Privacy Trumps Freedom in Italy as Google Execs Prosecuted

/

With all the talk about the new Massachusetts privacy regulations about to set a new aggressive standard in the United States, it looks like the real privacy hawks are in Italy.  An Italian court convicted three Google executives today in a case that is certain to create confusion throughout the Tubes.  Italy, meet YouTube, and welcome to the 21st century. As reported by Wired Magazine (among many other today), the case against the three Google execs - none of whom is apparently in Italy - centered around what sounds like a disturbing video of Italian schoolkids bullying and beating up a mentally disabled classmate.  The problem was not that Google did not take down the video - it did! - it was simply that they didn't take it down fast enough.

With today's "share everything" mentality on the Internet, this case sets a dangerous precedent when you consider the "sue everyone" mentality that has also become pervasive in our society.  If adopted here, it seems as though this case could set off a new wave of litigiousness that would not weaken the freedom we have come to know on the Internet, but also our legal system.  This is exactly the type of problem that Philip K. Howard talked about recently at the TED conference.

But that could never happen here in America, right?

REMINDER: Massachusetts Privacy Regulations Launch March 1st. Here is what you need to know.

/

There are only two weeks left to comply with the new Massachusetts privacy regulations.  And before you think that they won't apply to you, think again. I have written before about the new privacy regulations, which will be the toughest and most aggressive privacy rules in the country.  Even though the process has been long and included delays and adjustments, the regs are finally going into effect on March 1st.  And you don't have to be in Massachusetts to worry about them; the new rules will apply to anyone - whether based in Massachusetts or not - that holds certain information about Massachusetts residents.  As a review, here is what you need to know:

Who is covered?

The new law covers any individual, corporation, association, partnership, or other legal entity that handles a Massachusetts resident's personal information in connection with employment or with the provision of goods or services, as long as that information is not otherwise publicly available.  The personal information described here means a Massachusetts resident's name (first name and last name or first initial and last name) in combination with that resident's Social Security number, a driver's license or state ID number, or a financial account or credit card number.

What is required?

Those who are covered must create a comprehensive written information security program (a "WISP") to safeguard the information.  The WISP need only be appropriate to the size, scope, and type of operation the person or business is engaging in, the amount of resources available, the amount of the stored data, and the need for security and confidentiality, but that still means that most people will need to make some adjustments. Your WISP must cover:

  1. Designation of a someone to maintain the WISP.
  2. Identifying and assessing reasonably foreseeable risks (both internal and external) to the confidentiality of the information whether on paper or electronic, and continually evaluating and improving the effectiveness of the safeguards through employee training and means of detecting and preventing security system failures.
  3. Developing security policies for the way the information is stored, accessed, and transported outside of business premises, and especially for the way the information is stored or transmitted on computers or wireless systems, including email.
  4. Imposing disciplinary measures for violations of the WISP rules.
  5. Taking reasonable steps to ensure that third-party service providers are capable of maintaining similar protections and requiring them by contract to implement and maintain appropriate security measures.

What kind of protection is necessary?

For paper records, you must provide for secure storage of materials containing personal information, such as physical restrictions (e.g storage in locked storage facilities or containers) and limiting access.

For electronic records, the WISP must include, to the extent technically feasible, a system to secure control of user IDs, password selection and control, and restricting access to active users.  In addition, all electronic personal information transmitted wirelessly or across a public network, and all personal information stored on a laptop or other portable device must be encrypted.  It is important to note that encryption for this purpose does not mean password protection; the regulation requires the information to be transformed into a "form in which meaning cannot be assigned".  In other words, the information must be unreadable.  Password protection alone does not satisfy the requirement.

Are there standard procedures to follow?

The quick answer is no - each person or company needs to come up with unique procedures and safeguards that are both reasonable and feasible for its specific operation.  A large company will necessarily have more detailed procedures than a smaller company, and one industry may be held to a different standard another on a case-by-case basis.  Your current procedures may be a good starting point and may, in some cases, already comply with the new requirements.  There is ambiguity in the law's use of the terms "technically feasible" and "reasonable" that leave latitude for the specific terms of compliance.  Some of these will be clarified over time through lawsuits and enforcement actions, which simply reinforces the need to re-evaluate your program over time.

However, that ambiguity should not be confused with making compliance optional.  There are real consequences including lawsuits for breaches and in some cases civil penalties and fines imposed for each violation.

The bottom line is that you need to take this new Massachusetts law seriously, even if you are not in Massachusetts.  But you can mitigate the risk by establishing these minimum standards to safeguard the personal information and prevent unauthorized access.

Here are some additional resources for information on the regulations:

The Innovation Economy Starts Now

/

2010 has been the bright spot in the future that we have been looking toward for the past 18 months.  When the bottom started falling out in 2008, the immediate future looked abysmal, but we knew that at some point, things would have to turn around.  When you recall that some of the country's great business successes were born out of economic slumps, this recent downturn - the Great Recession or whatever you want to call it - could transition into the most striking growth in more than a generation. Tom Friedman's recent Op-Ed in the New York Times is a call to kick-start a 21st century innovation economy.  He is right that the time is now.  Think of all of the under-utilized talent in the country right now, not to mention the capital waiting on the sidelines.  Lab Day and the NFTE are ways that the country can and must continue to develop the entrepreneurs and innovators of the future, but while real education reform based on innovation is critical to long-term success (both my parents were educators - my dad for 42 years - so I believe in the importance of education), there are many things that we should be doing on a much shorter runway.

Here are three things that may help:

  1. The Start-Up Visa.  This country needs to embrace innovation by bringing here and keeping innovators.  The startup visa movement is about making sure that technological innovation and the "expanding of the pie" happen in the U.S. In addition to recruiting entrepreneurs and giving them the resources they need, we should raise the HB-1 visa limits to bring more skilled workers that will be needed.  Giving visas to those who will create new companies does not take away opportunities for Americans - it expands the pie here to create more American jobs rather than allowing those companies to be created elsewhere.  In this regard, the U.S. is lagging behind China, India, and Pakistan, but even behind countries like the U.K. and Canada.
  2. Green Card Diplomas.  The U.S. also needs to reverse the increasing "brain drain" of bringing in and training foreign nationals on student visas and then requiring that they leave the country.  On the contrary, we should actively recruit the best and the brightest from around the world, invite them to our higher educational institutions, and then grant them the right to stay in the country if they start businesses and innovate.  In the words of John Doerr, billionaire venture capitalist, we should "staple a greed card to the diploma" of these students and get them to set up businesses here.  Already, half of the Silicon Valley startups are now started by immigrants, including such pillars as Google, eBay, and Yahoo.  We should continue to encourage this kind of innovation.
  3. Government Investment in Innovation.  Government is not a great source of innovation.  But proper government policies can encourage the type of innovation that will grow the economy.  Eliminating capital gains tax on qualified small business investment and giving tax credits for hiring employees is a start toward general economic stimulus, but the administration should also be focused on finding new ways to fund innovation directly while also staying out of the way.

More Burger King Innovation Potentially Rolling Out to Franchisees

/

I have written before about the feud between Burger King and its franchisees over the $1 double cheeseburgers, a feud which is still generating headlines as a test for pushing prices through a franchise system. But something even more insidious to America's waistline may be rolling out if the flame-broiled franchisor finds success with the launch of its newest innovation - beer.  That's right.  As tantalizingly stated in a CNN.com report:

To keep up with Miami's night life, Burger King (BKC)'s new Whopper bar will offer American beer and Whopper sandwiches around the clock, staying open 24 hours a day, seven days a week.

Nothing says 'America' like being able to drink a brewski in the middle of the night with a meal out of a Michael Pollan nightmare.  Better yet, the beer will come in aluminum cans from the "formerly-American-beer-companies-but-now-part-of-international-conglomerates-in-other-countries" Anheuser-Busch and MillerCoors.  For now the chain is wisely eschewing the drive-thru window for a "walk-up window for orders on the go" in addition to outdoor seating and delivery service, though according to another report, beer is not available as part of the delivery service.  Boo.

What will they think of next?

Trinity and Me

/

A quick aside from my regular posts to bring you some news on my practice.  As you can see by reading the updated sidebar on the right, I have recently joined Trinity Law Group LLC, a boutique business law firm in greater Boston.  Trinity is made up of some of the best lawyers (and people) I have had the chance to work with and I am very excited to be a part of the team. Watch for developments and more news throughout the social sphere as we intend to utilize some great new technology to better provide value to our clients.  You can read more about my move and about Trinity generally at www.trinitylg.com but you can read the press release in full below.

NEWS RELEASE

BUSINESS LAWYER DAN RYAN JOINS BOSTON’S TRINITY LAW GROUP

January 1, 2010 WESTWOOD, MA – Trinity Law Group LLC, a greater Boston law firm, announced that Daniel J. Ryan has joined the firm as an attorney and counselor at law.

Mr. Ryan will focuses his practice on the organizational, operational, and transactional needs of entrepreneurs, startups, emerging and mid-sized companies as well as angel and venture capital investors. He has counseled and represented clients ranging from the Fortune 500 companies and elite venture capital firms to solo entrepreneurs throughout the business and investment life cycle – from inception and formation, to franchising, licensing and other contracts, to growth and investment, and liquidity strategies. Dan Ryan previously practiced with large, international law firms, first in Denver, Colorado, and then in Boston.

According to Walter Wright of Trinity Law Group,  “We are thrilled to have Dan Ryan join us at Trinity Law Group. His substantial training, experience and competence, client commitment and passion for effectively using technology in the law fit perfectly with Trinity Law Group’s progressive and innovative approaches to working with clients and practicing business law.”

The author of THE BUSINESS LAW BLOG, “A business lawyer's thoughts on business law”, Mr. Ryan also presents on business and corporate law topics to attorneys, entrepreneurs, and other professionals, and has been a recurring guest speaker at the University of Colorado.

Daniel Ryan is a graduate of Boston College Law School (J.D.) and the University of Michigan (B.A.) and is licensed to practice in Massachusetts and Colorado. He is a member of the Massachusetts and Lawrence Bar Associations and is active in local organizations in North Andover and the Merrimack Valley. You can follow Dan Ryan on twitter @dryanesq.

About Trinity Law Group LLC. Trinity Law Group LLC is a greater Boston law firm that practices a broad range of business, corporate, and securities law throughout New England, United States and the world with well-recognized attorneys of stellar academic and professional accomplishment who leverage technology and relationships.  Founder Attorneys Walt Wright and Daniel Clark are business savvy and entrepreneurial lawyers who started the firm in 2007 after serving in leadership positions in the Boston law firm Rich May, where Mr. Wright served as Managing Director and Mr. Clark served as President. Trinity Law Group attorneys leverage relationships, technology and strategy to create a competitive advantage for its clients in the business law sector. Trinity Law Group LLC attorneys share a “trinity” of values as cornerstones of professional life: competence, commitment and communication. Trinity Law Group holds the distinction of being named a “Preeminent Law Firm” for its legal ability and ethical standards in the Bar Registry of Preeminent Lawyers. Additional information on the firm and Attorney Ryan is available at www.trinitylg.com.