Archive for October, 2010

Department of Energy’s Report on Data Access and Privacy Issues Related to Smart Grid Technologies

Posted by fgilbert on October 7th, 2010

On October 5, 2010, the US Department of Energy (DoE) issued two important reports that outline recommendations for the use of Smart Grid technologies.  One of the reports focuses on the protection of personal data that will be collected through Smart Grid meters, the other addresses communications requirements.  Both reports were issued after consultation with the utilities, consumer advocates, and telecommunications companies.

The 65 page DoE report on Data Access and Privacy Issues Related to Smart Grid Technologies recommends that detailed energy consumption information that is collected through the use of Smart Grid technologies be accorded privacy protections that are similar to the protections that are granted to other categories of personal data.

The DoE report outlines privacy rights and protection that are very similar to that which are found in the seminal documents that define privacy rights, such as the US Fair Information Principles, the OECD Privacy Guidelines, or the EU Data Protection Directive.  For example, the DoE Report recommends that residential and commercial consumers should be able to access their own energy consumption data.

The DoE report contemplates that third parties will be involved and will provide services that exploit the data collected by the Smart Grid technologies.  As a result, it recommends that consumers should have the right to decide whether to grant access to third parties.  The DoE points out that it would be important to define the conditions under which consumers can authorize access to their information by third-parties. Suggestions include a prohibition on disclosure of consumer data to third parties in the absence of an opt-in, i.e., affirmative consent by a consumer.

Further, the authorization should specify the purposes for which the third party is authorized to use the data, the term of the authorization, and the means for withdrawing an authorization. In addition, authorized third parties should be required to protect the privacy and security of consumer data and to use the data only for the purposes specified in the authorization.  The DoE recommends that the States should define the circumstances, conditions, and data that utilities may disclose to third parties.

The DoE report is especially concerned about ensuring that consumers understand the purposes and uses of Smart Grid technologies.  It recommends that consumer be educated about the benefits of Smart Grid and the use of Smart Grid technologies. Special attention should be placed on certain populations, such as rural, low-income, minority and elderly populations, in order to ensure their access to information.  In order to ensure successful implementation of the technologies, the DoE recommends that the pace of deployment of smart grid technologies do not outpace consumer education.

The DoE report identifies a number of issues for which more analysis and consultation is to be done in order to reach some consensus.  These issues include the specific data that utilities should be required to disclose to authorized third parties, and how utility liability could be limited when utilities are required to disclose data to authorized third parties.  Other issues that are not yet resolved include the applicable complaint procedures once third-party access has been authorized, whether third parties should be certified, whether utilities could charge a fee for providing third-party access to consumer energy data, and whether service providers should be required to obtain further informed consent before disclosing such data.

While the use of Smart Grid technologies bring new prospects for a wide variety of service providers, companies interested in exploring the Smart Grid data market should be aware of the multiple restrictions that are likely to be attached to the use, disclosure, sharing and protection of these data.

Copy of the DoE report Data Access and Privacy Issues Related to Smart Grid Technologies available at http://www.gc.energy.gov/documents/Broadband_Report_Data_Privacy_10_5.pdf

When Will Your CEO’s Social Media Postings End-Up in a Court Room?

Posted by fgilbert on October 7th, 2010

Social networks such as Facebook and MySpace allow members to create an online profile that may be accessed by other members.  Some social networks have privacy controls that allow members to choose who can view their profiles or contact them.  Others do not require pre-approval to gain access to a member’s profiles.

These materials are easy target for trial or litigation attorneys who may wish to use them to impeach the opposing party or its witnesses.

According to two recent opinions of State Bar Associations regarding the ethics of accessing materials posted on a social networking site to gather information for pending litigation, it is appropriate to access and use this information so long as the information is publicly posted on the social network site.  If access is restricted, the lawyer may not employ deception – e.g., under false pretense “friend” the targeted person – to access these materials.

These two opinions provide concrete examples of why it is important for companies to ensure the propriety and accuracy of their executives and employees’ postings on social media.  If litigation occurs, attorneys will not hesitate to look for material on social media, for use as evidence or in order to impeach litigants or witnesses.  So long as the postings are not protected by the appropriate privacy and security settings, it will be fair to use their content in litigation.

The New York State Bar Association addresses access to the pages of a party to the litigation, while the Philadelphia opinion addresses access to non public pages of a witness.

Access to the Public Pages of a Litigant

The New York State Bar Association (NYSBA) was issued in response to an inquiry about accessing parts of a litigant’s postings on social networks that are accessible to all members of the network.

NYSBA opined that a lawyer who represents a client in a pending litigation, and who has access to the social network used by another party in litigation, may access and review the public social network pages of that party to search for potential impeachment material provided that the lawyer does not employ deception (including, for example, employing deception to become a member of the network).

As long as the lawyer does not “friend” the other party or direct a third person to do so, NYSBA considers that accessing the social network pages of the party would not violate the ethics rules prohibiting deceptive or misleading conduct and false statements of fact or law.

Obtaining information about a party available on social media is similar to obtaining information that is available in publicly accessible online or print media, or through a subscription research service such as Nexis.

Access to the Restricted Pages of a Litigant

NYSBA’s opinion pointed to the major difference between the facts above, and an attempt at friending someone in order to access information for which access is restricted.  In a footnote to its opinion above, NYSBA commented that an attempt to friend an unrepresented party would violate the rule that prohibits a lawyer from stating or implying that he or she is disinterested, and requires the lawyer to correct any misunderstanding as to the lawyer’s role.

Further, a lawyer’s attempt at friending a represented party in a pending litigation would violate the “no-contact” rule, which prohibits a lawyer from communicating with the represented party about the subject of the representation without the prior consent of the litigant’s lawyer.

Access to the Restricted Pages of a Witness

A few months earlier, the Philadelphia Bar Professional Guidance Committee addressed the propriety of friending an unrepresented adverse witness in a pending lawsuit to obtain potential impeachment material.   The lawyer wanted to cause a third party to access the social media pages maintained by a witness in order to obtain information that might be useful for impeaching the witness at trial. These pages were not generally accessible to the public, and required that the witness have previously allowed someone to friend her.

The Guidance Committee, concluded that the proposed conduct would violate the Pennsylvania Rules of Ethic that (a) prohibit conduct involving dishonesty, fraud, deceit or misrepresentation, (b) prohibit the use of false statement of fact or law to a third person and (c) hold lawyers responsible for the acts of third parties under their supervision.  The proposed friending by a third party would constitute deception as well as a supervisory violation because the third party who would friend the witness would omit a material fact: that the third party would be seeking access to the witness’ social networking pages solely to obtain information for the lawyer to use in the pending lawsuit.

How Companies Can Reduce the Risk of Backlash from Postings on Social Media

The two opinions discussed above provide concrete examples of why it is very important to monitor managers and employees’ postings on social media.  If litigation occurs, opposing counsel will not hesitate to look for material on social media, in order to impeach the other party or its witnesses.  So long as the postings are not protected by the appropriate privacy settings, the two ethical opinions above indicate that it will be fair to use them in litigation.

Given that some social networks are notorious for changing privacy settings without prior clear and conspicuous notice to their members, and happily sharing and publishing more than what some of their members intended, it is essential to keep in mind  – or assume – that any posting on a social network is likely to become public.  The unwanted publication may result from the negligence of the author or of his “friends”, or from technical or procedural glitches caused by the social network host or its service providers and partners.

Appropriate training of employees and executives to raise their awareness of the consequences of their use of social networks is essential to help reduce the likelihood of mishaps.  Colorful descriptions of one’s day at the office may become critical evidence to impeach a witness or questions the truthfulness of his statements.

In order to provide guidance, increase appreciation of the wonders and dangers of social media, and raise the awareness of employees and executives, consider the following:

  • Establish rules and guidances about what may or may not be posted on social media, in blogs, in user forums and other public forums about activities of the company;
  • Update and refine these rules as incidents occur and lessons are learned;
  • Arrange for periodic reminders about these rules, such as brown bag lunches, newsletters, or formal training sessions;
  • Organize periodic situational training for executives and employees to ensure that they appreciate the nature and extent of the threats and risks to which information are exposed and the potential results if the materials were used against them or against the company;
  • Ensure that executives and employees understand the frailty of Internet walls and that any statement anywhere on the Internet is likely to become public at some point – most likely in a court room (and if not, on the first page of the paper or the news site);
  • Periodically monitor the postings by employees and executives in order to verify compliance;
  • Discipline the infringers accordingly.

Sources:   

New York State Bar Association – Opinion 843 (September 2010).

Philadelphia Bar – Opinion 2009-02 (March 2009).