E-Commerce Law Week, Issue 450

FCC Acts To Combat "Pretexting" While Extending Privacy Rules to Interconnected VoIP

On April 2, the FCC released its order revising the privacy rules for Customer Proprietary Network Information (CPNI).  Following the much publicized use of "pretexting" by Hewlett-Packard to fraudulently obtain phone records for a company leak investigation, the FCC jumped on the bandwagon to combat the problem by vowing to craft stricter privacy obligations for the entire telephone industry.  The revised CPNI rules go further than just combating pretexting, however.  The FCC has extended the rules to cover interconnected VoIP providers.  The Commission also reinstated an earlier preference for customer "opt-ins" before CPNI can be shared with joint venturers and independent contractors for marketing purposes.  Carriers affected by the new CPNI rules, including interconnected VoIP providers, have only a short time to come into compliance with these rules or to challenge them.  The new rules will come into force 6 months after the rules are published in the Federal Register or upon approval of the new information collection requirements by the Office of Management and Budget, whichever is later.

Inconsistent Enforcement of Email Policies: the Employer's Hobgoblin?

Ralph Waldo Emerson famously wrote that "a foolish consistency is the hobgoblin of little minds."  But, as a recent Fourth Circuit decision suggests, consistency is a good idea when it comes to enforcement of email use policies. In Media General Operations, Inc. v. National Labor Relations Board, the Fourth Circuit upheld the NLRB's finding that the Richmond Times-Dispatch, a newspaper owned by Media General, had wrongly interfered with employees' union communications.  Although Media General had a policy prohibiting personal use of the company email system, the court noted that the company's enforcement of the policy was uneven, allowing a "wide variety of messages unrelated to company business" while prohibiting "union messages."  Although this decision dealt with the narrow issue of labor relations, its reasoning could affect how courts treat claims by or against employees where employer monitoring of employees' communications or workers' violations of company computer policies are at issue.  The lesson for employers:  without uniform enforcement, an email use policy might not be very useful.

Antigua Wins Another Hand Against U.S. (But It's at the Penny Ante Table)

In a March 30 ruling by the compliance panel of the World Trade Organization, Antigua and Barbuda again came up a winner in the island nation's long-running dispute with the U.S. over American regulation of Internet gambling.  As expected, the panel ruled that the U.S. had failed to comply with an earlier ruling by the WTO Dispute Settlement Board, which had requested that the U.S. bring its treatment of online wagering on certain types of horse races into conformity with its obligations under the General Agreement on Trade in Services.  The panel's ruling is unsurprising, since its confidential interim report (leaked in late January) had indicated that it would likely find in Antigua's favor.  But the consequences of this ruling should not be overstated.  At most, Antigua will be able to impose retaliatory trade sanctions against the U.S.  Given Antigua's tiny economy, this seems unlikely to have much effect on U.S. legislators in the near term.  The Justice Department also is unlikely to abandon its broader crackdown on Internet gambling, as suggested by the recent arrest of the founder of online wagering service BETonSPORTS PLC.

Court Refuses to Enjoin Enforcement of Utah's "Do-Not-Email" Registry

The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 preempts state statutes "that expressly regulate[] the use of electronic mail to send commercial messages."  But there are several exceptions to CAN-SPAM's preemption provision, including one for state laws "relate[d] to ... computer crime."  Relying on this exception and citizens' "right ... to avoid unwanted communication," a federal court in Utah recently denied a motion for a preliminary injunction against enforcement of the Utah Child Protection Registry Act, a statute designed to protect minors from receiving age-inappropriate email.  The court found that the plaintiff was unlikely to succeed on the merits of its claims that the Utah statute is preempted by CAN-SPAM and violates the dormant Commerce Clause and the First Amendment.  Coupled with other decisions upholding state laws regulating commercial email, the court's ruling suggests that companies that send such messages will continue to face a confusing patchwork of state and federal laws.

UK Seeks to Stop Skip Skimming

The Federal Trade Commission’s "Disposal Rule" requires businesses and individuals to take reasonable measures to dispose of consumer information derived from consumer reports.  This can mean thoroughly destroying or erasing electronic media, or simply shredding paper records headed for the dumpster (what the British call a "skip").  Recently, the UK's Information Commissioner's Office (ICO) joined the disposal patrol.  After several news organizations and consumer groups reported finding customer information in waste bins outside several banks, the ICO launched an investigation.  Last month, the ICO found that 11 "banks and other financial institutions," as well as the Immigration Advisory Service, had failed to dispose of customer information in the manner required under the UK Data Protection Act of 1998.  Rather than prosecute, the ICO required the financial institutions to sign statements promising to take certain measures to increase awareness and improve compliance with the law.  The ICO's action underscores the importance of good data disposal practices to any comprehensive data security program.

Questions and comments and E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.