RealTime IT News

Million-Dollar Payout in E-Mail Privacy Case

UPDATED: It pays to follow Internet privacy statements.

That's the $1.1 million lesson learned by New York-based e-mail marketing firm Datran Media. The company agreed to pay the amount after the state's attorney general charged it with using 6,000 e-mail addresses it obtained fraudulently.

The e-mails were purchased from companies, including one that offered a chance to win free iPods in exchange for e-mail addresses.

Despite a privacy policy assuring consumers it would "never lend, sell or give out for any reason" the e-mail addresses of visitors, Gratis Internet sold Datran 7 million personal files, according to a statement announcing the settlement.

As part of the agreement, Datran also agreed to destroy the e-mail addresses obtained from Gratis, stop buying personal information unless it checks the seller's privacy policy, and appoint a chief privacy officer.

"We take this matter very seriously," said Datran spokesperson Mark Naples. "Therefore, we believe it was important to confront it head-on and resolve it quickly.

While Datran discontinued the practice in the first half of 2005 –- and began to do so well before any inquiry from the attorney general -– many marketing and list owner companies continue to engage in this practice."

The agency continues to investigate Gratis, along with other companies collecting and selling personal data, according to the attorney general's office.

"A privacy policy is more than an empty promise," said Beth Givens, director of the Privacy Rights Clearinghouse, in a statement. Givens told internetnews.com the lawsuit was very important.

While the lawsuit tells marketers there are consequences to flaunting consumer privacy, the watchdog group would like to see the a law requiring marketers inform people where they purchased their name. "Privacy abuse can be done invisibly," said Givens.

In a similar case previously reported by internetnews.com, America Online (AOL) filed three lawsuits against unidentified phishers.

Employing the nation's first anti-phishing law enacted in Virginia, AOL seeks $18 million from phishers. AOL charges the unknown phishers sent AOL members official-looking emails attempting to get passwords, credit card numbers and other personal information.

CardSystems, a credit card processing company, agreed to settle a Federal Trade Commission (FTC) investigation after hackers broke into a system holding more than 40 million credit cards.

Almost 30 breaches have occurred so far in 2006, according to a Privacy Rights Clearinghouse chronology.

Personal information of more than 53 million people has been breached, according to the chronology, since the FTC penalized ChoicePoint for failing to protect consumers' information.

Following a year of seeming rampant personal information disclosure, the U.S. House tabled the Data Accountability and Trust Act, which would require data brokers to disclose when personal data is breached.

While the 2004 CAN-SPAM Act was meant to reduce the number of spam, "spam is out of control," Givens said, adding that the federal ant-spam law is "very weak."