1. Security: Identifying and Managing the Legal Risks of Development and Twitter Prof. Jonathan I. Ezor Touro Law Center 140: The Twitter Conference September 23, 2009 jezor@tourolaw.edu @ProfJonathan
2. Risk Management Key to Successful Business Risks come from many sources Financial Technological Legal “Silos” can lead to missed risks (and opportunities) Legal (hopefully) constructive part of team jezor@tourolaw.edu / @ProfJonathan
3. Software Development, Internet Both Have Unique Risks Each depends on other vendors, users for functionality Each also used for business-critical functions Combination adds to challenges jezor@tourolaw.edu / @ProfJonathan
4. Risks and Management for Twitter Software Developers Rights to their own code Use and limits of contract language General workplace risk from soc media use Unexpected legal issues The Fail Whale Insurance jezor@tourolaw.edu / @ProfJonathan
5. Code and Copyright Software covered by copyright Under US law, copyright exists on creation Generally, creator (or employer) automatically owns copyright Otherwise, only transferred in writing Filing allows for litigation, increases remedies jezor@tourolaw.edu / @ProfJonathan
6. Licenses: Giving and Receiving Licenses how copyright holders control use by others Many types Cover variety of rights Freeware ≠ Public Domain (“libre” vs. “gratuit”) For software, license may be to object and/or source code jezor@tourolaw.edu / @ProfJonathan
7. Accidental Open Source “Infection” Open source licenses require devs to make source code avail to users May be free or commercial Different licenses (GNU, Creative Commons, Etc.) Issue when open source incorporated into intended closed source May turn entire project into open source Developer may not know about inclusion Must educate developers, monitor libraries/code jezor@tourolaw.edu / @ProfJonathan
8. Contract Language Contracts popular way to identify/manage risks Provide permitted uses State/limit warranties Limit liability Set applicable law May be provided in EULA, Terms of Use, etc Employee contracts also crucial (NDAs, non-competes, etc.) jezor@tourolaw.edu / @ProfJonathan
9. Contracts May Not Provide Expected Protection Contracts governed by state law Some language may be overbroad Clickthroughs may/may not be sufficient Copying others’ contracts could be problem As risks increase, need for signed contract does as well jezor@tourolaw.edu / @ProfJonathan
10. General Workplace Risks from Social Media Use As said yesterday, Twitter-focused companies “eat their own dog food” Also as said yesterday, humor in business doesn’t always work well Need to balance benefits and risks of Internet access/use in workplace Culture, business need, productivity all concerns jezor@tourolaw.edu / @ProfJonathan
11. http://shankman.com/be-careful-what-you-post/ Many of my peers and I feel this is inappropriate. We do not know the total millions of dollars FedEx Corporation pays Ketchum annually for the valuable and important work your company does for us around the globe. We are confident however, it is enough to expect a greater level of respect and awareness from someone in your position as a vice president at a major global player in your industry. A hazard of social networking is people will read what you write.
17. What if Twitter Fails? Building business on single vendor puts success in its hands Twitter a single company, single product Subject to technical issues, business risks of own When Twitter Ain’t Running, Ain’t Nobody Running: http://bit.ly/19gpb3 jezor@tourolaw.edu / @ProfJonathan
18. Appropriate Insurance a Key Risk Management Component Most businesses have some kind of insurance Question whether it covers Internet-related risks Many carriers offer appropriate policies Need to ask/find broker who also understands jezor@tourolaw.edu / @ProfJonathan
19. jezor@tourolaw.edu Knowledge, Policies and Procedures Must Work Together To Minimize Risks Create a “Social Media Policy” and enforce it (Good list at http://bit.ly/58oeQ) Adequate funding of IT staff, including training Make sure employees and outside professionals given proper education Set up systems with business concerns in mind Keep up with trade press Follow company on Twitter, FB, etc.