Legal Risks of Social Media and the Surety Bond Producer (Part I of II)

Business owners who use the internet might be aghast to learn of all the potential legal issues that are lurking just out of sight, ready to create legal headaches at any moment. The intent of this article is not to create undue alarm, but to educate bond producers about these potential risks so that they may make informed decisions when they conduct business online.

Intellectual Property

A business’s name is usually a trademark or trade name. Both are considered to be intellectual property entitled to protection. A business’s domain name is also intellectual property entitled to protection. Unauthorized use of a trademark, trade name, or domain name is considered to be an infringement under the Lanham Act, 15 U.S.C. § 1051, et seq., and the unauthorized user can be subject to damages under 15 U.S.C. § 1117(a), including recovery of all profits, damages sustained by the trademark owner, and the costs of the action. Treble damages are possible upon a showing of bad faith (that is, an intentional infringement). Damages might also be available under state trademark laws for marks that are registered at the state level although federal registration and remedies are more commonly used by trademark owners. If a producer sees its name or marks used without authorization, it must take action to stop such infringement; failure to do so can result in diminishment of the value, or a total loss of rights, in the name or marks.

Occasionally a company will come across an unauthorized use of content from its website or other online or print publications. Taking someone else’s content and publishing it online is usually copyright infringement, as there are very limited circumstances under which the use of another’s content without express permission is authorized by law. If the copyright in the content has been registered with the U.S. Copyright Office, the owner of the copyrighted work is entitled to recover statutory damages for any infringement. Federal copyright law provides both civil and criminal penalties for copyright infringement under 17 U.S.C. §501, et seq. Criminal prosecution for copyright infringement under section 506 of the Copyright Act is rare. Other remedies more commonly used include injunctions under section 502, impounding and destruction of infringing goods under section 503, and damages and profits under section 504 (including statutory damages of up to $150,000 for each infringement). Costs and attorney’s fees incurred by the copyright owner in the enforcement action are recoverable under section 505.

Furthermore, if the infringing material is posted online, the copyright owner has some additional options. The Digital Millennium Copyright Act, Pub. L. No. 105-304, 112 Stat. 2860 (Oct. 28, 1998), allows copyright owners to give notice to internet service providers (ISP) to remove such infringing material, with severe penalties to the ISP if the infringing material is not removed. The notice has several particular requirements under the law that must be complied with, so legal assistance might be advisable if a producer wishes to pursue remedies under this law.

One of the first steps that any business using social media should do is to create a profile for the business on Facebook and LinkedIn (and possibly Myspace) and open a Twitter account. Businesses that postpone taking this step are sometimes surprised to find that someone else has already created a profile page or Twitter account using his or her business’s name. If a fake profile has been created, the only remedy offered by social media sites is to have the fake profile removed from the site. The true owner of the business does not get access to those customers and potential customers who were unknowingly accessing the fake profile page. Facebook provides an easy means for users to report fake profiles or the unauthorized use of intellectual property, and Facebook takes prompt corrective action to remove this material. It can be more difficult to get MySpace to take down a fake profile. Although the copyright law provides relief for the infringement of a domain name under 17 U.S.C. §504(c)(3), there is no federal statutory relief for a fake profile.

Privacy

It is vital that any business collecting confidential information from its customers, such as bond producers collect from their clients, take appropriate actions to protect the security of that information. Customers expect all of their personally identifiable information (name, address, social security number, telephone number, credit card number or bank routing information, etc.) to be kept confidential. If a business does not take sufficient steps to protect this information and keep it confidential, the business can be held liable for any unauthorized release of this information. There are a number of federal laws that protect privacy in particular situations, such as the Gramm-Leach-Bliley Act. There are also state laws that impose strict penalties and customer notification procedures on any business that has inadvertently released personally identifiable information or that has been the subject of a hacking attack that resulted in the release of such information. For example, California Civil Code sections 1798.29, 1798.82, and 1798.84 require businesses that maintain unencrypted computerized data that includes personally identifiable information to notify any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The expense of complying with these mandatory notification laws can be overwhelming for a small business.

Hackers are routinely bombarding websites and trying to break through their security protection to reach customer data. This data is then sold to unscrupulous businesses for marketing purposes; credit card or bank routing numbers are used to steal funds. Customers, both individuals and businesses, are rightfully worried about the security of their private information when they provide it as part of an electronic commerce transaction. Any business involved in electronic commerce should ensure that all personally identifiable or other confidential information is encrypted.

A related privacy concern is the use of confidential customer information for targeted marketing. Targeted marketing is when a user of a website sees advertisements on a page that have been selected specifically for that user based on demographic or other information. To protect the customer relationship, it is best for customers to be given the opportunity to “opt in” – that is, authorize the use of their confidential information for targeted marketing purposes. Note that this is the law in the European Union where customers must opt in vs. opting out. Google’s new privacy policy (recently announced and going into effect on March 1, 2012) is at the other end of the spectrum; Google will not allow customers to opt out of its data collection activities.

Antitrust

Internet antitrust cases making headlines in recent years involved the distribution of content by the big players in the industry – Apple, Microsoft, Google, and Netflix. Little attention has been given to the potential for the internet to facilitate antitrust price fixing and other illegal activities. The ease of online communications could be a company’s downfall if a principal or employee is inadvertently engaged in price fixing. An industry listserv or chat room discussion can easily cross the line and inadvertently violate antitrust laws. A discussion about qualifications and licensing requirements might inadvertently result in the suppression of competition and be construed as an antitrust violation.

To avoid the potential for an antitrust violation, anyone communicating online should know with whom they are communicating and refrain from discussing pricing issues, territories, standard setting, or the qualifications of individual people or businesses in the industry. We recommend applying the newspaper test, whereby the person posting comments first asks how the communication would look if it were printed on the front page of The New York Times or some other publication with a large circulation.

Liability

Two problems with online communications are the easy ability to forward content and the permanency of content once it has been published online. With the click of a mouse or a tap on a screen, a comment can be circulated to parties who were never intended to see the original comment. A confidential online conversation between fellow employees about their company’s competitor suddenly becomes a lawsuit for business defamation and the tortious interference with contractual relationships between that competitor and its customers. The two employees who originally posted their comments can remove the comments from wherever they were posted, but those comments are now out there in cyberspace, being replicated to an extent that was inconceivable only a decade ago. To minimize the potential for this type of incident, producers should adopt and enforce policies on the use of social media by their employees.

Sometimes the online postings come from outside of the business. Fortunately for the small business owner, the Digital Millennium Copyright Act also protects the owner of a social media site from liability for the postings of third parties. This includes postings by members of an association on the association’s website. Certain steps must be taken by the website owner under 15 U.S.C. § 512(c) in order to claim that protection.

This is not, however, a complete pass on the potential for claims arising out of the misuse of social media. The tendency of some social media users to type before they think can cause more trouble than copyright or trademark infringement. A business can be held liable for false or misleading online postings that defame its competitors or others. The Communications Decency Act, 47 U.S.C. § 230, protects providers of online interactive services from liability for the content of postings by third parties. Interactive services include blogs, forums, listservs, and other devices by which users may interact with others. Most courts have held the Communications Decency Act grants providers of interactive services immunity from tort liability for information provided by a third party. However, if a principal or an employee posts a defaming comment online, the agency could be held liable for any authorized or apparently authorized defamation.

Conclusion

While there are real risks present in any use of online resources, the informed producer can take steps to protect his or her business from known legal risks. The March/April issue of Pipeline will feature Part II of this article that will discuss legal issues involving employees and social media use.

The author of this article is Eileen Morgan Johnson, Esq., a Partner in the Falls Church, Virginia office of Whiteford, Taylor & Preston, LLP. She can be reached at emjohnson@wtplaw.com.

This article is provided to NASBP members, affiliates, and associates solely for educational and informational purposes. It is not to be considered the rendering of legal advice in specific cases or to create a lawyer-client relationship. Readers are responsible for obtaining legal advice from their own counsels, and should not act upon any information contained in this article without such advice.