New World, New Rules

I recently presented a “Technology and the Law” seminar at the Central Station Alarm Association (CSAA) annual meeting. Highly interactive, information-rich, Web-based services are becoming increasingly available and often direct via smartphones.

While these developments present incredible opportunities, they also mean providers must protect themselves from new—and different—liability claims. Operators must know how “old law” applies to new technology and learn to comply with “new law” being developed to address new issues.

1. Privacy policies are not optional. Consumers, lawmakers and regulators are increasingly concerned about what information you collect, how you store and use the information and whether you provide information to third parties. Having a privacy policy is no longer optional; it’s a best practice for risk mitigation.

While no federal privacy law yet governs the electronic security industry, 46 states have some form of data security law. Data breach claims (and the legality of your privacy policy) will be resolved by state law.

Don’t assume a data breach can’t happen to you. A recent survey revealed that 90 percent of all organizations on the Web have sustained some sort of data breach, from hackers accessing your server to employees accidently losing laptops or storage devices, to former employees maliciously misusing your data.

A good privacy policy describes your actual data collection practices. Develop your policy (copying another company’s policy leads to inaccuracies and potential liability) and make sure you and your employees follow it carefully. And most insurance policies exclude coverage for “cyber-security” loss, including data breaches. Know what your policy covers.

2. Video is omnipresent. The growing use of video presents incredible opportunities for recurring revenue. Today’s video is more than just pictures; it’s managed services, including efficient and inexpensive Web-based video and storage sent to subscribers’ smartphones. The laws governing video vary by state. Several prohibit or regulate video surveillance. Other prohibit video recording of persons in “private places.” Still others prohibit the installation of hidden cameras. Federal law also prohibits covert video surveillance on federal property, and state and federal wiretap laws prohibit recording audio under many circumstances. Know and follow applicable state and federal laws. And don’t forget the most important rule of selling video services: Don’t sell it without a recurring revenue contract. Otherwise, you’re leaving profit and exit value on the table.

3. The cloud is here to stay. The cloud is scalable, efficient and effective and offers security providers numerous opportunities for recurring revenue, including managed services like home automation, video storage and retrieval, access control and others. Make sure your subscriber contract allocates risk effectively for these services. (Standard issue analog-era industry contracts won’t protect you for cloud-based services.) If you use a Web-based end user agreement (such as a click-through agreement), make sure your written subscriber agreement specifically makes the subsequent use of an online agreement enforceable.

4. Smartphone apps require special attention. Subscribers increasingly rely on their smartphones for services relating to security. The law and standards applicable to apps is changing rapidly. If your services include apps, make sure you protect yourself from subscriber claims in your subscriber agreement and those with third-party app providers. Make sure your legal counsel is aware of the ever-changing legal landscape regarding apps and Web-based services. If you want to be on the cutting edge, make sure you protect yourself.


Eric Pritchard is a partner in Kleinbard Bell & Brecker LLP, Philadelphia. The firm focuses on acquisition and succession strategies. This column does not constitute legal advice; contact an attorney with specific questions.