your Online Privacy Policy May be Out of Date

privacypolicyIf you have a commercial website and have not done so already,  NOW is the time to update your company’s online privacy policy. WHY? Because January 1 was the effective date of amendments to California’s Online Privacy Protection Act (“OPPA”); these amendments require additional information in the online privacy policies of covered websites.

But, but, but, I’m not IN California!

Good for you! But that is not how we determine whether OPPA applies. It does not matter where YOU are located – what matters is whether  you collect personal information about California residents who stumble across your commercial website.

How do I know if the law applies to my website?

If you operate a commercial website and collect “personally identifiable information” (PII) about consumers through your website, OPPA applies to your site unless you ensure that PII is not collected from California residents. Good luck with that.  Continue reading Quick! Your Online Privacy Policy May be Out of Date