Monthly Archives:

Scraped information for sale to employers

Employers legally can’t discriminate based on gender, race and other factors which they may get from social-media profiles, but some indeed are using such data in their employment decisions. Media sources reported that scraping for employment purposes is growing, and that an employment screening company in Florida began offering limited social-networking data, including some that is scraped, about a year ago. Scrapers operate in a legal gray area. Internationally, anti-scraping laws vary, and in the U.S., court rulings have been contradictory. Media reports quoted Eric Goldman, a law professor at Santa Clara University saying: “Scraping is ubiquitous, but questionable. Everyone does it, but it’s not totally clear that anyone is allowed to do it without permission.”

Scraping to find your real name

PeekYou.com has applied for a patent for a way to, among other things, match people’s real names to pseudonyms they use on blogs, Twitter and online forums. A statement on its patent application describes the invention as “a method for aggregating over a network, personal information available from public sources.”

PeekYou’s people-watch Web site offers records of about 250 million people, primarily in the U.S. and Canada. PeekYou says it also is starting to work with listening services to help them learn more about the people whose conversations they are monitoring. It claims to provide only demographic information, not names or addresses.

Social Security number (SSN) randomization to take effect in June 2011

The Social Security Administration (SSA) describes the SSN randomization as a forward-looking project to help protect the integrity of the Social Security number by establishing a new random assignment methodology. The SSA promises to still provide online services for direct SSN verifications, as follows:

  • SSA’s Social Security Number Verification Service – available to employers.
  • Department of Homeland Security’s eVerify Service – available to employers to determine employment eligibility.
  • SSA’s Consent-Based SSN Verification Service – available to enrolled private companies and government agencies for a fee.

Federal and state agencies will continue to maintain several SSN verification
systems, as outlined at http://www.ssa.gov/gix/eprojects.html.

FTC’s latest privacy initiatives

On December 1, 2010, the Federal Trade Commission (FTC) released its long-awaited preliminary report on the protection of consumer privacy titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.” The FTC is seeking input on this proposal and intends to issue a final report sometime in 2011.

The report, which covers both online and offline data collection and use, reiterates certain concrete steps that the FTC believes organizations should take related to choice and transparency and also provides broad guidance that applies to all commercial entities that collect or use consumer data, including companies that do not interact directly with consumers, such as information brokers. The framework is not limited to personally identifiable information (PII); it applies to all consumer data that can be linked to a specific individual or to a computer or other device.

Focusing on new and growing threats to consumer privacy driven by innovations that rely on consumer data, the proposal outlines a three-step framework for data protection:

1) Privacy by Design – Organizations should integrate privacy concepts into every stage of the life-cycle of their products and services, develop marketing initiatives and data-sharing activities based on privacy guidance from the inception of such projects, and develop and maintain comprehensive information programs to protect and manage consumer data within the organization itself. Data security, reasonable collection limits, sound retention practices, and data accuracy are critical program components.

2) Choice – Organizations should offer clear and easy-to-use choice mechanisms at the point when the consumer is making a decision about his/her data, such as at the point of collection, implement a “do not track” mechanism, such as a persistent web browser setting that allows consumers to block all tracking of their online activities, obtain consumer consent before sharing data for marketing purposes with third parties or even with its affiliates if the affiliate relationship is not clear to consumers, and require enhanced consent for sensitive information, such as data about children, financial and medical information, and precise geolocation data.

3) Transparency – While privacy policies remain a critical tool for notifying consumers (and regulators) of an organization’s privacy practices, in general, most privacy polices need to be streamlined and simplified, and organizations must obtain consumer consent before implementing a change in policy that affects previously collected data. Organizations also should explore mechanisms for providing consumers with access to their data.

Historical investment fraud sweep compels numerous civil and criminal actions

On December 6, 2010, the Financial Fraud Enforcement Task Force announced the conclusion of Operation Broken Trust, the largest investment fraud sweep ever conducted in the United Stated. Started August 16, 2010, the operation captured 343 criminal defendants and 189 civil defendants who were involved in fraud schemes that harmed more than 120,000 victims throughout the country. The criminal cases involved more than $8.3 billion in estimated losses and the civil cases more than $2.1 billion. Eighty-seven defendants have been sentenced to prison, including several who will serve more than 20 years.

The sweep focused on fraudsters who offered “investment opportunities” that were either completely fictitious or not structured as advertised. An overwhelming number of these were high-yield investment frauds and Ponzi schemes. Others involved commodities fraud, foreign exchange fraud, market manipulation (pump-and-dump schemes), real estate investment fraud, business opportunity fraud, and affinity fraud. Some of the perpetrators filed for bankruptcy in an attempt to avoid claims by victimized investors. In many instances, the criminals were trusted people within their communities—neighbors, co-workers, fellow church members—who betrayed that trust in order to line their own pockets.

No background check was done on Michael Jackson’s doctor

Media sources reported that among several wrongful death lawsuits filed by the Jackson family, is a September 2010 action against event production company AEG Live and others alleging that they are responsible for the singer’s death because his “This Is It” tour contract with AEG created a legal duty to keep him healthy.

In its complaint, among other causes, the Jackson family accuses AEG of “negligent hiring” and retention of Dr. Conrad Murray to care for Jackson instead of his usual doctor. Earlier this year, prosecutors charged Murray with involuntary manslaughter, to which he pleaded not guilty. The doctor is accused of administering the drug Propofol to Jackson without the necessary resuscitation equipment or nursing support, and subsequently causing his death. The ‘Negligent Hiring’ cause of action in the complaint filed in Los Angeles County states:

“In undertaking to hire Murray, AEG performed absolutely no diligence in investigating or checking into Murray’s background, specialties, ability, or even whether he was insured, which it had a duty to do. In choosing to hire and employ a physician to treat Jackson, AEG undertook to act, and it needed to do so reasonably. AEG did not act reasonably and breached its duty.”

“During the course of Murray’s treatment, it became clear to AEG that Jackson was not doing well at all. AEG did nothing to terminate Murray and instead negligently retained him as an employee, and in so doing violated its duty of care. AEG insisted that Jackson continue treatment with Murray and receive no treatment from other physicians, a further breach of its duty of supervision.”

Along with negligent hiring, training and supervision, the complaint calls for unspecified damages for breach of contract, fraud, and negligent infliction of emotional distress. And in the most recent case filed November 30, 2010 in the Los Angeles County Superior Court, Joe Jackson is also claiming negligent hiring, training and supervision and negligence by the Murray-affiliated clinics and negligence against the pharmacy (and Murray.) A similar suit filed this past June did not include the pharmacy, and was dismissed.

Shortly after Michael Jackson’s death, ABC News reported that Murray was arrested on domestic violence charges in 1994 after an incident with his then-girlfriend. The doctor was tried and acquitted. When a company fails to conduct a background check, the employer can be held legally liable for a worker, independent contractor or volunteer who causes injury to a customer, co-worker or the general public. Whether the individual was acting within the capacity of the job for which he/she was hired does not matter. The legal theory is that even if an employer did not possess direct knowledge of the liability posed by an employee, the company is legally responsible because the employer should have known about the threat presented by the individual. Currently, fewer than 50% of the states uphold the doctrine of negligent hiring, and the criteria for determining negligent hiring differ from state to state.

Go to Top