22 October 2013

Recent Changes For Digital Marketers & Companies That Use Text Message Marketing

Many marketing consultants advise companies to employ text messaging and telemarketing as a component of their marketing and advertising strategies. 
Companies that do so, however, need to be mindful of complying with the 1991 Telephone Consumer Protection Act (the “TCPA”), which prohibits companies from sending auto-dialed text messages, voice calls, and faxes without specific consents and authorizations. 
Recent Changes
On October 16, 2013, two major changes to the TCPA went into effect:
  • Prior Express Written Consent Required For Telemarketing: Companies must obtain and hold unambiguous written consent from customers before initiating any telemarketing call/text message; and
  • “Established Business Relationship” Not Sufficient For Telemarketing: An established business relationship does not relieve companies of the obligation to obtain prior express written consent before making a telemarketing call/text message.
These changes follow a January 14, 2013 TCPA change that requires companies to ensure that artificial or prerecorded voice telemarketing or advertising calls have opt-out mechanisms.
What Should Companies Do Now?
The TCPA can affect any organization that sends text messages, voice calls, or faxes as part of its advertising / marketing campaign or outreach, whether such messages are sent through the company or a through a contracted third party marketing vendor.
Violations of the TCPA can be expensive. The TCPA permits a private right of action and statutory damages in the amount of $500 for each violation and up to $1,500 for each willful violation. The risk for companies is significant because the numbers of TCPA class actions are on the rise and the potential damages / settlement costs in these cases can run into the millions of dollars.
Given the changes that went into effect in October, businesses should review their TCPA / advertising policies to ensure that they are in compliance, so that they can avoid the possibility of paying onerous penalties or being involved in expensive class action litigation.
Further, even if companies that hire third party vendors to conduct telemarketing call / text message campaigns on their behalf, they should exercise care to minimize potential claims, including by requiring, for example, representations and warranties and risk shifting provisions in contracts.

24 May 2013

Data Breach And Governance Issues Find Investment Advisors

Two items of interest this week for investment advisors and their clients in how they deal with internal controls relating to confidential data and email:

On May 23, 2013, the Securities and Exchange Commission ("SEC") charged charged proxy adviser Institutional Shareholder Services ("ISS") for failing to safeguard the confidential proxy voting information of clients participating in a number of significant proxy contests. According to the SEC press release:
An SEC investigation found that an employee at ISS provided a proxy solicitor with material, nonpublic information revealing how more than 100 ISS institutional shareholder advisory clients were voting their proxy ballots. In exchange for voting information, the proxy solicitor provided the ISS employee with meals, expensive tickets to concerts and sporting events, and an airline ticket. The breach was made possible in part because ISS lacked sufficient controls over employee access to confidential client vote information, as this employee gathered the data by logging into the ISS voting website from home or work and using his personal e-mail account to communicate details to the proxy solicitor. 
The SEC's order finds that ISS willfully violated Section 204A of the Investment Advisers Act of 1940. The order censures the firm and requires ISS to pay a $300,000 penalty and engage an independent compliance consultant to review its supervisory and compliance policies and procedures. The consultant will evaluate whether ISS's procedures are reasonably designed to ensure that its proxy voting services business complies with the Advisers Act in its treatment of confidential information, communications with proxy solicitors, and gifts and entertainment. 
Section 204A of the Investment Advisors Act of 1940 requires every investment advisor to establish and enforce policies and procedures to prevent the misuse of of material, nonpublic information. 

The SEC Order is available here.

Also, on May 21, 2013, the Financial Industry Regulatory Authority ("FINRA") fined broker LPL Financial LLC ("LPL") $7.5 million for 35 separate, significant email system failures, which prevented LPL from accessing hundreds of millions of emails and reviewing tens of millions of other emails. Additionally, LPL made material misstatements to FINRA during its investigation of the firm's email failures. LPL was also ordered to establish a $1.5 million fund to compensate brokerage customer claimants potentially affected by its failure to produce email.

FINRA's website was down this morning, but the Securities Law Prof Blog has a nice entry here.

23 May 2013

Idaho State University Settles HIPAA Security Case for $400,000

Idaho State University ("ISU") has agreed to pay $400,000 to the U.S. Department of Health Human Services ("HHS") for violations of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") Security Rule. The settlement involves the breach of unsecured electronic protected health information ("ePHI") of 17,500 individuals who were patients at an ISU clinic. HHS found that ISU did not:
  • conduct an analysis of the risk to the confidentiality of ePHI as part of its security management process; 
  • adequately implement security measures sufficient to reduce the risks and vulnerabilities to a reasonable and appropriate level; and
  • adequately implement procedures to review regularly records of information system activity to determine if any ePHI was used or disclosed in an inappropriate manner.
Read the HHS press release here.

24 April 2013

Baseball Stats and Law Firm Performance

I am a huge baseball fan. I have been so since the 80s when the greatness of Don Mattingly tormented me on an annual basis because of his not-so-great Yankees' supporting cast (especially oh those pitchers!). A pennant never materialized for me back then, but through it all, every stat, pitching AND hitting, was etched in my brain. I thought that if I only studied the stats enough, I could show everyone -- even those Mets fans -- that the Yankees (and every player on the team, even third baseman Mike Pagliarulo) was the absolute best at his position in the major leagues. Of course, the stats to which I had access were only those in the newspaper and the backs of trading cards, namely the big ones: ERA, batting average, RBIs. My ground-shaking epiphany on how it all fit together never came. 

Then came Billy Beane. Beane is a former professional baseball player and current front office executive for the Oakland Athletics. Beginning in the mid-90s, Beane began to apply statistical analysis to player evaluations. Beane was the subject of Michael Lewis' 2003 book on baseball economics, Moneyball, which was made into a 2011 film starring Brad Pitt as Beane. Not too shabby.

The essence of Moneyball was an emphasis on the numbers:

01 April 2013

Judges & Social Media

On February 21, 2013, the American Bar Association released Formal Opinion 462, "Judge's Use of Electronic Social Networking Media," which finds that a "judge may participate in electronic social networking, but as with all social relationships and contacts, a judge must comply with relevant provisions of the Code of Judicial Conduct and avoid any conduct that would undermine the judge’s independence, integrity, or impartiality, or create an appearance of impropriety." The Opinion includes guidance on when a judge would have an affirmative duty to disclose a social media connection to parties that appear before that judge (conclusion: not most of the time).