< Back to Previous Page
Related Practices

E-Commerce Law Week, Issue 588

December 26, 2009

Court's Ruling Holds One Shiny Gift and One Lump of Coal for Employers

A federal district court in Idaho has ruled in Alamar Ranch, LLC, v. County of Boise that an employee waived the attorney-client privilege by communicating with her lawyer over her employer's email system, where the employer had a clear policy of monitoring employee communications.  Other courts have found reasons not to find a waiver under similar circumstances, so this ruling provides support for employers whose monitoring practices come under fire.  But the court also found that other people who communicated with the employee and the lawyer simultaneously did not waive their privilege despite the monitoring policy.  This part of the ruling could support claims against an employer by non-employees whose communications with an employee were monitored by the employer.

ECPA Does Not Apply to Interceptions or Disclosures Outside U.S., Court Holds

A district court in California has ruled in Zheng v. Yahoo! Inc. that the Electronic Communications Privacy Act does not extend to the interception, acquisition, or disclosure of electronic communications outside of the United States.  The court therefore dismissed the claims of three Chinese nationals living in the United States who alleged that Yahoo! violated ECPA by intercepting and accessing emails in China and disclosing them and related user information to the Chinese government.  The court ruled that neither the plain language of ECPA nor its legislative history indicated that Congress intended that ECPA apply outside the United States, even if the relevant communications had traveled through networks in the United States.

Even Extortion of Breached Company Doesn't Help Plaintiff Show Concrete Injury, Court Finds

A federal court in Missouri has ruled in Amburgy v. Express Scripts, Inc., that a mere fear of identity theft following a data breach, even after the breached company received an extortion letter threatening public release of the confidential information, is insufficient to establish Article III standing and to state a negligence claim.  The plaintiff filed a putative class action suit against a pharmacy benefit management company that suffered a breach of customers' personal information and then received a letter threatening the public release of the information if the company did not pay the persons responsible for the breach.  The plaintiff himself was not named in the extortion letter.  Nor did he even allege that his personal information had been breached.  Nevertheless, the plaintiff claimed that he and fellow class members feared an "increased risk of future injury" following the extortion threat and had to spend money monitoring their credit.  The court found that the plaintiff still had not demonstrated a sufficiently concrete injury to satisfy standing requirements or to state a negligence claim, and strongly suggested that this would doom the plaintiff's contract claims.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.

CONTACT US | PRIVACY | TERMS OF USE | © 2010 STEPTOE & JOHNSON LLP, ALL RIGHTS RESERVED | ATTORNEY ADVERTISING | SITE BY FIRMSEEK
Beijing | Brussels | Century City | Chicago | London | Los Angeles | New York | Phoenix | Washington