The Federal Trade Commission announced a settlement with Myspace
over disclosure of Myspace users' personal information. The FTC
Myspace provided advertisers with the unique identifier of Myspace
users who were viewing particular pages on the social networking
site. Advertisers could use the unique identifier to locate a
user's Myspace profile to obtain personal information publicly
available on the profile and, in most instances, the user's
full name. According to the FTC, advertisers also could combine the
user's real name and other personal information with additional
information to link broader web-browsing activity to a specific
individual. The FTC claimed that these practices violated
The agency also claimed that Myspace certified that it was
complying with the U.S.-EU Safe Harbor Framework, which provides a
method for U.S. companies to transfer personal data lawfully from
the European Union to the United States. As part of its
self-certification, Myspace claimed that it complied with the Safe
Harbor Principles, including the requirements that consumers be
given notice of how their information will be used and the choice
to opt out. The FTC alleged that these statements were false.
Under the proposed settlement, Myspace is required to establish
a comprehensive privacy program designed to protect consumers'
information, and to obtain biennial assessments of its privacy
program by independent, third-party auditors for 20 years.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In last year's BakerHostetler Incident Response Report, we reported the range of PCI DSS non-compliance fines as $5,000 – $50,000 and the per card amount of liability imposed to reimburse issuers of affected cards as $3-$25.
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
The Payment Card Industry Security Standards Council (PCI SSC) has released a new version of its data security standard for the protection of cardholder data, the Payment Card Industry Data Security Standard (PCI DSS).
The idea of cybersecurity may be foreign—or even frightening—to many attorneys. However, as evidenced in Part One of this series ("Cybersecurity: You Can't Afford to Ignore It Anymore," April 25) law firms appear to be the next great target for hackers. In light of that, as a risk management prevention tool, attorneys and firms need to be aware of how to protect themselves.
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).