ACC Focus on the New Jersey Chapter - May 9, 2011 (Print All Articles)
Spring is here.
We have two big events coming for our members and sponsors. The first is the Spring Dinner on May 12. We are having this popular annual event at a brand new place called The Grove in Cedar Grove. Why not be one of the first to see this great new venue.
The second event is our annual Golf Outing on June 21st at the Knoll West course in Parsippany. Come on out for a great day.
We look forward to seeing you at one or both events.
A Little Bird Says That the FTC Finalized the Twitter Privacy-Breach Settlement, Google Got “Buzzed,” Ashton Kutcher Got Twitter-Punk’d & Your E-Mail Address May Have Been Stolen
Robert J. McGuire
In March 2011, the five Commissioners of the Federal Trade Commission (FTC) unanimously voted to finalize a settlement with the social networking site, Twitter, regarding the FTC’s charge that defects in Twitter’s security measures had permitted hackers to gain administrative control over the site on two occasions in 2009. The hackers were able to access non-public user information and tweets that consumers had designated as private. The hackers also had the ability to send out phony tweets from any account.
To gain access on the first occasion, the hackers used a “brute force hacking tool,” which tries various combinations of words or numbers from a preset “library” of terms and phrases until a valid password is entered. To gain access the second time, the hackers apparently used a much more basic and disquieting method – they simply guessed correctly an administrator’s password. The accounts to which the hackers had theoretical access ranged from then-President-elect Barack Obama to Kim Kardashian. (Ms. Kardashian recently claimed that her Twitter account had actually been hacked in February 2011, blocking her from logging into her Twitter account from her home computer.) The FTC’s draft complaint against Twitter stated that a phony tweet had been sent from President-Elect Obama’s account, offering his followers a chance to win $500 in free gasoline. The Complaint also claimed that at least one false tweet was sent from the account of Fox News.
The Federal Trade Commission Act (FTC Act), 15 U.S.C. § 41 et seq., empowers the FTC to take certain actions to promote consumer protection and to curb harmful anti-competitive business practices. The claims against Twitter were based on the FTC’s power under Section 5 of the FTC Act, 15 U.S.C. § 45, which states that “unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful” and permits the FTC to investigate and prevent such practices. If the FTC investigates a business and concludes that unlawful conduct has occurred, the FTC may: (1) seek the business’s voluntarily compliance, (2) file an administrative complaint; or (3) initiate litigation in the federal courts. Section 5 also permits the FTC to impose civil penalties for knowing violations of FTC rules or for violation of a consent order between a business and the FTC. See 15 U.S.C. § 45(l) and (m). Under recent changes to the applicable regulations, the FTC may impose civil penalties up to $16,000 for each knowing violations of Section 5 or each failure to comply with a final consent order regarding alleged violations of that section. See 16 CFR § 1.98
In this case, the FTC charged that Twitter “deceived consumers and put their privacy at risk by failing to safeguard their personal information” in violation of Section 5(a) of the FTC Act. The FTC had reached a preliminary settlement with Twitter in June 2010. This final settlement is a “consent agreement,” meaning that, in entering the settlement, Twitter did not admit that it had violated any laws. Under the settlement, Twitter will be barred for twenty years from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.” Twitter also must establish and maintain a comprehensive information security program “reasonably designed to protect the security, privacy, confidentiality, and integrity of nonpublic information.” Twitter must also ensure that any service providers it employs maintain appropriate data security safeguards. Further, it must designate one of more employees to coordinate and be accountable for the company’s information security program. Twitter’s security measures will be assessed by an independent auditor every other year for 10 years. The FTC may fine Twitter up to $16,000 for every violation of the consent agreement. (The FTC’s final decision and order)
The settlement was finalized shortly after another high-profile incident of alleged Twitter account hacking on March 3, 2011 – this one featuring Ashton Kutcher, one of the first celebrities to exploit Twitter as a promotional tool (he has over six million Twitter followers) and himself known for his celebrity-prank television show Punk’d. On that date, the following tweet was posted from Kutcher’s feed: “Ashton, you’ve been Punk’d. This account is not secure. Dude, where’s my SSL?” (“SSL” is short for “Secure Sockets Layer,” a security technology that establishes an encrypted link between a web server and a browser and that ensures the privacy of data passed between a web server and browsers.)
Above: The tweet posted by a hacker on Ashton Kutcher’s Twitter account on March 3, 2011.
At the end of March, the FTC also reached a landmark settlement with Google with respect to Google’s social networking site, Google Buzz, after the FTC accused Google of engaging in “deceptive tactics” and breach of user privacy because the site made available information regarding users’ most frequently-used contacts. The FTC did not impose a fine, but Google agreed to institute a “comprehensive privacy program;” to undergo regular, independent privacy audits once every two years for the next 20 years; and to secure users’ "affirmative consent" before making any future changes in Google’s practices regarding the sharing of users’ personal data with third parties.
Another massive security breach was revealed on April Fools Day, when Epsilon, an e-mail marketing firm that serves numerous high-profile companies (including Target, Best Buy, TiVo, the Home Shopping Network, Hilton Hotels, Marriott for its “Marriott Rewards” program, and Walgreens), revealed that the names and e-mail addresses of many of customers of the companies who used Epsilon’s had been hacked. The Epsilon incident should be of particular concern to anyone who conducts online commerce with one of Epsilon’s clients and uses a “weak” password (those of you who use “password” or “12345678” as your password, this means you). In light of this data breach, consumers should be especially vigilant and skeptical of any communication that requests that the user provide personal financial or identifying information, even if that communication seemingly comes from a legitimate business.
The lesson to be taken from these recent news items is one that has often been repeated of late – consider carefully what you transmit electronically, where you do it, and how you do it.
New York Enacts In-House Counsel Registration Rule
New York finally recognizes in-house counsel.
Joining New Jersey, Pennsylvania, and most States, New York has finally enacted special in-house licensing rules. Under the rules, a counsel working for a corporation or other business in the State, who does not have a plenary law license from New York, will need to register to avoid engaging in the unauthorized practice of law. The new Rules, codified as 22 NYCRR Part 522, took effect on April 20th.
As with most other in-house licensing schemes, the in-house counsel applicant must be admitted in at least one other state, be in good standing, and submit all required proof of eligibility. A registered in-house counsel would still need to be admitted pro hac for appearances before any tribunal, must pay the biennial registration fee of $375, and must meet the State's legal CLE requirements.
Uncovered: HP’s In-house Counsel Training Program
The Association of Corporate Counsel "ACC" has launched a four-part monthly blog series on training legal talent titled, “Uncovered: HP’s In-house Counsel Training Program.” This is the third blog series hosted on ACC’s Blog, In-house ACCess (www.inhouseaccess.com), as part of the ACC Value Challenge initiative to reconnect the cost of legal services with value.
“Uncovered,” provides an in-depth look into Hewlett-Packard’s post-law school training program, including information on how HP integrates their new hires into the legal team as well as including perspectives from those counsel who participated in the program.
You can read the first installment of this four-part series online.
This series will address the following topics:
We hope you'll check it out and we encourage you to join in the discussion. Comments and observations are welcome! Enjoy and thank you all.
Our New Members
NJCCA has passed the symbolic 1,200th member, here are some of our most recent new members.
Short notes of interest to and about our members
Strategies to Reduce Litigation Costs and Improve Results
Tuesday, May 10, 2011
A free program, offered by Greenbaum, Rowe, Smith & Davis LLP, three experienced trial attorneys will discuss innovative methods and critical junctures to help you achieve better litigation results while containing costs. Among the topics they will address are:
Tell Us About Yourself!
NJCCA is seeking "Member Notes" for inclusion in our monthly Chapter Newsletter in 2011
Please tell us your exciting news and we will publish it in an upcoming Newsletter (space permitting).
Social Networking and the NJCCA
Earlier this year the NJCCA joined the world of online professional networking. Because the success of online networking is predicated on building enough participation for ongoing conversations, we are very interested in asking you to join, participate and let us know if you see benefit in these activities. We hope you agree with us that online professional networking is a new and compelling way for NJCCA members to discuss issues and solicit ideas inbetween NJCCA events and seminars.
Upcoming NJCCA Events
Register today for these relevant and insightful events.
SPRING COCKTAIL RECEPTION
ON THE HEAD AND IN THE HAND: HATS & PURSES
ANNUAL GOLF OUTING
AVOIDING REAL ESTATE AND ENVIRONMENTAL LANDMINES IN CORPORATE TRANSACTIONS
Speakers: Seth v.d.H. Cooley, Partner, Duane Morris LLP
Peter Garra, Director-Real Estate North America, The Linde Group
Chester P. Lee, Partner, Duane Morris LLP
John Mark, Senior Counsel, The Linde Group
Location: The Park Avenue Club, 184 Park Avenue, Florham Park, NJ 07932
CLE: 3.0 hours of CLE credit are non-transitional for NJ and NY. CLE credit is pending in PA, and credit hours may vary.
Registration: To pay by credit card online;
To register and pay by check, made payable to NJCCA, please mail to: NJCCA, 15 Pierhead Drive, Barnegat, NJ 08005
Cost: NJCCA members: $25, Non-members: $35 (Must be in-house counsel).
NINTH ANNUAL FULL-DAY CONFERENCE
ANNUAL DINNER MEETING
OVERRULED! by Aronds
As far as we know, still the only Chapter Newsletter with its own in-house cartoonist! And now in color!