Legal Bytes : Advertising & Media Lawyer & Attorney : Reed Smith Law Firm : Marketing & Intellectual Property : Legal Bytes Law Blog

Earlier today, Julius Genachowski, Chairman of the Federal Communications Commission (FCC), telegraphed the Commission’s plans to open a formal rule-making process on the issue of “net neutrality.” It’s likely the specifics regarding hearings and a timetable for any proposed rulemaking procedures will be on the agenda for the FCC's October meeting.

While many of the major carriers – including wireless carriers who have typically been out of the fray when it comes to the Web – have argued against both the need and the wisdom of competitive regulation amongst carriers, open Internet advocates, many of whom were ardent campaign contributors and supporters of President Obama, have been aggressively pushing for regulation. Companies such as Amazon.com and Google, have long argued for rules that would prohibit carriers from denying their right to give consumers complete freedom of choice when it comes to both the content they receive and the devices they use to receive it. While not necessarily quibbling with what appears, on its face, to be a reasonable and market driven approach, opponents point out that the government stay away from intervening in yet another major marketplace – this time one, they argue, that isn’t broken. Further, and perhaps more significantly, companies such as ATT and Verizon, now joined by ATT Wireless, Verizon Wireless, Sprint (Sprint Nextel) and T-Mobile (Deutsche Telekom) argue that forcing carriers to open up their networks without corresponding economic counterbalances in place will force them to either raise consumer prices to keep up with virtually unrestricted broadband demand, but may require them to limit availability and accessibility for capacity and technological reasons. Wireless carriers may have special reasons to be concerned given current pricing models and the technological limits of current bandwidth capacity. That said, the major cable television, fiber optic and DSL-based Internet providers have long had to cope with government regulation and requirements.

Back in the days following the breakup of AT&T’s telephone monopoly (anyone remember Judge Green and his landmark 1983 rulings?), the regional and local companies spawned by carving up the nations’ previously regulated monopoly – the so-called ‘Baby Bells’ - worried about long-distance carriers (including the remaining long distance carrier, AT&T) making deals for preferential treatment over interconnections. Thus the principle of equal (“neutral”) treatment for interconnectivity arose. When cable companies started offering Internet service – previously the domain of phone-line intensive telephone companies (remember dial-up?) – they tried to convince everyone that neutrality didn’t apply to them. They carried information, and weren’t, after all, common carriers.

OK. Fast forward to the market response. Phone companies decided to get into the content business! Cable companies are offering Internet and VOIP services, telephone companies are offering entertainment, programming and information services, wireless phone services stream video content and provide messaging of news, sports scores and applications galore (oh, they do still carry voice traffic when you need to make a call).

So back to 2009 and the future. According to Commissioner Genachowski: "This is not about government regulation of the Internet," adding that "We will do as much as we need to do, and no more, to ensure that the Internet remains an unfettered platform for competition, creativity, and entrepreneurial activity." That said, his proposal would add a fifth principle to the FCC’s existing four that relate to the Internet. To wit, that carriers will not be permitted to be selective about the content they carry (subject, of course, to their continued ability to block illegal content) and will be required to be transparent about how they are managing the carriage of content across their networks. Violations and allegations of discriminatory practices would still be reviewed by the FCC as and when the facts of each specific case arise. You can read or download the complete statement of Commissioner Genachowski’s prepared statement today, entitled “Preserving a Free and Open Internet: A Platform for Innovation, Opportunity, and Prosperity,” right here.

Clearly if you are a small Internet application provider or software developer that has traditionally had to pay for access through a carrier, open, non-discriminatory access would prove a major boon. Then again, Internet carriers – wired and wireless - have invested huge amounts of capital in building their own proprietary networks. Since there is no evidence that there is a lack of competition, why should the government tell any of them what they should or should not carry on their networks? Indeed, since the early 1990s, when the Web evolved from a glimmer in the eye of Tim Berners-Lee, to a reality, there have been so few real complaints (and so few complaints from consumers, even as competitors bash each other about), why fix something that doesn’t appear to be or have been broken for almost two decades?

Confused as to how the FCC proceedings might or might not affect your business? Thinking about participating in the dialog or submitting comments to the FCC? Let Reed Smith help you. To stay informed, keep your mouse tuned to Legal Bytes, and if you need to know more, please feel free to call me or the Reed Smith attorney with whom you regularly work.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Under normal circumstances, this post would appear in the Useless But Compelling Facts section of Legal Bytes. But although this is compelling, it is not quite useless. 

It appears that a South African IT company (Unlimited IT) was so frustrated by the level of broadband Internet service it was receiving from Telkom, that it challenged Telkom to a race with a carrier pigeon. As you might have guessed, the absence of significant competition limited Unlimited IT’s choices of providers, hence the frustration.

The challenge was a simple one. The company would send a homing carrier pigeon from Howick (on the coast) to Unlimited’s head office in Durban, and at the same time upload the data using the ISP lines with the file addressed to the same location.

So they tied a 4 gigabyte memory stick data card to Winston’s (the pigeon’s) leg and released him to hone it on "home." Well, it took good old Winston, depending on which agency you listen to, somewhere between one to two hours to make the journey of less than 60 miles. Are you ready? By the time two hours had elapsed . . . . here it comes . . . . less than 4 percent (yes, less than 4 PERCENT) of the data had made the trip to its destination. We really can’t make this up.

As reported in The Christian Science Monitor, Kevin Rolfe, head of information technology at the Unlimited Group, reported that "Winston arrived after two hours, six minutes, and 57 seconds," but "when we finally stopped the computer, about 100 megs had transferred, which is about 4 percent of the total."

So next time you think your network or the Internet servers are for the birds, let’s be a little less insulting to our fine feathered friends.

If you need to know more, please don’t call me. I can’t explain it either.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Earlier today, the FTC staff issued a report concerning consumer protection issues arising in the mobile commerce marketplace. A copy of the full report, Beyond Voice, Mapping the Mobile Marketplace is available by clicking the link. The key findings in the report:

• Cost disclosures about mobile services continue to generate consumer complaints. The FTC staff intends to monitor cost disclosures, bring law enforcement actions, and work with industry to improve self-regulatory enforcement
• The FTC and its law enforcement partners should continue to monitor the impact on consumers of unwanted mobile text messages, malware and spyware, and take law enforcement action if and as needed
• Although spyware and malware are not yet significant problems on mobile devices, the FTC is encouraging development of strategies to prevent or minimize their spread, since the issue is likely to magnify as consumers increasingly use mobile devices for a wider range of applications, including Internet access
• Increasing use of smart phones to access the mobile Web presents unique privacy challenges, especially regarding children. The FTC will expedite regulatory review of the Children’s Online Privacy Protection Rule to determine whether the rule should be modified to address changes in the mobile marketplace. This review was originally set for 2015, and will now begin in 2010 instead.

Given the numbers of wireless and mobile devices in the hands of individuals under the age of 18 (and 13), and the increasing proliferation of mobile devices, this will become a hotter topic in the months and years ahead. As if this point needed to be emphasized, it has been reported that as of January 2007—two years ago—there were approximately 800 million cars, 850 million personal computers, 1.5 billion television sets, but already 2.7 billion (yes, billion) wireless and mobile devices in use around the globe, with more than 800 million e-mail and 1.8 billion SMS text-messaging users.

The sheer numbers are staggering, and we are on top of this issue big time. Contact Joe Rosenbaum, John Feldman or Douglas Wood if you need more information or assistance.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A U.S. Circuit Court in the District of Columbia has upheld the FCC's rule that requires telecommunications carriers to obtain prior "opt-in" consent from customers before disclosing their personal information to joint venture partners or independent contractors for marketing purposes. The rule, which was adopted in 2007, covers all Customer Proprietary Network Information (CPNI) and also applies to service providers offering VoIP (Voice Over IP) services to customers. For those who don’t stay updated on what the FCC rules mean by CPNI, it includes information such as the phone numbers called by a consumer, the frequency, duration, and timing of the calls and any additional services the consumer is receiving (e.g., call waiting). Our telecommunications experts expect the FCC to enforce this rule aggressively. If you want to read the case yourself, go to National Cable & Telecommunications Association v. FCC , but if you really want to understand what it means to you, contact Robert H. Jackson or Judith L. Harris in our Washington, DC Office.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Facebook, the very informal and ostensibly open social network, hinting at an apology for what its CEO acknowledged were “overly formal and protective” Terms of Service, did an abrupt about-face recently, retracting them and reverting to its old Terms of Service—presumably reacting to a sea of complaints from just about everyone. Complaints? Over legal terms—does anyone still read them? Well, they do, and they didn’t like what they read—particularly the part that claimed unrestricted, perpetual ownership of your personal data, even if you decide to delete your entire account and go away. 

While we respect Facebook’s right to better manage, control, and disclose to consumers how and for what purpose it treats and handles personal data, it highlights a number of things the online world continues to teach us. First, don’t assume those innocuous changes buried somewhere in terms of service, terms of use, privacy policies, codes of conduct, rules of the road, or whatever you choose to call them, aren’t being scrutinized—by consumers, by your customers, by the media and, lest we forget, by regulators and legislators. While Facebook has not admitted it was caught a bit red-faced, it is taking your feedback in a “Facebook Bill of Rights and Responsibilities” group to which you can contribute your thoughts. For those in the know, Facebook’s population has grown to more than 175 million users—does that make it the sixth-largest country in the world? Hmm, I wonder if that country has a growing budget deficit too; we’ll have to wait for the State of the Reunion speech, when results are posted, to find out.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In what sounds like a James Bond spy caper, an MPAA executive allegedly paid a hacker $15,000 to break into a server and snatch copies of emails. The hacker accomplished the dirty deed and emailed the MPAA dozens of pages of material—ostensibly for use by the MPAA in its copyright infringement action against a company whose servers were involved in file sharing. The MPAA released a statement that “The information was obtained in a legal manner from a confidential informant who we believe obtained the information legally.”

Now a federal appeals court in California is determining if a lower court ruling should re-define online privacy protection by interpreting “intercept” under the 1968 Wiretap Act. The case, Bunnel v. Motion Picture Association of America, revolves around a ruling a year ago that held the hacker didn’t really “intercept” emails because they were in storage—not technically in transit. The lower court ruled the hacker’s “…actions did not halt the transmission of the messages to their intended recipients. As such, under well-settled case law, as well as a reading of the statute and the ordinary meaning of the word ‘intercept,’ Anderson’s acquisitions of the e-mails did not violate the Wiretap Act.” In other words, “grab copies of emails sitting on your server for a nanosecond” and it’s not wiretapping. Stay tuned!

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The U.S. Congress appears determined to investigate online advertising. Early this month, the House Energy and Commerce Committee issued a letter to more than 30 companies, and what began as an inquiry into how Internet service providers use network data to target advertising, has morphed into a fishing expedition into all kinds of interactive advertising. Most notably, and despite urging by the FTC to allow self-regulation to take hold, the Committee does not differentiate between personally identifiable information and non-identifying, anonymous data used for traffic metrics, ad insertion and other common advertising purposes. Lumping different kinds of information together could needlessly undermine marketing as it has been practiced for decades. The “tailoring” of advertising, in the Committee’s words, based on consumers’ behavior and media consumption patterns, has been at the heart of marketing for as long as marketing has been around.

More disturbing are presumptions that “privacy” rights are being violated by any and all forms of behavioral or targeted marketing. Advocacy groups opposed to commercial communication seek to promote an implicit, yet fundamental redefinition of personal privacy—i.e., anything that derives from peoples’ activities, no matter how distanced or anonymous. Taken to logical conclusion, any academic, commercial or journalistic observation of consumer activity could fall under regulatory restrictions under such a framework. Not surprisingly, the FTC—with its long history of regulation of advertising practices—has argued before Congress that self-regulation is likely to be an effective means of protecting consumers’ real privacy interests. According to testimony by FTC Consumer Protection Bureau Director Lydia Parnes before the Senate Committee on Commerce, Science, and Transportation this July, the FTC is “cautiously optimistic that the privacy concerns raised by behavioral advertising can be addressed by industry self-regulation.” Nevertheless, in the letter released this month and in three previous inquiries over the past few months, both the House and the Senate seem to be searching for a rationale to regulate. Stay tuned.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The New York Appellate Division has ruled that an email exchange between two parties can amend a contract—even if the agreement specifically states amendments “must be in writing signed by both parties” (Arthur Stevens v. Publicis USA). Here, an employment agreement was the subject of emails between the parties. The court ruled that emails containing the name of the sender in a signature block are a “signed writing” sufficient to amend the contract! Ouch! It is not hard to imagine any email communication with all the elements of a meeting of the minds (“gee, that sounds perfect”), an intent to be bound (“I agree”) and authenticated as attributable to the parties—would fit the argument. Have you looked at your contracts lately? Your outgoing email messages? Our own Peter Raymond and John Webb argued and won this case for our client Publicis USA and have authored a Reed Smith Bulletin. Our ATM team is working with them to counsel clients on how best to protect themselves in light of this decision.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

With file sizes growing, you would think computers that can rapidly process large files and storage capability would be all the rage. For compliance officers, record managers and lawyers, it’s retrieving the information that is the hot issue and hardly a trivial one. New Federal rules relating to civil litigation took effect at the end of last year, requiring companies involved in federal litigation to produce electronically stored information as part of the pre-trial discovery process. The new rules apply to employee e-mails, instant messages and other electronic, digitally stored information. In the event the companies are sued, legal experts say, companies will need to start worrying about everything in electronic form—from digital photos on employee cell phones to text (“SMS”) messages.

Companies need to have sound record retention and destruction of records policies to ensure compliance with regulatory record-keeping requirements and to avoid potentially massive costs of searching and retrieving information that could and should have been purged. Absent actual or an expectation of specific litigation or a subpoena requiring production of data, companies can purge their systems of information that may no longer be relevant or necessary to their business operations. As the cost of storage has come down, however, companies routinely store information and don’t bother to delete unnecessary information—because it’s easy and affordable to simply keep everything!

The opposite is also an issue. Communication between lawyers and technology folks is less than perfect. A lawsuit arrives, but no one tells data management or systems. Tapes and disks continue to be routinely erased or written-over, with corresponding loss of data. Lots of companies don’t have policies and don’t know what information they have, where it is stored, and who may have, have kept or destroyed copies of information in electronic form. Lack of information is a weakness for lawyers. If you remember the adage, “never ask a question you don’t already know the answer to,” imagine how a litigator for the company will feel blindsided by records she was unaware of or cited by a court for destroying records he didn’t know his client had.

Why pay attention? Because by exercising preventive care, you can avoid potentially huge legal and operational expenses. By crafting and enforcing compliant and well-thought-out record retention and destruction policies, you can avoid high-priced lawyers sorting through email messages about the staff luncheon, and the pitfalls associated with a “smoking gun” needlessly showing up in that pesky lawsuit. Call us. The ATM Legal Team can help!

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A court has held an individual personally liable to the tune of $17 million for deceptive mail solicitations because of his exercise of control over companies that mailed solicitations, his review of some of these solicitations, and his personal knowledge of customer complaints. If a person is directly involved in the act, has the authority to control them, knew of material misrepresentations or was recklessly indifferent to the truth, or knew there was a high probability of fraud and intentionally avoided the truth, that person can be held personally liable under Section 5 of the FTC Act.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Clients often ask whether customer service calls can be taped or recorded for training, monitoring, security or other purposes. They want to know if they need to get express consent from the customer or even their employees when setting up the recording process. Many states have specific laws that deal with both monitoring and recording of telephone or other electronic communications—not to mention federal wiretap laws. Well recently, the California Supreme Court ruled that a business located in the state of Georgia that recorded a call with a California resident violated California’s two-party consent rule, even if you are in Georgia (which only requires one of the parties to consent— i.e., yours). In addition to California, a number of states have two-party consent laws (for example, Pennsylvania, Florida, Connecticut and Washington, to name a few), and if you are or are thinking of monitoring or recording any calls, check with a lawyer to be sure you know what you must do to comply—on second thought, don’t just check with a lawyer, call Reed Smith. Our Advertising, Technology & Media Law practice has what it takes—record that please!

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Mobile Marketing Association has promulgated guidelines, now adopted by many leading wireless carriers and programming networks, to deal with the growing use of email, SMS (text messaging) and similar mechanisms in advertising and marketing. As you will recall, legal and regulatory actions have arisen based on the fact that some companies’ marketing practices fail to adequately disclose the charges, whether subscription or imposed by the wireless carriers, that apply to some of their services and, in some cases, to the advertisements and marketing messages themselves.

Wireless carriers are beginning to adopt content guidelines for what they will or will not transmit from content partners—regulating such things as sexually explicit, graphic violence, profanity, hate speech and other topics, words and images—in some cases including lengthy lists of “forbidden words.” CTIA, the wireless industry trade association, issued fairly broad content guidelines last November, but left the specific implementation to the individual carriers. Some carriers have carried this implementation to a level of detail that covers everything from games, music, images and video, and in some cases even governs the file names of anything downloaded or transmitted.

Wait until you wake up to the issues raised by transmission and posting of “user generated content.” As you may know, in addition to the FTC regulating advertising and certain content in the U.S., and on top of state laws, the Federal Communications Commission (“FCC”) having authority to regulate indecent content on television and radio and the mobile phone as a media and entertainment device is no longer fiction, but fact in many cases. Did you know that our Advertising, Technology & Media Law group has significant experience in all these areas (Judith Harris for FCC and communications; Doug Wood for advertising and marketing; and, of course, any of us or me, if you simply can’t figure out where your need fits).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Want some scary statistics for Halloween? In the first six months of 2005, the average number of “phishing” e-mails went from about 3 million to more than 5½ million, according to the Symantec, distributor and licensor, among other things, of firewall and virus protection software. Phishing, in case you’ve missed the news, is a scam which uses e-mail to spoof legitimate businesses such as banks and airlines, and attempts to entice you to enter personal data which can then be used by criminals. “Update your account” or “Your Security May Have Been Compromised and We Need You to Verify Your Password” are typical messages, often accompanied by logos and names that appear to be all too real.

Symantec also discovered 1,862 new software vulnerabilities, over the six month period—almost all moderate to high security threats and 60 percent were in Web-based applications. Symantec also found that the average number of denial-of-service attacks jumped from 119 to 927 a day during the first half of 2005. Why the increase? Personal computers are being overwhelmed with “bots”—penetrating vulnerabilities in personal computer software that allow the hackers—online criminals—to remotely control home computers. Not convinced? By monitoring customers and their networks the numbers of active bots more than doubled from 4,348 to 10,352 bot computers. The SANS Internet Storm Center, a not-for-profit organization that tracks hacking trends, detects an average of 260,000 bots each day that are out there looking for computers that are vulnerable to attack. No longer limited to “denial of service” attacks by triggering junk data to attack—and ultimately overwhelm—a legitimate website, these bots now are beginning to be used to generate SPAM and malicious code.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The FTC has been checking compliance with its e-mail opt-out requirements promulgated under CAN-SPAM, and recently announced the results of a compliance survey it undertook with e-Tailers. The survey indicates that 89 percent of those online merchants who participated in the survey were complying with consumer requests to opt-out of future commercial e-mail. The FTC essentially selected 100 merchants that are big users of the Internet in retail sales and then visited their websites, created test e-mail accounts and registrations, and signed up for promotions—using the retailers systems to prompt both an initial message and their ability to reply with an “opt-out” request. All of the merchants selected did provide clear notice to consumers of their opt-out rights and a relatively easy means to do so. After six weeks of monitoring, about 89 percent of the merchants honored all opt-out requests, with 93 percent honoring some. In case you were thinking the FTC doesn’t take CAN-SPAM enforcement seriously or can’t possibly monitor and track your compliance efforts, think again. Use e-mail/e-Tail advertising and marketing? Need to understand your obligations? Need to develop policies and practices for compliance? How quickly and with what level of accuracy do you honor the requests? Need help in understanding when and to what CAN-SPAM applies? Contact either Joe Rosenbaum or Doug Wood at Reed Smith. We can help.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

We were so busy last month telling you about Grokster, we didn’t even get a chance to mention the Supreme Court also ruled providers of cable modem services are not subject to the common carrier regulations that apply to telecommunications services—most significantly the requirement they allow competitors to connect or interconnect with their networks and provide competitive choice and equal access to consumers. Technically, the decision held that the FCC didn’t exceed its authority and has the discretion to interpret the scope of its regulation and rulemaking authority when it declined to force cable broadband providers to provide competitive access similar to that accorded the telecommunications’ common carriers. The FCC had characterized cable modem services as “information services” and thus not telecommunications services, which are subject to the common carrier (and consequently, competitive) regulations.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In what may be the largest judgment in a suit against spammers so far, a company that offers subscribers an e-mail service in Iowa has been awarded more than a billion dollars by a federal judge; the allegations were that the company’s servers were inundated with as many as 10 million spam e-mails a day. The judgments were obtained under the Federal Racketeer Influenced and Corrupt Organizations Act (“RICO”) and the Iowa Ongoing Criminal Conduct Act. Iowa law allows damage claims of $10 per spam message and were tripled under RICO. Not particularly surprising, no attorneys for the defendants were present during a bench trial in November and the judgments were entered by default.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In what is being hailed as a major victory for VoIP, the Federal Communications Commission ruled that some state telecommunications regulations do not apply to providers of “voice over IP” services, and ruled that states are barred from imposing telecommunications regulations on Internet phone service providers. The FCC clearly indicated that existing regulations which rely on where a call originates and terminates (“geography-based”)—relevant when the original laws and regulations were written—are increasingly irrelevant today. The decision calls into question the validity of numerous state regulations which conflict with the Commission’s policies and regulations, but the hard work is yet to come—the FCC still must draft rules for services that rely on the “Internet Protocol,” the backbone of the Internet’s infrastructure. The Commission also did not address whether cable service providers were or were not covered by this ruling. Dozens of states are currently trying to regulate voice over IP, nervous that revenues from telecommunications taxes will diminish as businesses and consumers migrate their voice traffic to the unregulated Internet, although the FCC’s ruling does not diminish the power of state to enact and enforce consumer protection laws for the benefit of their citizens. Taxation and other regulation, however, may be a different matter.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On July 20, the U.S. District Court for the Southern District of New York imposed sanctions against UBS Warburg for destroying relevant e-mail messages during the course of litigation (Zubulake v. UBS Warburg LLC, et al., 2004 U.S. Dist. LEXIS (S.D.N.Y, July 20, 2004)). The Court ordered UBS to pay expenses and attorney fees incurred by the plaintiff, granted plaintiff’s request for further discovery, and agreed to instruct the jury that a negative inference may be drawn against UBS as a result of the missing evidence. The case provides important guidance for counsel on electronic discovery issues and record management, and the Court notes counsel is expected to take some affirmative steps: (1) “identify sources of discoverable information”; (2) “put in place a litigation hold and make that known to all relevant employees by communicating with them directly” and not only repeat these instructions “regularly” but also “monitor compliance”; (3) “call for employees to produce copies of relevant electronic evidence”; and (4) “safeguarding any archival media” the client must preserve. Given the notoriety of the case, these practices will likely become a de facto standard in evaluating electronic discovery issues and requests for sanctions. Got litigators? Call Reed Smith—we not only have knowledgeable litigators, but we also have an entire team of professionals skilled in data management, record retention, and compliance in and out of litigation. Try us, you’ll like us.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Disaster recovery and continuity planning is still on everyone’s mind. Recent trends focus on data management and recovery—not necessarily to ensure continued operations in the event of an unplanned interruption, but most notably to ensure that regulators can monitor, audit and enforce compliance with the laws and regulations that have arisen in the wake of 9-11, and the corporate ‘scandals’ that have plagued businesses over the past few years.

But as many of you know, record-keeping and data backup is only a piece of the puzzle, albeit an important one. Two years ago (September 2002), Reed Smith conducted a legal briefing to review the issues related to continuity planning, and this month we thought it might be helpful to repeat some of the simple tips that may help you think about disaster recovery. Of course, if you would like a copy of the presentation, or help, just let us know.

• Get senior management support: Without it you have no money or authority.
• Identify, evaluate, prioritize: Which critical operations must continue?
• Retrieve and restore: What resources need to be available?
• Plan, plan, plan: Alternate locations, communication methods and control centers. Avoid single points of failure.
• Money: Emergency cash and lines of credit.
• Communicate: Media, emergency personnel, employees, customers and suppliers.
• Practice, practice; Test, test, test: Got the message?
• Educate, train and inform: Everyone should be advised and trained in his or her role.
• Update, plan, update, plan: Continuity planning is a continuous process.
• Insurance: Not prevention, but damage control and worth considering.
• Consider others: Employees, customers, suppliers, business partners. Involve those who will be affected, to the extent you can.
• Think relationship, not lawsuit: Contracts can be roadmaps for cooperation.
• Tear up the plan and start again: What if your primary plan doesn’t work?
• Think globally, act locally: International operations have international problems.
• Safety first: Safety of people is the first priority. Good people can overcome the toughest challenges—treat them accordingly.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Federal Commercial E-Mail Legislation Takes Effect A major change in the law that affects privacy and commercial e-mail on the Internet took effect on January 1, 2004. The CAN-SPAM Act of 2003 doesn’t simply establish an “opt-out” framework for commercial e-mail, it completely pre-empts state law. Although an individual consumer doesn’t have the right to sue an offender under the Act, the Federal Trade Commission, along with the Attorneys General of each state, do. So what should you know?

First, the Act only applies to commercial e-mail—an e-mail whose primary purpose is promoting a commercial product or service. Although the FTC has not yet promulgated any regulations under the Act, simply because an e-mail has a URL link to a commercial website or refers to product or service doesn’t make it commercial e-mail. There are, of course, certain obvious exemptions built into the law. Product safety recall information or e-mails notifying you about changes or important notices concerning your subscriptions, memberships, purchase confirmations, accounts or e-mail related to your employment—all of these are so-called “transactional relationship messages” where the main purpose is communication related to a commercial transaction, rather than promotion or advertising.

Second, what does the law require. Starting January 1, 2004, all commercial e-mail (even if an existing business relationship exists and whether or not the e-mail was solicited or not) must contain a clear and conspicuous notice that a consumer can opt out of future e-mails and provide a web-based means to do so. A consumer’s request to opt out must be honored within 10 business days and marketers can’t sell or share the e-mail addresses of those who have opted out. The e-mail must also clearly identify itself as an advertisement—unless a consumer has specifically asked to receive commercial e-mail from a particular commercial entity. Third, the e-mail must contain a postal, physical address of the sender. Although it is not yet clear if a post office box is enough, the less-risky approach is to have a street address.

The Act has a number of other requirements related to labeling—for example, the subject (header) must accurately reflect the body or content of the message and the sender (the sponsor of the promotion) must be identified. Although the Act preempts state commercial e-mail laws, beware of the fact that state fraud, trespass and certain consumer protection laws can still apply.

Violations of the CAN-SPAM Act are criminal offenses and involve both fines and potential jail time upon conviction. As with most Federal crimes, aggravating factors increase the penalties and implementing good faith and reasonable measures to attempt to comply with the Act can lessen them. These penalties can be serious—jail-time of up to five years, $250 per e-mail up to $2 million in fines (which can be tripled up to $6 million if aggravating factors are present) and all computers and software used in the commission of the crime can be forfeit.

Although the primary purpose of Legal Bytes is to enlighten and inform you, it obviously does promote Reed Smith and encourages you to call us when you need legal support. Accordingly we will always give you the opportunity to opt out of receiving our publication by email and when we send you an e-mail, it will be clear as to what it is and who is sending it. This is not just the law, it’s good practice.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

According to the TowerGroup (Bank Technology News, January 2004), an estimated 15 percent of the securities industry in North America uses Instant Messaging for sharing market-related data with client. As we mentioned in our July 2003 issue, the NASD is already requiring member firms to retain records of instant messages for at least three years, and is requiring them to supervise the use of instant messaging technology by their employees. It is likely that
SEC regulations will emerge specifically on the subject this year or next year at the latest.

In the meantime, most securities dealers are choosing to be safe rather than sorry, and are attempting to apply the same rules they have for e-mails to instant messages as well—although the technology isn’t going to make that chore easy. Stay tuned.

• Email This
• Print
• Comments
• Trackbacks
• Share Link