Social media, privacy and employment law

Posted on by

Employees and Social Media Passwords

There is a growing trend for organisations to ask employees or job applicants for their social media login details, particularly in regulated industries such as financial services and public sector government jobs.

There have been some high profile cases in America where this has already happened, such as those working for the city of Bozeman, Montana, although they have now changed their position. Employers will argue a candidate’s online profile is representative of what kind of person that employee is and how they will fit into the organisation. They will also argue that as employees are the face of the organisation, they want candidates who conduct themselves in a manner which is reflective of the organisation they work for. Other organisations may feel that they have a duty to monitor online profiles, for example, to make sure there are no conflicts of interest.

This is not a new trend. There are products on the market which have been around for some time that allow you to scan the internet (including social media sites) to collect information on certain people, one such service is Social Source. There are also a number of employers who admit to viewing a candidate’s social media information by asking a current employee who is already “friends” with the candidate on facebook. However, it is argued that this new trend of requesting a candidate’s social media login details is a riskier business. It would allow employers to view information that they otherwise would not legally be able to use for screening purposes, either intentionally or unintentionally, such as age, religion and sexual orientation.

For some this is an obvious breach of a person’s right to privacy and it is worth noting that this is something recognised by technology companies where the trend is not quite as common. Technology companies appear to be more supportive of their employee’s right to freedom of speech. They seem to believe that maintaining a distinction between their employees’ personal and professional lives is part of encouraging their employees to be freethinking and creative. On the other hand, this may also be because technology companies are better at finding out information that is already in the public domain and they consider this information to be sufficient for screening purposes.

Whilst there are many companies asking for employees for their login details, there is also a growing movement trying to fight back, such as in the American state of Illinois where they want to pass legislation preventing employers from asking job applicants to login to their social media accounts. Alternatively, some individuals are creating multiple social media sites for personal and professional uses, whilst others simply restrict what information they share online.

The intersection of privacy law, the importance of social media for business and each of us personally, employer’s legitimate rights and employee’s right is a minefield at the moment. A very interesting area but one where employers certainly should tread very carefully indeed !

Visit http://www.mylawyer.co.uk for further legal news and interactive legal documents.

Share

Hacking and the Computer Misuse Act

Posted on by

War Against Hackers – A Community Approach

The offence

The Computer Misuse Act 1990 makes it an offence to cause a computer to perform a function with the intention of securing unauthorised access to programs or data held in a computer.  The maximum sentence upon conviction for such an offence is currently 2 years’ imprisonment.

Hacking threats

In recent times, according to Blackhawk Investigations,  the threat from hacking has become stronger with more and more daily tasks becoming performed on the Internet and computers in general. Estonia and Lithuania were targeted in 2007 and 2008 respectively with major cyber-attacks. In 2009 over 103 countries suffered online attacks simultaneously. The European Union have been keen to irradiate the threat from online crime and now wish to sanction such misconduct in a more draconian manner. The EU is in the process of passing a directive, which would replace the Computer Misuse Act in legislating against compromising IT systems.

The EU proposals

The directive would mean that those convicted of compromising IT systems would face a minimum of two years jail-time rather than a maximum. Another band of a more serious type of offending would also be created where the minimum would be pushed up to five years. The vote for the implementation of the directive exposed 50 votes in favour, 1 against and 3 abstentions.

Aggravating factors

One aggravating feature highlighted by MEPs is where hackers disguise themselves using another person’s electronic identity (IP address) and go on to commit offences. Another instance that would attract harsher punishment appears to be where the hackers act as part of an organized group. The targets of cyber-attacks are another factor to be taken into account when considering appropriate sentences; if the target is an important infrastructure or communication system then higher sentences are deserved as opposed to a single private computer being targeted. Sentences will further depend on the damage caused by the offending behaviour, if the damage is negligible then it has been argued that the behaviour should not be criminally sanctioned.

Liability

Liability could be found not only in individuals but also in companies and entities that commission or allow individuals to gain access to computer material for their benefit. Sanctions for a company found to have done such a thing would include winding up or taking public benefits away from them.

There is clearly a difference between those who hack into computer systems for profit, gain or malice and those who do it ‘because they can’. The case of Gary McKinnon is an interesting one to consider when weighing up these two personas.  He is accused of orchestrating the “biggest military hack of all time”. McKinnon seems acceptant of the fact that he gained access to highly sensitive American computer systems including NASA and the military but insists it was rather easy and he was just poking around for evidence of UFO’s and free energy sources. Exactly what to do with people like Gary McKinnon is a hot topic of debate. He is, of course, an exception and in the majority of cases where a computer has been hacked for personal gain we will all be glad that the legislation exists to bring the perpetrator to justice.

Share

Copyright infringement

Posted on by

Copyrights offer legal protection against infringements. Copyright infringements can be broadly defined as unauthorised uses of copyrighted works (i.e. reproduction without consent of the author). The protection is automatic and arises as soon as the work takes its physical form. The work does not need to be registered with the Intellectual Property Office.

WHAT CONSTITUTES COPYRIGHT INFRINGEMENT?

Copyright infringement includes the following:

  • Making copies of the work – this covers different activities and includes photocopying, making manual reproductions or making copies of audio materials.
  • Making unauthorised profits from the copyrighted work by selling, renting or lending copies (unless the lending falls within the Lending Rights Scheme).
  • Broadcasting or performing a copyrighted work in public also constitutes an infringement. It is important to understand that the public includes the Web. Therefore, unauthorised uploading to services such as YouTube constitutes copyright infringement.
  • Making adaptations of original works (this can include for instance translations of papers).

Importantly, if the copyright work was created by joint authors, a joint creator is not allowed to reproduce the work or grant licences without the consent of the other joint creator.

HOW TO BRING LEGAL ACTION FOR COPYRIGHT INFRINGEMENT?

First of all, only owners have rights to bring actions unless such have been re-assigned (for instance by an exclusive licence). Co-authors can bring legal claims for copyright infringement independently of other co-authors.

Exclusive Licence

Exclusive licence is a legal document issued by the copyright owner authorising the exclusive licensee to exercise certain rights which otherwise would be available only to the copyright owner. Exclusive licence also means that nobody else can enjoy the same rights as the exclusive licensee (at least for the period of the exclusive licence).

Copyright infringement disputes can be very lengthy and costly; therefore it would be wise to at least attempt to resolve the matter outside of court. If out of court dispute resolution is not an option you will need to instruct a lawyer to file papers with the relevant court. It might also be an option to get in touch with some organisations that represent copyright owners such as for instance the Copyrights Group.

Limitation Periods

In the UK, the limitation period for bringing a copyright infringement claim is 6 years from the date of the infringement. For example, if your painting made in 2001, was reproduced and sold in January 2005 without your authority, you would not be able to bring a claim today as the limitation period has already expired (the relevant date was January 2011).

 

IS PLAGIARISM THE SAME AS COPYRIGHT INFRINGEMENT?

The answer mainly depends on the work involved. The act of plagiarism in relation to copyrighted works is nothing more than copying and so naturally constitutes an infringement. However, if the work is not copyrighted, perhaps because it is protection has expired, then plagiarism is not equal to copyright infringement.

WHAT WORKS ATTRACT COPYRIGHT PROTECTION?

  • Music;
  • Drama;
  • Literary works such as poems, journal or newspaper articles, instruction manuals, some types of electronic and paper databases. Even layout of text or use of unique typography can fall within the scope of copyrighted literary works providing that sufficient level of originality and skill was involved in the creation of these works.
  • Artistic works such as photos, sculptures, illustrations;
  • Video materials, broadcasts and movies;
  • Most of the online materials available on the Web such as web pages, logos and custom graphics are protected by copyrights.

HOW LONG ARE WORKS COPYRIGHTED FOR?

  • Different types of work attract different lengths of protection. Artistic, dramatic, literary, films and musical works enjoy 70 years of copyright protection after the death of the creator. Broadcasts and sound recordings are protected for 50 years.

Protecting copyright is now a vital legal issue for business, so if in doubt, get specialist advice from IP solicitors.

Share

Rights to privacy

Posted on by

RIGHT TO PRIVACY: WHAT RIGHTS YOU HAVE UNDER UK LAW

In UK law there is no express right to ‘privacy’. It is important to note, however, that there are a number of laws which indirectly protect the privacy of an individual. For more direct law surrounding an individual’s right to privacy, EU law provides Article 8 of the European Convention on Human Rights (ECHR): the right to respect for private and family life, home and correspondence.

Article 8 of the ECHR and the HRA 1998

The ECHR is incorporated into UK legislation by the Human Rights Act 1998 (HRA). Article 8 of the ECHR provides that “everyone has the right to respect for his private and family life, his home and his correspondence”. Public authority cannot interfere with this right unless it is necessary for democratic society (for example public safety, national security or crime). Public authorities can only interfere with this right if they have a justifiable reason. This requirement is laid out in Section 6 of the HRA. This section states that public bodies, the courts and the government must all ensure that they are acting compatibly with these rights.

The Article 8 right that the ECHR provides individuals has been critical in developing the rights of transsexual/homosexual people. Furthermore, Article 8 has been pivotal in developing the protection of privacy to a person’s office in addition to their home.

The 3 Ways Public Authorities Can Justify an Interference with Your Rights

As has been partly mentioned above, the only way a public body can justify an interference with these rights is if it is in accordance with the law, it is in the interests of the legitimate objectives identified in Article 8(2) and it is necessary in a democratic society. In order to be in accordance with the law, the interference must have a proper legal basis (for example legislation). Additionally, it must also be comprehensible, clear and detailed in order for the public to aware of it and understand it. Article 8(2) sets out the legitimate aims, which are: acting in the interests of national security, acting for the protection of health/morals, acting for the protection of the rights and freedoms of others and acting for the prevention of disorder or crime. The third requirement necessitates that the act is a proportionate measure in achieving its aim. In each case it will be considered whether the aim could have been reached by the use of an alternative, less intrusive method.

Lack of Protection from Private Individuals

It is important to note that the HRA 1998 only binds public authorities, not individuals. This means that there is yet to be a general right of protection of invasion of privacy by other individuals. It is possible however, once you are in front of the court for another related action, to ask the court, as a public body, to ensure they protect your right to privacy throughout the proceedings.

Data Protection

The Data Protection Act 1998 is important to every individual’s privacy. It sets out 8 principles which an individual must comply with when they collect, store, organise and retrieve data. These principles also apply to the protection of an individual’s privacy online.

The Retention of DNA Samples and Fingerprints

In the UK the police had the right to retain DNA samples and fingerprints from individuals who are arrested on suspicion of having committed a criminal offence, but that had never been charged. This was found to be contrary to Article 8 ECHR, and so has since been modified.

The new legislation states that police may keep DNA samples and fingerprints from individuals who have not been charged, as long as they destroy it after 6 years. This is laid out in the Crime and Security Act 2010.

Share

Business ethics and brand me

Posted on by

The trend is in creating a brand, and “brand me” is becoming a legal problem

Perhaps one of the interesting aspects of IP law, privacy and the soaring success of social media ios that employees seem to be becoming more self centred and less employer centred. In other words, are we seeing the rise of ” brand me” and a culture of every man or woman for themselves ?

Abstract evidence of changes in employee behaviour which perhaps support the above are suggested by a recent survey on attitudes to whistleblowing and emploeee conduct in the US.

In a survey by the Ethics Resource Center (ERC) the following were the results :-

  • nearly half of all employees said that in the previous 2 years they were aware of a legal or ethical breach at work
  • Employees are far more open to the concept of reporting any wrongdoing they know of, particularly if there is a financial incentive or reward on offer. Over 60% said they would report wrongdoing
  • There has also been a rise in retaliatory action against an employee who reports others for alleged legal or ethical misconduct. The survey suggested of those who acknowledged they had reported another employee, over 20% said they has experienced some form of backlash
  • Confidence in corporate leadership has also reduced down to a worryingly low figure of just over 60%.
Share

Government plans to share your medical records

Posted on by

Plans to share your medical records with private organisations

A heated debate has started following the news that the Government proposes to share medical records information with 3rd parties. On the one hand, if the data is suitably protected and anonymised, it is clear that there might be some benefits to medical science and to Britain’s pharmaceuticals and medical sectors, both important to the economy. As against this are concerns that the government, whilst stating that any shared data will be done carefully and safely, will not do so.

Confidence that such data sharing would be dealt with properly is not helped by the debacle of the huge amount of money wasted on the now abandoned attempt to centralise a database for all NHS records.

Confidence is further diminished by the fact that a number of NHS authorities have repeatedly lost patient data.

Share