Month: May 2010

Social Networking / Web 2.0 Revolution

This morning I presented to the Association of Legal Administrators. They asked me to give the view as a lawyer, law firm client, former legal administrator and blogger on what law firms should know about web 2.0. I also mixed risks, policies and compliance issues.

The crowd was a diverse bunch in terms of how they use the tools personally and at their law firms.

Here are the materials, with references and links to tools I mentioned in the presentation.

Here is a link to my social media policies database.

Here is the slidedeck:

ALA social networking web 2.0 revolution

Evolving Employee Rights in the Age of Web 2.0

Morgan Lewis presented and informative webcast on Web 2.0 from the viewpoint of the company/employee perspective. These are my notes.

Panelists:

Companies cannot limit the personal use of these sites. But the line between personal and professional can be very fuzzy. You limit access over the company’s network, but employees have easy access from mobile phones and home computers.

They cited Deloitte’s 2009 Ethics & Workplace Survey Examines the Reputational Risk Implications of Social Networks to point out the need of company’s to address social media.

One issues is the reasonable expectation of privacy. This is even more complicated given that the data is in the internet cloud and not the company’s hardware or storage. Most (if not all) of your Web 2.0 data resides in the cloud, not your hard drive or network storage that you control.

Personal Use of Mobile Devices

The first issue with privacy is the use of mobile devices. Its hard to prevent ALL personal use of a company supplied device, especially a mobile device. Even if you ban personal use of the device, it is hard to monitor and hard to enforce. Would you really discipline an employee who made a personal phone call on their blackberry? You need a clear policy that is enforceable. You also need to set reasonable expectations of privacy.

This is exactly the issue addressed in the Quon case, recently argued at the Supreme Court. The panel spent some time discussing the Quon case and some lessons that may be coming out of this case. There are some lessons to be learned from this case, even though the decision may be limited to government workplaces.

The additional complication is that the company (in this case the government) pulled the personal information from a third-party service provider. That implicated the Electronic Communications Privacy Act

Personal Email

They also took a close look at the . That was more focused on the use of personal email and attorney-client privilege. There are some interesting attacks on that company’s computer use policy.

They raised the Convertino v. U.S. Department of Justice (674 F. Supp 2d 97 (D.D.C. 2009). The DOJ found email between an Assistant Attorney General and his personal attorney. He had used a DOJ email account. He deleted the email, but didn’t realize that a deleted copy would be kept. He deleted the emails immediately after they were sent or received.  The court used a similar test as that used in Stengart court to look at the employee’s expectation of privacy. DOJ did not ban personal email on the company system.

The take away is that employees should inform employees that they have no reasonable expectation of privacy in any technology provided by the company. (It is probably too hard to monitor and enforce a complete ban on personal use.) You should also let them know that back-up copies may exist even if the employee deletes a copy.

Proposed Internet/Email Policy

Here are some items they propose :

  • Limit personal use of the company email system.
  • Inform employees they have no reasonable expectation of privacy in any technology provided by the company (e.g., email, Internet, laptop, PDA).
  • All information forwarded or received via the company email system is subject to monitoring and may be stored.
  • All information sent, received or viewed on the Internet, including personal, web-based communications, instant messages, text messages or other forms of communication, can be stored on a computer’s hard drive, the company’s servers, etc. and can be reviewed and retrieved by the company at any time.
  • Back-up copies of electronic communications may exist, even if “deleted” from the computer.
  • Issue periodic reminders to employees that the computers they are working on do not belong to them, and that information accessed on the computers may be subject to inspection and collection.
  • Describe prohibited activities:
    • Disseminating confidential information;
    • Any actions that could be seen as harassing;
    • “Hacking” and related activities;
    • Tampering with or disabling security mechanisms on company computers;
    • Unauthorized downloads; and
    • Violations of copyright laws.
  • Enforce the policy and punish violators.
  • Obtain signed acknowledgements and post the policy.

HR using Web 2.0

There are special limitations for HR and hiring managers. You need to be careful when using social networking sites to find information about potential hires. Do not try to gain a view of someone’s online account through deception.

You should consider whether employees can give recommendations on sites like LinkedIn.

You can’t prohibit employees from discussing terms and conditions of employment. Such a ban would be a violation under the National Labor Relations Act.

FTC Guidelines and the Workplace

The FTC guidelines are also something to keep in mind. Your employees may be the biggest fans of your products. If an employee is talking about your company’s product, the employee needs to disclose they are an employee. Otherwise it could be consider a deceptive testimonial, creating potential liability for the employee and the company.

The FTC guidelines requires disclosure of a material connection between the blogger (commenter, Twitter-er, etc.) and the company. Employment is clearly a material connection. That means it needs to be clearly and conspicuously disclosed. (16 C.F.R. §255.5 ) The existence of a policy will consider the existence of a policy in deciding in whether to bring an enforcement action.

A company should make it clear that the policy is applicable across all communication platforms.

Should you search the internet for information on job applicants?

There are issues. Many people may argue that it is an invasion of privacy. Beyond the practical issues, there are legal issues such as discrimination and unlawful background checks.

You also need to be concerned that the information you find is applicable to that person. There are lots of people out there with similar names. (Even I am not unique: Another Doug Cornelius)

Are you liable for false statements made by your employees?

If the company sponsors the content, then yes the company can be held responsible. Even on a non-sponsored site, if the company does nothing then that could be viewed as assent and be held responsible.

Can you discipline an employee for using these site?

Not if they are complaining about their working environment to other employees. That is protected under the National Labor Relations Act.

If the activity is akin to whistle-blowing, then the activity could be protected under Sarbanes-Oxley or state statute.

A few states specifically protect off-duty, off-site conduct.

Can you prevent employees from saying bad things about the company?

An injunction acts as a prior restraint on speech. [See: Bynorg v. SL Green Realty Corp., 2005 WL 3497821 (S.D.N.Y. 2005)]

It  is easier to get damages for defamation and invasion of privacy. [See: Varian Medical Systems, Inc. v. Delfino]

If the blogger is anonymous, it’s harder to do. Particularly in California, you need to prove defamation before a court will grant a subpoena.

Protect your IP

You want to be careful about how employees are using your logo or other intellectual property on their own sites.

Materials

They posted a copy of the slidedeck from the presentation on their website if you want more detail: Presentation Slidedeck

FTC and Bloggers

Back in December, the Federal Trade Commission released new guidelines that specifically required bloggers to disclose any material connections to a product or company they are writing about.

The FTC had opened an investigation against Ann Taylor Stores for providing gifts to bloggers who the company expected would post blog content about Ann Taylor’s LOFT stores.

Apparently Ann Taylor missed the memo from their law firm about these guidelines.  LOFT held a preview of their Summer 2010 collection and provided gifts to bloggers at January 26, 2010 event. Bloggers who attended failed to disclose that they received gifts for posting blog content about that event.

“Depending on the circumstances, an advertiser’s provision of a gift to a blogger for posting blog content about an event could constitute a material connection that is not reasonably expected by readers of the blog.”

The FTC decided not to bring an enforcement action and Ann Taylor escaped punishment. The FTC gave these reasons:

  1. The January 26,2010 preview was the first (and, to date, only) such preview event.
  2. Only a very small number of bloggers posted content about the preview, and several of those bloggers disclosed that LOFT had provided them gifts at the preview.
  3. LOFT adopted a written policy in February 2010 stating that LOFT will not issue any gift to any blogger without first telling the blogger that the blogger must disclose the gift in his or her blog.

Apparently, LOFT posted a sign at the event stating that bloggers should disclose that they received gifts. It seems clear that companies should get a signed agreement from their endorsers about their requirement to disclose before handing out gifts.

As the FTC had stated when the released the Guidelines, they went after the company not the bloggers. Although the FTC may go after the bloggers also.

Sources:

SEC is Probing Hedge Funds

They’re looking at you.

Rob Kaplan and Bruce Karpati, co-chiefs of the Asset Management Unit of the SEC enforcement division, held their first full staff meeting last week. This new unit will be focusing on misbehavior by private-equity funds, hedge funds, buyout firms, mutual funds and other asset managers. The unit is one of the five specialty units the SEC formed earlier this year.

Side Pockets

Hedge funds use side pockets to protect new investments, long term investments and other assets that they do not want to liquidate in the face of redemptions in the fund. In the Great Panic of 2008 funds used side pockets to limit redemption.

Valuations

One issue related to the side pocket is valuation of the assets. One reason for keeping the assets is because the fund managers feel the assets are not being properly valued in the market. On the bad side, the fund may be charging fees against the inflated value of those side pockets assets. Most side pocket assets are illiquid, which makes valuations difficult to determine.

Management Investment

One surprising priority for the unit is evaluating whether fund managers really have their own wealth invested in the fund when they are saying so in the prospectus and marketing materials.

It sounds like some enforcement proceedings are likely to appear in this area in the next few months.

Sources:

Picture is by Daniel Rosenbaum for The New York Times

What About the Rating Agencies?

There has been lots of criticism aimed at Goldman Sachs over the Abacus 2007-AC1 deal. They help set up a CDO so their client, Paulson & Company, could make a bet on a downturn in the residential real estate market. To make that bet, they allowed Paulson to influence the securities that went into the CDO. Most of them turned out to be dreck and the CDO ended up tanking. Paulson made money from his short position and the investors in the CDO lost more than $1 billion.

Who Was the Client?

Paulson & Company hired Goldman Sachs and paid them $15 million for the structuring of the Ababcus 2001-AC1 CDO. So they were clearly a client.

The purchasers of the CDO were clients of Goldman Sachs. Since they were purchasing securities from Goldman Sachs as a broker-dealer, they were not owed a fiduciary duty by Goldman Sachs. That is one of the current differences between the law governing investment advisers and broker-dealers. Goldman made a statement in the materials that they do not have a fiduciary obligation to the investors.

Goldman Sachs had a split loyalty that is common with Wall Street transactions.

Disclosure

In selling securities you are required to disclose all material information and risks in a prospectus for the security and deliver that prospectus to purchasers.

Goldman claims that its Abacus investors had all the information needed to evaluate risks for themselves in the prospectus.

The SEC is claiming that Goldman should have disclosed that Paulson influenced the selection of securities placed in the CDO and that they were engaged by Paulson to build the CDO so Paulson could take a short position against it.

Illegal or Unethical?

Obviously, the SEC is taking the position that Goldman acted illegally. Personally, I’m not sure it was illegal. If it turns out that they said Paulson was long on the CDO, when he was actually short, then they are in trouble.

Lots of people are arguing that they acted unethically. That is a stronger argument. Goldman may not have been required to disclose Paulson’s role in the transaction, but they probable should have disclosed it.

I prefer to use the very technical term “yechy.” Goldman looks very bad. As a company, they seek to have a better reputation than this.

They should not have structured the transaction this way. They should settle this case, chalk it up as a mistake and act better. (I own some stock in Goldman Sachs that I bought when the price dropped because of these accusations.)

What about the Rating Agencies?

Even with all the dreck in this CDO, the rating agencies still gave a AAA rating to the $480 million Class A, AA to the $60 million Class B, AA- to the $100 million Class C, and A to the $60 million Class D.

Clearly one of the factors in the sub-prime market was the failure of the rating agencies. They were giving AAA ratings to collections of dreck.

S&P defines the AAA rating for structured finance as “judged to be of the highest quality, with minimal credit risk.”

Maybe this chart is better explanation of the ratings:

Sources: