E-Commerce Law Week, Issue 354

House Orders DHS To "Buy American"
Companies hoping to sell products to the Department of Homeland Security (DHS) could face new complications under a provision of the Homeland Security Authorization Act (H.R. 1817).  The new legislation requires DHS to use primarily US-made components in all products it buys.  House Small Business Committee Chairman Rep. Don Manzullo (R-IL) authored the measure, which the House approved on May 18 as an amendment to legislation authorizing $34.2 billion for DHS in fiscal year 2006.  The amended bill passed the House on the same day, by a 424-4 vote.  But with the Senate caught up in nomination fights, the measure has slowed noticeably in that chamber.

Japan Takes First Action Under New Data Privacy Law
Cost of three CD-ROMS?  About $0.60.  Cost of mailing a package containing three CD-ROMs?  About $10.  Cost of losing in the mail three CDs containing the personal information of 1.3 million of your bank's customers?  In Japan, apparently, your job as bank president and a stern warning from your regulator.

After Japan-based Michinoku Bank lost the three CD-ROMs containing the personal information of 1.3 million customers, Japan’s Financial Services Agency (FSA) on May 20 warned the bank that it must improve its data security practices and submit a report demonstrating its improvements within one month.  The FSA’s warning is the first government action against a private business since Japan’s Personal Information Protection Act (PIPA) went into full effect on April 1, 2005.  Although the FSA did not impose fines or jail time for the incident -- the largest personal information loss reported by a Japanese bank since PIPA took effect -- such penalties may be enforced if the bank fails to demonstrate evidence of the required changes in its data handling practices.  In a more immediate outcome, Michinoku Bank President Kazuo Harada was expected to take responsibility for the incident by resigning his post after the bank's board meeting on May 30.

Could CALEA Ruin Industry's Summer Vacation?
The Federal Communications Commission (FCC) has been working quietly on the question of whether broadband Internet access and certain types of voice over IP (VoIP) services should be required to comply with the Communications Assistance for Law Enforcement Act (CALEA).  Internet service providers (ISPs) and VoIP providers have been laying low -- collectively holding their breaths and waiting for the U.S. Supreme Court to decide in the Brand X cases whether broadband can be regulated by the FCC.

But the Commission isn't waiting for Brand X , even though the decision is expected in the next few weeks.  FCC staffers have been at work studying the myriad issues raised and the numerous comments submitted in the CALEA rulemaking proceeding.  And it appears that at the staff level at least, there is a growing consensus that VoIP and broadband services should indeed be covered -- and perhaps even that providers should not be allowed to charge law enforcement for the costs of re-working their networks and systems to comply with CALEA's requirements. 

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.