Monday, August 20, 2018

Startup Business – Planning the Start

Startup business usually starts before they start.  May sound confusing but, the planning should be deemed as the start.  Also, people get to start spreading the word before they start.  That makes sense.  People want others to know what they are embarking on and how their venture will be a good service or a good product for the public at large.  Cheap and easy advertising is by word -of-mouth. This piece will touch on planning.  This is not the writing of the business plan that you usually see on blogs. It is the planning that involves the dreaded person that everyone enjoys making fun of, but most surely seek when they are in trouble.

Beyond the desire of getting free counseling to make a profit, there is the focus of seeking what is needed at the most minimal cost to start a business.  Seeking free legal advice to make a profit sounds ideal.  You may buy a ready-made will and once the dreadful day comes, your family learns that there was a glitch with the enforceability of your loved one’s will.  Yes, that means you need to call a lawyer. Darn!

Are you sure what you are about to do is right or legal?  Licensing issues do creep up with startups as securing rights to intellectual property. In the previous piece, Startup Business – More Than an Idea,  I mentioned the matter involving intellectual property.  For instance, a client may want to present a jingle with their advertising and fail to secure permission for its use, even if it is just 2 to 4 four bars of music. Or, maybe there is a snazzy pic that would make their website pop to the Internet searcher’s eye or make the site look more professional.   Securing permission is usually overlooked, not done, and yes, not doing so, will  cause callers to seek, not legal advice, but seek legal representation instead.  The former is cheaper than the latter.

Regulatory compliance for the service and or product usually falls in the category of consumer protection.  This may involve safety concerns, fraud concerns, and financial security concerns.  Each of these three present a wonder pandoras box for startups.  Calls are always made by entrepreneurs seeking free advice, seeking to know if what the caller wants to do is legal.  The reason a responsible lawyers will not dispense the proverbial “free” okay over the phone, is because they may not have all the information the caller is truly willing, and should be conveying about the venture, to convey “outside” of the attorney client relationship. The responsible lawyer is respecting his or her own professional integrity while the caller, gets frustrated by not getting the information being sought. How can anyone expect to get valid advice from piecemeal information?  How should anyone rely on advice provided over the phone from piecemeal information?  Something is certainly not kosher here.

Every venture has requirements and many requirements may not only be governmental and regulatory.  Your state's attorney generals' office may have a say about you intended business.  Checking with the local Chamber of Commerce is not a bad idea, also.  The rising entrepreneur may learn that the requirements may be set by vendors used to carry out the service, such as using an Amazon platform for an ecommerce site.  There are policy guidelines that must be followed, or else risk be deemed deceptive, anti-competitive, intellectual property infringer, or a fraudster.  The need for disclosures always gets the entrepreneur in trouble. Not thinking that there must be some transparency is also troublesome.  If the intended business intends to handle credit payments, be ready to answer to compliance requirements and the disclosures required on handling private consumer information.  Again, transparency may be troublesome, but it protects consumers.  So, the entrepreneur should be prepared to meet that planned requirement.

As a secondary piece on startups, the planning usually incorporates notions of permissions and requirements for permission, including what type of disclosers are needed.  Licensing required and the process for acquiring the needed licensing should be on the planning list.  Making sure the process does not deviate from what is permitted, is the dance for success in the business world and of avoiding the court room.  Careful planning  goes a long way.  As stated before, getting to know what to do, how to do, when to do, and in what order these things need to get done, is valuable for success, and needs to be planned out.  Starting a successful business is not for the hasty of heart.

#Business #Startup #Planning #Internet #Intellectualproperty  copyright 2018

Wednesday, August 15, 2018

Contracts Online, with Who?

Contracts online are formed every day without any thought to their import.  They may be enforceable or not.  Many parents allow their minors to use their parents’ credits cards or the debt card given to them by their parents to shop online, for say, school clothes. That mad rush for tax free holiday prior to the start of school brought a tremendous amount of online sales for retailers.  Many retailers did not know that the buyers they sold to via their ecommerce site, was not of legal age. Wow!

Ecommerce is here to stay, and so will the online contract for the purchase of the sale of goods.  These transactions are all too common now.  This is evidence by the reduction of brick-n-mortar stores around the country.  While principles of contract require a meeting of the minds between the seller and the buyer, many buyers do not care to read the terms of what they are agreeing to buy.  Making the purchase is of utmost importance and the buyer will not allow anything to stand in the way of the purchase of those hot sneakers or a t-shirt.

Many sales are taking place between states across state lines. While on the paper contract the parties know each other, that is not the case online. One thing for sure that distinguishes the in-person contract from the online contract, there is no room for a bargain.  The dance of the bargain is gone when buying online. The only option the buyer has is to shop around for a comparable item at a lower price from another online vendor.

So, the electronic age has brought upon the electronic contract.  Where the buyer must agree to the terms of the sale and the agreement.  The buyer must affirm acceptance of the terms of the sale and the buyer must express that he or she understands the terms of the sale.  The Uniform Electronic Transactions Act (UETA) was specifically passed by Congress to recognize and validate the electronic transaction process.  The importance of this Act is that the electronic record of the transaction  can then be used to affirm the existence of a contract.

While the UETA does not provide for authenticating the signature of the buyer  as a form of electronic signatures, the E-Sign Act does (Electronic Signatures in Global and National Commerce Act).  State laws that differ are preempted.

While contracts online do not change the principles of contracts, the online contracts change the landscape of contracting. It is crucial for the seller to know who they are selling to and if they are of legal age to contract.  The Children’s Online Privacy Protection Act (COPPA) was intended to protect children while online. The online process for authentication would required collecting of private information.  If the buyer does not have contractual capacity, then there is a problem with the contract’s enforceability.  What information is the merchant actually getting when a minor is seeking to buy online? The merchant does not know who its and if it is a minor, if there is parental supervision over the transaction, for example for anti-depressant pills from another country.

There are ways that merchants are trying to solve this conundrum.  Email point of verifications are being used by merchants and asking the buyer to set up an email and identification criteria in hopes of future sales and to verify authenticity and identification of the buyer.  Text and instant messages are also used by merchants to provide and additional layer of identification.

While contracts have gone digital the basis of a contract remain the same with a few wrinkles to consider, from a merchant’s perspective. From a parent’s perspective, “what are you doing?” It is not a good idea to allow your minor to use your credit card and passing themselves on as if they are you in making a purchase online.

While this piece touched upon online contracts, it did not cover the online contracts for business, merchants, distributers, and manufacturers, i.e. the end-user license contracts.  This type of contract online does allow for the seller to get the identify the buyer/licensee of the product.  So, as digital contracts are formed daily in the hundreds of thousands, loading up cloud storage databases throughout the country, digital transactions are crossing state lines, and contracts may or may not be enforceable.  The world of ecommerce has also brought upon entrepreneurs who are also under age and are entering into online contracts.  Who is to tell? Wow!

#contracts #ecommerce #internet #sales #business  copyright 2018

Monday, August 13, 2018

Startup Business -More than an Idea

Startup Business criteria for the idea-person and the money-person, backing the venture, is always easily skewed toward “what’s the least that it will take to get going”.  Going into the wild of business with the startup entrepreneurial spirit is fascinating and laudable.  Many venture off with the chutzpa without seeking legal counsel  and resort to copying online content from other sites in the related service or product, this even includes copying someone else’s “terms-of use”, cookie policy, and disclaimers, among others. Big mistake.  Many do not think there is an entity called the Federal Trade Commission. Ever heard of the saying, “penny-pinching-pound-foolish”?  Copy cats always pay a price.  Unfortunately, all-too many fall into this criteria and struggle to get ahead and do not get to see the dream venture thrive.

It’s all in the name
A startup business usually starts with an idea before the name.  Getting an attractive name may sound good and many online pundits will tell you about the need for a snazzy name.  But, be on the lookout because someone else may already have it and are using it.  There may be a state level trademark filing, there may be a federal filing. There may even be a domain registry identical to your ideal name. Believe me, litigation is not fun for the plaintiff or the defendant, though as a lawyer engaged in this type of work, its enjoyable.  There are always concerns with cybersquatting, reverse domain name hijacking, and trademark infringement that loom the entrepreneur.  The everyday entrepreneur needs to get beyond the name and address its value and how it identifies the entity to be established.

The novel Idea
Every thought, of course is considered new and never to be thought of before.  However, there are too many ideas bouncing around in conversations in the market place, in incubators, and in co-labs that strike many fancies.  The idea most likely is not novel. Risks are at every turn if not checked accordingly to guard against committing an infringement or begging for one by not seeking to protect your “novel idea”.  Going solo without counsel begs for trouble in many unseen corners in the marketplace.  Being active in your local chamber will quickly make the entrepreneur aware of the novelty of the idea in the surrounding city or the “Internet”.

Process and Information
It is amazing how much information is gathered by businesses about their business process, customers, and services that are utilized.  This information is not even captured to begin to tell the entity if they are doing the right thing for their business and their clients.  Many resort to surveys, but the actual calls and orders will tell a different story about services and your business.
With all that information, there comes the responsibility to store it. Storing information for some future use comes with an obligation to respect customer privacy.   What the entity decides to store is also crucial. It is crucial for business success if handled and learned from to deliver better services.  It is also crucial for maintaining the information management integrity where customers trust your entity with their means of payment information and their personal identifying information (PII).  Carefully thought out platform for managing information is not usually on the top of your everyday entrepreneur’s list of priorities.

As an introductory piece on startup business, in general, this is just to point out some observations from years of advising entrepreneurs and witnessing their mistakes along the way, especially when they return to tell of their saga.  The eagerness at the beginning is productive but it can also get you in trouble fast.  Either money vanishes fast or their idea is already in use.  Careful planning and seeking advice go a long way.  Investing in planning and getting to know what to do, how to do, when to do, and in what order these things need to get done, comes from experience, and there is value with that experience.  Not all free information on the Internet is credible and business advice sought from blogs should be taken with a grain of salt.  In business, venturing off into the marketplace and serve customers and clientele involves more than just an idea. More startup business notions will follow that will shed some light on things all too often overlooked by entrepreneurs.

#business #startups #contracts #Florida copyright 2018

Friday, June 9, 2017

Internet Cybersecurity and Data Security

Internet news events are reported daily about computer abuse, hacking, data theft and malware, nationally and internationally.  The concept of cybersecurity, as a term, appears bounced around by writers, scholars, politicians, and news media, short of carefully determining what it encompasses and how cybersecurity relates to the Internet.  Around the world the term is used loosely as well and causing debates. The same can be said of ‘data security,’ it’s sibling.  From an operational aspect of advising clients, a clear understanding is needed of what we are talking about.  It is also important as notice letters are devised to send to the affected public in the event of a cyber incident regarding a data breach, cyber-attack, or cyber theft.  When an entity is developing policies, it is important to define these clearly for the benefit of personnel training, administrative audits, cyber audits, compliance reviews, cloud contracts, data storage agreement, and even securing insurance coverage.  Unfortunately, the terms have been used interchangeably and been misused.  The term ‘cyber’ began to be loosely used after President Obama referred to the subject by using the term ‘cyber’ in seeking to appoint a ‘Cyber Adviser.’  What would have been more appropriate term was ‘data security,’ because the issue was about data and information protection of physical information. Ever since, the terms have been loosely used by academics, in and around state legislatures and as well among members of the U.S. Congress in their usual parlance.  However, operationally, in practice dealing with clients and their issues, the terms should not be dealt loosely and should be termed appropriately.  Not ironing out these terms and their applications will draw countries to not see eye-to-eye on how to cooperate on cyber events, when cyber events have a global impact as did the WannaCry  malware.

This post seeks to clarify the terms to avoid further misuse and mischaracterization of the terms when they are referred to in business and in entity operations, policy implementations, and in legal discussions.  As they are loosely used, they are given the meaning for protecting information from unauthorized access, and that had made some sense.  The failure to distinguish allows for gaps in insurance coverage and misdiagnosed issues in audits and in personnel evaluations for their performance measures.  The same can be said that by the failure to make the valid distinction, appropriate information technology performance is as well misdiagnosed.  In governmental policy circles cybersecurity is the prevailing nomenclature, however, the federal legal provision that addresses cybersecurity is termed as the Federal Information Security Management Act (FISMA).  Among information technology professionals and in select industries, such as in accounting, financial, and in the medical areas, the term referred to as is information insecurity.  Yet that terminology requires clarification because an important consideration is the actual form of of the information. 

As we consider the form of information and its means, we also need to realize the differences.  The Internet and the digital age is here and the information that we derive from digital networks and process means can be termed data, digital documents, digital records, as opposed to physical information.  Once that physical information is digitized, it becomes digital data.  For purposes of addressing systems, networks, and platforms, cyber security is most appropriate.  For purposes of addressing the element of communication, or what is being transferred, sent, stored, or received, data security is most appropriate.  As files are maintained any entity’s concern is appropriately with its network integrity or network security.  Because of the interface of servers being accessed amid multiple users accessing, transmitting, and sharing the data, the practical reference is cybersecurity as it addresses the integrity of the system managing the activities and functions of the digital features of the data.  So, cybersecurity is the macro systemic interface activity of networks, Internet, Intranet, email trunks, remote access relays, and data channels involved in the transmission, storage, and maintenance.  Hence, cyber security is about the system.  The technical application of the term is cyber security involves the technologies, algorithms, software, networks, and devices to protect the amalgamation that comprises the computing system from intrusions and to conduct diagnostics of its security system.

Data security is the process of addressing unauthorized access.  As data-security is applied, the issues discussed cover unauthorized disclosure and access, breach of confidentiality, and misappropriation.  Such characterization gives rise to a focus on the management or administration of data that is transmitted through the system.  This gives rise to the concepts of data hygiene, analytics, and data governance.  The data lives in the system.  Data security is about what is transmitted through the system.   Another way to describe the distinction is that data security involves the interaction of humans, artificial intelligence (AI), encryptiontechnology management, and software processes for the digital realm, in securing and protecting data from breaches within the cyber system.  Essentially, data security is the intended benefit of cyber security or of protecting the system, network or platform.

The Internet function blurs the distinction for many businesses and entities.  This blurring has given rise to debates on how to address information securityprotection of data, data governance, Internet governance, network protection, Internet of Things security, and Industrial Internet of Things security.  The debates will continue even among governments, organizations, and private entities about responding to cybercrimes and addressing Internet governance, vis-à-vis billions of individuals resorting to the Internet for freedom, freedom of expression, pursuit of knowledge, conduct business, transferring and transmitting records, even executing financial transactions.  The terms appear related and they are; but the practical approach to resolving how best to address the critical events faced daily with every cyber incident, requires a clearer distinction.  Until we have a clear understanding, the lag between law being at step with cyber events will widen and the learning curve for employees, managers, corporate officers, and government officials and lawmakers will, as well, continue. 

Lorenzo Law Firm, P.A., copyright 2017

Consumer Privacy versus Data Economy Ecosystem

We all hear about privacy needing protection and we also read about the events that have led to infringements of privacy on the occurrence of data breaches.  Essentially, privacy is desired by all and many believe that it is an aspect of life that is common understanding and it is worth respect and consideration. The courts have recognized privacy’s importance and value in the U.S. [1]  There is no wonder that privacy concerns ring loud with the occurring frequency of cyber-attacks.  To date, there are no signs that the impact that cyber-attacks have on the data economy will decrease.  Amid these concerns, cyber security practices and data security practices are under the microscope of federal and state regulators and industry leaders.  Yet, consumer privacy concerns continue unabated.  The sentiment among clients is that if they do not address, on their end their practices, their liability exposure will be exponential.  This business sentiment has led to the growth of self-regulation embracing consumer privacy concerns and possibly offering an effective response to those concerns in the data economy.

What complicates the matter and rising concern is the continuous daily theft of personal data impinging on privacy countered by the expectation of privacy among individuals.  As well complicating the matter is the sale of personal data in the data market unbeknownst by the consumer or without consumer consent.  The data economy practices of collection, sales, and sharing is argued to be impinging on privacy and the expectation of privacy.  Magnifying this complication is the prevalence of data being sold.  The data market is a lucrative business and it creates opportunities for hackers.  In addition, there are the efforts of state sponsored and independent groups seeking commercially valuable data and personal information for a sundry of purposes that amount to theft even extortion.

Aside from the existing illicit side of the data market, there is the pervasive practice in the data economy amid companies, governments, nongovernmental organizations and numerous entities and groups gathering data on many aspects of human activity and behavior, termed global commons efforts that are deemed beneficial to all.  The benefits, for the business, government, or an entity are enormous.  If the data is analyzed and managed accordingly, the collection of data can result in numerous benefits.  The benefits could include increased sales, personalized marketing, job creation, process efficiencies, enhanced investments and its management, improved accuracy of diagnosis, improve allocation of resources of both personnel and inputs, effective and productive inventories, reduce costs, improve policy effectiveness, manage utility loads and demand, improve security, aiding in background checks, and improve customer relations, and much more.

On balance, there are possibilities present by such a wide-open market of marketed data that exposes the average person to vulnerabilities to identity theft.  Such may include not being able to be insured, get a job, or get credit approved. While technological innovation is advancing, there remains an imbalance between the technical protective measures and policy amid the growing sophistication of intrusive hacking measures.  The plethora of data in the data economy further augments the opportunities for identity theft and wrongful acquisition of personal data.

The U.S. Supreme Court stated in U.S. Dep’t of Justice v. Reporters Comm. for Freedom of the Press,[2] that a person’s privacy is related to the person’s ability to control person information.  Efforts to discourage government’s tracking of web usage have been sought by the federal government.[3]  The FTC has supported the notion of the commercial value of personal name and likeness and its infringement or misappropriation is considered a tort. This tortuous aspect of privacy infringement is more so evident as it relates to Internet users where the FTC, by Section 5 of the FTC Act, pursues privacy violations.[4]

Where the expectation of privacy is crossed by ill-noticed practice of data disclosure, sales, and sharing, the FTC finds this scenario as a deceptive practice subject to its authority to investigate and sanction. Social media platforms, such as Facebook, has had issues with this concern where its privacy measures were lessened which allowed for easier disclosure of friends lists to third-parties.[5]  This easing of access of friends list to third-parties is an aspect of the data economy activities that arguably impinges on the expectation of privacy. With the continuing growth of Internet business, E-commerce, and digital transactions (Bitcoin) the data generated with each click of a mouse, touch on a mobile device, or swipe lead to hundreds of billions of dollars in revenues in advertising, manufacturing, and sales.

Privacy versus the data economy concern has not been ignored despite the vicious cycle of benefit, compromise, cyber vulnerabilities, with all the active forces mentioned involved in the data economy ecosystem.  Industries have organized to propose notions of self-regulation to fill the void of slow government efforts and inability to keep abreast of innovation.  The industry entities across the economy have emphasized their privacy policies and instituted forms of common practices deemed as measures addressing the need to enhance privacy and the management of data collected.  Additionally, organizations are deeming themselves bound by their own privacy policies. The “do not track” approach by government is one such measure sought to allow consumers to exercise discretion over personal information.  Industries, in the spirit of self-regulation, have responded to the concerns by proposing opt-out vehicles where the selection is taken to limited ads, control how browser retains Internet usage and the cookies sites execute, and to control location-based-services.

The balance between consumer privacy and the data economy can best be seen through industry efforts, their instituted policies and practices as the first line of defense along with their training of personnel and their application of data governance auditing.  In practice, industries may positively contribute through their self-regulation initiatives as they may be best suited to respond to the intrusive innovations that compromise data and best suited to develop measures to allow for more consumer control over their data. The idea of self-regulation and not government imposed mandates, addresses the balance and also provides a way so that advertising revenue is not impinged.  Seldom acknowledged is the availability of the Internet is fostered and populated by material that is supported by ads, otherwise the Internet would be a costly endeavor for anyone to access and use.  The privacy concerns are far from being assuaged.  Yet, the active participants in the data economy ecosystem are possibly best suited to forestall any gains by cyber attackers and the harms they impose from data breaches.
Copyright 2017

Artificial Intelligence Liability

Liability, as an issue, seldom arises in common conversations.   When discussions in the work place occur, liability is not on the top of the list of issues.  Yet, there are a plethora of law firm ads about personal injury claims, insurance commercials, and medical malpractice issues.  From watching and reading ads you are left with the opinion that injury claims and liability are all too common.  Coupled with this prevalence of personal injury claims and medical claims is the novel aspect of technological innovation that is utilized in the medical profession and in the delivery of services in many industries that include data management, cloud computing, software design, and data analysis.  What if something goes wrong? What if the conclusion leading to the delivery of service was incorrect?  What if the data was not categorized or coded accurately leading to a data breach? It is reasonable to wonder if now a new vein of ads and claims will arise as artificial intelligence (AI) is increasingly incorporated in the delivery of many types of services.  Can you fathom a robot conducting surgery on your spleen or knee cartilage?  Well to the amazement of many, those pacemakers are run by codes that monitors and assesses and provides feedback on your heart.  The data derived can be used to suggest replacement treatment or medication. Diagnostics are run by a system of culled data that result in the predictive assessment of the best-concluded treatment, medicine, or procedure. The benefits are increasing with every step of innovation. Yet, there is always room for error, including diagnostic error, procedural error, prescription error, data mismanaged or incorrectly transferred.  Many challenges remain in assessing liability with the use of AI.

With all this innovation and possibilities, how do we regard responsibility and how do we weigh liabilities?  How do we assess risk and balance with what can be insured?  The use of machine learning through the execution of algorithmic formulas lends to some difficulty.  It is difficult to open a formula and have it dissect to determine what led to an incident.   We know that the result is drawn by inputs.  The inputs are drawn from data that is culled, categorized, and identified as relevant on a scale, so-to-speak.  Algorithms are not reviewed, though their results could benefit millions or hinder one skin cancer patient, an airplane pilot or the assets of a Fintech firm’s portfolio.  The barrier in algorithms is their proprietary trappings.   Algorithms and their design are considered proprietary; as such, they are not open for scrutiny or evaluation, but for by their own designer or designer team.  But the designer could very well be a bot.  That bot is as well processing based on inputted data selected by someone.  The complication to discerning liability is becoming clearer.

Could AI be the turning point where liability will be reduced for doctors, data managers, cloud service operators, pharmaceutical companies, medical researchers sued by investors? With all the potential benefits of AI in the delivery of a multitude of services over a span of industries, how is responsibility reconciled?  Should their be liability?  The advance of technology in AI has brought diagnosis on the spot, efficiencies in production, efficiencies in the allocation of resources, made medical services more specific to the person and made cars more responsive.  Where liability is triggered is when the human element factors in.  Can we sue a robot or its designer?  After all, doctors are expected to assess their use of AI for their delivery of services and their diagnosis.  If an automobile or train malfunctions, according to the TV ads, we can sue the manufacturer or even the manufacturer of the component used in the car.  We can sue a pesticide manufacturer for failing to notice the general public of the risk of their product and for failure to provide instruction on uses and protective measures to take when using the product.  Could the same be applied to AI, algorithms, and software operating robots designers?  The answer is not that simple because it is not that easy to find the source.

We are left then with the involvement of machine learning determining the future product, result, conclusion, process, etc., of what consumers, patients, and patrons, receive.   AI, software, and robots are not designed in a vacuum.  They take years and numerous participants and many beta assessments.  To align liability to the designer, then, take your pick.  To align liability to the company owning the software or robot, then again, take your pick among the many involved in the development.  The downside of this exercise is that if the researchers, programmers, code writers are placed in question and held subject to liability, innovation will be stifled.  Such innovation is exponentially growing in influence in every field you can imagine.  But the benefits are strengthened by how we discern responsibility for the trust in the airplane's flight trajectory, in the surgical procedure and specific location of the cancer, in the industry data leading to shifts in market investments, and in the composition of a particular ingredient in a pesticide.

Moreover, could there be an argument for applying strict liability to the algorithms, software, and robotic process?  It is commonly known that consumer products are tied to the liability factors of strict liability where companies are held responsible for their products malfunction. As humans are fallible, fallible humans design algorithms, software, robots, AI; hence, there is the possibility of the fallibility of an algorithm or software process.   Could there also be appropriate to borrow from the pharmaceutical field the term “unavoidably unsafe” product?[1] This application could be used if we have the circumstance of a product that is not free of issues.

Risks are always present.  Could “unavoidably unsafe” product doctrine be applied to AI? As practitioners, we assess risks and we acknowledge that certain products have risks.  AI, software design, the robotic process can be assessed but what results is that there will be discovered a number of beta testing and calibrations, that will make finding responsibility difficult because reasonable measures were taken.  Industry standard practice will be the setting.  In addition, if the reasonable notice was provided about the product’s risk there cannot be the supportable argument of failure to warn.  But more specific to AI, when one conceives of the numerous data inputted to the process of the product or software before being delivered, or the medical procedure being done, and the amount of testing and assessment before it is deployed, there could not be a saleable argument of failure to test.  Furthermore, consider the advisory about the need for frequent updates to address potential glitches, vulnerabilities, or detected malfunctions.  Who should be responsible for the updates and bear the responsibility for the harm if the update was not executed on a software monitoring a pacemaker or calibrating the diagnostics of a robot?

The challenges remain for attributing liability with the use of AI.   Data is not easy to get, especially reliable data that is specific to the need or service to be delivered.  The other challenge is timely and appropriate training and development because not all devices work in sync with one another. The search for a legal remedy for discerning liability where AI is the byproduct leading to the result that gave cause to the potential action continues. The trust of the patient, patron, and the consumer is contingent on results and the possibility of redress when humans relied on AI.

[1] Second, of Torts § 402A, (1965).
copyright 2017

Monday, May 15, 2017

Data Protection Coexisting with Consumer Privacy

Data privacy concern is a prevailing topic.  This piece, is the first part of a series that we will share that will address what clients wrestle with regarding their delivery and administration of technology for their own clients and their day-to-day operations.  Technology will continue to influence our daily lives.  With some of the benefits comes challenges.  The benefits allow more freedoms and increase efficiencies for the user and consumer.  The challenges are present for both the consumer and the operator administrator of the technological innovation.  The questions gnaw. Can the data be kept and transmitted safely? Can the data be kept private as required?  With the nuanced articles on the subject, these questions are what it should be the gravamen.  Can data be kept safe and can it be kept private as it is administered daily in the delivery of services?

This also is about having trust in the development and the reliability of systems, networks, programs, hardware, and the personnel administering them all; and by the way, trust on the combination of technological solution and integration to deliver the needed safety and ultimate privacy.  As such, the trust then has value.  Value in trust is to both the individual expecting privacy and to the entity responsible for maintaining safety and the privacy as it is a custodian of the data, especially as the data is augmented daily with users use of services. 

The trust element in innovation and administration of the technology to maintain data safe and private increases in importance as reliance on technology increases in society.  To address that growing reliance there needs to be a basis, a standard, or a measure by which regulators and the courts can decide when that basis, standard, or measure was not met.  Of course, that’s for litigation hit.  But it is also for pointing to a goal on how data protection will coexist with consumer privacy, as it is expected, though it is unsaid.

The idea that is counseled to entities that endeavor in this realm, as it applies to the purveyor of technology, administrator of cloud systems, data aggregators, network designer, source code writer, is that privacy is the end game buttressed by being accountable.  The end game of privacy is in the data maintained, transmitted, accessed, and delivered to the correctly identified and intended recipient.  Accountability is the ingredient in pursuit of new ways and programs developed that innovate into that coexistence of data protection and consumer privacy.  Accountability in that process is essential to meet with the reliance of consumer trust and confidence. This accountability should be based on checks and balances in the approach for the development, application, and delivery of daily data services.  This accountability, as well must be an organizational task instilled in management and throughout the organization down the service line.  As client addresses this issue they realize it’s their decision-making process that needs addressing as they focus on privacy of the data they are administering or the result of the program designed.  Their approach needs to surpass the short-sighted view of regulatory compliance.

The experience demonstrates that as clients find themselves needing to address their decision-making regarding privacy, data protection, consumer expectations and trust, their accountability, they realize that their culture is changed.  Policies then are the result of that cultural accountability way of thinking that emphasizes privacy.  Privacy programs within organizations will be seen to require levels of cooperation.  The internal aspect of the change should drive the entity to instill data governance, risk assessment, and needs evaluation.  The approach should be one of data governance that syncs legal, operations, contract management, information technology, and human resources, to name a few, together for the levels to see eye-to-eye on data protection and its relationship to consumer privacy and the consumers' trust component.
The relationship of data protection to data privacy is usually seen in application as the technological and administrative existence of the means by which digital information is operatively used, shared, described, analyzed, etc.  That focal point is more than just administering who has access and can anyone else be able to decipher the data in transmission amid networks.  The challenges to the necessary coexistence of data protection and consumer privacy are not for academic theorizing or esoteric concepts.   They are hard and force honest considerations to the applications and efforts to achieve the privacy and protection desired and expected.  Other issues will be discussed on the next piece.

Originally published March 8, 2017
Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web." Copyright 2017, all rights reserved Lorenzo Law Firm, P.A.