Privacy

I was at a trade show recently, not a boring legal trade show, but the Outdoor Adventure show (hey, I have a life that extends beyond Court Rooms – honest!) and I was overwhelmed by the way many vendors were blurting out information as we walked past their booths. Many of those people spoke so quickly, I had no idea what they were marketing and apparently neither did they. One vendor told us how her product was great for “exhibitionists”: she meant exhibitors. She was mortified when she realized she had been saying “exhibitionists” all weekend.

Fast forward to the Monday after that weekend and I had a great meeting with some entrepreneurs excited about starting a new venture together. I took the time to listen to their thoughts, then slowly explained what legal help we could provide that would suit their needs.

I didn’t go on in detail about the facts from latest Court decision that would impact their situation, I didn’t recite a law from memory and I didn’t use a lot of legal language. I listened and then, in plain English, gave them my advice.

Many lawyers are like the vendor selling to exhibitionists. They speak quickly and are not even aware of what they’re saying. They don’t connect with their clients as business people, they preach down as if law is a pulpit and the client is listening in a church pew (and has to put a lot in the offering plate).

Business law is a conversation between a lawyer and their client. Lawyers need to listen up and be in tune with their client’s business.

If you’d like to talk, I’m listening. (with apologies to Frasier Crane)

Inga B. Andriessen JD
iandriessen@andriessen.ca

It’s July 1, let’s celebrate 147 years of our Country by bringing the commercial use of email to a screeching halt.

I’m not going to repeat what you need to do to comply with the Canadian Anti-Spam Legislation here. Scroll down our Blog and read the CASL Blog for that information.

What I will tell you is that I think this legislation is overkill.

I think this legislation is too expensive for Small Business to comply with.

I think that making Officer & Directors personally liable for email violations is wrong.

If you agree, please write your MP and let them know.

In the mean time, it’s July 1, 2014. Save those unsolicited emails you receive, they are worth $ 200/email come July 1, 2017.

Oh the excitement in the media recently: the Canadian Government spied on the activities of Passengers at (presumably) Pearson Airport who logged onto the free Wi-Fi.

Shocked? You shouldn’t be.

My first thoughts in reading the story were “who has an expectation of privacy on a free Wi-Fi”? Every time you log onto Wi-Fi, you are using a router, the router can capture all the data you are running through it. You might want to consider that the next time you pull into a Tims to check your email.

I then realized, in listening to the public reaction, that many people do not understand how the internet works and, applying this to Business, they have no clue about ownership of emails and other internet activity that originates at work.

With respect to corporate emails. The employer owns the email address. The employer can review all sent/received items at any time. Think of a corporate email address the same way you do corporate letterhead: anything sent from it is on behalf of the company.

Moving onto internet privacy at work: all businesses should have an Internet Use Policy in their Employee Handbook. This will set out what you allow your employees to use the internet for at work as well as what is forbidden. It is a good idea to remind everyone in the policy that as the Employer, you can review work computer screens at any time and as such, passwords and other personal data could inadvertently be captured by the employer.

Everyone should always “think before you surf” – where are you, how are you sending data and how private does this need to be? If you think before you surf, your expectation of privacy will be realistic (i.e. there is none) and you will be making an informed surfing decision.

Inga B. Andriessen JD
iandriessen@andriessen.ca

I snagged the title to this Blog from a Huffington Post Blog by Krizia. The original blog described the evolution of a small business called Lotus Premium Denim. This Blog is not about Denim.

The title of the Blog grabbed my attention because it refers to two things many lawyers fail to do, but two things I know that we do at our firm.

The title of the Blog grabbed my attention because it refers to two things many lawyers fail to do, but two things I know that we do at our firm.

Delivering on our promise is critical in maintaining the client relationships we have established over the past 20 years. I’m proud to say that many of the clients we have today are clients we have had for the entire 20 years the firm has been around.

The keys to “promising” as a lawyer in my opinion are:

1. Communicating clearly to the client what you will be charging them.
As lawyers all we have to sell is our time, but how we sell it (by the hour or by the task) is an important difference and clients must be told about this up front.

2. Honestly evaluating any litigation and being clear, even if you have a strong case, there is always a possibility of a Judge finding against you.
Clients have to be told Judges are human and let’s face it, there is a reason we have Courts of Appeal.

3. Before starting any litigation, assess the likelihood of collecting on a Judgment and advising the client if the only result will be a “pretty piece of paper stamped Judgment”.
No one just wants a pretty piece of paper and why should the law firm be the only party that benefits from litigation?

If you are our client, we understand you and we promise to continue delivering excellent legal services to you.

Inga B. Andriessen JD
iandriessen@andriessen.ca

As practicing lawyers and business people, we’re not supposed to weigh in on contentious issues; so this week I’m not going to talk about the Middle East, Mayor Ford, plastic shopping bag bans, the Argos or the Nicki Minaj and Steven Tyler twitter feud. Except that I sort of am.

Part of the Lunch and Learn we held yesterday at the firm dealt with social media in the workplace. It’s an interesting topic from a legal standpoint and one that generated a lot of conversation from clients. One area of confusion however, is the balancing of rights between freedom of expression and the privacy and reputation rights of the employer. How much restraint is reasonable and what kind of social media policy infringes on an employee’s right to free speech?

There are a lot of complexities at play. If the employer has a social media account (like ours) it’s completely reasonable for an employer not to allow an employee (like me) to use the corporate account to vent about their political beliefs or to make insensitive comments about a protected group. That reasonable limit may even extend to the employee’s personal account, depending on the extent to which they represent the company as a “public face.” The Israeli Defense Force is dealing with a bit of a PR disaster this week as pictures of their social media guru wearing blackface and calling himself Obama are being circulated on Facebook. Add that to last week’s circulation of pictures of active duty personnel posing for smiley faces on Instagram while they prepared for a possible ground campaign in the West Bank and you have an organization that probably needs to clarify its social media policy.

Inga’s advice yesterday was helpful I think, and cut through a lot of the competing rights confusion – the policy has to be reasonable and it has to deal with actual harm. If the way someone uses their social media platform of choice isn’t harming the employer in a real way, then the policy shouldn’t be otherwise restricting their behaviour. But where there is the possibility of defamation, leaking confidential information, or devaluing the employer’s brand, a good policy can be the most effective mitigation strategy around.

Scott R. Young.

While there are undoubtedly any number of juicy moral indiscretions to be observed in the Petraeus scandal that has been unfolding over the past few weeks, for me, the informational security issues are the most salacious.

It hasn’t been explicitly detailed, but it appears that the CIA chief’s dalliances came to light when the FBI ran a standard background check on his biographer. That background check turned up inappropriate e-mail correspondence in the drafts folder of a Gmail account that the biographer shared with Petraeus.

That means that without a warrant, and without any hint of a criminal activity, a government agency was able to freely examine the contents of the encrypted online e-mail account of the world’s foremost intelligence official.

Could there be any more stark an example of how weak informational security really is in the world today?

And it’s not just the mighty FBI that seems to reach out and grab whatever pieces of secure information it desires – the Israel/Palestine battles this week were met with another campaign by the hacking group Anonymous, where the group was somehow able to defeat various Israeli secure databases and post the contents online for all to see.

As a law firm, virtually everything that we do is private. All of our communications are privileged and the information that clients impart to us is often the most secret and valuable thing they can imagine. The very idea that this information is vulnerable is chilling.

For that reason, we take a number of steps to ensure that the information is as safe as is reasonably possible. We’re certainly not invulnerable, and we don’t have the resources of the CIA or the FBI, but we do take information security very seriouly. We use encryption, rotating password protection, secure physical plant protocols and whenever possible, 2 (or more) step authentication procedures. We try very hard.

But that’s not enough. Sometimes we actually have to forego technology altogether and go pick up a document. Or have a conversation in person. In private. Sometimes we have to advise clients that (where legal, ethical and appropriate) something shouldn’t have a permanent record.

As a client, who is expert in these matters, recently ranted to me – Balance is important. It is about being logical about competing priorities. If a piece of information is the most important thing in the world, we’re not going to e-mail it. We’re not going to leave it in a folder on our front desk waiting for someone to pick it up. It’s going to be treated very special. We’re going to devote significant time and attention to that piece of information. But we’re not going to give that same level of attention to something much more trivial. It just doesn’t make sense.

The world keeps changing and the pace of technological innovation isn’t going to slow down. But the more things change, the more they stay the same. The way we conduct our business and the advice we give to our clients will always have a strong foundation in common sense and logic.

Scott R. Young

An interesting decision was released last week by the Superior Court of New Jersey, a US state-level appeal court. According to the facts of the case, the defendant had accessed a co-worker’s Yahoo e-mail account from a computer lab terminal, which the plaintiff had inadvertently failed to log out of. The snooping defendant noticed an e-mail thread mentioning them, printed out the e-mail, and confronted the plaintiff with it. Obviously shocked by the invasion of privacy, the plaintiff immediately filed the suit, relying on the provisions of a state wiretapping statute – which apparently allows for both civil and criminal remedies.

It appears that historically, the test under this New Jersey law has been premised on the expectation of privacy held by the person whose communication was “intercepted”. That’s similar to the case law on the issue in Canada. However in the present case, the court was asked to decide whether the defendant knowingly accessed the account without authorization, and if not, what the extent of that authorization was.

Because the plaintiff had accessed their own inbox, and had left the index screen of the inbox up on the terminal when they left, the court found that the defendant did not infringe the law prohibiting access without authorization. The only question left to the court (in this case, a jury) was whether the defendant had exceeded the authorization provided by the plaintiff’s failure to log off. The jury found that the defendant did not exceed the plaintiff’s “tacit authorization” to access the account. On appeal last week, the court upheld the trial court’s decision – the snooping defendant was vindicated.

In Canada, the facts lend themselves not to a civil trial, but to criminal proceedings under the Interception of Communications provision of the Criminal Code. However the statutes are otherwise not all that different and much of the key phraseology is similar enough to think that the New Jersey case law might be relevant.

I don’t agree with the specific questions put to the jury, and the departure from the pure expectation of privacy test is unusual, but it would certainly be interesting to see how a Canadian case on similar facts would be interpreted.

Until we have such caselaw, the takeaway from all this is to protect your data and your communications as much as possible – any failure to do so, even accidentally, could be viewed as tacit authorization to snoopers and other evildoers.

Scott R. Young

Every once in a while we are lucky enough to get to work on the holy grail of a client’s operations – the policies and procedures manual. Sometimes it’s after our business compliance audit turns up some unexpected sources of liability, sometimes it’s after some triggering event has highlighted the need to put things on paper, and sometimes it’s a proactive first step in putting together a company right from the ground up.

The P&P manual is a great place to tie employees into the workplace by giving them a comprehensive document that outlines all of the rights and responsibilities associated with their job. It includes government mandated policies that address privacy, harassment, violence, accessibility standards and many more. It also sets out the specifics of the discipline policy so there are no ambiguities (and far fewer lawsuits) in the event of discipline or termination.

I probably get a lot more excited about putting these together than Inga or Paul or Murray do – but they often have a lot of input into them. Either they have knowledge of the client’s operations that help customize a policy that works in their workplace, or they have court experience on a particular issue that goes directly into how the policies and procedures are written.

If you are putting together a business from the ground up or are ready for a spring cleaning to make sure that your workplace is compliant from the top to the bottom, please have competent legal counsel draft some policies that work for your business, or review your current policies to ensure that they reflect the hundreds of legislative changes that have occurred in the last decade.

Scott R. Young

Amidst all the Facebook IPO hype this week, there was the release of an e-mail from Mark Zuckerberg to his corporate lawyer, instructing them to dilute Facebook co-founder Eduardo Saverin’s share in the burgeoning company.

Aside from the obvious professional responsibility issue that this presents for the lawyer (assuming the lawyer was acting for the corporation, they had an immediate duty to declare a conflict of interest and cease all representation of the company), the story highlights the need to get good independent legal advice before entering into any legal agreement. I had a great example of the right way to do things last week – we were retained to give ILA to a shareholder on a Shareholder’s Agreement that they had largely formulated. Despite the fact that this shareholder had been the principal instructor to the corporation’s lawyer, and was intimately familiar with most of the terms of the agreement, the corporation’s lawyer still thought it would benefit all of the shareholders to get ILA – not just to waive it as is sometimes (unfortunately) done.

The shareholder was convinced that ILA would add value even if only to have a fresh set of eyes review the agreement. In our review, we offered more than that; considering various critical events from the shareholder’s individual perspective was very different than the perspective of corporate representative they had while preparing the agreement.

The details of the Facebook dilution are not entirely clear (the ensuing litigation was settled and not much is on the public record) but presumably the restructuring that diluted Savarin down to 10% was ultimately effected, and presumably without Savarin retaining counsel to explain this to him. And when he did realize the dilution, litigation was the only option available.

Getting independent legal advice is not cheap, but the value in what you are getting is often immeasurable. If you are entering into an agreement of any significance (including potential future liabilities), you absolutely must have legal counsel review the agreement and confirm that your interests are protected (or that your unprotected interests are known to you). It’s that simple.

Scott R. Young

I am reading more and more lately about the idea of putting together a Will for your social media accounts. Some are advising that you elect a trustee who will delete or otherwise take care of your twitterbookspaces after you shuffle off of this mortal coil, and others are suggesting that you write instructions directly into your Will. Some US states are even considering legislation that will deal with the issue directly. And of course, with an aging population, the social media companies themselves are spending more time dealing with the issue of what do to with dead members.

To be clear, from a legal standpoint, in Ontario, at this time, any directive about what do to with a social media account after your death has no legal force on its own. It’s the same as organ donation (and I know this always shocks some people) – all the good intentions in the world, coupled with the best drafted and executed documents, can be completely undone by those you leave behind. And there’s no added validity to putting something in your Will about what to do with all those ones and zeroes floating in the cloud after you pass on.

That said, thinking about what you would like done with your digital life after you’re gone is a great idea and I highly recommend it. I also highly recommend talking about the issue with your legal counsel so you can get the clarity needed to find out the legal effect of all of your estate planning wishes. A good lawyer will be able to tell you what belongs in a Will, what doesn’t, what to look for in an Estate Trustee, and how to go about effecting all of your wishes.

We’ve had significant experience in putting together comprehensive estate plans for some incredibly tech-savvy business people – there are a lot of creative solutions out there – escrow service agreements that hold data in a secure environment and subject to very strict (and heavily insured) contractual obligations are one solution; joint licensing agreements that give ownership of social media property to multiple parties is another. There are options – but they’re not as simple as putting an instruction in your Will.

In short, social media continues to proliferate and is becoming an increasingly important personal and business commodity. Like anything else, there are things we want to happen to those things when we die. Think about it. Put together a plan and talk to a legal expert to make sure it’ll all happen the way you’d like.

If you have any questions, send us a twitterpoke or something #beforeyoudie.

Scott R. Young