Online searches can be conducted by many parties, such as clients, associates, partners, opposing counsel, staff, personal contacts and others. Online, negative references to you and your firm can scare off potential clients, sour business relationships, harm recruiting efforts and have a number of other negative effects on your practice. Moreover, negative information can live online long after the underlying issues have been resolved, and this information can become lodged at the top of search results. This can cause ongoing damage to your firm or company and your professional reputation.

We have one and the only aim, to be the best in the industry. That means our attorney and law firm reputation management services have to be second to no one. We work directly with law firms and legal professionals to ensure that the best strategy is used for each unique case. Our experienced team of Search Engine Optimization and Internet Marketing Experts have developed strategic relationships with authoritative legal websites in order to enhance the effectiveness of our online reputation management services for attorneys and law firms. What’s more, we equip our skilled SEO technicians with the most advanced software and tools available to manage, repair and/or protect the online reputations of legal professionals and law offices with which we do business.

Recent Case Studies

A popular CEO whose company runs in 74 countries was a victim of reputation attack by competitors , scandals and her customer following was reducing because of the same. Currently signed off for monthly reputation insurance package.

Twitter urges all users to change passwords after glitch

Twitter Inc urged its more than 330 million users to change their passwords after a glitch caused some to be stored in readable text on its internal computer system rather than disguised by a process known as “hashing”.

The social network disclosed the issue in a blog post and series of Tweets on Thursday afternoon, saying it had resolved the problem and an internal investigation had found no indication passwords were stolen or misused by insiders. Still, it urged all users to consider changing their passwords.

“We fixed the bug and have no indication of a breach or misuse by anyone,” Chief Executive Jack Dorsey said in a Tweet. “As a precaution, consider changing your password on all services where youve used this password.” The blog did not say how many passwords were affected. A person familiar with the company’s response said the number was “substantial” and that they were exposed for “several months.” The disclosure comes as lawmakers and regulators around the world scrutinize the way that companies store and secure consumer data, after a string of security incidents at Equifax Inc, Facebook Inc and Uber Technologies Inc.

The European Union is due later this month to start enforcing a strict new privacy law, the General Data Protection Regulation, that includes steep fees for violators.

Twitter discovered the bug a few weeks ago and has reported it to some regulators, said the person, who was not authorized to discuss the matter publicly.

The U.S. Federal Trade Commission, which investigates companies accused of deceptive practices related to data security, declined comment on the password glitch.

The agency settled with Twitter in 2010 over accusations the site had serious lapses in data security that let hackers access private user data on two occasions. The settlement called for audits of Twitter’s data security program every other year for 10 years.

The glitch was related to Twitter’s use of “hashing” and caused passwords to be written on an internal computer log before the scrambling process was completed, the blog said.

“We are very sorry this happened,” the Twitter blog said.

Twitter’s share price was down 1 percent in extended trade at $30.35, after gaining 0.4 percent during the session.

The company advised users to take precautions to ensure that their accounts are safe, including changing passwords and enabling Twitter’s two-factor authentication service to help prevent accounts from being hijacked. (REUTERS)

Internet, e-business and privacy concerns

The most commonly stated motive for data protection legislation is to protect individual privacy from being compromised by computerization and to provide a framework for finding a balance between the interests of the individual, the data user and the community at large.

Countries without a data protection law may lose business from Europe because the EU Directive on the Protection of Personal Data prohibits the transfer of personal data to non-EU countries that do not meet the European “adequacy” standard for data protection. As a result, this Directive places burdens on Sri Lanka and others countries that collect personal data online. The absence of data privacy legislation in India has proved to be a handicap to Europe and the U.S.A. in business process outscoring to Indian companies.

In many countries, including Sri Lanka, laws have not kept up with the technology, leaving significant gaps in protection. In other countries, law enforcement and intelligence agencies have been given significant exemptions. Therefore the mere presence of laws may not provide adequate protection.

Online business or online delivery of public services means feeding personal data to the computer, and having it transmitted from one place to another. Data collectors or service providers or data registers are involved in this activity. Therefore the personal data of customers and citizens should be protected by law without keeping any room for manipulation, possible misuse or unauthorized disclosure to a third party.

Threats toprivacy
Consumer awareness about privacy is increasing, particularly among Internet users. Sooner or later, consumers will demand that their privacy be respected by business. This may require some modification to business practices and customer service and may involve costs not previously incurred. Even American big business has accepted that privacy is a concern that must be addressed. All the public surveys conducted by and for big business in America showed a lack of confidence that consumers’ personal information would be protected if they entered into transactions on the Internet. Privacy concerns have been clearly identified as a barrier to the development of e-business.

Personal information that an individual would prefer not to disclose to others can be obtained from imprints left by identifiers on the hard drive of a computer. For instance, in registering Microsoft Word, an identifier was placed on the hard drive that could have permitted Microsoft to track all movements on the Web. Although Microsoft changed the registration system, an identifier is now made through registration of Microsoft Media Player, as well as through other software systems.

Web bugs can disclose personal information that many of us would prefer to keep confidential. Web bugs are images embedded in a web page that can transmit information to a remote computer when the page is viewed. The remote computer can track which computer accesses which page. They are also known as clear GIFs, or l x l GIFs. A web bug is a tiny graphic, included in a web page or e-mail message, used to identify who or how many people are viewing the material. They can be placed in the image tags of the underlying HTML code of the page and they can also be placed in HTML enabled e-mail messages. For instance, used a tracking device to compile information about online shoppers but stopped after it was discovered.

Internet Service Providers (ISPs) can divulge a host of information about an individual, including name, address, and credit card. They can recapture e-mail that was sent through their services. In addition, ISPs can recapture session information, such as the URLs visited by a user through its service. ISPs at times have disclosed private information about individuals, leading to embarrassment and adverse employment consequences.

Cookies are small text files placed on an Internet user’s computer when a website is accessed. They contain information sent by the server to the user’s browser. If desired, a web user can sometimes view cookies in the source code of the header of a web page. However, generally, the information collected is not displayed to the user, but is recorded, tracked, and stored by the user’s computer and browser. The website can read the cookie later to identify the personal preferences.

Such information will enable the user to navigate the website more easily on return visits. Websites, for instance, can recall registration information, so that users need not re-register each visit. Similarly, cookies enable each user to move forward and backward within a site. Most cookies last during a user’s “session,” but some can be programmed to last forever — persistent cookies — with the corresponding power to keep track of the user’s movements on the Web.

Moreover, marketers can then use information about an individual’s use of a site to tailor and fine tune sales and promotional offers to consumers, whether on the Web, via email, or at home. Marketers bring information to those who may not know of particular goods and services. Information links sellers to willing buyers, helping achieve a more efficient economy. To some extent, individuals who choose to participate in commercial transactions must give up some personal information to have access to credit and other financial services.

Such information, however, can also be used to reveal all of our personal habits. If marketers share information with each other, an entire mosaic is created revealing our buying patterns, our browsing interests, and the time we spend on the Internet. Many fear the adverse consequences if that information gets into the wrong hands.
Individuals can disable cookies by setting their browsers not to accept them. Some websites will not do business with such users, and in any event, disabling cookies makes navigation through websites quite cumbersome.

Information about an individual’s tastes and leisure activity has economic value, and the exchange of such information helps grease the economy. Sri Lanka has never banned the sale of such data, despite the potential impact on privacy. There are, however, many different levels of legal protection for privacy when websites and e-commerce firms — without consent — use private information for commercial purposes. No comprehensive protection exists.

In many countries there is a general law that governs the collection, use and dissemination of personal information by both the public and private sectors. An oversight body then ensures compliance. This is the preferred model for most countries adopting data protection laws and was adopted by the EU to ensure compliance with its data protection regime.

Sri Lanka’s 1978 Constitution does not explicitly recognize the right to personal privacy as a basic fundamental right though subsequent proposals envisaged the right to privacy as a fundamental right. The government has not introduced any specific legislation, which protects the individual privacy or collection of personal information. The only legislation, which refers to this area, is the 1991.

Telecommunication Act that too refers to interception of communication.
The Common Law in Sri Lanka does not recognize any right to protect personal information. It only permits peripheral protection or remedial action for invasions of privacy stemming from the inappropriate use of personal data.

It is possible to include in the terms of a contract express protection for personal information. Typically, such provisions are broader than just personal information; they extend to the protection of all information flowing between the parties to the contract. These types of clauses supplement any existing rights the parties may already have under the tort of breach of confidentiality.

The contractual relationship is not the essential ingredient, which has given rise to these protections; rather, it is the confidential nature of the relationship. Special relationships exist between banks and customers, doctors and patients and lawyers and clients. They may also exist in a non-contractual context; for example, confidentiality between priests and their parishioners. The ability of the law of contract to provide a solution is severely limited because most data subjects are not in a contractual relationship with the data collectors or users. Thus there are no express or implied contractual rights bestowed upon the data subject.

There are various possibilities in tort. The most obvious possibility would be an action brought by the data subject against the data controller for negligent use of storage of the data. This may be because a third party has gained unauthorized access to personal data about the data subject due to the direct or vicarious negligence of the data controller. Such an action will be possible only where a duty of care owed by the data controller to the data subject is established, and this will involve inter alia a consideration of the nature of the information.

Trespass consists of the wrongful entry by the defendant onto land belonging to the plaintiff without consent, the plaintiff being the rightful possessor of the land. Defamation is a cause of action intended to protect the reputation of a person whose standing has been lowered in the estimation of “right thinking members of society” by the publication of derogatory and untrue statements. The electronic dissemination of derogatory statements about a data subject through discussion groups or other Internet facilities will provide the subject matter with a course of action in defamation provided that they are untrue.

Where a person intentionally or recklessly conducts himself so as to cause emotional distress to others, he is liable for that distress. Conceivably, the same course of action would lie where a person revealed personal information designed to cause the data subject acute embarrassment. It is essential that the injury suffered be of an enduring or physical nature.

Another tort requires misconduct by the holder of a public office. The breach of the statutory duties of confidence imposed upon public servants in relation to personal data accessed or used in the course of their administrative duties, for example, would give an aggrieved data subject a course of action here.

Global consistency is fundamental to achieving effective privacy protection. If different standards and approaches are taken, the confusion that would result could well undermine rather than enhance consumer protection and it could hinder the development of E-business. If one stand is to be adopted globally, the Informational Privacy Principles based on OECD guidelines and European Directives would be a practicable solution. Therefore Sri Lanka’s draft Data Protection law should be based on these principles.

Personal information must not be collected where it is gathered by unlawful means; for example theft. Moreover, this principle extends to collection by unfair means. The principle of solicitation of personal information from individuals is designed to ensure that agencies that collect personal information take steps to make the data subject aware of the purpose for which the information is being collected and, where the information is passed on by the collector, the details of the person or persons who receive the information.

Where information is collected through a process of solicitation, the collector must ensure that reasonable steps are taken to determine the relevance, completeness and currency of the data. In addition, this principle requires that the information collected does not unreasonably intrude upon the ‘personal affairs’ of the data subject.

Storage and security of personal information is an important principle, which lies at the heart of the integrity and security of the personal information that is collected and stored. The term ‘record-keeper’ is introduced here. The record-keeper must ensure that security safeguards that are appropriate in the circumstances are taken to prevent loss, unauthorized access, use, modification or disclosure or misuse of information.

The principle of alteration of records containing personal information sets out the rights of the data subject in relation to ensuring the quality of the information held about him or herself. Appropriate corrections, deletions and additions are required to ensure that the record of personal information conforms to the principle.

A record-keeper who has possession or control of a record that contains personal information shall not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is relevant, accurate, complete and not misleading.

Personal information only to be used for relevant purposes – the intention of this provision is clearly to prevent misuse of information where it is not relevant to the purpose for which it will be used.

Limits of disclosure
A record-keeper who has possession or control of a record that contains personal information shall not disclose the information to a person, body or agency (other than the individual concerned) unless, the individual concerned has been informed that the information of that kind is usually passed to that person, body or agency or the individual concerned has consented to the disclosure and the disclosure is required or authorized by law.

Any information relating to ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual life shall not be used or disclosed by a record-keeper without the express written consent, freely given, of the individual concerned. Information relating to an individual’s criminal history may only be processed as required or authorized by law.

An essential aspect of any privacy protection regime is oversight. In most countries with a data protection act, there is also an official or agency that oversees enforcement of the act. This must be absolutely an independent supervisory authority. Independence is also a problem in many countries; the agency is under the control of the political arm of the government or a part of the ministry.

This agency is given considerable power; government must consult this agency when it draws up legislation relating to the processing of personal information; the body also has the power to conduct investigations and have a right to access information relevant to their investigations; impose remedies such as ordering the destruction of information or ban processing, and start legal proceedings, hear complaints and issue reports. The agency is also generally responsible for public education and international liaison in data protection and data transfer.

A major problem with many agencies around the world is a lack of resources to adequately conduct oversight and enforcement. Independence is also a problem. In many countries, the agency is under the control of the political arm of the government or part of a particular ministry and lacks the power or will to advance privacy or criticizes privacy invasive proposals.

Unlike the European Union, the United States traditionally has adopted a different approach to data protection. The EU embraces privacy as a fundamental right and thus considers comprehensive legislation as the most appropriate means to protect personal information. Such an approach requires the creation of government data protection agency and approval before the processing of persona data. By contrast, many Americans believe in the free market and are suspicious of government intrusions.

Therefore U.S. approach relies on a mix of legislation, administrative regulation and industry self-regulation through codes of conduct developed by industries as an alternative to government regulation. It is not too late for Sri Lanka to accept the benefits of globalization and be absorbed into the international trade system. Any proposed data protection law should be based on the European model of the EU directive and the data privacy principles because the U.S. data protection model is an ad hoc one and without an independent authority to protect and implement data users rights.

(The author is a Ph.D Researcher in IT Law, University of Queensland, Australia and Lecturer in Law, Faculty of Law, University of Colombo)