Technical-Legal Confluence News

Besides the federal Can-Spam Act, many states have anti-spam laws. In Virginia the law is here.

The law is controversial because Virginia is reportedly the only state in the nation to make it a felony to send unsolicited bulk email of a religious or political nature. However, it is hard to see how the First Amendment could have anything to do with prohibiting spam headers. The Virginia Supreme Court, according to the AP (in a story printed in the Washington Times on June 4, p A12) will take another look at this narrow question. The case is Jeremy Jaynes v. Commonwealth of Virginia. Jaynes was prosecuted in Virginia because AOL’s servers are located there in Loudon County.

So far, the heart of email spam control is contained in the Can-Spam Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003).

One of the most objectionable processes that occurs with spam is email sender “spoofing” although most home users now understand that this happens.

The full text of the law may be found here.

One major controversy was the reliance of the Act on the 10-day opt-out mechanism. Many people wanted an opt-in requirement.

The FTC factsheet (with a “Requirements for Commercial Emailers”) is here.

There is a PDF with the “final rules” here.

The FTC fact sheet for home consumers and home users is here.

With regard to telemarketing:

The Do Not Call Implementation Act of 2003
FCC link is here.

The Federal Registry has a “telemarketing sales rule,” here.

The Junk Fax Prevention Act of 2005 (S. 714, 109th Congress)
Thomas.

The most important legislation regarding consumer protection and identity theft prevention right now in the 110th Congress is probably S. 495, the Personal Data Privacy and Security Act of 2007, introduced by Patrick Leahy (D-VT) with six cosponsors.

The major Govtrack reference is here.

The Congressional Research Service Summary is here.

The bill would enhance the penalties for activities that compromise the data security of consumers. Interstate data brokers would have to provide information on consumers when requested. Security requirements already known in the health care industry with HIPAA would exist in other industries. The bill would create an office of Federal Identity Protection.

The full text is here.

There is still a good question as to how much due diligence financial institutions should perform to identify consumers.

The 109th Congress had many such bills that died.

In the 110th Congress, the House has H. R. 958, the Data Accountability and Trust Act, introduced by Bobby Rush (D-IL).

The Govtrack reference is this.

The CRS summary is here.

The full text is here.

But the House has also introduced H.R. 3046, the Social Security Number Privacy and Identity Theft Protection Act of 2007, introduced by Michael McNulty (D-NY). The Govtrack link is here.

The CRS summary is here.

The bill would prohibit the public display of SSN’s on certain government documents, and it would prohibit the sale of social security numbers by private interests.

The text of the bill is here.

For reference, I give the FTC link for the Fair Credit Reporting Act, last amended in 1996, originally passed in 1970 (PDF).

The Treasury Department’s copy of the Fair and Accurate Credit Transactions Act of 2003 is here (pdf).

A related bill will be H.R. 4008, Credit and Debit Card Receipt Clarification Act of 2007, introduced by Tim Maloney, govtrack reference here.

The FTC copy of the Fair Debt Collection Practices Act (1978) is here (pdf).

I have running news on a blog that deals with proposed technical solutions to the identify theft problem, link here.