Software // Enterprise Applications
Commentary
10/2/2003
10:02 PM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

The Privacy Lawyer: What To Do Before The RIAA Knocks

You don't want to be subpoenaed, but if you are served, be prepared

The Recording Industry Association of America is taking dramatic steps to protect its copyrights against free file sharing, and it hasn't ruled out serving subpoenas on companies and universities that offer E-mail and Internet access to employees and students if it suspects that they use those systems to pirate material. So what do you do if worse comes to worst and the RIAA knocks?

Check your privacy policies. What do you say is done with data collected from users at your sites? What do they say you do with the data? Do you have a legal-process exception, and does the exception state that you comply with court orders? Have your privacy lawyers review the language. Are you subject to confidentiality agreements that might be affected by a demand for user information?

Call your data-management contractor. What protections do you have if it's served with a subpoena? Review the contract, and make sure it provides for legal-process exceptions and for sufficient advance notice to you if it's served before your contractor complies.

If you're managing others' data, make sure you're indemnified for complying with a 512(h) subpoena, which can be used to obtain the identities of everyone sharing music online. If you belong to a privacy program like Trust-e, make sure that complying with a 512(h) subpoena doesn't violate its policies. Check with counsel in advance about what information you maintain and how it's collected, stored, and accessed. You don't have to give up data you don't have. Don't collect what you don't have to. If there isn't a valid business purpose for it, the risks will always exceed the benefits of keeping it.

If you are subject to the Children's Online Privacy Protection Act, don't respond to a subpoena unless you get knowledgeable advice. Any response to the 512(h) subpoena in connection with a child under the age of 13 may violate the act, which carries legal consequences.

Talk to your privacy professionals to see if health, securities, or financial-privacy regulations are relevant when complying with a subpoena and make sure your human-resources team knows these issues.

Make sure your data- or Internet-related insurance cover good-faith compliance with a 512(h) subpoena.

Pull together a privacy assault team that includes your legal, data-security, privacy, HR, operations, marketing, and public-relations teams. Working together in the event of a serious privacy-implicated event is key to being able to handle it successfully and with minimal adverse impact.

Warn the applicable departments about the process, and make sure you're informed quickly if a subpoena is served. Response should be done under the watchful eye and informed advice of your privacy professionals, not by a clerk.

Review your acceptable Internet-use policy and make sure you prohibit the misuse of peer-to-peer apps.

Consider offering educational and awareness programs for your employees. Helping your employees talk to their children about the implications of downloading music online is helpful as well.

Run frequent audits to make sure P-to-P apps haven't been installed and, if possible, block access to peer-to-peer services. Remember that you don't want to be served, but if you are served, you don't want to be unprepared.

Parry Aftab is a cyberspace lawyer, specializing in online privacy and security law. She can be reached at parry@aftab.com.


To discuss this column with other readers, please visit the Talk Shop.

To find out more about Parry Aftab, please visit her page on the Listening Post.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.