Graydon Head

Blog: Jack "Out of the Box"

Do you read Jack-out-of-the-Box regularly? Do you think other lawyers should know about us?

Nominations are now being accepted for the American Bar Association’s 8th Annual Blawg 100, their annual list of the 100 best legal blogs.  We’d like to invite you, our loyal readers, to use the link below to submit messages on our behalf. Any nomination is appreciated and some of the best comments will be included in this year’s Blawg 100 coverage. Thanks in advance for your participation.


  • The Importance of Being Videoed

    Jul 22, 2014
    It’s tempting to rush to judgment when we see video of a man dying in police custody. And so let’s try really hard not to do that in the case of Eric Garner, the New York man who died in a confrontation with NYPD officers over his allegedly selling illegal cigarettes. But let’s be glad we can see the video. As citizens, it’s important to be able to see our government in action, so we can make informed decisions.

    So I was disappointed by a recent Ohio appellate court decision finding that dash cam video recorded by the Ohio State Highway Patrol is an “investigatory record” and exempt from the Ohio Public Records Act. According to the 12th Appellate District’s decision release of the video could disclose “confidential investigatory techniques.” Of course, the dash cam comes on no matter what the trooper is doing – whether helping a motorist with a flat tire or stopping a speeder. The point is, the dash cam video is not reserved as a tool for criminal investigations. So it’s not part of an investigation.

    And even if it were, what “confidential investigatory technique” does it disclose? Is “could I see your license and registration” really a big secret? I think not. And I really think it’s tough to see how the dash cam video constitutes some sort of secret when the Ohio State Highway Patrol maintains its own YouTube channel where it posts videos like this: 

    Are you scratching your head yet?  I am.
    Go comment!
  • Reputations & Data Privacy...Prepare To Protect It

    Jul 18, 2014
    (I am lucky enough to be working with Sandra Hughes and Nick Vehr on a series of presentations in the area of data privacy. This is the third in a series of three articles about: “Risk. Repercussions. Reputations. Data Security & Privacy for Today’s Business Enterprise.” This article is presented by Nick Vehr, President of Vehr Communications, which specializes in issues management and crisis communications.)

    When it comes to data privacy, the risks have never been greater and legal repercussions never more severe. Effectively managing and protecting your brand’s reputation has never been more important. Reputation matters, whatever business you’re in. It’s the foundation of your relationships with employees, vendors, suppliers, investors and more. It is linked to your company’s valuation and cash flow. Just ask Target. Remember their data breach last Fall? But, did you know that their market valuation dropped from about $42 billion (before news of the breach) to about $37 billion this month. Ouch! You probably didn’t know this either: when it comes to data breaches, midsized businesses are the ideal target for cyber-sleuths. Think car dealers, restaurant chains and marketing firms … any business that collects personally identifiable data (DOB, SSN, credit card #s, driver license #s, addresses, etc.). So, what’s a midsized business that collects customer data to do? Prepare. Most experts will tell you that it’s not whether a data breach happens, but when. When it does happen, here are seven steps to protect your hard-earned reputation: Move quickly: Nature abhors a vacuum. If you don’t communicate someone else will and, chances are, it won’t be in your best interest. Activate your crisis communications plan (assuming you have one). Be transparent and truthful: You can handle the truth, really, you can. Share what you know and what you don’t. Put yourself in their shoes and empathize with sincerity. Social media puts a premium on truth so don’t nudge, fudge or lie. You’ll just get caught. Open multiple channels with audiences that matter: Open two-way communications channels with internal and external audiences. Let everyone know you’re working the problem. Clarify and agree on what’s to be said; understand what’s being heard. Be flexible and responsive: Be available and on-call. News cycles today are 24/7/365 … there’s no break because all news is broken on social media. Over-communicate and be consistent: Say what you think, at the time, is appropriate and responsible and, then, say it again. Assess, measure and prepare to do better the next time: Assess media coverage for tone, story approaches and online comments. Monitor social media. Use what you learn to inform and improve your next communication. “Close” the crisis, if you can: Inform the audiences that matter of the causes and fixes to the problem from a perspective that matters to them. Reputations matter. Value them. Protect them. Have a system in place to protect the data you collect. And, remember, also have a plan in place for when your data is breached.

    (“Risk. Repercussions. Reputations. Data Security & Privacy for Today’s Business Enterprise,” presented by Sandra HughesJack Greiner and Nick Vehr, can be presented to your industry or trade association. Please contact either person to find out how.)

    Go comment!
  • Repercussions And Data Privacy...Your Business Is On The Hook

    Jul 16, 2014

    (I am lucky enough to be working with Sandra Hughes and Nick Vehr on a series of presentations in the area of data privacy. This is the second in a series of three articles about: “Risk. Repercussions. Reputations. Data Security & Privacy for Today’s Business Enterprise.” I wrote this article. If you missed the first article in the series, presented by Sandra Hughes, you can check it out here.)

    In the world of privacy law, business owners may find the absence of regulation more problematic than thousands of pages on the topic in the Code of Federal Regulations.  And since that sounds counterintuitive at very least, it bears some explaining.

    There are federal privacy regulations that impact any number of businesses across the country. The two privacy regulatory schemes that come to mind almost immediately are HIPAA in the world of health care and the Graham Leach Bliley Act in the world of banking and finance. So if you’re a hospital CEO or bank president, you know a lot about detailed regulations and you probably have compliance people either on your payroll or on your speed dial. Or both.

    But what if you own a pizza company or a window business, or any operation not covered by HIPAA or GLB? You probably collect and store personally identifiable information. So are you off the hook? Short answer? No.

    The Federal Trade Commission has stepped into this regulatory vacuum and has gotten very active in recent years. The FTC is able to do this, it contends, under the Federal Trade Commission Act, which prohibits “unfair or deceptive acts or practices.”  That language is the extent of any written regulation on the topic. But relying on that simple language, the FTC has prosecuted a number of enforcement actions involving car dealers, restaurants and market research companies. In the two instances where FTC targets have challenged the FTC’s authority to proceed, the federal courts have sided with the Commission.

    Companies have allegedly engaged in “deceptive acts” when their actions haven’t matched their promises. Companies that copy a privacy policy off the Internet without ensuring the policy aligns with their actual practices are at risk. And companies that decide to make unilateral changes to existing privacy policies may land on the FTC’s radar.

    Even those companies that limit their promises may not be risk free. The FTC has increasingly found that companies that don’t use state of the art privacy protocols may be engaging in “unfair practices.” Companies whose procedures for encrypting or disposing of data, for example aren’t up to par, may have a problem. And that “problem” could take the form of a consent decree that requires FTC monitoring for over 20 years.

    No regulation means no “safe harbors” and no clear guidance. But clearly no regulation does not mean no teeth.

     (“Risk. Repercussions. Reputations. Data Security & Privacy for Today’s Business Enterprise,” presented by Sandra HughesJack Greiner and Nick Vehr, can be presented to your industry or trade association. Please contact either person to find out how.)

    Go comment!
  • RIP John Seigenthaler

    Jul 14, 2014
    John Seigenthaler died on Friday July 11 at age 86. Here is a thorough obituary that I will not repeat. I was lucky enough to meet him several years ago at Miami University.  Not every day you get to meet one of your heroes. But it happened to me that day. If you want to read more about him, I recommend The Children by David Halberstam. 
    Go comment!
  • MillerCoors Cans Ad

    Jul 11, 2014

    It has been far too long since I wrote a post about a subject close to my heart  -- beer.  But the commercial clip begs the question --  is a can refreshing?  And if so, can it be “the most refreshing can?” That’s the question that the Federal Trade Commission was investigating. But for now, the FTC has called off the investigation because MillerCoors has agreed not to run the ads.

    The controversy began when A-B InBev (Budweiser) complained about the claims that the Coors Light can’s “double vented wide mouth can” produced a “smoother, more refreshing pour.” Budweiser asked Coors to participate in a self-regulatory proceeding at the National Advertising Division, but Coors refused, saying the whole thing was frivolous. The NAD must not have agreed with that assessment, given that it sent the matter to the FTC. 

    Apparently, Coors decided it was better to waive a white flag. And for now, that should take care of things, although the FTC has stated that "the closing of the investigation is not to be construed as a determination that a violation of law did not occur," and that it reserves the right to take further action "as the public interest may warrant."

    But one thing about this caught my eye. Apparently, MillerCoors made a statement last year to the effect that "all of the statements regarding the can either clearly are intended as acceptable marketing puffery or have been proven through extensive testing as accurate." Puffery is just that – a non-scientific boast. Papa John’s claims its ingredients are “fresher.” That’s so nebulous, it’s just not considered a factual claim.  So the two concepts – “puffery” and “accurate” are almost mutually exclusive. Puffery is puffery because it can’t really be proven true or false. 

    So, the notion that the claim is one or the other seems a little hard to swallow. Unlike a cold beer this time of year.

    Go comment!
  • Risk And Data Privacy...Consider "Privacy By Design"

    Jul 09, 2014
    (I am lucky enough to be working with Sandra Hughes and Nick Vehr on a series of presentations in the area of data privacy. This is the first in a series of three articles about: “Risk. Repercussions. Reputations. Data Security & Privacy for Today’s Business Enterprise.” This article is presented by Sandra Hughes, who retired from Procter & Gamble as its Global Privacy Executive and now consults through Sandra Hughes Strategies.)

    Back when the Internet was young, a privacy policy and a compliance program were enough to minimize the risk of regulators bringing enforcement action, customers filing civil lawsuits, and/or hackers causing data breaches.

    But our rapidly developing information society and the astronomical possibilities of advanced technology make it nearly impossible to succeed in the marketplace without capturing some type of personal information.

    Today, savvy CEO’s know that their creative and engineering employees must practice Privacy by Design.

    To illustrate, consider how selling something as innocuous as a “Window” evolves over time.

    1. A Web site provides information. It recognizes the computer every time it clicks, along with other websites it has visited.
    2. Email capability is introduced. Address lists you purchased or received from interactions with customers allow you to deliver advertising straight to customers. Now you know specifically who is receiving your message and a bit about their community based on how they forward your messages.
    3. Online purchase capability adds convenience. Customer service interaction, combined with social media chat and online reviews create a relationship between you and your customer but also an indirect relationship with their community (perhaps not intentionally). Behind the scenes, this is the ‘mother load’ of information: Personal and financial information can be matched with behaviors to not only know “who” uses your Window (and when why and how they use it) but also “who else” uses it (and when why and how they use it).
    4. Mobility Apps provide convenience. They also add the “where” dimension about your customer, and even more data about their habits and practices.
    5. Sensors introduced into your Window design simplify and improve your customer’s life when they communicate directly with your HVAC system to control air quality or electricity expense, given your customer’s pre-set criteria. This brings you up close and truly personal with your customer’s life.

    Now, instead of “Window” in this scenario, substitute something else like a personal fitness monitor, toilet, car, jewelry, greeting card, or even something you ingest like a sensor in a pizza!

    In each step, the information collected, processed, retained, analyzed, dispersed, shared, and managed expands exponentially. And the number of people and third parties who touch that or could come in contact with that information does as well. This increases the likelihood for human error, technical holes, and misuse contributing to the possibility of data breach, deceptive claims, and fraud.

    User mistrust, and the perception of surveillance and “creepiness” – all on top of the risks of government fines and civil lawsuits, can damage your brand and company reputation – maybe even You personally as the CEO.

    Companies must give deep thought and ask questions about how personal information of their customers (and employees) will be protected from end-to-end and hand-to-hand. Companies also need solutions which incorporate the desired level of privacy for each customer. (Just like color and fit, every customer has a different desire for privacy.) This is Privacy by Design. In the near future your customers will demand it. Regulators in the US and Europe will require it.

    (“Risk. Repercussions. Reputations. Data Security & Privacy for Today’s Business Enterprise,” presented by Sandra HughesJack Greiner and Nick Vehr, can be presented to your industry or trade association. Please contact any of us to find out how.)


    Go comment!
  • Vacation

    Jul 08, 2014

    I was on vacation last week, which you may have guessed from the lack of content and the photo above. I find as I get older, the mere state of not working is about all I need. The list of things I didn’t do on vacation is much longer than the list of things I did. But I did make great progress on the Doris Kearns Goodwin’s “The Bully Pulpit.” It’s a great story of the friendship between Theodore Roosevelt and William Howard Taft and its ultimate unravelling. But it deals in almost equal measure with what Goodwin considers the “golden age” of journalism. It was an age of intense competition among newspapers, vitriolic commentary, and intense partisanship. It was also a time where “muckraking” reporters wrote long investigative pieces that had an impact on legislation. Upton Sinclair’s novel “The Jungle” had a lot to do with the enactment of the Pure Food and Drug Act.

    So Goodwin’s passionate portrayal of the power of journalism was on my mind as I returned to work, and saw this post from Wired. It’s a collection of thoughts on the future of online journalism. And it’s not depressing. And while I am all for looking forward, I can’t help but wonder if in these times, which Goodwin compares to the Industrial Age, the key to saving the industry is with the kind of aggressive, intelligent journalism that exposed the corruption and venality in federal, state and local governments. It worked on several levels then, and I believe it could work as well now.
    Go comment!
  • Your Smartphone is Not Your Purse

    Jun 30, 2014

    Jack is on vacation this week and asked his partner Steve Goodin to guest blog on a Supreme Court case where 21st Century technology meets 18th century constitutional principles.  The results may or may not surprise you.

    Or your “man purse.”  Or your briefcase/portfolio/whatever else you carry at your side during your daily activities.

    Instead, your smartphone is a repository of intimate personal information:  Photos, emails, web histories, financial information . . . and, if you’re familiar with the terms “sext,” “Grinder” or “,” the level of intimacy can be, well, staggering.

    Despite the blazingly obvious nature of this proposition, American courts have spent years struggling with imperfect analogies that equate smartphones with purses.  The argument has always been that an arresting officer should be able to look through a smartphone in the same manner that he can look through a purse – regardless of the fact that a smartphone cannot be used to conceal a weapon or illegal contraband.

    But on Tuesday, the U.S. Supreme Court belatedly recognized this common sense distinction.  In Riley v. California, all nine justices finally embraced the obvious:  Smartphones play a unique role in our private lives, and thus merit special legal protection. 

    The special place smartphones hold in our culture has bedeviled law enforcement for more than a decade.  When a person is arrested, police officers are permitted to seize and search any objects in the suspect’s possession.  These searches are nominally designed to ensure officer safety, and with good reason: Countless illegal weapons are seized during such searches.  But those pre-arrest searches also result in the seizure of large amounts of drug-related contraband. Such searches are an essential weapon in the War on Drugs, and one of the primary means of proving illegal drug possession.

    These days, almost every arrestee has a smartphone on his or her person.  There is no question that the phone itself can be legally seized, but our courts have disagreed as to whether officers should be allowed to also search the contents of the seized devices – the often-revealing stored lists of contacts, recent calls, texts, photographs, etc.  This information can provide a trove of damning evidence – especially in the context of a drug trafficking investigation.

    The Supreme Court’s decision erased any ambiguity regarding the propriety of such searches.  That is, the Court finally acknowledged that searching a cellphone is dramatically different from searching a purse or briefcase.

    The primary difference is self-evident: A smartphone cannot be used to conceal a gun or knife.  More importantly, the uniquely personal information contained in a smartphone carries with it an enhanced expectation of privacy.  Consequently, the Court ruled that a police officer now must obtain a warrant from a judge before searching the contents of a cellular device.

    This decision is in keeping with long-standing precedent that has required warrants for searching separately locked containers encountered during an otherwise lawful search.  More importantly, it responds to the gut-check unfairness of the practice.  Imagine being arrested for a minor traffic offense and standing by, helpless and in handcuffs, as a police officer goes through your iPhone.  It just feels wrong, doesn’t it? Such scenarios undoubtedly contributed to the unanimous nature of the ruling.

    That said, if an officer has probable cause to believe that a smartphone will contain evidence of criminal wrongdoing, he can still search its contents. He just has to obtain a warrant first.  And the officer can always request that the suspect consent to the search; if granted, consent obviates the warrant requirement.

    While this ruling will undoubtedly cause an increased and regrettable burden on law enforcement, it nonetheless constitutes an encouraging (and somewhat rare) acknowledgement by the Court of the basic circumstances of modern life.  Smartphones present no ready analogies in the post-colonial era; it’s impossible to say precisely what our Founding Fathers would have made of them. Given their preoccupation with British soldiers lawlessly searching homes, this ruling presents a very reasonable best guess.

    Go comment!

    Jun 25, 2014

    What does this classic John Cougar (this is so old he still used “Cougar” as his middle name) Mellencamp video have to do with privacy law?

    Well, probably not much, but I like the song and it’s my blog.  But, beyond that, it does remind me of the ongoing battle between the Wyndham Hotel company and the Federal Trade Commission.  In this scenario, Wyndham would be Cougar Mellencamp and The FTC would be the “authority.”  The FTC brought the action alleging that Wyndham did not properly protect its customers personally identifiable information. 

    Wyndham went on the attack immediately.  It filed a motion to dismiss arguing that the FTC doesn’t have authority to regulate privacy.  And that is an interesting point.  The FTC regulates privacy not under any specific grant of authority from Congress, but rather through Section 5(a) of the Federal Trade Commission Act.  That statute prohibits anyone from utilizing “unfair or deceptive acts” affecting commerce.  In the FTC’s view, this concise declarative sentence gives it broad powers to police the privacy policies and procedures of pretty much any business in America. 

    Wyndham as you may guess, disagrees.  It initially asked the court to dismiss the case in its entirety on the theory that absent more explicit direction from Congress, the FTC lacks the power to broadly regulate privacy.  Unfortunately for Wyndham, in April of this year, the court sided with the FTC on that point.

    Undaunted, three of the Wyndham entities named in the FTC suit next filed a motion to dismiss arguing that they should be dismissed because those entities (Wyndham Worldwide Corp.,  Wyndham Hotel Group, LLC and Wyndham Hotel Management, Inc.) had nothing to do with setting or enforcing privacy policies across the chain.   The only proper party apparently was Wyndham Hotels and Resorts, LLC.  This is a common strategy in litigation – start with the “big” argument, and if that doesn’t work, chip away with less sweeping approaches. 

    But, again, much like the song, authority keeps on winning.  The court denied the motion to dismiss, finding that the FTC properly alleged that the Wyndham entities operated as a “common enterprise.”

    On the bright side for Wyndham, the trial court, just two days ago, agreed to allow Wyndham to immediately appeal the April, 2014 ruling on the FTC’s authority to regulate.  This question has massive implications. We will see how the Third Circuit Court of Appeals rules.  But, ultimately, maybe we will discover that in fact, authority doesn’t “always win.”    

    Go comment!
  • No Need to Fear Social Media

    Jun 23, 2014

    My good friends at Vehr Communications have come out with their annual Social Media Survey. And it looks like social media usage among local CEO’s is down from last year. I’m not sure why that is exactly. It’s always hard to say what motivates people to do or not do something that’s good for them. And it’s hard to argue that social media doesn’t offer all kinds of opportunities for customer engagement, and thought leadership. So I get why people should use it, I just can’t quite figure out why people wouldn’t.

    But if people are avoiding it for fear of legal consequences, I respectfully dissent. I’m not saying it’s risk free. Nothing is. But those risks can be managed. It just takes some forethought. But being a fraidy cat is never a good strategy.
    Go comment!
Connect on Facebook

Get Linkedin with Jack

Follow Me

Federal Trade Commission
Rebecca Tushnet's 43 (B)log
Pittsburgh Trademark Lawyer

Do You Know Jack?

(what's the point of a blog without them)
We'd love to hear what you're thinking. Although we can't guarantee that we'll post every question or comment on our site, please note that when you submit a question or comment we assume we've got your consent to post it on our site. To add a comment on any post, just click on "go comment" immediately below that post.

(you had to see this coming):
This blog is a periodic publication of Graydon Head & Ritchey LLP and should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general information purposes only, and you are urged to consult your own advisor concerning your situation and any specific legal question you may have. Many states, including Kentucky, require that law firms add the statement "THIS IS AN ADVERTISEMENT" on publications of this nature.

Copyright © 2014 Graydon Head & Ritchey LLP. All Rights Reserved.