ASKED & ANSWERED: Kathy Ossian on cyberlaw

By Steve Thorpe

Legal News

In an era of increasing legal specialization, law firms are now often focused tightly on one area of the law. Attorney Kathy Ossian has founded Ossian Law PC in Ferndale as a law firm exclusively focused on information technology law. Practicing law for nearly 30 years, Ossian has 16 years of experience and expertise in IT Law. Formerly senior principal and chair of the Information Technology and Cyberlaw Section at Miller Canfield, she also served as a law clerk to U.S. District Judge Robert E. DeMascio.

Thorpe: Why a cyberlaw firm and why now?

Ossian: A couple of reasons. One is that this has been my specialty for a long time. I started out as a commercial litigator and then in 1997 started working in the IT area. So it's what I know and my area of expertise. As far as timing goes, the time was right for me to set up my own firm. Cyberlaw issues are more prevalent than ever and will continue to increase.

Thorpe: What would be your typical client and what type of legal services would you provide them?

Ossian: They fall into several categories. Tech companies are obviously natural clients for me and I provide contract work and advice for them. Tech companies need to make sure that their contracts can address any issues that come up and protect their interests. Another typical client is a financial services firm. There are a lot of federal and state laws and regulations protecting consumer information. A third client opportunity that I didn't have as much when I was part of a large firm is other law firms. Some are clients of mine for their own tech contracts or for their own client's needs if they don't have someone with expertise in the IT area.

Thorpe: You've talked about the importance of whether websites must comply with the Americans with Disabilities Act (ADA). Tell us about that.

Ossian: There have been cases linking the ADA to the Internet, including when Target was sued some years ago because their website wasn't accessible to a blind customer. That was the initial decision and the court limited its analysis to saying: 'Target, your website is an extension of your brick and mortar store and your brick and mortar store is clearly a public accommodation that is subject to the ADA. So we're going to apply those same standards to your website.' There have been a number of other decisions over the years but, last November, Netflix was sued on behalf of hearing impaired individuals who wanted to use Netflix services. The allegation was that the streaming audio that accompanies the video wasn't compliant with the ADA. Netflix becomes the intermediary between the customer and the movie studios. They agreed to a consent decree and will be compliant by September of 2014. The question becomes how far reaching is that decision and will it apply to other websites with streaming media?

Thorpe: The Federal Trade Commission is exploring the regulation of what is called the 'Internet of Things,' or IoT. What might that lead to?

Ossian: The 'Internet of Things' refers to the fact that people are so reliant on the Internet now in every aspect of their lives. Examples include home security system, online banking and many more things where consumers are using the Internet to facilitate those processes. Ten years ago it wasn't an option, but now you can do all these things using mobile apps from anywhere. Some say that the FTC is way behind the game because this has been developing for a long time now. But the FTC is looking at it from a couple of perspectives, one being security and one being privacy. Now that all this information is out there, what is the potential for misuse, how do we put some parameters around that? It's a huge endeavor and the FTC is just now starting to collect the data.

Thorpe: Retailers and other businesses are wrestling with new ways to receive payments from customers. What are some of the issues?

Ossian: Mobile payments are more common all the time with people even using their phone because they've got all the information loaded into it. It goes far beyond just mobile banking. That's where some of the concern lies. While banks themselves are subject to all kinds of federal regulations, some payment system that just started last year or last month is not a 'financial institution' and may not be subject to those same regulations. You have a lot of platforms and applications that are involved and you may not even know who all of them are. Also, when people are used to mobile payments or banking, they can become more susceptible to fraud. Viewing something on a smaller screen as opposed to a larger screen can increase the potential for fraud.

Thorpe: As cloud computing becomes more common, digital assets can reside in multiple places with varying degrees of security and privacy. What are some of the legal issues clients must be aware of?

Ossian: Almost everyone, whether they realize it or not, is using cloud computing in some fashion. Even traditional email, going back to the early days of AOL, is essentially cloud computing. But there are steps you can take. Looking at it from the vantage point of law firms and the attorney client relationship, a number of states have looked at the question and issued ethics opinions saying that if you've taken reasonable steps to secure the information, you're fine. That's becoming the standard. Do your due diligence. Is this particular provider reputable? What's their history? Using a reputable company and taking your own precautions in terms of passwords and other steps should go a long way to meeting the standard. There's always going to be a risk, but it really comes down to taking those reasonable steps.

Published: Tue, Jun 4, 2013