In a little-noticed decision, Matter of Noel v. Maria, Support Magistrate Gregory L. Gliedman—a Staten Island, New York family court official—recently permitted a father seeking to modify his child support payments to serve process on the child’s mother by sending her a digital copy of the summons and petition through her Facebook account.

Magistrate Gliedman’s decision struck us at Socially Aware—where we follow such developments closely—as a groundbreaking move. We are unaware of any published U.S. court opinion permitting a plaintiff to serve process on a domestic, U.S.-based defendant through a Facebook account.

As we addressed in a 2012 Socially Aware blog post, in Fortunato v. Chase Bank a federal district court in Manhattan held that Chase Bank could not rely on Facebook to serve a third-party defendant.

While the same federal district court subsequently allowed the FTC to serve defendants through Facebook in FTC v. PCCare247, the service at issue in that case concerned documents other than the summons and complaint, and the defendants were two India-based entities and three India-based individuals who had already appeared through counsel and shown themselves to be on notice of the lawsuit.

Other cases authorizing service via social media have been similarly limited in scope. For example, in WhosHere v. Orun, the U.S. District Court for the Eastern District of Virginia allowed service via social media on a defendant who allegedly resided in Turkey. In Mpafe v. Mpafe, a Minnesota family court authorized the service of divorce proceedings on a defendant by “Facebook, Myspace or any other social networking site” where the defendant was believed to have left the country.


Continue Reading

Not to be outdone by Florida, California has yet again amended its data security breach law and again in groundbreaking (yet confusing) fashion. On September 30, 2014, California Governor Brown signed into law a bill (“AB 1710”) that appears to impose the country’s first requirement to provide free identity theft protection services to consumers in connection with certain data security breaches. The law also amends the state’s personal information safeguards law and Social Security number (“SSN”) law. The amendments will become effective on January 1, 2015.

Free Identity Theft Protection Services Required for Certain Breaches

Most significantly, AB 1710 appears to amend the California breach law to require that a company offer a California resident “appropriate identity theft prevention and mitigation” services, at no cost, if a breach involves that individual’s name and SSN, driver’s license number or California identification card number. Specifically, AB 1710 provides, in pertinent part, that if a company providing notice of such a breach was “the source of the breach”:

an offer to provide appropriate identity theft prevention and mitigation services, if any, shall be provided at no cost to the affected person for not less than 12 months, along with all information necessary to take advantage of the offer to any person whose information was or may have been breached.

The drafting of this requirement is far from clear and open to multiple readings. In particular, the use of the phrase “if any” can be read in multiple ways. For example, the phrase “if any” can be read to modify the phrase “appropriate identity theft prevention and mitigation services.” Under this reading, the law would impose an obligation to provide free identity theft protection services if any such services are appropriate. The phrase “if any,” however, could be read to modify the “offer” itself. Under this alternate reading, the law would provide that if a company intends to offer identity theft protection services, those services must be at no cost to the consumer. It is difficult to know how the California Attorney General (“AG”) or California courts will interpret this ambiguity. One thing is clear: until the AG or courts opine, the standard will remain unclear.

The drafting of the requirement also is not clear in other ways. For example, the statute does not specify what type of services would qualify as “appropriate identity theft prevention and mitigation services.” For example, would a credit monitoring product alone be sufficient to meet the requirement? Or would the law require something in addition to credit monitoring, such as an identity theft insurance element?

Nonetheless, state AGs historically have encouraged companies to provide free credit monitoring to consumers following breaches. In addition, even though not legally required, free credit monitoring has become a common practice, particularly for breaches involving SSNs and also increasingly for high-profile breaches. Nonetheless, California appears to be the first state to legally require that companies offer some type of a free identity theft protection service for certain breaches.

AB 1710 is particularly notable in its approach. First, the offer of free identity theft protection services will only be required for breaches involving SSNs, driver’s licenses or California identification card numbers. In this regard, an offer of free identity theft protection services will not be required for breaches involving other types of covered personal information, such as payment card information or usernames and passwords. This approach endorses a position that many companies have long held—that credit monitoring is appropriate only when the breach creates an actual risk of new account identity theft (as opposed to fraud on existing accounts). In addition, the offer of free identity theft protection services will only be required for a period of one year (as opposed to, for example, two years). The length of the offer of free credit monitoring has always been an issue of debate, and California has now endorsed a position that a one-year offer is sufficient.


Continue Reading

  • Going mainstream. For the first time, both Twitter and Facebook are seeing significant growth in online advertising placed by major companies for brands such as Heineken, Tide, McDonald’s, and Charmin. Major consumer products companies have long struggled with the question of how to reach consumers on their mobile devices, and right now, this appears to

In November 2012, we wrote an Alert about the European Commission’s Communication on Cloud Computing intended, it said, to “… unleash the potential of cloud computing in Europe”.  Sceptics were doubtful that the cloud industry needed much help from European regulators to thrive.

Twenty months later, the Commission has begun to deliver on its key actions in the Communication with the publication of its Cloud Service Level Agreement Standardisation Guidelines.

How helpful are these Standardisation Guidelines to the cloud sector at this point in its development?

The recently-issued Cloud Service Level Agreement Standardisation Guidelines have their origin back in November 2012.  At that time, the European Commission issued a Communication setting out a road map for the future growth of cloud computing in Europe.

In the 2012 Communication, the Commission set out a number of key actions, including to cut through the jungle of standards and to promote safe and fair cloud contracts.  The Commission believes that the development of model terms for cloud computing – and, specifically, service level agreements in the cloud sector – is one of the most important issues affecting the future growth of the cloud industry in Europe, and that standardising the approach to cloud services will enable buyers of cloud computing services to make fair comparisons between different providers’ offerings.


Continue Reading

The latest issue of our Socially Aware newsletter is now available here.

Welcome to a special privacy issue of Socially Aware, focusing on recent privacy law developments relating to social media and the Internet. In this issue, we analyze a controversial European ruling that strengthens the right to be forgotten; we examine a