The Privacy Lawyer: What To Do Before The RIAA Knocks - InformationWeek
Software // Enterprise Applications
10:02 PM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

The Privacy Lawyer: What To Do Before The RIAA Knocks

You don't want to be subpoenaed, but if you are served, be prepared

The Recording Industry Association of America is taking dramatic steps to protect its copyrights against free file sharing, and it hasn't ruled out serving subpoenas on companies and universities that offer E-mail and Internet access to employees and students if it suspects that they use those systems to pirate material. So what do you do if worse comes to worst and the RIAA knocks?

Check your privacy policies. What do you say is done with data collected from users at your sites? What do they say you do with the data? Do you have a legal-process exception, and does the exception state that you comply with court orders? Have your privacy lawyers review the language. Are you subject to confidentiality agreements that might be affected by a demand for user information?

Call your data-management contractor. What protections do you have if it's served with a subpoena? Review the contract, and make sure it provides for legal-process exceptions and for sufficient advance notice to you if it's served before your contractor complies.

If you're managing others' data, make sure you're indemnified for complying with a 512(h) subpoena, which can be used to obtain the identities of everyone sharing music online. If you belong to a privacy program like Trust-e, make sure that complying with a 512(h) subpoena doesn't violate its policies. Check with counsel in advance about what information you maintain and how it's collected, stored, and accessed. You don't have to give up data you don't have. Don't collect what you don't have to. If there isn't a valid business purpose for it, the risks will always exceed the benefits of keeping it.

If you are subject to the Children's Online Privacy Protection Act, don't respond to a subpoena unless you get knowledgeable advice. Any response to the 512(h) subpoena in connection with a child under the age of 13 may violate the act, which carries legal consequences.

Talk to your privacy professionals to see if health, securities, or financial-privacy regulations are relevant when complying with a subpoena and make sure your human-resources team knows these issues.

Make sure your data- or Internet-related insurance cover good-faith compliance with a 512(h) subpoena.

Pull together a privacy assault team that includes your legal, data-security, privacy, HR, operations, marketing, and public-relations teams. Working together in the event of a serious privacy-implicated event is key to being able to handle it successfully and with minimal adverse impact.

Warn the applicable departments about the process, and make sure you're informed quickly if a subpoena is served. Response should be done under the watchful eye and informed advice of your privacy professionals, not by a clerk.

Review your acceptable Internet-use policy and make sure you prohibit the misuse of peer-to-peer apps.

Consider offering educational and awareness programs for your employees. Helping your employees talk to their children about the implications of downloading music online is helpful as well.

Run frequent audits to make sure P-to-P apps haven't been installed and, if possible, block access to peer-to-peer services. Remember that you don't want to be served, but if you are served, you don't want to be unprepared.

Parry Aftab is a cyberspace lawyer, specializing in online privacy and security law. She can be reached at

To discuss this column with other readers, please visit the Talk Shop.

To find out more about Parry Aftab, please visit her page on the Listening Post.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll