Shoosmiths advised leading credit reference agency Experian concerning an experiment it conducted into online security ahead of National Identity Fraud Week.
The volunteer participant, 29-year-old personal trainer Stephen Keywood (Steve), was to spend five days between 7am and 7pm in a retail unit in central London from where he would share his experiences via social media.
He was given a laptop and the use of a debit card, and tasked with sourcing everything he needed online, including food, furniture and fun. After the experiment, he sold any items he had purchased during the experiment in an online auction for charity.
What was the client's goal?
Experian wanted to highlight the online security issues Steve would face. Its aim was to help the public develop a greater understanding about their online lives and the day-to-day activity that makes up their 'digital DNA'.
How did we help the client achieve it?
Shoosmiths' commercial and employment teams jointly drafted a bespoke contract to be entered into by Experian and Steve, which included a code of conduct setting out the general guidelines for Steve's conduct during the experiment. The contract also covered, with help from Shoosmiths specialists in these areas, issues relating to health & safety, intellectual property rights and data protection.
Shoosmiths highlighted and addressed the following legal and commercial issues when drafting the contract:
Steve was given access to a £1,000 budget to source everything he needed for the week. The commercial team, headed by partner Michelle Sherwood, was keen to ensure that the contract contained express obligations for Steve to ensure the budget was not exceeded and only used in connection the experiment.
The code of conduct - discussed below under Brand protection - also prevented the purchase of anything offensive or likely to cause offence.
Shoosmiths also advised on a similar contract and code of conduct for a standby, in the event of Steve's absence.
This was a key consideration for the client. Experian wanted to encourage Steve to positively engage with social media outlets regularly throughout the experiment. The contract had to ensure the participant not only actively promoted Experian's brand, but did not do any damage to it, particularly given the anticipated (and requested) use of social media.
Guidelines were included in the contract which set out a minimum amount of online activity Steve had to carry out, which helped ensure Experian were able to meet their objectives as well as managing Steve's expectations.
To help prevent any brand damage, the employment team, headed up by partner Karen Fletcher, also drafted a code of conduct detailing how Steve was to behave and dress. It addressed these issues:
- As Steve was to be making regular tweets, status updates, blogs and video diaries, there were prohibitions on him making derogatory statements, disclosing confidential information or making defamatory comments.
- The experiment hoped to engage passers-by and attract publicity. It was therefore essential that the terms of the contract prevented Steve from acting inappropriately. The restrictions were drafted broadly enough to prohibit him accessing inappropriate websites or engaging in any form of discrimination. These clauses also extended to Steve's behaviour outside the hours of the experiment.
- A 'date night' was scheduled on which Steve had to cook a meal for his wife. Shoosmiths had to draft provisions to ensure a pragmatic approach was taken to enable the experiment (and date night) to be a success without exposing Experian to any unnecessary risks or liability. An alcohol policy was therefore included permitting Steve to drink alcohol provided a sensible approach was taken but there was a complete prohibition on smoking or taking non-prescription drugs.
- To help minimise any brand damage to Experian, the contract allowed it to terminate the contract on a serious breach of Steve's obligations or if he acted in a way that materially prejudiced Experian's interests.
Steve's obligations included making a daily video diary and writing a daily blog, and one particular challenge involved him setting up a band and performing a live gig. As these products would all be Steve's original works they would be protected by copyright.
The contract therefore needed to deal with the ownership of all arising intellectual property rights. To address this, Shoosmiths intellectual property specialist Caroline Brennan advised Experian on the relevant provisions including a waiver of any moral rights Steve may have been entitled to under the Copyright Designs and Patents Act 1988.
As National Identity Fraud Week began the week following the project, the client wanted to ensure the participant was available for a number of scheduled media interviews, so Shoosmiths' commercial team drafted an obligation whereby Steve was to carry out such publicity and promotional services as required by the client.
It was also necessary for Steve to give his irrevocable consent for Experian to film, broadcast and distribute the experiment in order to meet its objectives.
The nature of the experiment meant Experian needed consent to monitor, track and record Steve's online activity.
His consent was also required for Experian to hold and process Steve's data. Both of these issues were dealt with in a data protection clause drafted by data protection specialist, Aisling Duffy.
In addition to this work, partner Andrew Pattinson from Shoosmiths' real estate team reviewed and negotiated a licence for the use of the retail space for a week. A key concern that was addressed was making sure the terms of the licence were kept simple and reflected the very short period of the licence and that appropriate insurance was in place.
What approach did we take and was there anything unusual or exceptional to note?
As set out above, a number of legal safeguards were required to protect Experian's interests. These covered a number of different legal subjects by Shoosmiths various specialists. Shoosmiths also had to ensure the contract had enough flexibility to allow Steve freedom to be active online.
What was the outcome and how did Experian benefit?
Our advice allowed Experian to successfully conduct this experiment prior to National Identity Fraud Week. The client actively promoted the risks of online activity and how its services can help consumers.
The experiment revealed that Steve made a number of common security mistakes, including:
- using the same password across multiple accounts
- failing to update his web browser to a newer, more secure version
- failing to check that websites were secure by looking for the padlock icon when making online purchases
And as for Steve; throughout the experiment he learned how to make sushi, play an instrument and obtained more than 500 followers on Twitter.
His online auction also raised money for his chosen charity, Link Leisure. This included the sale of a cushion signed by former model Jerry Hall.