IMPACT®

In European IP law circles, the Texan courts are probably best known as the place where patent trolls like to sue for enforcement of software patents of often-seemingly-dubious validity. However, a recent ruling means that they may end up getting a reputation as a state where sensible judgments on contractual matters can be obtained.

The Internet Cases blog by Evan Brown reports on a case where a new ecommerce site, Luu Online, accidentally displayed hard drive as having a purchase price of $1 each. Data storage is cheap but not that cheap; the price it intended to display was close to $1,200 per hard drive. The $1 price was caused by an error on the website.

The claimant, Perez, ordered 100 hard drives for the $1 price, and the defendant Luu refused to honour the purchase. The claim failed on 2 grounds. The first was to do with a Texan state law of deceptive trade practices that we won't concern ourselves here. The second was because the websites terms & conditions allowed it to correct pricing errors. It's this second part that drew my attention to the case.

Whilst certainly not groundbreaking, this is another case that emphasies the importance of putting in place good terms and conditions for ecommerce sites. Here, that attention to detail hjas played its part in saving Luu online a tidy sum.

An interesting development over at the Information Commissioner's Office website, which has launched a website aimed at 'young people'. The website contains tips on how young people can keep details safe online and what to do if they have concerns about how their data is being used.

At the same time, the ICO reports on a survey which found that most young people are publishing detailed online that would help fraudsters (date of birth, for example) and that 71% would not want a college, university or future employer to conduct an internet search on them unless they had first been able to remove content from social networking sites.

An item on the easier.com site yesterday confirms that the private sector is sitting up and taking notice of the recent HMRC data debacle .

Motor dealers are now being urged to review their systems and procedures for the safe storage and processing of personal data relating to their custoimers.  In issuing this call to action, the RMI National Franchised Dealers Association expressly pointed its members to the HMRC disaster.

More proof perhaps - if any were needed - that business is now very much alive to the need to show Joe Public that it takes protection of his data seriously.  After all, HMRC may be a monopoly, but this is an advantage denied to the commercial sector.

There's an interesting piece on the .zdnet site which lists the Top Ten things holding back the development of technology.

The list includes some less than obvious choices, and all are nicely argued - a good read over your lunchtime sandwich.

The Information Commissioner's Office is to be given the power to make "spot checks" on organisations holding personal data. This increase in ICO powers was announced by Gordon Brown in today's Prime Ministers Questions in the Commons.

In another demonstration of how hard the benefits data fiasco has hit the Government, the ICO only appears to have announced it was pressing for these powers yesterday.

With spot checks on their way, now is a good time for organisations holding personal data to revisit their data protection and security policies and procedures. If you would like assistance with reviewing your policies or putting new ones in place, please contact us.

Animal rights activists have been requested by the police to hand over the keys used to unlock encrypted data on computers seized by the police, using powers given to them by the Regulation of Investigatory Powers Act (RIPA). The BBC carries a report on this matter, quoting and linking to a post on the subject by IP/IT barrister David Harris. In that post, David says, of the request received by one activist:

"She will be required to prove that she doesn’t have the relevant keys and if this is not done she risks 2 or 5 years in prison depending on whether it is a terror related request. The proof of a negative is, of course, logically impossible and quite how this would play in court would be interesting and probably factually dependant: would the jury believe her assertion that a third party put the encrypted files on her PC? Or that if they didn’t that she had forgotten her key?

If forensic evidence suggests an encrypted file was recently accessed it may be hard to convince a jury the key was forgotten. In this case however it may well be that since the laptop had been seized 6 months ago it is plausible she had forgotten it subsequently, particularly if it is long complex difficult to remember key."

Six days after the ICO published a report noting that 9 out of 10 people in the UK are worried that organisations are not keeping their personal data secure, the Chanceller Alistair Darling has today told Parliament that his department has managed to lose 25 million benefits records.

The lost data apparently included details of individuals' names, addresses, dates of birth, child benefit and national insurance numbers and some bank or building society details.  Despite this, the Chancellor "insisted people were not at risk from ID fraud".

The BBC reports on the announcement states that the records were contained on 2 discs that were sent by post to the National Audit Office. Not surprisingly, the Tories are making hay with the announcement, saying that cannot be trusted with personal information and therefore that the national ID card scheme should not go ahead.

Central government doesn't seem to be having much luck complying with its data protection obligations at the moment.  As we reported last week, the Treasury has recently had to give undertakings to the ICO that it will comply with the Data Protection Act following an incident involving disclosure of personal data on a visa applications website. In the BBC report on the current issue, the ICO says it is already investigating two incidents involving the Treasury.

The ICO has called the incident an "extremely serious and disturbing breach" and said:

The alarm bells must now ring in every organisation about the risks of not protecting people's personal information properly

I suspect that this isn't the last we'll hear from the ICO, so watch this space for updates.

Chairman of HM Revenue resigns

The BBC reports that the chairman of HM Revenue and Customs, Paul Gray, has resigned in the wake of the incident.

The resignation is a graphic demonstration that the powers that be now recognise data security as a serious public issue, but the Chancellor's dismissal of any risk regarding ID theft is surely suggests the government is somewhat off the ball.

If we care to believe that biographical data of the kinds described are not the sort of details identity thieves would give their right arms for, then what are?  If you have someone's name / address / DoB / NI number and bank details, don't you have a pretty good start on stealing their identity?

Just a reminder to IP practitioners based in the East Midlands, or in the area on Thursday. The latest meeting of NODUS will be held at Eric Potter Clarkson's offices on The Ropewalk, Nottingham. The event begins at 4pm. Full details are on the NODUS blog, including what you need to do to reserve your place.

Looking forward to seeing you there!

The Information Commissioner's Office has announced that it has found the Foreign Office in breach of its obligations under the Data Protection Act 1998. This finding arose from a security breach on the Foreign Office's online visa applications website, where people viewing the site could see information submitted by those applying for visas. The online visa facility was shut down following discovery of the issue.

The ICO has required the Foreign Office to sign an undertaking that it will comply with the Act, will not reopen the same visa facility, and will replace that facility with a new one.

The October/November issue of Computers & Law magazine is currently landing on the desks of IT lawyers across the land. As ever the magazine is essential reading, and includes the following:

• Allan Yeoman writes about the "conundrum" faced by employers when it comes to employee use of FaceBook and other social networking sites, and the options open to employers. (FaceBook is clearly the topic of the week in legal technology circles, with Rupert White writing an article in the Law Society Gazette about the implications and possibilities raised by social networking sites. The article can be read online in the Law Society Management & Information section)
• Beverly Flynn discusses the Information Commissioner's Office guidance on personal data. (See our brief post on the issue linking to the guidance)
• Andrew Mills, our head of Intellectual Property & Technology until very recently, writes a guide to the essentials of Creative Commons.