E-Commerce Law Week, Issue 556

Financial Industry Regulator Fines Firm for Data Security Failings

As if financial institutions don’t have enough to worry about these days, now they've got another regulator interested in enforcing its own notions of adequate data security practices.  The Financial Industry Regulatory Authority (FINRA) recently announced that it has fined Centaurus Financial, Inc., $175,000 for failing to protect confidential customer information.  FINRA is a non-governmental entity thata regulates securities firms doing business in the United States.  It was established pursuant to the Securities Exchange Act of 1934, which gives FINRA the authority as a "self-regulatory organization" to sanction firms and individuals that violate its rules.  FINRA found that Centaurus' "improperly configured … firewall" and "ineffective username and password" systems allowed unauthorized persons to gain access to a server that "stored images of faxes that included confidential customer information, such as social security numbers, account numbers, dates of birth and other sensitive, personal and confidential data."  The hackers then commandeered the Centaurus server and used it to host a phishing scam.  FINRA also found that Centaurus' investigation into the breach was "inadequate," and concluded that the breach notification letter that Centaurus sent to affected customers was "misleading."

Minnesota Orders ISPs to Block Access to Gambling Sites

The Minnesota Department of Public Safety has sent notices instructing eleven providers of telephone and Internet services to prevent "all Minnesota-based computers" from accessing "nearly 200 online gambling websites."  The notices also requested that the communications providers block Minnesotans' access to the telephone numbers associated with these websites.  Calling these notices "an initial sample," the Director of the Department's Alcohol and Gambling Enforcement Division said that he "anticipate[d] the program expanding to address thousands of sites, depending on compliance," stated that notified ISPs would be given "two to three weeks" to respond, and warned that "issues of non-compliance will be referred to the Federal Communications Commission."  While the Department claims that "the required technology to restrict geographic access to particular sites is a relatively straightforward procedure on the part of service providers," it remains to be seen whether the notices will be enforceable and whether the underlying law and the notices will survive a likely First Amendment challenge.

Barney Frank Seeks to Legalize Internet Gambling

Representative Barney Frank (D-MA) introduced legislation that would make at least some U.S. jurisdictions safe for providers of Internet gambling services.  Known as the “Internet Gambling Regulation, Consumer Protection, and Enforcement Act,” Rep. Frank's proposal would create a licensing scheme for online gambling providers and authorize licensed operations to provide interstate Internet gambling services to individuals residing in jurisdictions where gambling is legal.  The bill would also expressly exempt "any Internet bet or wager occurring pursuant to a license issued by the Secretary" from both 18 USC § 1084 and the Unlawful Internet Gambling Enforcement Act), which requires certain designated payment systems and their participants to adopt policies and procedures designed to prohibit certain restricted gambling transactions.  The bill also states that ‘‘[i]t shall be a complete defense against any prosecution or enforcement action under any Federal or State law against any person possessing a valid license under this subchapter that the activity is authorized under and has been carried out lawfully under the terms of this subchapter."  All in all, the bill is a clearer and more comprehensive effort to legalize online gambling than Rep. Frank's earlier version from 2007.  Whether the bill can muster enough votes to become law remains to be seen.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.