California’s top attorney, Kamala Harris, announced the launch of the Department of Justice’s Privacy Enforcement and Protection Unit, being formed to guard the privacy of Californians by prosecuting violators of state and federal laws. The press release says “The Privacy Unit will police the privacy practices of individuals and organizations to hold accountable those who misuse technology to invade the privacy of others.” The new department, with six veteran prosecutors, will wield broad enforcement powers over cyber privacy, health privacy, financial privacy, identity theft, government records and data breaches. It will operate within the eCrime Unit that Harris created in 2011.
Category Archives: Childrens Privacy / COPPA
The social networking and gaming site RockYou.com was hacked in December 2009 and suffered a severe data breach, which exposed personal information including email addresses, passwords and photos of 32 million users. Of that 32 million, 179,000 were children. The situation went from bad to worse for RockYou when the hacker posted on the Internet a snippet of the data he obtained, showing that RockYou’s user account data were stored in plain text in its database and not encrypted. Unencrypted personal information is basically like catnip to a hacker and from a risk perspective, the company was in deep trouble. Compounding its problems, RockYou handled the communication to its users and the public horribly and this incident was a public relations disaster for the company.
The takeaways? This is a story about the consequences of a company’s deceptive business practices, failed data security program and clearly a lack of preparedness when faced with a large scale data breach. Aside from the $250,000 fine and attorneys’ fees the company must pay, the other economic costs here are lost business costs and the widespread damage to RockYou’s reputation and brand caused by this catastrophic breach.
Welcome to Privacy Matters, a Nolo blog devoted to information privacy and data security issues as they relate to small businesses and consumers. Information privacy covers the rules that apply to the gathering and handling of “personal information” — in other words information that can be traced to a particular individual, like geolocation information, credit information, or health records.
Privacy law varies by industry, state, country, transaction and customer and is complicated. Through blog posts and an ongoing series of Nolo primer articles, I hope to provide general, useful information about fundamental privacy principles and best practices that Internet, technology and bricks and mortar businesses need to be aware of, as this area of law can be a field of landmines for the unknowing.
Class action lawsuits and Federal Trade Commission enforcement actions against tech titans like Facebook and Google, and high-profile data breaches jeopardizing that private data of millions of individuals and tarnishing the reputations of scores of companies like Sony, Heartland Payments Systems and RSA Security — have thrust privacy onto the front pages. It’s important for small business owners to recognize that the same rules that have gotten large companies into trouble apply to small businesses as well. When it comes to privacy, an once of prevention is, in fact, worth a pound of cure.