E-Commerce Law Week, Issue 505

Are Plaintiffs' Lawyers Now Punching the Clock for Google?

Google has often been accused of making money from trademark infringements, usually by selling trademarked terms to advertisers other than the trademark owner.  But a recent ruling by a federal court in Florida means that Google potentially stands to make money as a result of infringement suits -- and better yet, even when it's not a party.  Plaintiffs in trademark infringement suits have traditionally sought to establish damages based on an assessment of lost sales or a measure of the profits the defendant has earned using the infringing mark.  But in Punch Clock, Inc., v. Smart Software Development, the court held that the plaintiff could use the price of purchasing "corrective" advertising through Google's AdWords service to establish damages for trademark infringement.  While there's apparently no requirement that the plaintiff actually use the award of damages to buy ads through Google, there is some irony in seeing plaintiffs come up with a way that trademark cases can potentially benefit the advertising giant.

Court's Ruling Could Encourage More Data Breach Lawsuits

A recent ruling by a federal court in California could help plaintiffs establish standing in data breach cases based solely on a risk of future harm.  In Ruiz v. Gap, Inc., the court ruled that plaintiff Joel Ruiz, by asserting that the defendant's loss of his social security number placed him "at an increased risk of identity theft," had pleaded an "injury in fact" sufficient to preliminarily establish standing and survive a motion to dismiss his negligence claim.  As we've previously reported, most courts have refused to grant plaintiffs in such cases standing without evidence that the breach caused identity theft or financial harm, and have held that allegations of emotional distress or increased risk of future harm do not sufficiently state an "injury-in-fact."  The court's ruling in Ruiz, however, would mean that plaintiffs could force defendants in simple breach cases to undergo discovery and protracted litigation, even if they never were able to prove injury in fact or damages.  This increases the settlement value of such cases to the plaintiffs' bar, making breach suits more likely even where there is not a substantial risk of identity theft.

UK Regulators Wag Their Fingers at Financial Firms on Data Security

As regulators in the United Kingdom continue their crackdown on data breaches, the data security practices of financial institutions are coming under closer scrutiny.  Last month, the UK's financial regulator, the Financial Services Authority (FSA), issued a report on financial institutions' efforts to safeguard customer data.  Based on visits to 39 financial institutions and consultations with the Information Commissioner’s Office (ICO), law enforcement, and others, the FSA concluded that "poor data security is currently a serious, widespread and high-impact risk to [the FSA's] objective to reduce financial crime."  The FSA also warned that it would consider enforcement action against any firm that "continue[s] to demonstrate poor data security practice."  Meanwhile, reports suggest that data security failings may have contributed to an increase in data breaches at financial institutions in recent months:  the FSA report states that the FSA's Financial Crime and Intelligence Division handled 56 cases of data loss in 2007, while the ICO noted that financial institutions have submitted 50% of the nearly 100 reports of data breaches the ICO has received since November.  Whether or not these numbers really prove a trend, the regulators' decisions  to call attention to them suggest that financial institutions in the UK are likely to receive greater scrutiny of their data security practices.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.