Fresh off the heels enacting the California Consumer Privacy Act, California Governor, Jerry Brown, signed the country’s first law governing the security of Internet of Things or connected devices. The bill, SB 327, is entitled “Security of Connected Devices.”

Beginning on January 1, 2020, all manufacturers of connected devices will be required to equip the device with reasonable security features to protect against the unauthorized access, destruction, use, modification or disclosure of information that is collected or transmitted by the device.
Continue Reading California Steps into the Fray to Regulate the Security of Connected Devices

Let’s say that your next idea—which could be the next big idea—involves a web-based collection, compilation, or some presentation of a sliver of “big data” so pioneering, maybe even disruptive, that customers and investors will come chomping at the bit to get their hands on it. Your idea, undoubtedly, has an e-commerce angle, such as a proprietary feature complete with pricing information indexed for your customers’ convenience. A meaningful portion of your solution’s value will likely stem from this carefully selected catalog of prices. So, how do you protect it?

There are several mechanisms of protection at your disposable—some technical and others legal, for example. Determining the specific type and degree of security measures that you will deploy to defend against the myriad of potential threats is a business decision, which must be made early and revisited often.  However, one modern technical phenomenon, data scraping, presents a particularly tricky business dilemma warranting a deeper level of analysis.


Continue Reading Publicly Available Data: To Scrape or Not to Scrape?

clocking systemA Wisconsin employer recently made headlines when it announced that it was offering its employees the option to be outfitted with a microchip to replace the cards or badges they use regularly while at work. The company, called Three Square Market, held a “chip party” on August 1 during which 41 out of its 85 employees opted to have the small chip implanted in their hand. Although the purpose of this RFID chip is limited to office functions such as making purchases in the break room market, logging into computers and printers, and accessing the building, one cannot help but think about the implications this type of technology could have on employee privacy.

Continue Reading It’s 10:00 p.m. – Do You Know Where Your Employees Are?

websitePosting terms of use document on your website or mobile application defines the terms which govern your customer’s use of your website or mobile application and greatly reduce your exposure to liability when providing goods or services through a web-based application. A privacy policy describes to your consumers what information you collect, how you collect it and how you use it.  Posting a privacy policy provides notice to your customers so that they can make an informed decision on whether or not they want to use your web-based application after considering the data you collect and how you use it.

Continue Reading Terms of Use and Privacy Policy: Your Navigation System in the Ocean of E-Commerce

drone with cameraOn May 18, 2016 the National Telecommunications and Information Administration (“NTIA”) released a set of voluntary best practices for commercial and private unmanned aircraft systems (“UAS”) use. That best practice guide was the end result of a development process involving input from individuals and entities in the commercial, academic, civil, and government sectors. Some of these best practices include requiring drone operators to:

  • Minimize operations over or within private property without consent of the property owner or appropriate legal authority;
  • Have a detailed data collection policy and limit data collection to what is outlined in that policy;
  • Not knowingly make the personal information of others public unless permission is first obtained; and
  • Not use or share personal information for marketing purposes without first gaining permission.


Continue Reading Drone Privacy Best Practices

Unmanned Aerial Vehicle with a Digital Camera

The last several years have seen a substantial increase in the use of unmanned aircraft systems (UAS) at American colleges and universities. UAS have a wide variety of official campus applications, such as scientific research, public safety, and marketing photography and video. But Federal Aviation Administration (FAA) regulations limit the use of UAS for commercial (including certain academic and research) purposes. And while many students fly UAS recreationally, the rights of recreational fliers may conflict with the privacy and safety interests of other members of the campus community as well as academic property-use and privacy policy guidance. Given the potential legal ramifications of violating FAA regulations and the need to balance competing interests on campus regarding UAS use, it is important that institutions understand the current regulatory environment, and craft and implement policies to ensure UAS are used in an appropriate manner.
Continue Reading UAS Policies Becoming Essential for Colleges and Universities

Drone Precision AgricultureRecently, many speakers at conferences and authors in blogs have focused on the seeming conundrum as to who owns the farm data collected and/or created using precision ag technologies, as well as the related question of who must protect the data and how. Many have proposed legislation as an (unlikely) solution, while others have attempted to gain industry agreement as to ownership rules (see e.g., PRIVACY AND SECURITY PRINCIPLES FOR FARM DATA, spearheaded by the American Farm Bureau Federation). And still some have thrown up their hands, almost in dismay, and said these disputes will simply have to be resolved in the courts.

Yet, if one starts with the assumption that farm-generated data is an asset and, therefore, a type of property, it becomes apparent that there is a third alternative: careful contracting. I’m not just referring to the agreements entered into by precision ag companies. Rather, all parties along the field to fork chain should give careful consideration to whether farm data likely will be generated at some point in the process and, if so, who is entitled to own the data and what data protection obligations exist by virtue of this control.


Continue Reading Agree to Agree: Data Ownership, Protection and Precision Ag (Part 1)

Data Locks“Sorry.” Music service Spotify joins the club as the latest company to apologize to its customers for proposed privacy policy changes. When it comes to bad press, it would be tough to beat Minecraft-founder Markus Persson’s tweet about Spotify: “Hello. As a consumer, I’ve always loved your service. You’re the reason I stopped pirating music. Please consider not being evil.” Spotify promptly threw itself on the mercy of its customers in a short written apology.

While the scope of Spotify’s policy exceeds the scope of data that most companies seek to obtain, it’s a good reminder for all companies to review their own privacy policies. As a company reviews its privacy policy, it should consider these key questions:


Continue Reading Sorry Seems to be the Hardest Word – Updating Your Privacy Policy