Blog
FTC Settles Security Case for $250,000 in Civil Penalties
Blog
April 3, 2012
RockYou, a website that lets users create and share photo slideshows, has settled FTC allegations that it failed to provide adequate security over its online systems (security measures it alleged to be using in its privacy policy). According to the FTC, as a result of RockYou's security failures, hackers were able to access the unencrypted email addresses and passwords of over 32 million users. This is not the first time that RockYou has been under fire for these same security practices. As we reported in December, the company settled a class action lawsuit over its failure to provide adequate security for users' email and password combination. In addition to security violations, the FTC also alleged that the company violated the Children's Online Privacy Protection Act by failing to get parental consent before collecting information from approximately 179,000 minors. In particular, during the registration process, the site asked for date of birth, and thus knowingly collected information from people who indicated that they were under 13.
TIP: There has been an uptick in privacy cases in 2012. Companies should ensure that they have steps in place to appropriately protect consumer data. The FTC has also stressed that this is one of a long line of cases it has brought to make sure "companies live up to the privacy promises they make to consumers," so companies should also ensure that their privacy policies and other representations about privacy are accurate.
This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.