Anti-Phishing Law [California]

Governor Schwarzenegger signed legislation on September 30th [2005] to increase California’s legal protections against fraudulent Internet phishing.

SB 355, the Anti-Phishing Act of 2005, makes the practice of Internet "phishing" unlawful in California. "Phishing" is the practice of posing a legitimate company in an email, Web page, or other Internet communication in order to trick a recipient into revealing personal information, which is then used for fraudulent purposes. The new law is codified at Section 22948 et seq. of the California Business and Professions Code.

“22948.2. It shall be unlawful for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business.”

In addition to government enforcement, civil remedies may be pursued by aggrieved businesses:
“A person who (A) is engaged in the business of providing Internet access service to the public, owns a Web page, or owns a trademark, and (B) is adversely affected by a violation of Section 22948.2.”

These parties may seek to recover the greater of actual damages or five hundred thousand dollars ($500,000). Individuals who have been damaged by phishing may bring a direct action to recover the greater of three times the amount of actual damages or $5,000 per violation.

The bill was sponsored by Senator Kevin Murray (D-Los Angeles), who also sponsored SB 97, which was signed into law on September 22nd. It provides that a person who violates California's anti-spam law by sending unsolicited commercial electronic mail has committed a misdemeanor punishable by a fine of not more than $1,000, imprisonment in a county jail for not more than six months, or by both the fine and imprisonment.