New FTC "Red Flag Rule" Guidance to Help Fight Identity Theft

The Federal Trade Commission recently issued revised its “Red Flag Rules” guidance.  The Red Flag Rules protect consumers by requiring businesses to watch for and respond to warning signs or red flags of identity theft.  The guidance outlines which businesses are covered by the Rule.  A copy of the guidance can be viewed at


FTC Imposes a Record $22.5 Million Civil Penalty on Google for Privacy Misrepresentations

On August 9, 2012, the FTC announced that Google agreed to pay a record $22.5 million civil penalty to settle charges that it made misrepresentations to users of the Safari Internet browser when Google represented that it would not place cookies or serve targeted ads to those users.  In doing so, Google violated an earlier privacy settlement it had with the FTC.

FTC Chairman Jon Leibowitz said “[t]he record setting penalty in this matter sends a clear message to all companies under an FTC privacy order. . . “[n]o matter how big or small, all companies must abide by FTC orders against them and keep their privacy promises to consumers, or they will end up paying many times what it would have cost to comply in the first place.”

The FTC's aggressive enforcement is expected to continue and it is important that businesses review their privacy policies to ensure that the policies have not become dated and no longer represent the current data collection and maintenance practices of the business.

The FTC press release can be viewed at


Supreme Court of Pennsylvania Reject Federal Case Law on E-Discovery and Adopts A Proportionality Test for E-Discovery in Amendments to the Rules of Civil Procedure

The Supreme Court of Pennsylvania recently amended the Pennsylvania Rules of Civil Procedure to officially include the discovery of electronically stored information.  The amended rules become effective August 1, 2012.

Changes to Rules

Amended Rule 4009.1 includes “electronically stored information” among the list of items a party may request.  The person requesting electronically stored information may specify the format in which it is to be produced and the responding party may thereafter object.  If no format has been requested, the responding party may produce electronically stored information in the form in which it is ordinary maintained or in a reasonably usable form. 

The Supreme Court further amended 4009.11 to encourage “limitations as to time and scope” and “agreements between the parties on production formats and other issues.”  Rule 4011, which  addresses the limitations of scope of discovery, was also amended to expressly include electronically stored information. 

Rejection of Federal Case Law

Although the amended Pennsylvania rules reference “electronically stored information,” the same term provided for under the Federal Rules of Civil Procedure, the official note makes clear that “there is no intent to incorporate the federal jurisprudence surrounding the discovery of electronically stored information.”  See Explanatory Comment, Note “A.”  Instead, “[a]s with all other discovery, electronically stored information is governed by a proportionality standard. . . .”  See Explanatory Comment, Note “B.” 

Under the proportionality standard, the official note directs a court to consider: “(i) the nature and scope of the litigation, including the importance and complexity of the issues and the amounts at stake; (ii) the relevance of electronically stored information and its importance to the court’s adjudication in the given case; (iii) the cost, burden, and delay that may be imposed on the parties to deal with electronically stored information; (iv) the ease of producing electronically stored information and whether substantially similar information is available with less burden; and (v) any other factors relevant under the circumstances.”  See id. 

By expressly rejecting the Federal Rules, Pennsylvania Courts may continue to address discovery issues by balancing a party’s need for information with a party’s burden of producing the requested information in the context of how the dispute relates to the import of the case.  The proportionality test thus provides a court wide discretion in resolving e-discovery disputes. 

Additionally, unlike its federal counterpart, the Pennsylvania rule favors, but does not require, the parties to meet-and-confer on e-discovery before the commencement of discovery.  The note to the amended rules states that parties may consider electronic searching, sampling, cost sharing, and non-waiver agreements, but does not require any party to do so. 

Under the amended Pennsylvania rules, the parties, and the Court, may address electronically stored information differently depending on the financial risk and the varying complexity of the case. In this regard, with the exception of officially recognizing electronically stored information as a discoverable item, the amended Pennsylvania rules are not that new.

For Further Information

If you have any questions, please contact Sandra A. Jeskie or Ryan E. Borneman.


Second Circuit Addresses DMCA Safeharbor in Landmark Case

A new Second Circuit decision could change the way some service providers conduct business on the internet, imposing a greater burden to assess specific infringing activity.

In Viacom v. YouTube, Viacom sought $1 billion in damages for direct and secondary copyright infringement based on claims that its users improperly uploaded thousands of Viacom’s videos.  The district previously held that YouTube was protected against claims of copyright infringement under the DMCA safe harbor primarily because it had insufficient notice of the particular infringement at issue.  Essentially, it held that under the DMCA, service providers did not have a responsibility to identify which of its users' postings infringed a copyright.

This week, the Second Circuit vacated that decision.  While the Second Circuit agreed with the district court that the DMCA safe harbor requires knowledge or awareness of specific infringing activity, it vacated the order granting summary judgment because a reasonable jury could find that YouTube had actual knowledge or awareness of specific infringing activity on its website. It instructed the district court to determine on remand whether any specific infringements of which YouTube had knowledge or awareness correspond to the clips-in-suit in these actions.  It also directed the lower court to consider whether YouTube made a "deliberate effort to avoid guilty knowledge" and whether YouTube had the ability to control the infringing activity and received a financial benefit attributable to that activity.

The decision can be viewed at


FTC Released its Final Report Today on Best Practices for Businesses to Protect Consumer Privacy

Today, the Federal Trade Commission released its final report titled "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers."

The report details best practices for businesses to protect the privacy of consumers.  Recognizing the burden on small businesses, the FTC says that the framework should not apply to companies that collect and do not transfer only non-sensitive data from fewer than 5,000 consumers a year. 

In the report, the FTC addressed the following:

Do-Not-Track – the FTC will work with various groups to complete implementation of an easy-to-use, persistent, and effective Do Not Track system.

Mobile - the FTC continues to urge companies offering mobile services to work toward improved privacy protections, including disclosures. It will host a workshop on May 30, 2012 to address how mobile privacy disclosures can be short, effective, and accessible to consumers on small screens.

Data Brokers – the FTC called on data brokers to make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data.  In addition, the website should detail the choices that data brokers provide consumers about their own information.

Large Platform Providers - The FTC cited heightened privacy concerns about the extent to which platforms, such as ISPs, operating systems, browsers and social media companies, comprehensively track consumers' online activities. It will host a public workshop in the second half of 2012 to explore issues related to comprehensive tracking.

Promoting Enforceable Self-Regulatory Codes - the FTC is working to develop industry-specific codes of conduct.


E-discovery Taxation Costs Slashed by the 3rd Circuit

Previously, we reported that a federal court in the Western District of Pennsylvania held that the two prevailing defendants may recover more than $365,000 in e-discovery costs because such costs are the modern-day equivalent of duplication costs.  That decision has now been vacated and remanded back to the District Court to re-tax costs.  According to the panel, only the scanning of hard copy documents, the conversion of native file to TIFF and the transfer of VHS tapes to DVD involved taxable "copying" costs, which are recoverable

The Ever Expanding Data Breach Notification Laws…

Just when you thought the state breach notification laws could not get more cumbersome, states continue to amend their breach notification laws in an effort to expand the content and reach of the notice. 

Texas Amendment Requires Notification to Affected Residents in All 50 States

Texas recently amended its data breach notification law by expanding the notification requirements to cover affected non-residents.  Prior to the amendment, Texas required that entities conducting business in Texas notify residents when sensitive personal information was believed to have been acquired by an unauthorized person.  The amended law, which becomes effective September 1, 2012, now requires notification to affected persons residing in all 50 states if affected non-residents live in a state that does not already require notification of the data breach.  The Texas amendment is a novel use of the state breach notification laws, essentially requiring national notification of the breach.  Penalties are incurred if non-residents are not appropriately notified.  The Texas law also expands state health privacy requirements, imposing further notification requirements for a breach of health information

[Read More]

Employee Theft of Trade Secrets – Protecting the Family Jewels

One of the most valuable assets of any company is its intellectual property.  Although technology has led to great efficiencies, it has also created new exposures for businesses, particularly with respect to the protection of valuable trade secrets.  One of the key tools in a litigator’s arsenal in the fight against theft of trade secrets is the Computer Fraud and Abuse Act (CFAA).  It prohibits a person from intentionally accessing a computer without authorization or exceeding authorized access to obtain information, perpetrate a fraud, or cause damage.  Unfortunately, the issues are not always straightforward.  Issues have arisen about the extent to which a business can use the CFAA to protect its information because there are conflicting views among the courts on the meaning of “authorization”. 

[Read More]

Geotagging and Other Electronic Tracking – Worth the Risk to Privacy?

Congress is currently considering a bill to prevent the abuse of location data collected by electronic devices.  In the mean time, we all have to question how much privacy are we willing to give up to get the types of services and apps we have come to love?

[Read More]

The Changing Face of Litigation – Can the Loser Be Charged With the Other Party’s E-Discovery Costs?

While it may surprise some, the answer to that question is YES.  As a result of the expanding volume of electronic data that must be produced in litigation, e-discovery costs have been one of the biggest concerns of both clients and lawyers for some time.  Now, clients and lawyers alike have reason to stress about the costs even more.  Recently, a federal court in the Western District of Pennsylvania held that the two prevailing defendants may recover e-discovery costs because such costs are the modern-day equivalent of duplication costs.  While the judge took care to limit the ruling to the "unique" facts associated with this case, it has not stopped lawyers from speculating about what other cases might similarly fall within the purview of this ruling.

[Read More]

Duane Morris TechLaw

Duane Morris lawyers share their insights on developing legal issues which impact technology and business. Topics include e-commerce, cloud computing, outsourcing, security, privacy, social media, software, telecommunications and more.

« October 2014
© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.
The opinions expressed on this blog are those of the author and are not to be construed as legal advice.