A number of recent developments indicate that the 110th Congress, to be seated in January, may seek to federalize data privacy laws and preempt state legislation in that area. Several data security bills were introduced in the 109th Congress; however, to date, none have passed.

Sen. Patrick Leahy of Vermont, the incoming chair of the Committee on the Judiciary, recently reiterated his commitment to enacting privacy legislation. One of Leahy’s aides noted that he expects the reintroduction of S. 1789, a bill heard by the Judiciary Committee that did not progress. In addition to creating requirements for protection of data and notification of breaches, S. 1789, at least as revised in 2005, contains the following clause: “No State may require any business entity subject to this subtitle to comply with any requirements with respect to administrative, technical, and physical safeguards for the protection of sensitive personally identifying information.”

Senator Diane Feinstein of California, incoming chair of the Senate Committee on the Judiciary Subcommittee on Terrorism, Technology and Homeland Security, also plans to introduce legislation concerning notification of data breaches. Feinstein introduced similar legislation in 2005. That bill, which was referred to the Committee on the Judiciary, would have preempted state law only to the extent it was inconsistent.

For more on other data security bills introduced in the 109th Congress, see this Alert.

FTC Settles Do Not Call Violations

The FTC has agreed to settle charges against the remaining defendants named in a 2005 complaint against El Segundo-based DIRECTV and related telemarketers. Telemarketing companies D.R.D. and Global Satellite were charged with having violated the Do Not Call provisions of the Telemarketing Sales Rule. The companies agreed to pay a combined $100,000. Global Satellite was fined $653,013, but due to Global’s inability to pay, the FTC suspended the penalty in exchange for $65,000 from the head of the company and the possibility of collecting the full sum if the FTC later finds that Global misrepresented its financial status. The settlement prohibits both companies and their officials from further violating the Telemarketing Sales Rule.

The 2005 complaint resulted in the largest Do Not Call penalty to date. In December 2005, DIRECTV agreed to pay $5.3M to settle the claim against it.


On December 19, Sony BMG settled for $1.5 million lawsuits brought against it by California and Texas, and separately settled a consumer class action suit. The suits concerned compact discs that installed hidden anti-piracy programs on consumers’ computers. The programs allegedly rendered host computers vulnerable to attack and caused damage when removed. According to the States’ complaint, the outer packaging of the CDs contained no warning about the software. The anti-piracy software therefore was loaded onto consumers’ computers without their knowledge or consent, allegedly in violation of Texas and California laws.

Sony BMG will pay Texas and California $750,000 each. In addition, Sony BMG will refund the purchase price of CDs containing the software, up to $175 per person, and pay for necessary repairs.

Sony BMG Settles Suit