Posted on July 23, 2008 by Tanya Forsheit

Northern Disclosure: Alaska Enacts 44th State Breach Notification Law

Alaska passed a breach notification law in June, making it state number 44 to do so.  As most are aware by now, Alaska's new law, Alaska Stat. § 45.48.010 et seq., includes breach notification requirements, restrictions on use of Social Security numbers, and allows consumers to place a security [deep] freeze on their credit reports.  Notification of a breach is not required if, after an appropriate investigation and written notification to Alaska’s attorney general, the covered entity determines that there is not a reasonable likelihood that harm to consumers has resulted or will result from the breach.  By popular demand, following is our updated list of security breach notification laws.

Continue Reading...
Tags: , , , , , ,
Posted on July 18, 2008 by Clifford Davidson

"Cyber-Bullies" Potentially Face Hard Time

State governments and federal prosecutors are cracking down on individuals who use the internet to harass or threaten others.  On June 30, Missouri Governor Matt Blount signed into law a measure that criminalizes online harassment.  This new law represents a marked change in the legal treatment of this form of harassment, also known as “cyber-bullying.”  Other states have enacted legislation to help stop cyber-bullies, but none has gone so far as to impose jail sentences on violators.  The Missouri law, however, criminalizes the transmission of an electronic communication for the purpose of frightening or disturbing another.  V.A.M.S. 565.091 (not yet chaptered).  Adult violators of this new law face up to 4 years in prison if they perpetrate the offense against a child.

The legislation responds to the 2006 death of 13-year old Megan Meier, who committed suicide after being harassed repeatedly on MySpace.  The harassment was allegedly perpetrated by Lori Drew, a 47-year old woman who falsely assumed the identity of a fictitious teenage boy on MySpace and posed as this character to develop an online relationship with Meier.  The girl’s suicide was allegedly prompted by disparaging comments made by Ms. Drew disguised as the teenage boy.  The tragedy outraged the Missouri community in which it occurred, but local authorities were unable to prosecute Ms. Drew because cyber-bullying was not illegal.

Continue Reading...
Tags: , ,
Posted on July 11, 2008 by Natalie Newman

Another Court Affirms Narrowed Interpretation of Song-Beverly Credit Card Act

On June 26, 2008, in Absher v. Autozone, Inc. et al. (2008), the California Court of Appeal in the Second Appellate District, confirmed that California’s Song-Beverly Credit Card Act of 1971, California Civil Code § 1747.08 (hereinafter, the “Act”) does not apply to a refund for the return of merchandise purchased by credit card.

Continue Reading...
Tags: , , , , , , , ,
Posted on July 7, 2008 by Joseph K. Wright

New Connecticut Law Threatens $500,000 Penalty for Privacy Violations

On June 10, Connecticut Governor M. Jodi Rell signed into law a bill to safeguard Social Security numbers and other personal information. The law imposes a civil penalty of up to $500,000 on violators. The new law takes effect October 1, 2008. 

The new law penalizes any individual or business that intentionally fails to protect personal information.  “Personal information” includes Social Security numbers, driver’s license numbers, and account numbers for insurance policies, credit card numbers and bank accounts. Individuals and businesses are subject to civil penalties of $500 per violation, up to $500,000 for any single event. The law imposes the same penalty for intentional failure to “destroy, erase or make unreadable” personal information during disposal of records. It does not, however, impose fines on negligent or unintentional violators, nor does it apply to public entities.        

Continue Reading...
Tags: , , , , , ,
Posted on June 30, 2008 by Scott J. Carpenter

CDA Protects MySpace from Underage User's Negligence Claim

On May 16, 2008 the U.S. Court of Appeals for the Fifth Circuit agreed with a number of other courts, holding that the Communications Decency Act (“CDA”) (47 U.S.C. Sec. 230) protects social networking websites from liability with respect to negligence claims based on third-party content published on the website and the consequences stemming from such content. In Doe v. MySpace, Inc., No. 07-50345, 2008 WL 2068064 (5th Cir. May 16, 2008), the plaintiff argued that MySpace negligently failed to implement appropriate technological safeguards to prevent the plaintiff, a 13-year-old, from registering on MySpace. The plaintiff lied in her registration materials, pretending to be 18 years old, and ignored MySpace’s warnings against sharing personal information on the website by posting her phone number. According to the plaintiff, the technological safeguards would have prevented her from meeting and being sexually assaulted by another MySpace user.

Continue Reading...
Tags: , , , ,
Posted on June 26, 2008 by Kristen J. Mathews

New CAN-SPAM Rule Gives Long-Awaited Answers

On May 12, 2008 the Federal Trade Commission issued its long awaited final set of rules under the CAN-SPAM Act of 2003 (the "Act"). The rule:

• Modifies the term "sender" with respect to multi-advertiser e-mails;
• Clarifies the opt-out request process;
• Defines the term "person"; and
• Clarifies the meaning of "valid physical postal address" of the sender.

The accompanying report:

• Explains the FTC's interpretation of the Act's application to affiliate marketing programs and tell-a-friend campaigns.

The rule will take effect on July 7, 2008.

Continue Reading...
Tags: , , , ,
Posted on June 20, 2008 by Clifford Davidson

Wrath of Quon?

The June 18, 2008 Ninth Circuit panel decision in Quon et al. v. Arch Wireless et al., No. 07-55282 (9th Cir. June 18, 2008) has sparked a flurry of news reports and speculation regarding employers’ ability to monitor employees’ e-mails and text messages. In fact, the decision appears to change very little for private employers who wish to review employee communications stored on, or sent through, their own servers and computers. However, Quon does limit employers’ ability to request from third-party providers the contents of employees’ electronic communications.

Continue Reading...
Tags: , , , , , , , ,
Posted on June 18, 2008 by Tanya Forsheit

Expiration Date Imminent for Many FACTA Class Actions

New amendments to the Fair and Accurate Transactions Act (“FACTA”) (itself an amendment to the Fair Credit Reporting Act (“FCRA”)) bar consumers from alleging willful violation and seeking statutory damages based on the printing of credit card expiration dates on receipts where the account number is otherwise properly truncated in accordance with FACTA. This development means the end is near for scores of class action lawsuits filed last year.

FACTA prohibits the printing of more than five digits of a credit or debit card number or the expiration date on receipts provided to a customer. Since December 4, 2006, consumers have filed hundreds of suits against merchants who allegedly printed a truncated account number and the expiration dates on receipts, arguing that those merchants “willfully” violated FACTA, and seeking $100 to $1,000 for each violation. At least one court has interpreted FACTA to apply to electronic receipts as well as printed ones.

Continue Reading...
Tags: , , , , , , , ,
Posted on June 10, 2008 by Kristen J. Mathews

Emerging Standards For Mobile Marketing

Many B2C companies are beginning to explore marketing to consumers’ wireless devices using text messaging (“SMS,” or “short message service”) and MMS messaging (“Multi-media Messaging Service”). They may even target their promotions based on where the recipient is physically located using the wireless device’s GPS technology. They also may target their promotions to teens and tweens. What legal issues should companies be aware of as they navigate through this relatively new area?

Continue Reading...
Tags: , , , , , , ,
Posted on May 28, 2008 by Nancy Savitt

Texas Attorney General Settles One of First State COPPA Enforcement Actions

In December 2007, Texas became the first state to file COPPA enforcement actions, by separately suing the entities behind Gamesradar.com and TheDollPalace.com in the United States District Court for the Western District of Texas. The complaints are available as an attachment to the press release on the Texas Attorney General’s website. The defendants in those cases are California and New York – and not Texas – entities.

With little fanfare, Texas apparently settled its suit involving TheDollPalace.com ("where cartoon dolls live") in March 2008, and in doing so has imposed restrictions on content with no precedent in the COPPA consent decrees entered into by the Federal Trade Commission.

Continue Reading...
Tags: , , , ,