You\u27ve got mail the study of the attorney-client privilege and the use of electronic mail

The prolific use of the internet and electronic mail within the legal profession presents novel challenges to the application of the attorney-client privilege; especially, in regards to protecting intended confidential communications relayed through e-mail. This thesis addresses the question of whether an attorney in Florida, through electronic mail use, can waive his client\u27s right to the protections of the attorney-client privilege. After a review of current case law, law review articles, statutes, and texts, this thesis concluded that an attorney\u27s communication through e-mail warrants a reasonable expectation of privacy, permitting the attorney to speak in reasonable confidence to clients through the web. However, attorneys, ethically, should consider the strong repercussions for using such a potentially transparent medium for communication. By examining the relationship between current law, the application of the attorney-client privilege, and a reasonable expectation of privacy, this study provides a comprehensive analysis for attorneys concerned with electronic mail usage. Lastly, this thesis provides attorneys with best practices for their electronic mail communications

Drawing the Line Between Competing Interests: Strengthening Online Data Privacy Protection in an Increasingly Networked World

This article seeks to elucidate these issues and provide a roadmap for the U.S. government to create unified federal laws to provide the private sector with specific protocols regarding use and dissemination of consumer personal information. First, this article will provide an explanation of the U.S.’s current sector-by-sector approach to regulating personally identifying information and will provide a case study of the Federal Trade Commission’s (“FTC”) enforcement action against a social networking site in 2011 as one example of the FTC’s recent efforts at regulating online privacy. Next, this article will analyze the U.S.’s current challenge of judicial enforcement of privacy laws in federal courts and will address recent efforts by Congress, the White House, and the FTC to develop comprehensive online privacy legislation. Third, this article will discuss the European Union’s approach to data protection, including such legislation as the 2012 E.U. Proposed Data Protection Directive. Fourth, this article will provide specific recommendations for strengthening U.S. data protection policies to address new technologies that have surfaced since the inception of U.S. federal and state online privacy laws. These recommendations include passing uniform federal legislation that will include provisions that model the EU’s recent approach to data protection. Such legislation should establish a data controller within both the public and private sectors and require both public and private entities to provide transparent disclosures to consumers regarding the type of information the entity plans to collect and what purposes the entity will use the information for. Additionally, such legislation should require companies to obtain affirmative consent from consumers prior to collecting personally identifying information. Legislation should also provide consumers with a “right to be forgotten” that would mandate entities to stop tracking the consumer’s personal information when requested. Finally, this article will propose that the FTC work with industry leaders within business communities to adopt industry specific codes of conduct that businesses can voluntarily opt into by self-certifying their compliance with such codes of conduct. In doing this, the U.S. can more effectively balance individual, community, and governmental interests in the area of data protection and ensure that both individuals and entities are on the same page with regard to the collection and use of the personally identifying information of consumers

Lost in the Cloud: Information Flows and the Implications of Cloud Computing for Trade Secret Protection

As has been noted elsewhere, the advent of digital technology and the Internet has greatly increased the risk that a company’s trade secrets will be lost through the inadvertent or intentional distribution of such secrets. The advent of cloud computing adds another dimension to this risk by placing actual or potential trade secrets in the hands of a third-party: the cloud computing service. This article explores the legal and practical implications of cloud computing as they relate to trade secret protection. While there are many types of cloud computing services, this article focuses on cloud-based services that offer businesses the ability to upload and store information and data remotely via the Internet (hereinafter “cloud storage services”). The first part of the article discusses the practices of cloud storage services and the current state of trade secret law in order to identify and explain the risks posed to trade secrets stored in the Cloud. It begins with an overview of the cloud computing industry, including an examination of the terms of service agreements used by cloud storage services. After a brief explanation of the requirements for trade secret protection (with particular emphasis on the reasonable efforts requirement), the article then explains the third-party doctrine of trade secret law and how that doctrine threatens to waive trade secrecy for information stored in the Cloud. Because the analysis of the relationship between cloud storage services and their customers leads to the conclusion that, at least in the absence of an express or implied-in-fact agreement to the contrary, no duty of confidentiality is established and trade secrecy is likely to be waived, the article ends by exploring potential refinements and exceptions to the third-party doctrine of trade secret law. After concluding that no existing definition of disclosure provides a workable exception to the third-party doctrine of trade secret law, the article ends with a proposal that the law officially recognize an expanded taxonomy for trade secret law that recognizes a distinction between trade secrecy destroying “disclosures” and non-trade secrecy destroying “mere transfers.

Lost in the Cloud: Information Flows and the Implications of Cloud Computing for Trade Secret Protection

As has been noted elsewhere, the advent of digital technology and the Internet has greatly increased the risk that a company’s trade secrets will be lost through the inadvertent or intentional distribution of such secrets. The advent of cloud computing adds another dimension to this risk by placing actual or potential trade secrets in the hands of a third-party: the cloud computing service. This article explores the legal and practical implications of cloud computing as they relate to trade secret protection. While there are many types of cloud computing services, this article focuses on cloud-based services that offer businesses the ability to upload and store information and data remotely via the Internet (hereinafter “cloud storage services”). The first part of the article discusses the practices of cloud storage services and the current state of trade secret law in order to identify and explain the risks posed to trade secrets stored in the Cloud. It begins with an overview of the cloud computing industry, including an examination of the terms of service agreements used by cloud storage services. After a brief explanation of the requirements for trade secret protection (with particular emphasis on the reasonable efforts requirement), the article then explains the third-party doctrine of trade secret law and how that doctrine threatens to waive trade secrecy for information stored in the Cloud. Because the analysis of the relationship between cloud storage services and their customers leads to the conclusion that, at least in the absence of an express or implied-in-fact agreement to the contrary, no duty of confidentiality is established and trade secrecy is likely to be waived, the article ends by exploring potential refinements and exceptions to the third-party doctrine of trade secret law. After concluding that no existing definition of disclosure provides a workable exception to the third-party doctrine of trade secret law, the article ends with a proposal that the law officially recognize an expanded taxonomy for trade secret law that recognizes a distinction between trade secrecy destroying “disclosures” and non-trade secrecy destroying “mere transfers.

Overcoming Data Breaches and Human Factors in Minimizing Threats to Cyber-Security Ecosystems

This mixed-methods study focused on the internal human factors responsible for data breaches that could cause adverse impacts on organizations. Based on the Swiss cheese theory, the study was designed to examine preventative measures that managers could implement to minimize potential data breaches resulting from internal employees\u27 behaviors. The purpose of this study was to provide insight to managers about developing strategies that could prevent data breaches from cyber-threats by focusing on the specific internal human factors responsible for data breaches, the root causes, and the preventive measures that could minimize threats from internal employees. Data were collected from 10 managers and 12 employees from the business sector, and 5 government managers in Ivory Coast, Africa. The mixed methodology focused on the why and who using the phenomenological approach, consisting of a survey, face-to-face interviews using open-ended questions, and a questionnaire to extract the experiences and perceptions of the participants about preventing the adverse consequences from cyber-threats. The results indicated the importance of top managers to be committed to a coordinated, continuous effort throughout the organization to ensure cyber security awareness, training, and compliance of security policies and procedures, as well as implementing and upgrading software designed to detect and prevent data breaches both internally and externally. The findings of this study could contribute to social change by educating managers about preventing data breaches who in turn may implement information accessibility without retribution. Protecting confidential data is a major concern because one data breach could impact many people as well as jeopardize the viability of the entire organization

Electronic Data Discovery: Integrating Due Process into Cyber Forensic Practice

Most organizations and government agencies regularly become engaged in litigation with suppliers, customers, clients, employees, competitors, shareholders, prosecutors or regulatory agencies that nearly assures the need to organize, retain, find and produce business records and correspondence, emails, accounting records or other data relevant to disputed issues. This article discusses some high visibility cases that constrain how metadata and content is routinely made available to opposing parties in civil litigation, to prosecutors in criminal prosecutions and to agency staff in regulatory enforcement litigation. Public policy, as implemented in the rules of evidence and pretrial discovery, restrict electronic data discovery (EDD) as it becomes a predominant and potentially costly pre-trial activity pivotal to modern litigation. This article discusses these constraints while identifying opportunities for the interdisciplinary activities among litigators, forensic experts and information technology professionals

Designing the Health-related Internet of Things: Ethical Principles and Guidelines

The conjunction of wireless computing, ubiquitous Internet access, and the miniaturisation of sensors have opened the door for technological applications that can monitor health and well-being outside of formal healthcare systems. The health-related Internet of Things (H-IoT) increasingly plays a key role in health management by providing real-time tele-monitoring of patients, testing of treatments, actuation of medical devices, and fitness and well-being monitoring. Given its numerous applications and proposed benefits, adoption by medical and social care institutions and consumers may be rapid. However, a host of ethical concerns are also raised that must be addressed. The inherent sensitivity of health-related data being generated and latent risks of Internet-enabled devices pose serious challenges. Users, already in a vulnerable position as patients, face a seemingly impossible task to retain control over their data due to the scale, scope and complexity of systems that create, aggregate, and analyse personal health data. In response, the H-IoT must be designed to be technologically robust and scientifically reliable, while also remaining ethically responsible, trustworthy, and respectful of user rights and interests. To assist developers of the H-IoT, this paper describes nine principles and nine guidelines for ethical design of H-IoT devices and data protocols