On August 10 the Michigan Attorney General, Mike Cox, last week issued a press release about charges against Florida and California companies.
"Attorney General Mike Cox announced today that he is filing criminal and civil charges against senders of unsolicited e-mail messages ("spam") that seek to lure children to gamble and buy alcoholic beverages. The messages were sent to children’s e-mail addresses registered with the State of Michigan under Michigan’s Child Protection Registry Act. The act requires senders to check the registry to remove children’s e-mail addresses before sending messages advertising goods or services that children cannot legally buy. Today’s criminal charges against RR Media, Inc. of Cathedral City, CA, and Data Stream Group, Inc. of Bonita Springs, FL, are the first of their kind in the country and may subject the spammers to a fine of up to $10,000 and other penalties.
"The Internet – especially email and instant messaging – is a favorite vehicle for spammers and sexual predators to solicit children to buy harmful products, view pornographic images, and, worst of all, become targets of predatory activity," Cox said. "I will continue to utilize all the tools available under the law to protect Michigan children from these menaces."
The "Protect MI Child Registry" allows parents and others to submit e-mail addresses, instant message addresses, and other electronic contact points to which children in Michigan have access to the Michigan Public Service Commission, which administers the registry. The law prohibits sending e-mail to a registered address with content in the e-mail that advertises anything a minor is prohibited from doing, viewing, or using. Examples include alcohol, tobacco, gambling, and pornography. The law requires senders of this type of e-mail to electronically scrub their mailing lists against the registry, eliminating the registered e-mail addresses from mailing lists. Michigan and Utah are the only states that have adopted a registry law.
"Spamming is a huge problem with no easy solution. The registry law is an attempt by our State to find an effective way to protect children from the most offensive variety of spam. I hope our criminal and civil actions send a message to spammers peddling harmful products – stay away from our kids," Cox said.
The cases follow an investigation by the Attorney General’s Office, which received complaints of inappropriate e-mail solicitations for gambling and alcohol purchases being sent to e-mail addresses registered as children’s contact points. The Attorney General’s cyber-investigation led to the defendants, RR Media, Inc. and Data Stream Group, Inc. Each corporation stands charged with one count of violating the Registry Act. Criminal complaints were signed on August 10, 2006, in the 36th and 52-2nd District Courts in Detroit and Clarkston, respectively. The next court date has not yet been set.
In addition to the criminal cases, Cox has filed civil actions against RR Media, Inc. and Data Stream Group, Inc. in Ingham County Circuit Court. These companion cases to the criminal actions seek injunctions against further violations and other statutory penalties.
Parents and guardians of minor children can visit the State of Michigan’s "Protect MI Child" website, operated by the Michigan Public Service Commission, at: https://www.protectmichild.com . At this site, parents can:
- register their children’s contact points (including e-mail addresses, instant message addresses, and fax numbers);
- file complaints concerning violations of the Michigan Child Protection Registry Act;
- obtain additional information.
Consumer alerts on e-mail scams, identity theft, and a wide range of other topics of interest to parents and consumers can be viewed or downloaded at the Attorney General’s Web site, www.michigan.gov/ag (click on "Consumer Alerts"). An online complaint form is also available.
Mail or telephone inquiries and complaints may be directed to the Attorney General’s Consumer Protection Division at:
Consumer Protection Division
P.O. Box 30213
Lansing, MI 48909Phone: 517-373-1140
Toll-free within Michigan: 1-877-765-8388
Fax: 517-241-3771
www.michigan.gov/ag (click on "File A Complaint")"
This continues with the more aggressive actions I’ve seen states taking with regard to compliance, particularly those laws addressing children’s safety and rights, using the Internet, and protecting individuals from identity theft and other privacy intrusions.
Just a few examples:
- On July 10, 2006 Rhode Island Governor Donald L. Carcieri signed into law bill H. 7674 that prohibits the use of the Internet or e-mail to obtain personal information, such as Social Security numbers or financial account information, from individuals under the pretense of being a legitimate online business. The new law, which took effect immediately upon being signed, makes it a criminal offense to "solicit, request or take any action to induce another person to provide identifying information by representing that the person, either directly or by implication, is an online business without the express authority or approval of the online business purported to be represented by the person" through a Web page, e-mail, or any other type of Internet service.
- On July 13, 2006 the California Supreme court ruled a California statute under which *all* parties must consent to the recording of their telephone conversation precludes Salomon Smith Barney Inc.’s Atlanta branch office from recording its telephone conversations with California clients without their knowledge and consent. Multiple lawyers reported they believe the supreme court’s decision may have broad implications for businesses nationwide, not just those which are in California or that conduct telephone calls with individuals in the state. There are 11 other states in addition to California that have laws on the books that require all parties to a telephone call to consent to the taping of the call.
- A law, S.B. 601, signed June 29, 2006 by Pennsylvania Governor Edward G. Rendell bars businesses and government agencies from publicly posting a Social Security number or printing it on any card required for access to a company’s products or services.
- On June 30, 2006 Delaware Governor Ruth Ann Minner signed two bills that add a new privacy safeguard for Delaware residents (H.B. 392) and help reduce the damage identity theft can cause its victims (H.B. 334). H.B. 392 makes it a criminal violation to install an electronic or mechanical location tracking device in or on a motor vehicle without the consent of the person who owns or leases the vehicle. The prohibition does not apply to use of a tracking device by a law enforcement officer or by a parent or legal guardian who installs the device to track his or her minor child. H.B. 334 authorizes the Delaware Attorney General’s Office to issue an "identity theft passport" to any person who files a police report alleging identity theft, as long as there is reasonable assurance that the claim is valid. The "passport" will be a card or certificate that the identity theft victim can present to a law enforcement agency to help prevent his or her arrest for a crime committed by someone else using the victim’s stolen identity.
And so many more…it is hard to keep up with all the new laws!
I find Delaware law H.B. 334 particularly intriguing…issuing an identity theft passport to show to law enforcement. What if the person is in a different state? Will law enforcement there know about this passport?
The legal and regulatory data protection environment just gets more interesting all the time…
Technorati Tags
information security
IT compliance
regulatory compliance
state data protection laws
spam
identity theft
encryption
policies and procedures
awareness and training
privacy