July 2, 2009 | Posted by Jim McCullagh and Ryan Mrazik
Last week, in Zango v. Kaspersky Lab, Inc., No. 07-35800 (9th Cir. June 25, 2009), the Ninth Circuit upheld a trial court determination that Section 230 of the Communications Decency Action (CDA) immunizes providers of filtering and security software from claims brought by Internet services that the software blocks. This immunity comes under CDA Section 230(c)(2)(B), which protects from libility providers of interacitve computer services who perform "good samaritan" blocking of offensive material. Prior to Zango, the Ninth Circuit had held that Section 230 protected Internet service providers that removed objectionable user content. Now, after Zango, Section 230 also protects from liability companies that provide "tools that filter, screen, allow, or disallow" objectionable Internet services, such as spyware or adware. Now, under CDA Section 230, filtering and security software companies cannot be held liable for actions they take to make available the means to restrict access to objectionable material.
|
July 1, 2009 | Posted by John Roche
Topic: Commentary
On June 12, 2009 the Article 29 Data Protection Working Party adopted an opinion regarding its expectations for operators, application providers and users of social networking services – including those based outside the EU – to meet the requirements of EU data protection law. See WP 163, “Opinion 5/2009 on online social networking.”
|
June 22, 2009 | Posted by Jim McCullagh and Ryan Mrazik
Topic: Case
Today, in response to a petition for rehearing by Yahoo! supported by several amici, the Ninth Circuit amended its initial decision in Barnes v. Yahoo! to (1) eliminate its previous assertion that a Section 230 defense couldn't be raised on a motion to dismiss and (2) note that its restatement of Section 230 only applies to state law claims. This amendment addresses both arguments made by Yahoo! in its petition for rehearing and confirms that (1) a Section 230 defense can be raised on a motion to dismiss and that (2) Section 230 creates immunity from federal law as well as state law claims. The amended opinion is available here.
|
June 22, 2009 | Posted by Editor
While you are in town for the Outdoor Retailer Summer Market, Perkins Coie, D.A. Davidson and the Generator Group invite you to take some time to unwind at Salt Lake City's Grand America Hotel. Connect with other industry leaders, learn how social media is affecting the industry and enjoy an evening of cocktails, dinner, or both.
|
June 19, 2009 | Posted by Barry Reingold
Topic: Commentary
The keynote speaker at the ABA Consumer Protection conference in DC on June 18, 2009 was Bureau of Consumer Protection Director Dave Vladeck. He identified as one of this goals "rethinking" the agency's approach to privacy issues. He asked for the audience's "help," meaning the agency will probably convene a town hall meeting this fall to address these issues. We and our clients are all invited to attend. A synopsis of his substantive views follows.
|
June 19, 2009 | Posted by Rebecca Engrav
Topic: Case
For the second time, a federal jury in Minnesota has found that Jammie Thomas-Rasset infringed copyrights by sharing songs using Kazaa in the only music download case brought by the recording industry yet to go to trial. The jury found that Ms. Thomas-Rasset infringed the copyrights of 24 songs, and did so willfully. The jury awarded damages of $80,000 per song (the range for willful infringement is $750 to $150,000 per infringement), for a total of $1.92 million. At the first trial in 2007, the jury awarded just $222,000, so the result of this second trial is significantly worse for Ms. Thomas-Rasset.
|
June 19, 2009 | Posted by Ryan Mrazik
Topic: Statute
On July 1, 2009, new data breach notification laws will go into effect in Alaska and South Carolina. Generally, they require notification of data breaches that result in unauthorized disclosure of personal information (PI) about residents of their respective states. Notably, South Carolina joins a short list of other states (including California, North Carolina, Illinois, Maryland, Delaware, Ohio, and Louisiana) that provide a private right of action to individuals who are not notified as required by the statute. This post summarizes each. For more information about these statutes and a complete summary of all state data breach notification laws, see the Perkins Coie "Security Breach Notification Chart."
|
June 11, 2009 | Posted by Lisa Oratz
Topic: Commentary
Beginning June 13, 2009, at 12:01 a.m. EDT (June 12, 2009, at 9:01 p.m. PDT), Facebook will allow current members to select a username that will be associated with their personal profile or their Facebook Page (which is a profile page for a business, brand or public figure). The selected username will appear at the end of the facebook.com URL in the location bar of the browser window in place of the current randomly assigned numerical reference. An example of the use of a username would be: www.facebook.com/perkinscoie.
|
June 11, 2009 | Posted by Susan Lyon and Ryan Mrazik
Topic: Rule
Today, the FTC and five other federal agencies jointly issued a set of Frequently Asked Questions (FAQs) to help financial institutions, creditors, users of consumer reports, and issuers of credit and debit cards comply with the identity theft Red Flag Rules that go into effect on August 1, 2009. The FAQs provide guidance on numerous aspects of the rules, including (1) types of entities and accounts covered; (2) establishing and administering an identity theft program; (3) address validation requirements; and (4) obligations of users of consumer reports upon receiving notice of an address discrepancy. The press release is available here. The FTC's Red Flag Rules website is here.
|
June 10, 2009 | Posted by Susan Lyon and Ryan Mrazik
Topic: Commentary
In an interview with GovInfoSecurity.com, Joel Winston, associate director of the FTC's Division of Privacy and Identity Protection, commented on current FTC priorities, risks to consumers, and the FTC's Red Flag Rules. Currently, Winston said that the FTC would focus on addressing privacy issues associated with online behavioral advertising and investigating data breaches and the adequacy of data security measures. Winston also identified two major risks to consumers: (1) consumers not protecting their own data and (2) private and government organizations failing to protect consumer data. Finally, Winston discussed the FTC Red Flag Rules, saying that many businesses are still unsure whether the rules apply to them and how to comply with the rules. He noted that the rules are broad and flexible: they apply to any business that extends credit but allow businesses flexibility in taking reasonable measures to protect against identity theft. The full interview is available here.
|