Over the past couple of years, companies with names like UDiligence and Varsity Monitor have been created to monitor the digital activity of student-athletes. At first glance it may seem like a good idea to require students to provide access to password protected social media content. However, once you understand what this means from a legal and financial perspective you may realize that this is a Pandora's Box that should not be opened.
UDiligence and Varsity Monitor appear to prey on the fears of college athletic departments even though the NCAA recently ruled that schools do not have a duty to monitor password protected social media content. Instead of helping NCAA athletic departments, these services may be exacerbating the situation because it appears they may be encouraging colleges to create new legal duties and violate the constitutional rights of their students along with multiple federal and state laws.
Within the past couple of weeks, both UDiligence and Varsity Monitor have taken down their client lists from their websites. Have the schools pressured them to do so? Or, did both of these companies take down their client lists because the media has started to ask in-depth questions about their services?
Pietrylo v. Hillstone Restaurant Group, 2009 WL 3128420 (D.N.J. 2009), is a case that appears analogous to the situation where schools are "requesting" that their student-athletes provide access to their password protected digital/social media accounts. In Pietrylo, an employee "did not feel free" to deny her boss access to a password protected MySpace account. The jury found that the employer violated the Stored Communications Act and the case was upheld on appeal. Therefore, since students "may not feel free" to deny their athletic departments and/or third parties access to their password protected social media accounts these services may be advising schools to violate the Stored Communications Act.
Since requesting employees to provide access to their password protected social media accounts has been found to violate the Stored Communications Act, it may also violate the Stored Communications Act for NCAA schools to "request" access to their students' password protected social media accounts. Requiring public school students to download applications and/or Facebook Friend university employees or agents may also violate the 1st and 4th Amendments along with the Electronic Communications Privacy Act, and multiple other federal and state laws.
The bottom line is that schools that engage UDiligence or Varsity Monitor may be paying $10,000 plus dollars per year for a service that may be creating more problems than it solves.
To learn more about these issues you may contact me at http://shearlaw.com/attorney_profile.
Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
To inform about the legal, business, privacy, cyber security, and public policy issues that confront those who utilize digital platforms.
Pages
▼
Friday, May 18, 2012
Tuesday, May 8, 2012
SNOPA (HR 5050) May Protect Insurance Companies From Schools and Businesses That Demand Access To Personal Password Protected Social Media Accounts
I have written how the Social Networking Online Protection Act (HR 5050) may benefit employees, job applicants, employers, students, student applicants, and schools. Now, I am going to explain how HR 5050 may benefit insurance companies.
Does the insurance industry realize that multiple schools are creating a massive database of their students' password protected social media content and activities? With access to all of this data these schools may become responsible for everything their students do online and everything that is referenced online and/or inferred online that may occur in the real world.
The Universities of North Carolina, Texas, Nebraska, and Oklahoma may not only be violating the Stored Communications Act with their student-athlete social media policies but also may be creating tremendous insurability problems for their academic institutions.
Each of the above mentioned schools have engaged a company called Varsity Monitor. In order for students to keep their scholarships and play intercollegiate sports at these public institutions, they must Facebook Friend Varsity Monitor and provide unfettered access to their password protected social media/digital content. Varsity Monitor downloads the students' social media content and creates detailed reports about all of the students' digital activities. Requiring a student to provide access to their password protected social media/digital content may violate FERPA and/or other federal and/or state laws
Varsity Monitor along with above schools are compiling vast amounts of personal data on thousands of students. What happens when there is a data breach? In Varsity Monitor's agreements and policies it clearly states that by using their service they are indemnified against any legal issues that may arise. Therefore, when a data breach occurs who will be left paying for it? The schools' insurance companies.
According to the latest Ponemon Data Breach Study, the average cost of a data breach is $194 per record and the overall average organizational cost is $5.5 million dollars. These figures appear to be focused on what I would call traditional data breach issues (compromised social security numbers, dates of births, addresses, etc...) and not personal social media data breach issues (which may include traditional issues plus a list of friends, professional contacts, personal photographs, confidential interactions, potential blackmail information, etc...). Furthermore, according to Ponemon the biggest threat to data breach are those who have access to the data. Therefore, when a student-athlete becomes famous and his social media content contains embarrassing information will Varsity Monitor and/or school employees who have access to the data leak the password protected personal content for personal gain?
Are schools prepared for the increase in legal discovery requests that will accompany all of the data they have accumulated on their students? Are schools telling their insurance companies that they are accumulating all of this unneeded personal data on their students? Do the schools that engage Varsity Monitor or similar service providers such as UDiligence, or Centrix Social know that a data breach at Ohio State a couple years ago may have cost the University $4 million dollars to resolve. These costs included: investigative consulting, notification of the breach, and a calling center to answer questions or concerns.
Ohio State's insurance company may have covered the entire cost of this incident. However, will the insurance industry be willing to cover an incident when a school and/or Varsity Monitor mishandles personal password protected social media content and/or when a school is sued for negligent social media monitoring? This type of lawsuit may contain some of the same arguments as the recent $30 million dollar lawsuit against UVA by the family of Yardley Love. However, because of digital evidence a jury in a negligent social media monitoring lawsuit may award $100 million dollars plus to a plaintiff. If you don't think this could happen you may want to ask Dharun Rhavi's lawyer about the power of social media evidence.
If the insurance industry wants to be protected from having to pay out claims against schools and/or businesses who are requiring their students and/or employees to provide access to their password protected digital content they will support the Social Networking Online Protection Act (HR 5050).
(Full Disclosure: I am working pro bono with Rep. Engel's office on the Social Networking Online Protection Act .)
To learn more about these issues you may contact me at http://shearlaw.com/attorney_profile.
Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Does the insurance industry realize that multiple schools are creating a massive database of their students' password protected social media content and activities? With access to all of this data these schools may become responsible for everything their students do online and everything that is referenced online and/or inferred online that may occur in the real world.
The Universities of North Carolina, Texas, Nebraska, and Oklahoma may not only be violating the Stored Communications Act with their student-athlete social media policies but also may be creating tremendous insurability problems for their academic institutions.
Each of the above mentioned schools have engaged a company called Varsity Monitor. In order for students to keep their scholarships and play intercollegiate sports at these public institutions, they must Facebook Friend Varsity Monitor and provide unfettered access to their password protected social media/digital content. Varsity Monitor downloads the students' social media content and creates detailed reports about all of the students' digital activities. Requiring a student to provide access to their password protected social media/digital content may violate FERPA and/or other federal and/or state laws
Varsity Monitor along with above schools are compiling vast amounts of personal data on thousands of students. What happens when there is a data breach? In Varsity Monitor's agreements and policies it clearly states that by using their service they are indemnified against any legal issues that may arise. Therefore, when a data breach occurs who will be left paying for it? The schools' insurance companies.
According to the latest Ponemon Data Breach Study, the average cost of a data breach is $194 per record and the overall average organizational cost is $5.5 million dollars. These figures appear to be focused on what I would call traditional data breach issues (compromised social security numbers, dates of births, addresses, etc...) and not personal social media data breach issues (which may include traditional issues plus a list of friends, professional contacts, personal photographs, confidential interactions, potential blackmail information, etc...). Furthermore, according to Ponemon the biggest threat to data breach are those who have access to the data. Therefore, when a student-athlete becomes famous and his social media content contains embarrassing information will Varsity Monitor and/or school employees who have access to the data leak the password protected personal content for personal gain?
Are schools prepared for the increase in legal discovery requests that will accompany all of the data they have accumulated on their students? Are schools telling their insurance companies that they are accumulating all of this unneeded personal data on their students? Do the schools that engage Varsity Monitor or similar service providers such as UDiligence, or Centrix Social know that a data breach at Ohio State a couple years ago may have cost the University $4 million dollars to resolve. These costs included: investigative consulting, notification of the breach, and a calling center to answer questions or concerns.
Ohio State's insurance company may have covered the entire cost of this incident. However, will the insurance industry be willing to cover an incident when a school and/or Varsity Monitor mishandles personal password protected social media content and/or when a school is sued for negligent social media monitoring? This type of lawsuit may contain some of the same arguments as the recent $30 million dollar lawsuit against UVA by the family of Yardley Love. However, because of digital evidence a jury in a negligent social media monitoring lawsuit may award $100 million dollars plus to a plaintiff. If you don't think this could happen you may want to ask Dharun Rhavi's lawyer about the power of social media evidence.
If the insurance industry wants to be protected from having to pay out claims against schools and/or businesses who are requiring their students and/or employees to provide access to their password protected digital content they will support the Social Networking Online Protection Act (HR 5050).
(Full Disclosure: I am working pro bono with Rep. Engel's office on the Social Networking Online Protection Act .)
To learn more about these issues you may contact me at http://shearlaw.com/attorney_profile.
Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Sunday, May 6, 2012
NCAA Schools That Require Their Students To Facebook Friend Them May Be Violating the Stored Communications Act
Any school or university that requires its students to Facebook Friend a coach, a school administrator, or a third party in order for their students to keep their scholarships, participate in intercollegiate athletics, etc... may be violating the Stored Communications Act (SCA).
Under the Stored Communications Act, forced Facebook Friending may be against the law. Since the SCA was enacted in 1986, before the existence of modern social media, the Social Networking Online Protection Act (SNOPA) is needed to catch up with modern technology. Any school or university employee who believes that it is legally prudent to require their students to provide them access to their personal password protected digital content without a court order may want to learn more about the lawsuit against the University of Virginia (UVA) by the family of Yardley Love.
Yardley Love was a student-athlete at UVA who was murdered by fellow UVA student-athlete George Huguely. According to ABC News, Yardley Love's family is suing the coaches of the men's lacrosse team along with the athletic director because they allegedly knew or should have known that George Huguely was a danger to others. If UVA was social media monitoring George Huguely and missed or misinterpreted a Tweet, or a Facebook post, or other online content that may have indicated he may be a danger to others this $30 million dollar lawsuit against UVA may have been a $100 million dollar plus lawsuit.
With access comes responsibility. Schools and/or universities that require their students to Facebook Friend coaches, school employees, third parties, etc... and/or require students to install social media monitoring software onto their personal electronic devices may become liable for their students' online content and conduct along with offline conduct that was referred to and/or inferred by a Tweet, Facebook post, blog comment, etc.... Does a school or university want to be sued for negligent social media monitoring or failure to social media monitor?
If a school or university legal department wants to protect itself against these types of social media lawsuits they will enthusiastically support the Social Networking Online Protection Act (HR 5050) because it may provide them a legal liability shield against these claims. If a school or university wants to become the social media police and become liable for their students' online behavior and offline behavior that may have been referred to and/or inferred online that is their prerogative. If so, they may want to obtain cyber liability insurance that contains at least $100 million dollars in per incident coverage to protect against social media lawsuits.
To learn more about these issues you may contact me at http://shearlaw.com/attorney_profile.
Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Wednesday, May 2, 2012
Maryland's Facebook Username and Password Law is a Win For Employers, Employees, and Job Applicants
Maryland Governor Martin O'Malley signed into law today legislation that makes Maryland the first state to ban employers from requiring employees or job applicants to provide access to their personal digital/social media accounts. While Maryland is the first state to enact this type of legislation, California along with other states and the federal government may soon follow Maryland's lead.
Senate Bill 433 is a huge win for the business community because it may provide Maryland businesses with a legal liability shield from plaintiffs who may allege that businesses have a legal duty to monitor their employees' password protected digital content. Unfortunately, some Maryland business groups have underestimated the tremendous win that SB 433 is for the business community. This groundbreaking law may collectively save Maryland businesses millions of dollars a year in costs to monitor their employees' personal digital accounts. In addition, this law may save Maryland businesses millions of dollars per year on cyber liability insurance premiums that would accompany a duty to monitor employees in the digital/social media space.
With access comes responsibility. Since Maryland businesses will not have access to their employees' personal digital content they will not become responsible for their employees' personal social media behavior. Employers do not have a duty to monitor everything their employees do in the privacy of their real world homes so employers do not want to create a duty to monitor their employees in their digital homes.
Do businesses want to have access to content that may demonstrate that an employee is a member of a protected class? There already is a lawsuit alleging "Facebook Like Discrimination". In this lawsuit, a former federal employee alleges that he was discriminated against because his supervisor became aware that he "Facebook Liked" a page that may have indicated his sexual orientation. Therefore, this new law may save employers millions of dollars per year in legal fees and judgments that may accompany access to an employee's personal digital content.
This legislation is also a major victory for employees and job applicants. A Maryland employer may no longer ask employees or job applicants to provide access to their personal digital or social media accounts. For example, during a job interview an employer may not request an applicant log into their personal Facebook account or to "Facebook Friend" a manager. In addition, an employer may not require an employee provide access to their personal password protected digital accounts.
Job applicants and employees must understand that they should still be careful about the content they post online, utilize the proper privacy settings, and carefully screen who they "Friend" online. This is a watershed moment for both the business community and digital privacy. I hope that other states along with the federal government follow Maryland's lead to enact legislation that demonstrates an understanding of the legal and public policy implications of the Social Media Age.
(Full Disclosure: I was not paid for my work on this legislation. I worked on this legislation because I want to protect employers, employees, and job applicants from unforeseen legal issues that may arise due to a lack of understanding of the public policy and legal implications of social media usage. Therefore, I was in constant contact with Maryland Senator Ronald Young and Maryland Delegate Shawn Tarrant to work with them to create a common sense solution that protects the interests of employers, employees, and job applicants.)
To learn how social media intersects with the law you may contact me at http://shearlaw.com/attorney_profile.
Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Senate Bill 433 is a huge win for the business community because it may provide Maryland businesses with a legal liability shield from plaintiffs who may allege that businesses have a legal duty to monitor their employees' password protected digital content. Unfortunately, some Maryland business groups have underestimated the tremendous win that SB 433 is for the business community. This groundbreaking law may collectively save Maryland businesses millions of dollars a year in costs to monitor their employees' personal digital accounts. In addition, this law may save Maryland businesses millions of dollars per year on cyber liability insurance premiums that would accompany a duty to monitor employees in the digital/social media space.
With access comes responsibility. Since Maryland businesses will not have access to their employees' personal digital content they will not become responsible for their employees' personal social media behavior. Employers do not have a duty to monitor everything their employees do in the privacy of their real world homes so employers do not want to create a duty to monitor their employees in their digital homes.
Do businesses want to have access to content that may demonstrate that an employee is a member of a protected class? There already is a lawsuit alleging "Facebook Like Discrimination". In this lawsuit, a former federal employee alleges that he was discriminated against because his supervisor became aware that he "Facebook Liked" a page that may have indicated his sexual orientation. Therefore, this new law may save employers millions of dollars per year in legal fees and judgments that may accompany access to an employee's personal digital content.
This legislation is also a major victory for employees and job applicants. A Maryland employer may no longer ask employees or job applicants to provide access to their personal digital or social media accounts. For example, during a job interview an employer may not request an applicant log into their personal Facebook account or to "Facebook Friend" a manager. In addition, an employer may not require an employee provide access to their personal password protected digital accounts.
Job applicants and employees must understand that they should still be careful about the content they post online, utilize the proper privacy settings, and carefully screen who they "Friend" online. This is a watershed moment for both the business community and digital privacy. I hope that other states along with the federal government follow Maryland's lead to enact legislation that demonstrates an understanding of the legal and public policy implications of the Social Media Age.
(Full Disclosure: I was not paid for my work on this legislation. I worked on this legislation because I want to protect employers, employees, and job applicants from unforeseen legal issues that may arise due to a lack of understanding of the public policy and legal implications of social media usage. Therefore, I was in constant contact with Maryland Senator Ronald Young and Maryland Delegate Shawn Tarrant to work with them to create a common sense solution that protects the interests of employers, employees, and job applicants.)
To learn how social media intersects with the law you may contact me at http://shearlaw.com/attorney_profile.
Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.