Saturday, February 27, 2016

Security - What are "reasonable" information security practices?

    On February 16, 2016, the California Attorney General released its "California Data Breach Report 2012-2015" (a copy of the Report is hosted on Surprisingly, there hasn't been much discussion about the recommendations in the Report.

    Under California law,
[a] business that owns, licenses, or maintains personal information about a California resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure."

California Civil Code § 1798.81.5 (b) (emphasis added).  However, what qualifies as "reasonable security procedures and practices" was amorphous.

     The first recommendation in the Report would establish a "minimum standard of care" concerning a business's information security practices. Report at p. 27. It states:
The 20 controls in the Center for Internet Security's Critical Security Controls define a minimum level of information security that all organizations that collect or maintain personal information should meet.  The failure to implement all of the Controls that apply to an organization's environment constitutes a lack of reasonable security.
Report at p. 30. While this is a recommendation and not law, businesses should take heed of the Attorney General's announcement because some recommendations have become law and the AG's office investigates data breaches.

     Thus, businesses that have personal information about California residents should confirm that their information security practices, at a minimum, are more comprehensive than the 20 controls. Going forward if a business's security practices do not meet the 20 controls and it suffers a data breach, then the AG's position by default should be that the business failed to implement "reasonable security procedures and practices."

 - Henry Park

Thursday, February 25, 2016

Privacy - Apple's Motion to Vacate Order

    Apple filed its first official pleading in the matter concerning whether it can be forced to create a new version of its iPhone Operating System (OS) that purposefully disables its security features such that the FBI will be able to more easily hack into an iPhone (I am hosting a copy of the Motion to Vacate on

    I haven't had a chance to fully digest the memorandum, but it's two main arguments focus on (1) whether the All Writs Act can be used to compel Apple to write the new iPhone OS, and (2) whether forcing Apple to write the new iPhone OS violates Apple's First Amendment and Fifth Amendment rights. 

- Henry Park

Thursday, February 11, 2016

USPTO and Java v8 update 73 build 02

    On my Macintosh, I received a notice that there is an updated version of Java v8 update 73 build 02 (released on February 5).



      I called the US Patent Electronic Business Center (EBC), and it appears that their systems are down.  At this time, I would suggest holding off on updating Java. 

     [updated on February 12] I called the EBC and talked to Agent 40.  She said that this update is not fully supported yet but appears to be working fine. 

- Henry Park

Saturday, February 6, 2016

Trademark - Infringement on Amazon

     What do you do when a third-party uses your client's trademark to sell goods on Amazon?

     You should report the infringement using Amazon's report infringement page.  Using this page, you can report infringement related to copyrights, trademarks, design rights, and other rights.

     When you file your report, you will want to present a strong case of infringement to make Amazon's determination simple. 

      You should list all worldwide registrations and assert any common law trademark rights.  Additionally, if true, you should state that the use of your client's trademark is unauthorized and that your client believes that the seller is confusing customers as to the origin of the infringing goods.

     After you submit your report, it will take Amazon some time to respond.  In our case, it took Amazon over six weeks to respond to our trademark infringement report.  However, Amazon response was that the goods bearing the infringing mark would be removed within three days, and they were.   Additionally, in the removal confirmation email, Amazon provided us with the identity of the distributor.

- Henry Park

Trademark King - Update 2

     I last wrote about Trademark King in May 2015.

     As predicted, the trademark applications filed by Trademark King are starting to be abandoned.  A search of the Trademark Electronic Search System (TESS) reveals that 29 of the 152 trademark applications filed by Trademark King have now been abandoned for failure to respond to an Office Action.

     Some of the abandoned marks are:  "Back to School Clearance Sale", "Sales Price", "Wholesale Price", "Winter Sale", "Spring Sale", "Mother's Day Sale", and "Verizon Center".

     Almost all of the other 123 trademark applications have been suspended since July 2015, and the few applications that are not suspended are awaiting responses to outstanding Office Actions, which probably will never come, and thus those applications also will be abandoned.

    Although I do not expect it, Trademark King does have two months from the dates on the notices of abandonment to file petitions to revive its applications.  However, in order to file such a petition, Trademark King would have to state that its delay in responding to its outstanding Office Actions was unintentional and pay a $100 fee per each application.

- Henry Park