SNOPA (HR 5050) May Protect Insurance Companies From Schools and Businesses That Demand Access To Personal Password Protected Social Media Accounts

I have written how the Social Networking Online Protection Act (HR 5050) may benefit employees, job applicants, employers, students, student applicants, and schools. Now, I am going to explain how HR 5050 may benefit insurance companies.

Does the insurance industry realize that multiple schools are creating a massive database of their students' password protected social media content and activities? With access to all of this data these schools may become responsible for everything their students do online and everything that is referenced online and/or inferred online that may occur in the real world.

The Universities of North Carolina, Texas, Nebraska, and Oklahoma may not only be violating the Stored Communications Act with their student-athlete social media policies but also may be creating tremendous insurability problems for their academic institutions.

Each of the above mentioned schools have engaged a company called Varsity Monitor. In order for students to keep their scholarships and play intercollegiate sports at these public institutions, they must Facebook Friend Varsity Monitor and provide unfettered access to their password protected social media/digital content. Varsity Monitor downloads the students' social media content and creates detailed reports about all of the students' digital activities. Requiring a student to provide access to their password protected social media/digital content may violate FERPA and/or other federal and/or state laws

Varsity Monitor along with above schools are compiling vast amounts of personal data on thousands of students. What happens when there is a data breach? In Varsity Monitor's agreements and policies it clearly states that by using their service they are indemnified against any legal issues that may arise. Therefore, when a data breach occurs who will be left paying for it? The schools' insurance companies.

According to the latest Ponemon Data Breach Study, the average cost of a data breach is $194 per record and the overall average organizational cost is $5.5 million dollars. These figures appear to be focused on what I would call traditional data breach issues (compromised social security numbers, dates of births, addresses, etc...) and not personal social media data breach issues (which may include traditional issues plus a list of friends, professional contacts, personal photographs, confidential interactions, potential blackmail information, etc...). Furthermore, according to Ponemon the biggest threat to data breach are those who have access to the data. Therefore, when a student-athlete becomes famous and his social media content contains embarrassing information will Varsity Monitor and/or school employees who have access to the data leak the password protected personal content for personal gain?

Are schools prepared for the increase in legal discovery requests that will accompany all of the data they have accumulated on their students? Are schools telling their insurance companies that they are accumulating all of this unneeded personal data on their students? Do the schools that engage Varsity Monitor or similar service providers such as UDiligence, or Centrix Social know that a data breach at Ohio State a couple years ago may have cost the University $4 million dollars to resolve. These costs included: investigative consulting, notification of the breach, and a calling center to answer questions or concerns.

Ohio State's insurance company may have covered the entire cost of this incident. However, will the insurance industry be willing to cover an incident when a school and/or Varsity Monitor mishandles personal password protected social media content and/or when a school is sued for negligent social media monitoring? This type of lawsuit may contain some of the same arguments as the recent $30 million dollar lawsuit against UVA by the family of Yardley Love. However, because of digital evidence a jury in a negligent social media monitoring lawsuit may award $100 million dollars plus to a plaintiff. If you don't think this could happen you may want to ask Dharun Rhavi's lawyer about the power of social media evidence.

If the insurance industry wants to be protected from having to pay out claims against schools and/or businesses who are requiring their students and/or employees to provide access to their password protected digital content they will support the Social Networking Online Protection Act (HR 5050).

(Full Disclosure: I am working pro bono with Rep. Engel's office on the Social Networking Online Protection Act .)

To learn more about these issues you may contact me at http://shearlaw.com/attorney_profile.

Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

NCAA Schools That Require Their Students To Facebook Friend Them May Be Violating the Stored Communications Act

Any school or university that requires its students to Facebook Friend a coach, a school administrator, or a third party in order for their students to keep their scholarships, participate in intercollegiate athletics, etc... may be violating the Stored Communications Act (SCA).

Under the Stored Communications Act, forced Facebook Friending may be against the law. Since the SCA was enacted in 1986, before the existence of modern social media, the Social Networking Online Protection Act (SNOPA) is needed to catch up with modern technology. Any school or university employee who believes that it is legally prudent to require their students to provide them access to their personal password protected digital content without a court order may want to learn more about the lawsuit against the University of Virginia (UVA) by the family of Yardley Love.

Yardley Love was a student-athlete at UVA who was murdered by fellow UVA student-athlete George Huguely. According to ABC News, Yardley Love's family is suing the coaches of the men's lacrosse team along with the athletic director because they allegedly knew or should have known that George Huguely was a danger to others. If UVA was social media monitoring George Huguely and missed or misinterpreted a Tweet, or a Facebook post, or other online content that may have indicated he may be a danger to others this $30 million dollar lawsuit against UVA may have been a $100 million dollar plus lawsuit.

With access comes responsibility. Schools and/or universities that require their students to Facebook Friend coaches, school employees, third parties, etc... and/or require students to install social media monitoring software onto their personal electronic devices may become liable for their students' online content and conduct along with offline conduct that was referred to and/or inferred by a Tweet, Facebook post, blog comment, etc.... Does a school or university want to be sued for negligent social media monitoring or failure to social media monitor?

If a school or university legal department wants to protect itself against these types of social media lawsuits they will enthusiastically support the Social Networking Online Protection Act (HR 5050) because it may provide them a legal liability shield against these claims. If a school or university wants to become the social media police and become liable for their students' online behavior and offline behavior that may have been referred to and/or inferred online that is their prerogative. If so, they may want to obtain cyber liability insurance that contains at least $100 million dollars in per incident coverage to protect against social media lawsuits.

To learn more about these issues you may contact me at http://shearlaw.com/attorney_profile.

Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

Maryland's Facebook Username and Password Law is a Win For Employers, Employees, and Job Applicants

Maryland Governor Martin O'Malley signed into law today legislation that makes Maryland the first state to ban employers from requiring employees or job applicants to provide access to their personal digital/social media accounts. While Maryland is the first state to enact this type of legislation, California along with other states and the federal government may soon follow Maryland's lead.

Senate Bill 433 is a huge win for the business community because it may provide Maryland businesses with a legal liability shield from plaintiffs who may allege that businesses have a legal duty to monitor their employees' password protected digital content. Unfortunately, some Maryland business groups have underestimated the tremendous win that SB 433 is for the business community. This groundbreaking law may collectively save Maryland businesses millions of dollars a year in costs to monitor their employees' personal digital accounts. In addition, this law may save Maryland businesses millions of dollars per year on cyber liability insurance premiums that would accompany a duty to monitor employees in the digital/social media space.

With access comes responsibility. Since Maryland businesses will not have access to their employees' personal digital content they will not become responsible for their employees' personal social media behavior. Employers do not have a duty to monitor everything their employees do in the privacy of their real world homes so employers do not want to create a duty to monitor their employees in their digital homes.

Do businesses want to have access to content that may demonstrate that an employee is a member of a protected class? There already is a lawsuit alleging "Facebook Like Discrimination". In this lawsuit, a former federal employee alleges that he was discriminated against because his supervisor became aware that he "Facebook Liked" a page that may have indicated his sexual orientation. Therefore, this new law may save employers millions of dollars per year in legal fees and judgments that may accompany access to an employee's personal digital content.

This legislation is also a major victory for employees and job applicants. A Maryland employer may no longer ask employees or job applicants to provide access to their personal digital or social media accounts. For example, during a job interview an employer may not request an applicant log into their personal Facebook account or to "Facebook Friend" a manager. In addition, an employer may not require an employee provide access to their personal password protected digital accounts.

Job applicants and employees must understand that they should still be careful about the content they post online, utilize the proper privacy settings, and carefully screen who they "Friend" online. This is a watershed moment for both the business community and digital privacy. I hope that other states along with the federal government follow Maryland's lead to enact legislation that demonstrates an understanding of the legal and public policy implications of the Social Media Age.

(Full Disclosure: I was not paid for my work on this legislation. I worked on this legislation because I want to protect employers, employees, and job applicants from unforeseen legal issues that may arise due to a lack of understanding of the public policy and legal implications of social media usage. Therefore, I was in constant contact with Maryland Senator Ronald Young and Maryland Delegate Shawn Tarrant to work with them to create a common sense solution that protects the interests of employers, employees, and job applicants.)

To learn how social media intersects with the law you may contact me at http://shearlaw.com/attorney_profile.

Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

SNOPA: The Social Networking Online Protection Act

The Social Networking Online Protection Act was introduced today by Congressman Elliot Engel of New York. The bill would ban employers and schools from requiring access to password protected digital content. The bill is a win for businesses, schools, and privacy. The bill would protect businesses and schools from creating a legal duty to monitor password protected digital content. Therefore, the bill protects businesses, schools, and taxpayers. In addition, the bill is a win for employees, job applicants, students, and student applicants because it protects them from being required to provide access to their password protected digital content

During my conversation with Bob Sullivan of MSNBC I stated that SNOPA provides employers and schools a shield against legal liability so no one can claim that employers and schools have a legal duty to monitor password protected digital content. In addition, I mentioned that because the bill protects a wide range of interests, it has a better chance at success than previous efforts.

To learn more about these issues you may contact me at http://shearlaw.com/attorney_profile.

Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

(Full Dislcosure: I am working with Congressman Engel's office on this issue in a pro bono capacity. If you believe this is important legislation please contact Congress to voice your support)

Occupy Wall Street Public Tweets Subpoena Decision May Have A Troubling Analysis

A judge ruled earlier today that deleted public tweets may be used as evidence in an Occupy Wall Street protestor's trial. While I generally agree with the main point of this decision that public Tweets are fair game, some of the analysis behind the decision may be very troubling.

Once a Tweet is public to the entire world you don't have an expectation of privacy even if the Tweet has been deleted. Former Congressman Anthony Weiner learned the hard way (no pun intended) that once you post something publicly you have no expectation of privacy. However, if one has a protected Twitter account where the owner of the account has the ability to choose who may have access to his Tweets and/or sends a Twitter Direct Message the user may have an expectation of privacy and then a warrant may be needed for the government to be able to access the Tweets and/or the Direct Messages.

One aspect of the decision I found to be very troubling was on page 4 where it states, "Twitter’s license to use the defendant’s Tweets means that the Tweets the defendant posted were not his." I believe that this analysis is incorrect and demonstrates that Judge Matthew A. Sciarrino, Jr. may not fully understand social media, digital technology, and public policy. In addition, on page 6 of the decision, it states, "While the Fourth Amendment provides protection for our physical homes, we do not have a physical “home” on the Internet." If Judge Sciarrino's reasoning is extended to all online services that may mean that as a society we don't have an expectation of privacy for password protected digital content. If we don't have an expectation of privacy for our password protected digital content this may drastically harm the ability for technology companies to monetize cloud computing and other future electronic services because businesses and consumers may be hesitant to utilize these services if the government has the ability to access our password protected digital content without a warrant.

While we may not have an expectation of privacy for our public Tweets, some of the analysis for this decision is terribly flawed and demonstrates the need for our judiciary to become better educated about the issues inherent with social media and technology.

To learn how social media intersects with the law you may contact me at http://shearlaw.com/attorney_profile.

Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

Maryland: The First State To Protect our Social Media Privacy and Security

Maryland has become the first state to protect the social media and electronic account privacy and security of its citizens. The legislation is a win for employers and employees. The Maryland legislature said loud and clear that in these difficult times businesses should not be required to spend tens of thousands of dollars per year to hire social media monitoring companies to review their employees' password protected digital content. In order to become enacted, SB 433 still needs to be signed by Governor Martin O'Malley. Once it is has been signed, the legislation will not go into effect until October 1, 2012. Therefore, until this legislation becomes law nothing has changed in the sate of Maryland.

This legislation may also shield companies in Maryland from lawsuits that allege that a company failed to properly monitor their employees' private electronic content and from negligent social media monitoring lawsuits. The potential savings to Maryland businesses per year is tens of millions of dollars. In general, Maryland employees will now be protected against being required to turn their password protected digital content in order to obtain or keep a job.

I personally reached out to Facebook about Maryland's legislation and asked them for their support. I want to publicly thank Facebook for their assistance. To Facebook's credit, they came out strongly against employers and schools demanding access to password protected digital content on March 23, 2012. I am hopeful that Facebook along with other Internet companies will strongly support federal legislation that would protect both employees and students from having their electronic account privacy and security compromised by those who don't understand social media, the law, or public policy.

For most jobs, employees should not be required to provide access to their password protected electronic content. In addition, students at public schools should never be required to provide access to their password protected electronic content to their schools and/or social media monitoring companies such as UDiligence, Varsity Monitor, or Centrix Social.

On February 20, 2011, I publicly stated that this issue, "may one day be decided by the courts and/or state legislatures and/or Congress." I am proud to have successfully lobbied Maryland to pass this groundbreaking legislation. I have discussed these troubling issues with multiple state legislators across the country and federal officials. I am hopeful that more states and the federal government pass similar legislation. I urge everyone to lobby their representatives in their state legislatures and in Congress to pass bipartisan legislation that protects the personal electronic privacy and security rights of employees and students and provides the business community with bright lines rules that will protect them against social media lawsuits.

(Full Disclosure: I was not paid for my work on this legislation. There is a tremendous lack of understanding about the legal and public policy issues inherent in the Social Media Age and I want to protect employers, employees, job applicants, schools, students, student applicants, and taxpayers from unforeseen legal issues that may arise. Therefore, I was in constant contact with Maryland State Senator Ronald Young and Maryland State Delegate Shawn Tarrant to work with them to create a common sense solution to these problems.)

To learn how social media intersects with the law you may contact me at http://shearlaw.com/attorney_profile.

Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

Schools May Need a Search Warrant To Access Their Student-Athletes' Personal Password Protected Electronic Accounts

According to the Penn State Daily Collegian, Penn Sate Police seized illegal drugs and paraphernalia from the home of one of their football players. Police had entered the home of a current and former student-athlete to investigate a break-in. Upon realizing there may be illegal drugs, it appears the police obtained a search warrant.

Since in the real world a search warrant is generally required to obtain evidence in one's real home, a search warrant is also generally required in the digital world to search one's password protected digital home. In order for a public school to obtain access to the password protected personal social media and digital accounts (non-school issued) of their student-athletes they may need a court order.

A public school may not require a student to utilize the services of UDiligence, Varsity Monitor, Centrix Social, or any other social media monitoring company in order to keep his or her scholarship and may not retaliate against a student for refusing to provide access absent a court order.

Therefore, if a student at a public school refuses to provide UDiligence, Varsity Monitor, Centrix Social, other social media monitoring companies, or school employees their personal social media or personal digital account information and the school punishes the student in any manner for refusing to do so the student may have multiple causes of action against the school. The 1st, 4th, and 5th amendments along with the Stored Communications Act, the Computer Fraud Abuse Act, and multiple state laws may be implicated in social media monitoring.

To learn more about these issues you may contact me at http://shearlaw.com/attorney_profile.

Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

Facebook Firmly States Employers and Schools May Not Access Password Protected Content

Facebook has firmly come out against those employers and schools who are requiring employees, job applicants, student-athletes, and college applicants to provide them access to personal password protected Facebook accounts. Facebook's statement in part reads:

"If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends."

Social Media Monitoring Companies such as Varsity Monitor, UDiligence, and Centrix Social appear to be advising some of their clients to violate Facebook's Terms of Service, along with the constitutional rights of student-athletes, and the personal privacy rights of student-athletes' Facebook Friends. As I have stated over and over again, in general, employers and public schools may not require access to personal password protected electronic content.


To learn more about these issues you may contact me at http://shearlaw.com/attorney_profile.

Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

Dharun Ravi is Found Guilty of Tampering With Evidence For Tweet Deletion

Breaking news. Dharun Ravi has been found guilty of tampering with evidence because he deleted at least one tweet. I first wrote about his case on May 1, 2011. According to the New Jersey Star here is a breakdown of the verdict.

This case should be a wake up call for everyone who utilizes social media, text messages, email, and other digital platforms that your online activities are just as important if not more important than your real world activities because of the digital footprints that are created.

To learn more about these issues you may contact me at http://shearlaw.com/attorney_profile.

Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

Multi-Milion Dollar Jury Verdict Against Virginia Tech Proves Schools Should Not Create A Duty To Social Media Monitor

The 2007 Virginia Tech massacre that left 33 dead on campus was a terrible tragedy. Earlier today, a jury found Virginia Tech negligent for its delay in warning its campus about the first shootings. Two of the families of those who were killed were awarded $4 million dollars each by a jury.

This case demonstrates why schools should not utilize the services of social media monitoring companies to review the password protected content of their students. On March 12, 2012, the NCAA stated that there is no "blanket duty on institutions to monitor social networking sites." Therefore, if there is no blanket compliance duty to social media monitor why create a legal duty to do so which may lead to multi-million dollar judgements for negligent social media monitoring?

After the the University of North Carolina Public Infractions Report was released, Varsity Monitor, a company that sells social media monitoring services responded to a Tweet that links to an article where I am quoted by Tweeting, "It is still best practice for the athletic dept to continue to monitor social media for brand and athlete protection & edu" (see below):


Now that two $4 million dollar jury verdicts have been returned against an academic institution for a delay in properly warning its students about a killer being on the loose on campus, imagine if a school follows the above advice by Varsity Monitor and a tragedy occurs that social media monitoring should have warned against but did not? Instead of multiple $4 million dollar jury verdicts would it be multiple $25 million or $50 million or $100 million dollar negligent social media monitoring jury verdicts?

To learn more about these issues you may contact me at http://shearlaw.com/attorney_profile.

Copyright 2012 by the Law Office of Bradley S. Shear, LLC. All rights reserved.