California S.B. 568: A License to Bully?

cyberbullying“We are masters of the unsaid words, but slaves of those we let slip out.” – Winston Churchill

On January 1, 2015, California Senate Bill 568, titled “Privacy Rights for California Minors in the Digital World,” (the “Privacy Law”) took effect.  Among other provisions, the new Privacy Law includes the “Eraser Law,” which gives California minors a right to delete content that they posted to a website, social media profile, or online service while under the age of 18. S.B. 568.[1] In other words, the new law protects minors who post content online from later dealing with the consequences of what they post. Its proponents are hailing the first-in-the-country law as a good step toward giving under-18 Internet users a chance to remove regrettable postings and preserve their reputation. The problem, however, is that the new law is focused on remedying the wrong issue. Internet users already have the ability to remove their own embarrassing content, and the new Privacy Law does not change that.[2] The real issue is harmful content posted online about others (i.e., defamatory texts, embarrassing pictures, etc.).

»» Read More

Posted by Matt Bruce
Data Security
January 22, 2015


threatIn December 2014, movie theaters found themselves in a predicament. Following an anonymous hacker’s threat to release confidential data stolen from Sony Pictures’ computer network (and the subsequent fulfillment of that threat), hackers threatened a terrorist attack on any theater that showed Sony’s film “The Interview.” In addition to concerns for the safety of their employees and patrons, the theaters presumably considered potential financial harm and legal consequences if the threatened violence became a reality. The vast majority of theaters decided that it was too risky to screen the movie.

Sony and movie theaters surely will not be the last companies ever threatened with embarrassment or violence, especially given the perceived success of the hackers’ threats. One issue that companies should therefore think about is the potential for being sued if a threat is made against them, carried out, and someone is injured or harmed. A claim that the company was negligent in its handling of the situation would be expected. Negligence is the failure to use “the skill, care and diligence that a reasonably careful person would use under the same or similar circumstances.” Peffer v. Cleveland Clinic Found., No. 94356, 2011 Ohio App. LEXIS 390, at *21 (Cuyahoga Cty. Feb. 3, 2011).

»» Read More

Posted by Michael Mayer
Data Security
January 13, 2015

A Few Things We Can Learn from Sony

sony hackEating up the data breach airways for the past month has been the hacking of Sony Pictures. As with any breach in the news, the Internet is full of articles criticizing Sony and its approach to not only the security issues but the messaging. That is not the purpose of this blog. Rather, I subscribe that all entities will be breached, and it is not a matter of “IF” but “WHEN.” I would prefer to use the incident as an opportunity to discuss just a few key information privacy and security principles that I think have been illustrated by this breach. I would think any business, regardless of size or industry, would do well to consider each as an opportunity to learn more and continue to improve its data governance planning.

»» Read More

Posted by Scot Ganow
Data Security
January 5, 2015

Next Page »