LegalTXTS – A Luminate Law Blog – Page 12 – Cybersecurity, Privacy & Internet Law

Court Finds Firing of Teacher for Her Comments on Social Media “Shocking to One’s Sense of Fairness”

July 2, 2013 by Elijah Yip·1 Comment

A New York court overturns the termination of a public school teacher for posting offensive comments on social media – Rubino v. City of New York, 106 A.D.3d 439 (May 7, 2013)

The New York Supreme Court, Appellate Division recently ruled that the firing of a fifth-grade public school teacher for making inappropriate comments on social media was too harsh of a penalty. After a difficult day at class, the teacher posted comments alluding to a tragedy involving an unknown student at a different school. The court’s opinion is sparse on details, but according to a Huffington Post article, the teacher wrote: “After today, I am thinking the beach sounds like a wonderful idea for my 5th graders! I HATE THEIR GUTS!” The beach reference alluded to the drowning of a 12-year old girl on a school trip to Long Island beach the day before. The comments were only visible to the teacher’s private network of friends, who did not include any of her students or their parents. The teacher deleted the comments three days after posting them. She denied making the comments when she was initially confronted about them, but later confessed at her disciplinary hearing.

The court agreed that the comments were “clearly inappropriate” but it noted that the purpose of the comments was just to vent. The teacher did not intend the public to see her comments, and she expressed remorse over making them. She had no prior disciplinary history in her 15-year career. Given the record, the appellate court found the termination to be “shocking to one’s sense of fairness.” The appellate court upheld a lower court order setting aside the termination and sending the case back down for imposition of a lesser penalty.

LegalTXTS Lesson: Not all courts have been as kind toward teachers who vent on social media as the New York Appellate Division. In fact, in In re O’Brien, a court in neighboring New Jersey upheld the firing of a first-grade teacher under similar circumstances earlier this year. One difference might be that the teacher in Rubino expressed remorse for making the comments whereas the teacher in O’Brien did not. Whether that factor alone accounts for the different outcomes is questionable. One thing the cases do share in common is that the teachers in both thought that no one outside of their network of “friends” would see their comments. With apologies to Las Vegas, Rubino and O’Brien teach that what happens in an employee’s social network doesn’t always stay in his or her social network.

Appellate court rules Bankbridge teacher videotaped bullying a student should lose job, tenure

Hawaii Rules of Professional Conduct Amended to Cover Online Advertising

July 1, 2013 by Elijah Yip·0 Comments

Recent amendments to the Hawaii Rules of Professional Conduct include language allowing lawyers to advertise on social media. The amendments conform the language of Rules 7.2 and 7.3 to their counterparts in the current version of the ABA Model Rules of Professional Conduct. Amended Rule 7.2(a) explicitly includes “electronic communication” as a permissible way to advertise legal services. The comments to the amended Rule are more direct, noting that “electronic media, such as the Internet, can be an important source of information about legal services, and lawful communication by electronic mail is permitted by this Rule.” Although the amended Rules don’t define “electronic communication,” the term appears broad enough to include social media.

The amendments place limits on soliciting clients on social media, however. Rule 7.3 currently prohibits a lawyer from contacting potential clients in person or by telephone to solicit business for personal monetary gain unless the potential client has a family, close personal, or prior professional relationship with the lawyer. Amended Rule 7.3 adds “real-time electronic contact” to the list of forbidden solicitation methods. What “real-time electronic contact” means has yet to be examined in a reported case, but the term could conceivably apply to text messages, instant messages, Skype, and posts on social networks like Facebook, Twitter, or LinkedIn.

Tech-savvy lawyers will also appreciate the deletion of the requirement in current Rule 7.2(b) that a lawyer keep records of every advertisement for two years. Lawyers who promote their services by posting online content frequently could find compliance with the requirement impractical. The amended Rules omit the retention requirement for all forms of legal advertising.

The amended Rules take effect on January 1, 2014.

Student Expelled For Cyberbullying Not Deprived of Constitutional Right to Public Education, Court Says

June 26, 2013 by Elijah Yip·1 Comment

Federal court dismisses claims against charter school for expelling student due to cyberbullying — Lindsey v. Matayoshi, 2013 WL 3092450 (D. Haw. June 19, 2013)

The federal district court of Hawaii recently dismissed a lawsuit against a charter school that expelled a student for cyberbullying. The student and her parents claimed that the school denied them a property interest in a free public education in violation of their constitutional right to due process. The court ruled that the damage claims against the school were barred by Eleventh Amendment immunity and that injunctive relief was unavailable because the school did not violate the constitutional rights of the student and her parents.

RFL was a student at Kanu, a charter school in the state of Hawaii. On several occasions, RFL threatened, bullied, and teased other students through Facebook posts and text messages. RFL also got involved in a fight with a classmate. Kanu initially suspended RFL and reminded her of Kanu’s “no tolerance” policy toward bullying, but when RFL persisted in taunting and threatening classmates through social media, Kanu expelled her.

Kanu discussed several options with RFL’s parents for continuing her education, including nearby public high schools and home schooling, and offered to assist in transitioning RFL to the school of her parents’ choice. RFL’s parents declined to enroll RFL in any of the public high schools offered to them as alternatives. Instead, RFL and her parents sued Kanu, the superintendent of the state department of education, and various school officials. The plaintiffs sought damages and injunctive relief for the deprivation of their due process rights, emotional distress, and a violation of state administrative laws.

The court ruled that the Eleventh Amendment barred the plaintiffs from seeking monetary damages claims from Kanu, a state entity, and the other defendants, who were state officials sued in their official capacity. As for injunctive relief claim for an order requiring Kanu to re-enroll RFL, the court found that the defendants had not deprived the plaintiffs of a constitutionally-protected property interest in public education. Kanu offered alternative schooling options to the plaintiffs, but they rejected them all because they did not like the schools that were available to them. The court held that an entitlement to public education did not include the right to attend a particular school or to a particular kind of education or curriculum.

Estate Planning in Cyberspace: Making Sure Data Doesn’t Byte the Dust

June 18, 2013 by Elijah Yip·0 Comments

Ownership of contents of online email account gets called into question after account owner dies — Ajemian v. Yahoo!, Inc., 987 N.E.2d 604 (Mass. Ct. App. May 7, 2013)

Who owns the data in an online account after the account owner dies? It’s a question that’s growing in importance as online email accounts become commonplace and cloud storage services like DropBox and Google Drive gain users. A Massachusetts court faced that question in Ajemian v. Yahoo!, Inc., but left it unresolved.

In Ajemian, an individual (Robert) opened a Yahoo! email account for the primary use of his brother, John. Robert shared the account as a co-user. Several years after Robert opened the account, John died. Robert and his sister Marianne were appointed co-administrators of John’s estate. At the time of John’s death, Robert had not accessed the Yahoo! account for several years and had forgotten the password.

Robert and Marianne tried to get access to the contacts in Yahoo! account to retrieve email addresses of John’s friends and notify them of John’s death and memorial service. Robert and Marianne also wanted access to the emails in the account to help identify and locate John’s assets and administer his estate.

After negotiations, Yahoo! agreed to turn over the subscriber information for John’s account to Robert and Marianne if they obtained a valid court order, which they did. Yahoo! believed that the Stored Communications Act prohibited it from disclosing the contents of the emails in the account, however. This prompted Robert and Marianne to sue Yahoo! in the Massachusetts probate court. Robert and Marianne argued that the emails were the property of John’s estate and, therefore, as administrators of the estate, they were entitled to access to the emails. Robert also argued that as co-owner of the account, he was entitled to its contents.

The probate court dismissed the lawsuit on various grounds, including that the Terms of Service (TOS) governing the Yahoo! account required the lawsuit to be filed in California. On appeal, the Appeals Court of Massachusetts decided that the TOS was unenforceable because Yahoo! failed to prove that it reasonably communicated the TOS to Robert and that he indicated his acceptance of the TOS, such by clicking on a box that says “I Agree” (i.e., a “clickwrap” agreement). Even if Robert had accepted the TOS, the court would not enforce the forum selection clause contained in the TOS because it was unreasonable and overbroad. The Appeals Court sent the case back to the probate court for a ruling on the issue of access to the contents of the Yahoo! account.

LegalTXTS Lesson: Because the contents of online accounts can be quite valuable, they should be treated as an asset in an estate planning program. Much hassle and confusion can be avoided by making pre-death decisions about how one’s online information should be handled upon one’s death, such as entitlement of access to the accounts and ownership of their contents. To plan effectively, one might need to take into account the terms and service corresponding to online services. In Ajemian, for example, the terms and conditions for the Yahoo! account purportedly limited the transferability of the account and terminated the rights to the Yahoo! ID and the account’s contents when the account owner died. If an online service has similar terms, a workaround might be needed to preserve the rights of the account owner’s estate to data stored by the service.

Haven’t visited Yahoo in a while? You may lose your user name

Privacy of Employee Data on Dual-Use Devices

June 17, 2013 by Elijah Yip·0 Comments

Supervisor snoops into former employee’s personal Gmail account after she returns company-issued Blackberry — Lazette v. Kulmatycki, 2013 WL 2455937 (N.D. Ohio June 5, 2013)

The line between personal and business use of electronic devices is increasingly getting blurry, especially as more and more workers carry dual-use devices (devices designed for both work and personal use) like smartphones and tablets. Businesses can benefit from the increases in productivity and morale resulting from this trend, but they also face new privacy concerns. The recent case of Lazette v. Kulmatycki (N.D. Ohio June 5, 2013), highlights this risk.

Verizon issued a Blackberry smartphone to its employee, Sandi Lazette. Lazette set up a personal Gmail account on the phone with Verizon’s permission. Lazette returned the Blackberry to her supervisor when she stopped working for Verizon, understanding that the phone would be “recycled” for use by another Verizon employee. Lazette thought she had deleted her personal Gmail account before returning the phone, but she had not. Over the next eighteen months, Lazette’s supervisor read 48,000 emails in her Gmail account without her knowledge or authorization, and shared the contents of certain emails with others.

Lazette sued Verizon and her supervisor for claims including violation of the Stored Communications Act (SCA) and invasion of privacy. A federal court ruled that Lazette’s supervisor was potentially liable under the SCA for reading personal emails that Lazette had not previously opened, and that Verizon could be vicariously liable for the supervisor’s actions. The court also allowed Lazette’s privacy claim to move forward.

LegalTXTS Lesson: Lazette teaches important lessons about protecting the privacy of personal employee data on work devices, including dual-use devices.

1. Don’t read your employees’ personal messages—even if they are readily accessible. Management should treat an employee’s personal account as private, even if restrictions to accessing the count are minimal or non-existent. A person does not need to hack into an account or otherwise circumvent access restrictions to electronic communications to be liable under the SCA. Lazette’s Gmail account was accessible to her supervisor for no reason other than the fact that Lazette failed to delete her account from her Blackberry. Yet, the court ruled that Lazette’s negligence did not give her former employer implied consent to read her private emails. The simple act of opening an unread message in an employee’s personal email account was enough to create liability under the SCA.

2. Construe grants of access narrowly. If an employee allows a supervisor access to his or her personal email account for work purposes, that is not a grant of access to everything in the account. In Cheng v. Romo (D. Mass. Nov. 28, 2012), an employee of a medical imaging company gave his supervisor the password to his Yahoo! email account. Although the employee did not attach conditions to sharing the password, his unstated objective was to share radiologic images that were emailed directly to him. Years later, the supervisor logged into the account to read emails about the status of the company. In the lawsuit that followed, the court allowed the employee’s SCA and invasion of privacy claims to go to trial. Cheng teaches that management should err on the side of preserving privacy if given access to an employee’s private online account for a specific work purpose or no stated reason at all.

3. Thoroughly purge personal data from company-issued electronic devices before reusing them. Companies commonly reuse electronic devices (e.g., desktop and laptop computers, cell phones, PDAs, tablets) for work purposes after it has been returned or repaired. Employees can leave behind personal data on devices such as saved passwords, emails, web history, internet cookies, and the like. Set and enforce policies requiring the purging of all such data from electronic devices before the devices are issued to another employee.

4. Clarify employee expectations of privacy upfront if implementing mobile device management (MDM) tools. One measure for mitigating the risk of security breaches relating to dual-use mobile devices is the use of MDM tools controls such as the ability to “remotely wipe” a device should it get lost or compromised. MDM measures could raise privacy concerns if they result in alteration or destruction of personal data on a dual-use device. To mitigate such concerns, a company should devise policies clarifying upfront the expectations to privacy that employees should to have if they choose to use a dual-use device at work.

Related articles