The thing that muddies this is that, as I understand it, the notice was not for takedown (i.e. there is not an allegation that they are *hosting* infringing material) - it is a notice that one of their users *downloaded* copyrighted material (IP, do I have that right?)
This is part of the RIAA's "graduated response" program, to which several major ISPs, including AT&T, Verizon, and Comcast, have agreed.
Basically, the accuser contacts the ISP, and the ISP sends a warning (a "copyright alert") to their user (without giving up the user to the accuser).
If the same user is accused subsequently, they get another, sterner warning. In total there is a series of six warnings, with "mitigation measures" accompanying the fifth and sixth warning.
If I were counseling an ISP - whether one that was part of the agreement, or not - I would say that the first order is to *put your policy around copyright alerts in writing* - asap - and make it as specific as possible - and then *ALWAYS FOLLOW IT EVERY SINGLE TIME*.
It almost (I say almost) doesn't matter what the policy is so long as it's reasonable, but it matters that it be followed to the letter every time, no exceptions.
And, if you are an ISP that isn't part of the agreement with the RIAA, it's still not a bad idea to structure your policy to follow the six "copyright alert" structure, because there is some precedent there, and then you come off looking like you are trying to do the right thing, which will make you a less easy target.
These two articles give a pretty good explanation of the deal: