Can the act of connecting with other professionals on social networking websites such as LinkedIn constitute a violation of a non-compete or non-solicitation contractual undertaking? Are departing employees that are subject to such restricted covenants required to disconnect and “de-friend” colleagues and customers of their former employer until the contractual undertaking have expired?
ComputerWorld is reporting today that an IT staffing firm has accused one of its former employees of violating her non-compete undertaking through her conduct on LinkedIn. I’m not aware of any similar lawsuit to date in Canada so it’ll be interesting to see how this particular case evolves in the U.S. This case and others that I’ve previously noted highlight the blurring line between online and offline worlds. Businesses should consider whether or not, and to what extent, they should try to enforce such restrictive covenants in the social networking world. Stay tuned…
Canadian Business Online is asking if you “ever wonder who’s checking your Facebook profile? Sure, there are probably the old standbys, like your high-school crush and your nosy co-worker, but you should be aware that there might be someone else checking you out: your banker. Financial institutions of all stripes have been scouring social-networking sites since the days when MySpace was all the rage; now they troll Facebook, Twitter and blogs to find out more about their customers. Don’t be surprised if soon they take the information they’ve found about you and use it to determine your creditworthiness.”
Yours truly was interviewed by Canadian Business Online for this article and, as you’ll see, I comment that I’m not aware of whether, or to what extent, the big banks and credit card companies are using personal information that’s publicly available on social networking websites to determine credit worthiness. That being said, in the insurance industry “using information from social-networking sites has already become commonplace”. The message that I’d take from this article is that Canadians’ understanding of privacy, and the ground rules for managing publicly available personal information that we willingly post online, is rapidly evolving.
Are website operators presumed to have “published” defamatory materials that they deliberately link to from their websites? If not, what are the circumstances where it can be inferred that a website operator has “published” hyperlinked defamatory materials? We may be about to find out. The Supreme Court of Canada has just granted leave to appeal of Crookes v. Newton, the B.C. decision that I summarized in a previous post last October.
There’s still plenty of “grey areas” in Internet law. Hopefully, the Supreme Court of Canada will provide more definitive guidance for legal practitioners and website operators in the growing area of online reputation management. In the meantime, website operators should seek legal advice prior to hyperlinking to any potentially defamatory materials on the Internet.
In what should serve as a valuable reminder of the need to educate employees about what constitutes acceptable postings on social networking websites, BBC is reporting that “the Israeli military cancelled a planned raid on a Palestinian village after one of its soldiers posted details of the operation on Facebook. The unnamed soldier revealed the time and place of the raid and the name of his unit on the social networking site.”
I’ve previously commented on social networking websites and employer-employee relationships. This BBC report is just one more example of a situation which may have been prevented with better employee training and a clear social networking policy. Common sense should, and typically does, guide employees in determining what to post online. Yet, if an Israeli soldier can’t think twice before posting the details of a planned operation it’s easy to see how some employees of Canadian businesses – perhaps yours - unintentionally post valuable corporate information online.
This really is the kind of personal information that identity thieves love so the OPC article is a useful read. In fact, businesses whose employees create accounts on their behalf would be well-advised to have employees read the OPC article.
Over the past two weeks nearly a million people around the globe have viewed a couple of YouTube videos filmed and posted by Churchill High School students, which show two of their teachers performing a simulated lap dance.
The identities of the teachers have been widely reported. Now the question is: Could the teachers sue the students for violating their privacy?
A great feature of website discussion boards is that they allow people to instantly share thoughts on a given topic with others from their community or around the world. However, they are fraught with complicated legal issues for the businesses, or website operators, who make them available on the Internet.
To prove defamation, a claimant must demonstrate that a defendant “published” defamatory words. Currently in Canada it’s clear that a person who posts defamatory comments about another person or business on a discussion board can be liable for defamation. It’s also clear, as I’ve mentioned in a previous post, that a person or business may be liable in certain circumstances if they hyperlink to defamatory content on another website. But what about defamatory comments made by others on your website? The answer is less than clear, primarily because of two generally competing public policy views. One view is that website operators should not be liable for defamatory content posted on their discussion boards because the task of monitoring is too onerous for most businesses; and that website operators aren’t “publishing” the defamatory content but are merely “distributing” (which generally doesn’t attract liability for defamation). The other view is that website operators should be liable because the potential for instantaneous and severe damage to claimant’s reputations caused by online defamation should compel website operators to monitor, and be responsible for, their discussion boards.
After American courts struggled with these competing public policy views, the U.S. Congress passed legislation granting immunity to businesses that operate website discussion boards, regardless of the level of control that website operators may have regarding posted comments. The case of Finkel v. Facebook is a recent example of the immunity that can be provided to U.S. based companies. There is no similar “immunity” legislation in Canada, and the specific issue has not yet come before a Canadian court. Of course, each case is decided on its own facts, and one would anticipate that key factors a Canadian court would consider would be a website’s Terms of Use, the degree of control and content monitoring by a website operator, and any actions a website operator took (or didn’t take) in response to a notice from a third party regarding defamatory comments.
This is a rapidly emerging area of law, and businesses should consult a lawyer with relevant expertise to assist in drafting adequate Terms of Use and to discuss potential risks prior to launching, or continuing to host, a website discussion board.
The number of cases involving Internet defamation seem to be growing every day. So too, are the number of related issues that businesses need to consider in relation to online activities. Case in point is the recent British Columbia Court of Appeal decision of Crookes v. Newton, where the court was asked if providing a hyperlink to another website containing defamatory comments constituted Internet defamation.
A key hurdle that claimants must prove in defamation lawsuits is that defendants “published” defamatory words. Internet defamation is no different, and in the Crookes case, the court concluded that providing a hyperlink does not necessarily equal the “publishing” of defamatory content. If a website simply provides a hyperlink, or describes a hyperlink’s content in a neutral manner, then according to the court in Crookes, the hyperlink is not adopting the offending words as its own and is not indirectly “publishing” them. However, if the linking website endorses the content of the hyperlink material or encourages the reader to click the hyperlink to the website that contains defamatory material, the defendant may be just as liable for defamation as the original author of the offending material.
The Crookes case provides useful guidance, but businesses should be reminded that each Internet defamation case will turn on its own specific facts, and factors that will be considered include the wording, tone and placement of hyperlinks. To help minimize the risk of being sued for the publication of defamatory comments, business owners should seek legal advice prior to hyperlinking to any potentially defamatory materials on the Internet.
The Federal Government’s recent initiative to modernize law enforcement related legislation for the Internet age has (at least within law enforcement and privacy circles) once again propelled the issue of privacy vs. security to the forefront. The issues are incredibly important for Canadians, yet there has been little debate within the wider public. That being said, I’m pleased to read Ian MacLeod’s recent Ottawa Citizenarticle, which (even if you don’t agree with some of the points) does a good job of raising the issues in plain language. For a more technical analysis of the legal issues, you may want to read fellow blogger David Fraser’s post regarding the debate about warrantless access to ISP customer information.
The debate surrounding the “lawful access” legislation stems from real challenges affecting Canada’s law enforcement agencies and their need for access to personal information in the course of investigations. What is concerning, however, is the prospect of warrantless searches without judicial oversight. As a citizen in a free and democratic society, it troubles me to see any legislative initiative that could lead to investigations without appropriate checks and balances. Privacy and security don’t need to be mutually exclusive. Let’s hope that through the upcoming Parliamentary Hearings on the “lawful access” legislation we see a balance emerge between privacy and security in such a way that empowers law enforcement agencies while preserving the judicial oversight that Canadians have come to rightfully expect in our society.
A widely reported and controversial issue these days relates the identification of anonymous bloggers (I’ve commented on this issue in previous posts). On point, Cook County (Illinois) Circuit Court Judge Jeffrey Lawrence has ordered the identification of an anonymous commenter. According to the Daily Herald, Judge Lawrence has ruled that the Daily Herald and Comcast must reveal the identity of a person who posted a comment on dailyherald.com.
It seems that website operators are being increasingly asked, or ordered, to reveal the identity of anonymous commentators or bloggers, many of whom have likely presumed that their identity would never be disclosed. However, Northwestern University law professor and First Amendment scholar Martin Redish tells the Daily Herald, “[a]ssume a worst-case scenario”. “Proceed on the assumption that your identity can be revealed.”
Americans are very fond of their First Amendment right to free speech (in Canada we call it Freedom of Expression). However, this right does not protect writers whose comments are defamatory. As I’ve said before, this is a rapidly emerging area of law and it’s becoming increasingly important to stay on top of developments.
BBC News is reporting that thousands of Hotmail accounts have been compromised in a phishing attack, which has reportedly affected at least 10,000 individuals.
Phishing involves identity thieves attempting to obtain personal information, such as user names, passwords and financial information, by pretending to be trustworthy organizations in need of such data.
Coincidentally, the Privacy Commissioner of Canada released her annual report today, which stresses the importance of making informed choices when sharing personal information online. The Privacy Commissioner reminds Canadians that there is a risk that unguarded personal information could be exploited by identity thieves. The Hotmail phishing attack, as well as the Privacy Commissioner’s annual report, should also remind businesses to remain vigilant in protecting their brands – or online reputations – from being damaged by identity thieves that use phishing attacks to exploit the well-earned trust that such businesses have built with their customers.
The Lawyers Weekly is running a story that focuses on one of the most cutting edge and rapidly emerging areas of law – online reputation management. Here are some excerpts from the story, which profiles an ongoing client matter:
“On the heels of a recent New York state court decision that ordered Google Inc. to reveal the identity of an anonymous blogger in a defamation suit, a Winnipeg business lawyer has asked the California-based online search engine giant to do the same and out a blogger on behalf of an Ottawa-area resident. Brian Bowman, a partner with Pitblado LLP in Winnipeg who specializes in privacy, access to information, online reputation management, intellectual property and technology matters, says that his client was defamed on a site appearing on Google-operated blogspot.com (also known as Blogger.com).”
“The New York court decision and the Canadian case raise “one of the fundamental legal questions of our time over the appropriate balance between legitimate, anonymous Internet speech versus the right for people to protect their reputations,” says Bowman, who expects more of these situations will emerge in the near future.”
For over a year, there has been widespread speculation in Ottawa over who is behind a particular blog. In this respect, I’ve been retained by a prominent individual residing in the Ottawa area to deal with defamatory content on the blog and to discover the identity of the anonymous blogger (or bloggers) for court action and, ultimately, damages and costs. Click here to listen to my recent interview on point with Ottawa’s CFRA radio station. The matters discussed in the interview have received considerable national media attention including from the National Post, Maclean’s magazine, the Ottawa Citizen, the Winnipeg Free Press and the Ottawa Sun.
While the OPC’s Facebook investigation should be a “must read” for all Facebook users, it also provides some insightful information for Canadian organizations regulated by PIPEDA. The lessons that can be learned from the investigation can be applied by Canadian businesses regardless of whether their activities are online or offline.
Despite the fact that “[i]t’s clear that privacy issues are top of mind for Facebook…” federal Privacy Commissioner Jennifer Stoddart says that the OPC has found “serious privacy gaps in the way the site operates”. According to Stoddart, in order to comply with Canadian privacy law, Facebook must take greater responsibility for the personal information in its care. An overarching concern of the OPC was that, although Facebook provides information about its privacy practices, it is often confusing or incomplete. For example, the “account settings” page describes how to deactivate accounts, but not how to delete them, which actually removes personal data from Facebook’s servers. The OPC recommends more transparency, to ensure that the social networking site’s nearly 12 million Canadian users have the information they need to make meaningful decisions about how widely they share personal information.
The investigation also raised significant concerns around the sharing of users’ personal information with third-party developers creating Facebook applications such as games and quizzes. (There are more than 950,000 developers in some 180 countries.) Facebook lacks adequate safeguards to effectively restrict these outside developers from accessing profile information, the investigation found. The report recommended a number of changes, including technological measures to ensure that developers can only access the user information actually required to run a specific application, and also to prevent the disclosure of personal information of any of the user’s friends who are not themselves signing up for an application.
The investigation also found that Facebook has a policy of indefinitely keeping the personal information of people who have deactivated their accounts, which is a violation of PIPEDA. The law requires organizations to retain personal information only for as long as is necessary to meet appropriate purposes. Recommendations to Facebook included the adoption of a retention policy whereby personal information in deactivated accounts is deleted after a reasonable length of time.
Click here to read the OPC’s News Release, here for the full investigation report and here to read a helpful backgrounder. If you’d like to read more about Facebook, please click on the Facebook link under this blog’s Tags (below).
As I’ve previously discussed, Social networking websites such as MySpace and Facebook are provoking new questions about the appropriate boundaries in employee-employer relationships. This is evident in a United States Federal Court case coming to a head in New Jersey. The case pertains to the conduct of a manager who logged into a private social networking website and observed employees slandering company supervisors and customers. Those same employees were later dismissed. The case exemplifies a rapidly expanding “grey area” between an employee’s work life and personal social life. It begs the question, at what point does a “private” comment to friend made outside of the office constitute defamation, and at what point are such comments simply banter between individuals? Of course, the answer is, it all depends on the facts.
For an interesting discussion on the matter, check out Myrth on a Blog, a personal journal of law, technology and social media.
The posting of a YouTube video of a woman throwing a tantrum at the Hong Kong International Airport should serve as a reminder to Canadian businesses that employees these days can (and do) easily record and post videos online from their mobile phones.
The three minute video shows a Cathay Pacific customer yelling and flailing her limbs as she lies on the floor after missing her flight from Hong Kong to San Francisco. I’ve been upset at missing a flight before, but the woman in this video takes things to an entirely new level. The video has drawn over five millions views and nearly 21,000 comments, which has resulted in some incredibly cruel and objectionable online commentary about the woman. Since the release of the video, Cathay Pacific has disciplined the gate worker who recorded the video on his mobile phone (although the video was posted on YouTube by a third party) and the company has issued a formal apology to the woman.
The video is noteworthy because it demonstrates the power of new technologies such as YouTube and the corresponding risks to Canadian businesses. Had the video been recorded by an employee of a Canadian business, subject to Canadian privacy laws, the potential privacy complaint and/or lawsuit by the woman in the video could have been substantial.
Canadian businesses should be reminded of the need to protect against the dissemination of this type of video through employee privacy training and the adoption and enforcement of privacy policies and procedures.
Canadian businesses don’t need to look too far to find examples where more effective employee privacy training may have mitigated, or even prevented, privacy complaints.
The Lawyers Weekly (a national newspaper for the Canadian legal profession) recently approached me to publish an article for their “Focus on Information Technology” section of the newspaper. The request gave me pause to think about the impact on Canadians’ privacy of recent technological advances such as e-mail, instant messaging, online forums, blogs and social networking websites (such as Facebook and Twitter). Upon reflection, I concluded that these technological advances are the driving force for what I argue are increasing calls for a “third wave” of privacy laws.
The “first wave” of privacy laws (such as the federal Privacy Act) were introduced decades ago to protect the privacy of individuals in respect of public sector government bodies. The “second wave” of privacy laws (such as PIPEDA) were introduced more recently to protect the privacy of individuals in respect of private sector businesses. Arguably, the only missing link in this chain of privacy protection, and what could be the focus of a “third wave” of privacy laws, is protecting individuals from violations of privacy by other individuals in the non-commercial sphere. My goal with the article was not to promote a “third wave” of privacy laws, but rather to engage Canadians in a debate about whether such laws are required.
I also encourage you to share your thoughts on whether – in the era of Facebook and Twitter – the status quo is sufficient or whether a “third wave” of privacy laws are needed.
As you know, instant messaging, text messaging, blog postings, online chat forums and social networking websites (such as Facebook and MySpace) have changed the way in which people communicate. Regrettably, however, many of these new communications tools (in particular, online forums and social networking websites) are being used to defame not only individuals, but businesses as well. It should not be forgotten that businesses can be defamed.
In general, the defamation (written and spoken) of a business occurs when a party lowers the reputation of a business in the estimation of other members of society or an industry. Since a business doesn’t have “feelings”, defamation cases related to businesses focus on the damage to a business’ reputation or goodwill due to the comments of another party. The following court cases are worth checking out, both of which confirm that a business can be defamed and, as a result, is entitled to receive monetary compensation.
In Barrick Gold v. Lopehandia, the defendant was found liable for a massive online defamation campaign initiated by the defendant against the plaintiff. The defendant had posted comments on gold and mineral investor related online forums defaming the plaintiff. The Ontario Court of Appeal noted that Internet defamation is different than traditional written forms of defamation since online defamation, or “cyber libel”, is often taken at face value, and is capable of instantly reaching an unlimited number of persons around the globe. The plaintiff corporation was awarded $75,000 in general damages for damage to its reputation and goodwill, $50,000 in punitive damages, and a permanent injunction to prevent further postings.
In WeGo Kayaking Ltd. et al v. Sewid, the British Columbia Supreme Court awarded $250,000 in general damages to the plaintiff corporation in relation to “review” comments posted online that incorrectly and intentionally classified the plaintiff as a “bad” tour company.
Defamation doesn’t just happen to individuals. These cases serve as a reminder to businesses that they are capable of being defamed and, as a result, should diligently protect their online reputations.
Do you ever wish you were Jack Bauer from the TV show 24? Here’s your chance!
There are a growing number of articles that are highlighting the threat of “cyber-terrorism”. It’s a scary topic that is surely consuming the time of government technology infrastructure professionals in the U.S. and Canada.Some of these articles discuss the remote possibility that terrorists may perpetrate cyber-attacks against critical online government and corporate infrastructure.Other articles discuss the very real possibility that terrorists may simply use the Internet (and the information contained online) to plan attacks in the real world. Don Cavender, a special agent and instructor with the FBI’s Computer Training Unit at Quantico, Virginia, is quoted in an excellent ZDNet article and says that “the worry right now is not so much a cyberterrorism event…but when the terrorists use the Internet to facilitate the planning of these attacks.”
We all know that the Internet is filling up with vast amounts of data including people’s personal information, as well as corporate and government data.The lesson that I take from all of these “cyber-terrorism” related articles is that businesses should make sure that they are working with technology professionals to secure their databases and limit the amount of personal information and corporate data available online.Of course, there are many reasons for businesses to secure their databases and to limit what information is available online.For example, privacy laws such as Canada’s PIPEDA regulate the safeguarding of personal information.And, there are good business reasons to limit the availability of proprietary corporate data online.But, if you ever wished you were Jack Bauer, then here’s your chance to fight terrorism…one corporate move at a time.
Last week’s headlines regarding Facebook (see post below) really seemed to raise the awareness of Facebook users about its Terms of Use. The troubling reality that many Facebook users haven’t read its Terms of Use illustrates the all too common practice of website users not reading the Terms of Use of websites they visit.
Website Terms of Use are important to read, especially if you’re then going to post information on or through the website. If you’re a Facebook user, read its Terms of Use to determine if you actually agree to them. If not, you may want to reconsider continuing to be a Facebook user or you may want to simply refrain from posting content that you don’t want to fall under the scope of its Terms of Use.
If your business has a website, check to see if it has a comprehensive Terms of Use document that’s been customized accordingly. Terms of Use are vital documents for websites because they set out the ground rules regarding – among other things – the ownership of content, licence rights, use of the website by minors, user submissions/postings and intellectual property rights. They are intended to serve as legally binding contracts between website operators and users, so they’re pretty important!
Facebook may have suffered a public relations setback last week, but for a commercial enterprise it was on the right path when it reviewed and tried to customize its Terms of Use to meet its business objectives. All businesses that have websites should review and, if necessary, modify their Terms of Use on a regular basis.
After several days of intense media scrutiny, Facebook has backed down on controversial changes to its Terms of Service (TOS). Both CTV Winnipeg and the Winnipeg Free Press asked me to comment on this timely story, which provides a lesson for other businesses that operate websites to be mindful that TOS (and privacy policies) must be able to withstand legal scrutiny but also user expectations.
My November 5, 2008 column in the Winnipeg Free Press provides some tips on how to be a savvy online shopper and the benefits to online retailers of having sercure websites and comprehensive online privacy policies.
My July 2, 2008 column in the Winnipeg Free Press announces the Privacy Commission of Canada’s new youth privacy site, My Privacy. This is a great site for both parents and their children to view, to help youthful Internet users to be aware of the dangers of ignoring privacy settings as they’re filling out personal information on sites like Facebook and MySpace.
In today’s economy, information is the most valuable corporate asset. And for this reason, businesses of all sizes should take steps to protect corporate information regardless of whether it is stored online or off-line. Whether it’s customer or supplier lists, intellectual property or employees’ personal information, it’s information that needs safekeeping. My September 6, 2006 column for the Winnipeg Free Press discusses the importance of protecting corporate information.
This blog provides practical assistance to Canadian businesses so they can better deal with issues related to privacy, access to information, online reputation management, intellectual property and technology legal matters. I hope you subscribe to this blog via RSS (below) or via e-mail (below) so that you can receive timely updates to new posts. Thanks, Brian
This blog is presented for informational purposes only. Content does not constitute legal advice or solicitation and does not create solicitor-client relationship. Views expressed are solely the author's and should not be attributed to any other party, including Pitblado LLP or its clients. The author makes no guarantees regarding the accuracy or adequacy of the information contained herein or linked to via this blog. The author is not able to provide free legal advice. If you are seeking advice on specific matters, please contact Brian Bowman at (204) 956.3520 or bowman@pitblado.com, but please be aware that any unsolicited information sent to the author cannot be considered to be solicitor-client privileged. Comments published on this blog do not reflect the views of Brian Bowman, Pitblado LLP or its clients.
Can the act of connecting with other professionals on social networking websites such as LinkedIn constitute a violation of a non-compete or non-solicitation contractual undertaking? Are departing employees that are subject to such restricted covenants required to disconnect and “de-friend” colleagues and customers of their former employer until the contractual undertaking have expired?
Posted by Brian Bowman 
A great feature of 
The number of cases involving Internet defamation seem to be growing every day. So too, are the number of related issues that businesses need to consider in relation to online activities. Case in point is the recent British Columbia Court of Appeal decision of 
The Federal Government’s recent initiative to modernize law enforcement related legislation for the Internet age has (at least within law enforcement and privacy circles) once again propelled the issue of privacy vs. security to the forefront. The issues are incredibly important for Canadians, yet there has been little debate within the wider public. That being said, I’m pleased to read Ian MacLeod’s recent Ottawa Citizen 
A widely reported and controversial issue these days relates the identification of anonymous bloggers (I’ve commented on this issue in previous 
BBC News
The Lawyers Weekly
For over a year, there has been widespread speculation in Ottawa over who is behind a particular blog. In this respect, I’ve been retained by a prominent individual residing in the Ottawa area to deal with defamatory content on the blog and to discover the identity of the anonymous blogger (or bloggers) for court action and, ultimately, damages and costs. Click 
The 
The Lawyers Weekly
As you know, instant messaging, text messaging, blog postings, online chat forums and social networking websites (such as 
Do you ever wish you were 
Last week’s 
After several days of intense media scrutiny, 
Online shopping a risky transaction: Protect yourself from identity thieves
New push to educate on online privacy: Youth can get info on important website
Facebook website not all fun and games
Identity theft, loss of privacy face people in a wired world 
Fight spam: “Don’t try, don’t buy and don’t reply”
Why employers should care about blogging
Privacy still on Canadians radar screen: poll
Information requires safekeeping
Identity thieves steal business reputations; privacy law audit a good place to begin prevention
