When Experience Matters ®
< Back to Previous Page
Related Practices
Related Industries

E-Commerce Law Week, Issue 353

May 21, 2005

More State Security Breach Notice Laws ... And Even NYC Jumps on the Bandwagon
Legislatures in Florida (H.B. 481) and Illinois (H.B. 1633) join the list of states that have passed data security breach notification bills based on the California model (S.B. 1386).   Both bills currently await governor signature.  Uniquely, the Florida bill takes the bold step of imposing administrative fines for each day a business delays notification to customers after determining a breach occurred (absent a delay to accommodate law enforcement needs).  Meanwhile, New York City's Mayor Michael Bloomberg on May 19 signed a security breach notification bill that will go into effect in mid-September 2005.  The law has narrow applicability but a broad definition of personal information that includes even electronic signatures and biometric data.  Although the law only covers businesses required to be licensed by the Department of Consumer Affairs (DCA) or subject to its enforcement, the fact that it was passed at all illustrates just how concerned state and local authorities are about identity theft.  It makes the prospect of widespread legislation or regulation all the more likely -- and the need for preemption of the local/state legislative hodgepodge even more urgent.

FCC Approves Order Requiring E911 for VoIP
Early adopters of voice over Internet protocol (VoIP) services will no longer have to worry about whether they'll be able to use the service to call 911 -- as long as they register their addresses when they sign up for service ... and then register again each time they move locations, that is.  The Federal Communications Commission (FCC) voted 4-0 on May 20 to require "interconnected VoIP service providers" to supply enhanced 911 (E911) calling capabilities to their customers.  Prompted by several incidents involving VoIP customers who dialed 911 in an emergency only to reach a recorded message or busy signal, recently installed FCC Chairman Kevin Martin has made it a priority to deal with this issue, which he and the other commissioners have identified as critical to public safety.  In a statement, Chairman Martin said that he would have liked to make the rules effective immediately but that technical and coordination issues would not allow that to happen.  Instead, the FCC has granted VoIP providers 120 days from the Federal Register publication of the FCC's order to comply.  The FCC also reminded the "Baby Bell" and other incumbent telephone companies of their obligation to provide requesting telecommunications carriers with access to their E911 networks.  More details about these requirements will become available when the text of the FCC's Order is published.

One Defeat and One Moral Victory For the Music Industry
Thanks to an aggressive lawsuit campaign conducted by the Recording Industry Association of America and its international counterparts, ISPs all over the world find themselves defending their subscribers’ privacy rights in court.  Two recent rulings in Canada and Germany add a bit more clarity to this picture.  

The music industry experienced a bittersweet result at the hands of a Canadian federal appeals court.  On May 19, Justice Edgar Sexton upheld a lower court’s 2004 decision rejecting a motion by the Canadian Recording Industry Association (CRIA) to compel several ISPs to disclose the identities of alleged peer-to-peer (P2P) file-sharers.  Although undoubtedly a tactical defeat for the music industry, the appeals court ruling also may represent a strategic victory, because Justice Sexton distanced himself  from the lower court’s sweeping declaration that downloading and sharing music may not be illegal under Canadian law.  Further, the opinion offers insight into the legal standard the CRIA will need to meet to succeed in future lawsuits. 

Meanwhile, in Germany, on April 28, the Higher Regional Court in Hamburg overturned on appeal a lower court order requiring an ISP to divulge information about a customer who operated an illegal music server (OLG Hamburg, No. 5 U 156/04, 4/28/05).  The Hamburg District Court had previously granted record companies access to a customer’s data after the companies discovered that the customer was operating a file server which allowed Internet users to freely download songs by the German band Rammstein.  This decision follows a similar ruling by the Higher Regional Court in Frankfurt on January 25 which also overturned a lower court order requiring an ISP to divulge customer information to a record company (OLG Frankfurt, No. 11 U 51/04, 1/25/05) and is also similar to one in December 2004 by the Higher Regional Court in Munich, which ruled that providers do not have to reveal user data unless an ISP is an "actual participant in the -- alleged -- infringement of copyright" (No. 6 U 4696/04).  However, these victories for ISPs may be short-lived, as legislators in Germany are reported to have begun work on a new Teleservices Act granting more powers to copyright owners in obtaining information from ISPs.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.

CONTACT US | PRIVACY | TERMS OF USE | © 2008 STEPTOE & JOHNSON LLP, ALL RIGHTS RESERVED | ATTORNEY ADVERTISING | SITE BY FIRMSEEK
Washington | New York | Chicago | Phoenix | Los Angeles | Century City | Brussels | London