The New York State Information Security Breach and Notification Act amends the State Technology Law (Section 208) and the General Business Law (Section 899-aa), and requires that any New York State entity, as well as any person or business conducting business in New York and who owns or licenses computerized data that includes private information, must disclose any breach to New York residents (New York State governmental entities must also notify non-residents). This is similar to well more than 30 other states that have data breach notification statutes. Did you also know that when notification is necessary, New York law requires notification to the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination, and the Consumer Protection Board? Did you know there’s a “New York State Security Breach Reporting” form? No company relishes the idea of having to deal with a compromise of sensitive customer data? And no company should have to worry about not having the right legal advice when dealing with their customers, regulators and law enforcement officials. Rimon has a Data Security Group that keeps track of these laws in the United States and throughout the world.
“Deal or No Deal?” It’s a Deal – At Least for SMS!
When NBC Universal broadcasts “Deal or No Deal,” viewers are invited to play a “Lucky Case Game.” The game allows viewers to pick one of six cases and submit their entry via premium text message ($.99) or online. If you pick the right case, you are entered in a random drawing for a prize of up to $100,000. Well, wouldn’t you know. Someone lost and sued NBC under Georgia’s gambling laws, which make gambling contracts void and states that any “money paid…upon a gambling consideration may be recovered from the winner by the loser” (Hardin v. NBC Universal). There are also actions pending before the California courts. Just a few weeks ago, the Georgia Supreme Court held that the $.99 was not a bet or wager, and there was no “gambling contract” between the plaintiffs and NBC. For now, and at least in Georgia, a premium text message game is permissible.
Some Like It Hot – But Others Do Not!
Last fall, a California court held that CMG, assignee of rights under Marilyn Monroe’s estate to exploit her image and likeness, had no rights because at the time of her death, there were no laws in either California or New York recognizing rights of publicity. Enter California’s legislature—amending its law to retroactively enact rights of publicity (See Legal Bytes, October 2007) to “remedy” this unfortunate state of affairs. Whoops. Not so fast. A judge in the U.S. District Court for the Central District of California has just ruled Marilyn Monroe was a New York resident at the time of her death in 1962, and pulled the plug on the recently amended California Right of Publicity law.
FTC Issues Final Rule on CAN-SPAM
The FTC issued its Final Rule concerning certain aspects of the CAN-SPAM Act May 12, 2008. The Final Rule: (a) allows multiple marketers to designate an otherwise legally qualified entity as the single “sender” for purposes of compliance. The sender still must comply with the opt out, identification and other requirements of the Act, but no longer must be the entity that controls all the content or determines all the email addresses to which the message will be sent. In practice, this means only the designated sender (not the other marketers) needs to honor opt-out requests, and only the designated sender needs to have a physical address in the message; (b) prohibits conditioning an opt-out request on paying a fee or providing some personal information other than an email address; (c) allows senders to use a P.O. Box as the physical address if they have accurately registered the P.O. Box with the United States Postal Service; and (d) defines the word “person” to include business entities. As part of its ruling, the FTC also refused to change the amount of time (10 business days) a sender has to comply with an opt out request from an email recipient, and also rejected putting any time limits on how long an opt-out request from a recipient would remain valid and in effect.
Useless But Compelling Facts – May 2008
This month we want to know what former Major League Baseball All Star Pitcher became a dentist once he finally left the game of baseball. Send your answer to me.
Useless But Compelling Facts – April 2008 Answer
Our prize for last month goes to long-standing reader and Legal Bytes’ friend, Debbie Kaste, Director of Legal Operations Support for Hilton Hotels. She (very quickly and quite correctly) knew why so many children’s toy coin banks are in the shape of a pig. In Middle English, “pygg” referred to a dense type of orange clay used in Europe for making household jars, dishes and cookware. When people saved coins in kitchen pots and jars made of this clay, the jars became known as “pygg jars” and at some point in the 18th Century, some English potter misunderstood the word and starting making coin-collecting jars in the shape of a pig—hence the pig or “piggy” bank. By the way, it is still illegal in France to name a pig Napoleon.