.
home Liabilities and Vulnerabilities in the Information Age
First Edition with Up-to-date Links (*)
Your Turn
(*)second edition available by invitation only
Site Search:__
.

General Sources
(see also "How to search, how to read Law" in the introduction)

I-1: Identity Theft

Case study Topic notes

Relevant legal and regulatory documents:

Further Help:

I-2: Credit Fraud

Case study Topic notes

Relevant legal, regulatory documents and industry standards:

PCI standard guidance documents and enforcement:

Further Help:

I-3: Ambush Marketing

Case study Topic notes

Relevant legal, regulatory documents and industry policies:

    US Federal Law
  • The Lanham Act, July 1946, trademark law as amended over the years and as incorporated into 15 USC, sections 1051-1129
  • Anti-cybersquatting Consumer Protection Act, Nov 1999, buried inside Public Law 106-113 by reference to Bill S.1948, subsequently incorporated into 15 USC, sections 1125 and 1129
    .
    US Federal Courts
  • 1-800 Contacts Inc. versus WhenU.com Inc. and Vision Direct Inc., a decision by the US court of appeal for the second circuit, June 2005,
    stating that referencing a website name as a search key does not constitute a "use" of the associated trademark as defined by the Lanham Act.
  • Google versus GEICO, an opinion by the US district court for the Eastern District of Virginia, August 2005,
    stating that one may use trademarks as keywords without infringing in the placement of search engine ads
    .
    EU Institutions
  • Google versus Louis Vuitton Malletier et alii, an opinion by an Advocate General at the European Court of Justice, September 2009,
    stating that European Law allows the use of trademarks as keywords in the placement of search engine ads
  • Google versus Louis Vuitton Malletier et alii, a judgment of the European Court of Justice, March 2010,
    stating that European Law allows the use of trademarks as keywords in the placement of search engine ads
    but reminding third parties advertising goods in such a way and search service providers of potential liabilities
    .
    Internet Corporation for Assigned Names and Numbers
  • ICANN Uniform Domain Name Dispute Resolution Policy, Aug 1999

Further Help:

  • from Dr. Stephan Ott: Links and Law
    information about legal aspects of search engines, hyperlinks (surface and deep links), inline links and frames (Canada, EU, Germany, US)

II-1: Handling of Medical Records

Case study Topic notes

Relevant legal and regulatory documents:

The case of physician prescription records
  • New Hampshire Prescription Confidentiality Act, February 2006 (HB 1346),
    forbidding the use or transfer of physician prescriptions by pharmacists for marketing purposes
  • IMS Health and Verispan v. Ayotte, opinion by the US Court of Appeals for the First Circuit, November 2008,
    affirming the constitutionality of said New Hampshire Prescription Confidentiality Act
  • Sorrell v. IMS Health, US Supreme Court oral arguments over Vermont's enforcing similar restrictions, April 2011,
    disputing state rights to prevent pharmacies from selling physician prescription profiles compiled from their business records
  • Sorrell v. IMS Health, US Supreme Court opinion over Vermont's enforcing similar restrictions, June 2011,
    denying Vermont the right to selectively prevent pharmacists from selling physicians' prescription data for marketing purposes
    .

Relevant guidance documents from the Health and Human Services Department:

Further Help:

Helpful note:

  • Healthcare service providers who extend credit to "a person for expenses incidental to a service provided by the creditor to that person" are exempted from the so-called Red Flag regulations on ID theft detection.
    Free from the associated administrative burden, physicians and other providers will do well, nonetheless, to remember they are not unfortunately exempted from ID theft itself, especially in view of an increased reliance on Electronic Medical Records Systems.
    For more details on "Red Flags", look up section I-2 on Credit Fraud

II-2: Marketing Campaigns

Case study Topic notes

Relevant legal, regulatory documents and bills under discussion:

Relevant guidance documents from the Federal Trade Commission:

The National Do Not Call Registry

Further help:

II-3: International Data & Safe Harbors

Case study Topic notes

Relevant legal and regulatory documents:

Relevant guidance documents from

The Safe Harbor (a EU approved, US managed mechanism for data transfers, invalidated by the EU Court of Justice)

The EU-US Privacy Shield (a new EU approved, US managed mechanism for data transfers to replace the prior, invalidated one)

EU compliance outside the Safe Harbor

II-4: Surveillance

For more information, see the second edition

Relevant legal and regulatory documents:

    US Federal Government
  • Foreign Intelligence Surveillance Statute, 50 U.S.C. 1801 and sequel
    compiling the original Foreign Intelligence Act of 1978 (Public Law 95-511)
    for the latest version, see the July 2008 amendments below
  • Stored Communications Statute, 18 U.S.C. 2701 and sequel
    limiting legal access to communications stored by "communications" and "remote computing" service providers without user consent
    and compiling the original Stored Communication Act of 1986 (Public Law 99-508)
  • Protect America Act of 2007, Aug 2007
    allowing warrantless surveillance of domestic communications with foreign correspondents
  • FISA Amendements Act of 2008, Jul 2008, which received a five year extension through Public Law 112-238, Dec 2012
    granting legal protection to telecommunication service providers for their assistance in wiretapping
    and updating the Foreign Intelligence Surveillance Act of 1978 (see reference to 50 USC, 1801 and seq. above)
  • opinion of the US Supreme Court, Jun 2010
    giving no general guidance on balancing employers' searches of employees' communications versus the latter's expectation of privacy,
    but deciding the case against the government employee by finding the contested review of his text messages reasonable
  • opinion of the US Supreme Court, Jan 2012
    assimilating the use of GPS tracking by the police to a Fourth Amendment search, subject to the obtention and the terms of a warrant,
    thus reinforcing the protection offered by "a person's reasonable expectation of privacy".
  • opinion of the US Supreme Court, June 2014,
    making it illegal for the police to search a cellphone without a warrant if there is no emergency
    .
    US States
  • opinion of the Supreme Court of Ohio, December 2009,
    making it illegal for the police to search a cellphone without a warrant if there is no emergency
    a decision now superseded with a similar decision by the US Supreme Court
    .
    EU Institutions
  • European Directive 2006/24/EC, March 2006,
    mandating the retention of communication-related data by phone and Internet public service providers

Further Help:

III-1: Protecting Digital Information

Case study Topic notes

Relevant legal and regulatory documents:

Further Help:

Note:

  • the ISO 17799 Standard is an extremely thorough methodology for achieving information system security.
    It is quite relevant in the context of GLBA, HIPAA and SOX compliance, at least for large organizations.
    Unfortunately the standard itself is for sale. Due to wide variations in pricing and considering that ISO 17799 will be best implemented with external help from a competent consulting firm, the author declines to recommend any source.
    However the interested reader is referred to a free ISO 17799 preview by Praxiom Research Group Ltd, a proof of marketing acumen.

III-2: Disposing of Digital Information

Case study Topic notes

Relevant legal and regulatory documents:

The list given above does not claim to be exhaustive, especially where record retention is concerned. Consult a lawyer familiar with the type of activities in which your organization is engaged for professional guidance.
SEC rules and regulations are often quoted without proper context. For example one will read about SEC rule 17a-4 without mention of the Securities Exchange Act of 1934, implemented by 17 CFR 240. To track incomplete references, see the Securities Lawyer's Deskbook Table of Contents

Further Help:

III-3: Distributing Digital Information

Case study Topic notes

Relevant legal and regulatory documents:

Further Help:

IV-1: Spamming

Case study Topic notes

Relevant legal and regulatory documents: see chapter II-2: marketing

Further Help:

IV-2: Denial of Service

Case study Topic notes

Relevant legal and regulatory documents: see chapter III-1: protecting digital information

Further Help:

IV-2b: Censorship

For more information, see the second edition

Relevant legal and regulatory documents:

    US Federal Courts
  • Verizon versus the FCC, a decision by the US court of appeal for the District of Columbia, January 2014,
    stating that the FCC has the right to regulate broadband communication carriers and demand transparency
    but that current anti-discrimation and anti-blocking rules are inconsistent with its considering broadband carriers not to be common carriers.
    US Federal Government
  • New Rule Making Proposal for an Open Internet, by the FCC, May 2014,
    compelling broadband carriers to transparently offer a base service meeting the openness criteria
    while freeing faster services from this requirement.
    EU Institutions
  • an opinion of the European Court of Justice Advocate General, June 2013,
    advising the Court to exempt the search engines from having to grant requests from individuals
    to delete references to personal information published legally by third-parties
  • Google versus Mario Costeja González, a decision by the European Court of Justice, May 2014,
    stating that, in view of the right to forget, search engines must remove links to personal information
    whenever "inadequate, irrelevant or no longer relevant, or excessive" unless it is contrary to the preponderant interest of the general public.

Further Help:

IV-3: Copying

Case study Topic notes

Relevant legal and regulatory documents:

Further Help:

.

Disclaimers:

  • Links to third party material may have become obsolete since publication.
  • these links do not represent an endorsement of any organisation, public or private,
    and no compensation has been received nor sollicited by the author for their inclusion.
  • the author is not a lawyer. While discussing matters arising from Federal and State laws and regulations, the opinions provided here are for general information only. As the need arises, any specific legal question must be directed to a lawyer with the proper training and qualification.
November 2006
Copyright © 2006 Philippe Coueignoux. All rights reserved.