Bank's "Commercially Unreasonable" Security Practices to Blame for Cyber Theft

The First Circuit earlier this month held that a bank could be liable for the theft of nearly $600,000 from a company’s bank account because the bank’s online security systems were not “commercially reasonable” under the Uniform Commercial Code.  This ruling, in Patco Construction Company v. People’s United Bank, indicates that banks cannot entirely shift risk to their customers through contractual provisions, and that courts will scrutinize a bank’s security practices to determine whether they are adequate


© Copyright 2012 Steptoe & Johnson LLP

French Court Narrows the Scope of Workplace Privacy

The Bordeaux Court of Appeals in France has ruled, in Pierre B. v. Epsilon Composite, that a company was justified in reviewing emails sent by an employee using a workplace computer, since the employee had not identified the messages as personal.  The employer was also justified in firing the employee when it discovered that he had emailed confidential work files from his work email to his personal email account, in violation of company rules and a confidentiality agreement he had signed.   As we previously reported, the Cassation Court’s 2001 decision in Nikon France SA v. Frédéric O. established that employees have a right to privacy in personal messages transmitted using a workplace computer, even where an employer has banned non-business use of the computer.  But, since then, French courts have refined the Nikon decision in ways that narrow employees’ privacy rights in the workplace in favor of employers.  This decision continues that trend.


© Copyright 2012 Steptoe & Johnson LLP

Launch of the ICC Cookie Guide

For all the website developers out there, see the useful cookie guide just released by the International Chamber of Commerce

FCC - landline robocalls to require prior written consent

The Federal Communication Commission (FCC) approved - on 15 February 2012 - changes to the Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991 (TCPA) - which will require telemarketers to obtain 'prior express written consent' from individuals before placing an autodialed or prerecorded marketing call ('robocall') to residential landline phones.

Threat from Loss of Personal Data Insufficient to Establish Standing

The U.S. District Court for the Eastern District of California has dismissed a class action lawsuit arising out of the loss of server drives containing the personal and medical information of over 800,000 California residents. The plaintiffs in Whitaker v. Health Net of California, Inc., alleged that they were likely to suffer future harm as a result of the loss of their information. The court, however, found the threat of future harm alleged by the plaintiffs to be “wholly conjectural and hypothetical,” and therefore held that the plaintiffs’ allegations were insufficient to establish standing under Article III of the Constitution.

© Copyright 2012 Steptoe & Johnson LLP