UPDATED: It pays to follow Internet privacy statements.
That’s the $1.1
million lesson learned by New York-based e-mail marketing firm Datran
Media. The company agreed to pay the amount after the state’s
attorney general charged it with using 6,000 e-mail addresses it obtained
fraudulently.
The e-mails were purchased from companies, including one that offered
a chance to win free iPods in exchange for e-mail addresses.
Despite a
privacy policy assuring consumers it would “never lend, sell or give out
for any reason” the e-mail addresses of visitors, Gratis Internet sold
Datran 7 million personal files, according to a statement announcing the
settlement.
As part of the agreement, Datran also agreed to destroy the e-mail
addresses obtained from Gratis, stop buying personal information unless
it checks the seller’s privacy policy, and appoint a chief privacy officer.
“We take this matter very seriously,” said Datran spokesperson Mark
Naples. “Therefore, we believe it was important to confront it head-on
and resolve it quickly.
While Datran discontinued the practice in the
first half of 2005 –- and began to do so well before any inquiry from the
attorney general -– many marketing and list owner companies continue to
engage in this practice.”
The
agency continues to investigate Gratis, along with other companies
collecting and selling personal data, according to the attorney
general’s office.
“A privacy policy is more than an empty promise,” said Beth Givens,
director of the Privacy Rights Clearinghouse, in a statement. Givens
told internetnews.com the lawsuit was very important.
While the lawsuit tells marketers there are consequences to flaunting
consumer privacy, the watchdog group would like to see the a law
requiring marketers inform people where they purchased their name.
“Privacy abuse can be done invisibly,” said Givens.
In a similar case previously reported by internetnews.com,
America Online (AOL) filed
three lawsuits against unidentified phishers.
Employing the nation’s
first anti-phishing law enacted in Virginia, AOL seeks $18 million from
phishers. AOL charges the unknown phishers sent AOL members
official-looking emails attempting to get passwords, credit card numbers
and other personal information.
CardSystems,
a credit card processing company, agreed to settle a Federal Trade
Commission (FTC) investigation after hackers broke into a system
holding more than 40 million credit cards.
Almost 30 breaches have
occurred so far in 2006, according to a Privacy Rights Clearinghouse chronology.
Personal information of more than 53 million people has been breached, according to the chronology, since the FTC penalized ChoicePoint for failing to protect consumers’ information.
Following a year of seeming rampant personal information disclosure, the U.S. House tabled the Data Accountability and Trust Act, which would require data brokers to disclose when personal data is breached.
While the 2004 CAN-SPAM
Act was meant to reduce the number of spam, “spam is out of
control,” Givens said, adding that the federal
ant-spam law is “very weak.”