Washington State is giving its Consumer Protection Act some new teeth. The law holds phishers and other net perps liable for damages resulting from stealing personal information, and the State likely thought that was a little too obvious (like I did). So they made a couple of mods, and now every dispenser of webbugs better beware.
The amendments now point to attempts, not just succeeding, as well as uping the potential damages in the case of actually stealing something.
For phishing, the victims and the State will be able to seek damages up to $500 per violation, or total damages in the case of actual consumer information theft. ISPs can sue for $5,000 or actual damages, and get treble damages (in a judge’s discretion, of course).
I think the real gusto is in the spyware piece though. If a spyware vendor uses the information their code gathers in a nasty way, the attorney general can seek the greater of $100,000 or actual damages, per use. Judges can increase the damages, up to $2 million. All species of web animal can sue under the bill, meaning consumers and businesses.
This bill is going to make it hell to do shady net business in Microsoft’s neighborhood (you don’t really think they had nothing to do with this, do you?). Even though proving out liability is going to be a little tough, the extent of potential damages is going to motivate a lot of folks to try.
Expect tons of lawsuits against spammers and spyware outfits very shortly.