E-Commerce Law Week, Issue 523September 6, 2008
Court Rules that Email Recipients Could Face Liability Under CFAA
A federal court in Illinois recently ruled in MPC Containment Systems, Ltd., v. Moreland that a former employee who had confidential documents emailed from his company's office to his home computer may have violated the Computer Fraud and Abuse Act (CFAA). As we have previously reported, the CFAA bars unauthorized access to a computer, and is frequently used to go after former employees who have used data that they have taken directly from their employers' computer systems for nefarious purposes. The court's ruling suggests that employers might also be able to use the CFAA against employees who ask coworkers to email them company information that they later misuse.
Target Settles Accessibility Lawsuit with National Federation for the Blind
Last month, the National Federation of the Blind ("NFB") and Target Corporation ("Target") announced a settlement of a long-running lawsuit in the Northern District of California over whether Target's website violates the Americans with Disabilities Act ("ADA") because it is not accessible to the blind. Under the settlement, Target agreed to establish a $6 million fund to compensate class action plaintiffs and to pay the NFB for assistance in making its website accessible. Website accessibility may soon become the law of the land if Representative Edward Markey's (D-MA) bill to impose accessibility requirements on all IP-enabled communications is passed by Congress. But just what websites will have to do in order to be accessible is still a moving target. The World Wide Web Consortium is working on version 2.0 of its web content accessibility guidelines, and the U.S. Access Board is in the process of revising existing "Section 508" accessibility standards for federal government technology procurement. These developments suggest that companies need to pay attention to developments in accessibility laws in connection with their websites.
FTC Workshop Could Clarify Data Security Standard
The Federal Trade Commission has announced a public workshop that could help clarify, and possibly influence, when the Commission will find a company's data security practices to constitute "unfair or deceptive acts or practices" under Section 5 of the FTC Act. The workshop will be held on October 17 and will "consider the appropriate scope of Section 5 in light of," among other things, "changing business practices in a global and hi-tech economy." It will focus on three areas: (1) the "history of Section 5"; (2) the "range of possible interpretations of Section 5"; and (3) "examples of business conduct that may be unfair methods of competition addressable by Section 5." The FTC specifically encourages input on the third area, giving businesses a chance to comment on where the FTC should draw the line between "reasonable" data security and "unfair" data security practices. Comments on issues related to the workshop are due by September 17.
Questions and comments on E-Commerce Law Week are always welcome. Please send your feedback to Sally Albertazzie.