The Federal Stored Communications Act: Third-Party Subpoena to E-mail Service Provider of Anonymous Party Ruled Invalid
September 18, 2006
Are electronic records maintained by an electronic communications service provider fair game for discovery in civil litigation? <i>In O'Grady v. The Superior Court of Santa Clara County (Apple Computer, Inc.)</i>, 139 Cal. App. 4th 1423, 44 Cal. Rptr. 3d 72 (Ct. App, 6th Dist. 2006), a California state appeals court quashed a civil subpoena seeking e-mail records from an e-mail service provider, citing provisions of the federal Stored Communications Act ('SCA'), 18 U.S.C. §§2701-2712, that prohibit service providers from disclosing the contents of stored electronic communications. The ruling is controversial because it appears to be the first time, in the 20 years since the enactment of the SCA in 1986, that a court has held that the Act prohibits civil litigants from obtaining discovery of electronic communications from providers of e-mail and other electronic communications services, even when a court has reviewed and approved the subpoena.
A National Data Breach Law Is Inevitable: Both Houses of Congress Are Considering Bills
September 18, 2006
On July 21, the Financial Data Protection Act (H.R. 3997) was reported out of the House Financial Services Committee. If passed, this act would impose a business-friendly, national standard for the protection of private consumer data, and notification of consumers in the event of a data-security breach. Although the House leadership sought a quick floor vote on the bill, fierce opposition from consumer groups forced the vote to be rescheduled until after the summer recess. Despite this delay, a number of factors seem to be converging that will make a national data-breach law inevitable.
Holding the Line in Hong Kong
September 18, 2006
Almost 1 year into his tenure as Hong Kong secretary for justice, Wong Yan Lung talked with <i>China Trade Law Report's</i> ALM affiliate <i>Legal Times</i> reporter Anna Palmer on Sept. 11 at the Mandarin Oriental Hotel in Washington. <br>The 43-year-old former barrister answered questions about the status of the legal system after it transferred to the basic law of Hong Kong in 1997, Hong Kong's relationship with China and the larger international legal community, and U.S. lawyers entering the country's legal market. What follows is an edited transcript of that interview.
Multiple Reasons for Optimism: China's IP Picture Continues to Evolve
September 18, 2006
Watch carefully as China now prepares new policy guidelines, expected by the end of this year, for its semiconductor industry. Policy-makers and economists say, no doubt correctly, that China has identified semiconductors as a core part of its high-tech and overall business strategy. Tax exemptions and tax reductions will be major components of the emergent strategy, as will direct subsidies for R&D. Such tactical economic initiatives are expected to affect foreigners, including American expert technicians and corporate partners, as well as domestic interests.
Current Trends in Data Security Litigation
September 18, 2006
Pressed by new security breach disclosure laws, companies and universities have been compelled to disclose quite a number of security breaches in recent years. One of the first highly publicized data security breaches involved the consumer information broker, ChoicePoint Inc., which announced in 2005 that criminals posing as legitimate businesses accessed the personal information of more than 145,000 individuals. Following the ChoicePoint incident, a cascade of personal data security breaches became public, involving companies such as BJ's Wholesale Club, LexisNexis, and MasterCard International, which suffered a security breach affecting more than 40 million credit cards stemming from unauthorized access to the computer network of CardSystems Solutions, an Arizona-based company that processes credit card payments. Subsequently, both CardSystems and ChoicePoint settled their data breach charges with the FTC, agreeing, among other things, to implement new data security procedures, obtain independent data security audits bi-annually for 20 years, and, in the case of ChoicePoint, pay millions of dollars in civil penalties. See, FTC press releases, available at <i>http://ftc.gov/opa/2006/02/cardsystems_r.htm</i> and <i>www.ftc.gov/opa/2006/01/choicepoint.htm</i>.
Call Recording By Out-of-State Businesses: CA Supreme Court Applies California Consent Requirement
September 18, 2006
Businesses that record customer calls should consider the implications of a recent California Supreme Court ruling that applies the California 'all parties' consent requirement to such recording, even when the business making the recording is located outside of California. On July 13, 2006, the California Supreme Court, in <i>Kearney v. Salomon Smith Barney, Inc.</i>, 2006 Cal. LEXIS 8362 (Cal. 2006), unanimously ruled that businesses operating outside of California cannot, under California's privacy laws, tape-record telephone conversations with persons in California without their consent, even if the tape-recording is legal under the laws of the state or country in which the business is located.
Security Breaches: What You Need to Know About European Legislation
September 18, 2006
There are as yet no direct equivalents of the mandatory security breach reporting legislation we have seen in the United States, either at an EU level or within Europe itself. That is not to say there is no law on the reporting of breaches in Europe. While a number of countries have been looking at the increasing number of security breaches, in the main the response has been to use existing privacy legislation to take action.
Privacy Guidelines for RFID Information Systems
September 18, 2006
Radio frequency identifier ('RFID') tags are the next evolution in technology from barcodes. Containing micro-chips and tiny radio antennas that can be attached to products, RFID tags can transmit a unique identifying number to an electronic reader, which in turn links to a computer database where information about the item is stored. To manufacturers, suppliers, and retailers, RFID tags can be valuable tools in managing inventory, but for consumers they can also pose a potential risk to privacy if linked to personal information. RFID tags are becoming more prevalent in our everyday lives from security access cards to ignition immobilizers to highway toll systems and other electronic pass systems. Further, the ubiquitous presence of RFID tags for consumer-level items is rapidly approaching. From cans of shaving cream to sweaters, RFID tags may soon be found on almost every product as companies look to optimize their inventory control and supply chain management practices. However, for RFID technology to fully realize its potential for consumers, retailers, and suppliers, it is vital that privacy concerns be addressed in the design and implementation of this emerging technology.
