Friday, February 03, 2006

Internet Law Subcommittee WWM activities

During the WWM in Wilmington on January 27 and 28th, the Internet Law Subcommittee primarily worked on the “data breach” notification program scheduled for the Section of Business Law Meeting in Tampa and a new project to address electronic waste disposal concerns.

Data Breach Notification Program

The Tampa program will be presented in conjunction with the Cyber-security and Privacy Subcommittee. The first part of the program, entitled “Model Data Breach Notification Procedure and the Payment Card Industry Security Standards,” will provide practical advice for counsel when the client calls up, reports a data breach and asks what to do next. The second part will focus on the enforcement of new information security requirements against credit card merchants by associations of credit card issuers.

At the WWM, discussions focused on certain issues:

• How does one know if there really has been a data breach (some protected data has actually been “acquired”)
• How does one know the extent of the breach (what protected data has been “acquired”)
• How does one deal with the “race against time” in which there is a competition among the efforts of the forensic experts to learn exactly what happened, the desire to make a complete and accurate public announcement, and the desire to shorten the period during which customers are exposed to theft.
• How to handle the case of a client that is reluctant to report a data breach or want to delay the report, perhaps for an unreasonable period.

In the course of those discussions, we realized that clients with multi-national operations may find themselves weighing strict compliance with US data notification laws with potential criminal and/or civil liability consequences in other countries—probably a good reason for a client’s apparent “reluctance” to comply.

The program will also provide an overview of existing data breach notification laws and pending legislation and will provide information on recent major enforcement cases.

We are very interested in including any data breach notification “war stories” and to address any practical data breach issues which members of the Cyberspace Law Committee have. Please feel free to contact Hank Judy, Tom Laudise and Michael Power or Peter McLaughlin, co-chairs of the Cyber-security and Privacy Subcommittee. (Those offering the best and most well-documented war stories will be treated to the appropriate libations and opportunity to tell the full version of the story in a suitable environment, a/k/a bar, at the next ABA gathering courtesy of Hank Judy and Tom Laudise)

Electronic Waste Disposal

Electronic equipment is laden with harmful material which, if not disposed of correctly, can severely harm the environment. Currently, much of the disposed of electronic waste finds its way to dumps in impoverished areas of the world. Often, the original owner of equipment has no idea that this is the case and believes that it has been “properly disposed of” by the company it hired for that purpose.

Several states have laws requiring the proper and environmentally sound disposal of electronic equipment. Legislation has been proposed in many other states and in Congress. The EU has several directives in place addressing the environmentally sound disposal of electronic equipment, as well as related issues of disposal of packaging, and environmentally sound initial design. During the WWM Tom Laudise and Hank Judy presented Power Points on different aspects of the problem and circulated research materials

Internet Law had originally planned a survey of the law. However, discussion at the WWM revealed that it would be more useful to instead prepare an article which will, first, alert counsel to the issue and potential serious liabilities for improper disposal of electronic waste, and, second, provide a sample agreement/clauses with a third party provider of electronic waste disposal services (as well as assured erasure of hard drives and related memory.) We hope to circulate an initial draft contract in the next several weeks.

We would like to publish such an article this year. Depending upon the response to the article, we will consider an ABA program in 2007. We would very much like assistance and ask that anyone interested please contact Hank Judy or Tom Laudise.

Model Website Development Agreement and Commentary

We will work to finalize a model website development agreement with commentary this spring. This project enjoyed/suffered a brief hiatus but is now back—hopefully in time to be included with the Working Group on Electronic Contracting Practices second release of its the Model Web Site – Cyberspace Law's very successful publication meant for practitioners assisting clients who are setting up eCommerce operations within a corporate environment.

We will circulate the next draft for comments soon. Anyone interested in reviewing that draft and providing insightful feedback, please contact either Hank Judy or Tom Laudise. Tom already has a list of “usual suspects” and, in lieu of volunteering, you may contact him to confirm you are the list.

* * * * *
Finally, if anyone has any additional projects they are interested in seeing the Internet Law Subcommittee take on, please contact either Hank Judy or Tom Laudise.

No comments: