Davis Wright Tremaine LLP Davis Wright Tremaine LLP
Practice Areas - Privacy & Security
Home

Practice Areas - Privacy & Security
 

Legal Services

Advisory Bulletins & Publications

Attorneys

Useful Web Links

Privacy & Security Search
 

 
News to Use
Recruiting
DWT in the Community
Seminars & Training
Bookstore
Lawyer Directory
Office Locations
Search & Site Map

Advisory Bulletin return to Advisory Bulletin main page

Email this page to a colleague
Print version

California's $500,000 Incentive to Fight Phishing Scams

By Lance Koonce
[October 2005]

Corporations that do business in California now have a powerful new weapon to fight phishing attacks on their customers. On Friday, September 30, Governor Arnold Schwarzenegger signed California Senate Bill 355, the Anti-Phishing Act of 2005, making phishing schemes illegal in California.  The legislation states that "[i]t shall be unlawful for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business."

Of great interest to corporations is a provision of the law that allows an entity that is "engaged in the business of providing Internet access service to the public, owns a Web page, or owns a trademark" to bring an action when the entity is "adversely affected" by a violation of the law.  Presumably this means an indirect effect on a business, such as phishing attacks directed at its customers, may trigger liability. Notably, the entity can elect to seek either actual damages or $500,000, whichever is greater.  Also, plaintiffs can ask a court for treble damages "in cases in which the defendant has engaged in a pattern and practice of violating" this law, and to seek prevailing party attorneys fees.

While the new law provides a strong incentive for businesses to bring suit against phishers, the most difficult aspect of these cases will continue to be identifying the violator.  However, the availability of $500,000 in statutory damages means that if businesses make the effort to try to track down the perpetrators, they at least have the possibility of covering the costs of hiring forensics experts to do so.

Finally, unlike many anti-spam acts that failed to bring things like comment spam within their ambit, the new California law appears to apply more broadly to types of phishing attacks that are not initiated through email: the "through the use of the Internet" language would appear to encompass activities such as pharming and DNS poisoning.

DWT's Privacy and Security Blog For coverage of this and other issues of interest, please visit http://www.privsecblog.com.

For more information, please contact:

Thomas R. Burke

Thomas R. Burke
San Francisco, California
(415) 276-6552
ThomasBurke@dwt.com

 Seth D. Levy Seth D. Levy
Los Angeles, California
(213) 633-6869
SethLevy@dwt.com
       
Lance Koonce Lance Koonce
New York, New York
(212) 603-6467
LanceKoonce@dwt.com		 Bruce E.H. Johnson Bruce E.H. Johnson
Seattle, Washington
(206) 628-7683
BruceJohnson@dwt.com


This Advisory is a publication of the Privacy and Security Group of Davis Wright Tremaine LLP. Our purpose in publishing this Advisory is to inform our clients and friends of recent privacy and security developments. It is not intended, nor should it be used, as a substitute for specific legal advice as legal counsel may only be given in response to inquiries regarding particular situations.

Copyright © 2005, Davis Wright Tremaine LLP.


return to Advisory Bulletins main page

 

 

 

Davis Wright Tremaine LLP
Home | Practice Areas | News To Use | Recruiting | DWT in the Community
Seminars & Training | Bookstore | Lawyer Directory | Office Locations | Search & Site Map
Davis Wright Tremaine LLP Davis Wright Tremaine LLP