Investigation Reveals Massive Privacy Breach

Attorney General Spitzer today announced a settlement to address what may have been the largest breach of privacy in internet history.

The settlement with Datran Media, a leading e-mail marketer, follows an investigation that identified the improper disclosure of the personal information of more than six million American consumers.

"With this case, we hope to set a new standard for internet marketers and consumer research companies," Spitzer said. "Personal information secured through a promise of confidentiality must always remain confidential."

Datran was alleged to have improperly used information it had obtained from several companies that compile and sell information on consumers.

The largest such company, Gratis Internet, had assured consumers on several web sites it owned and operated that it would "never lend, sell or give out for any reason" the information provided by users. Among the sites on which Gratis collected user information were "freeipods.com" and "freedvds.com."

The Attorney General's investigation revealed that Datran knew of Gratis' promise to consumers when it purchased the consumer lists. But after obtaining these lists, Datran sent millions of unsolicited e-mails to the listed consumers.

The seven million files that Gratis sold to Datran is believed to be the largest deliberate breach of a privacy policy discovered by U.S. law enforcement to date.

Under an Assurance of Discontinuance with the Attorney General, Datran has agreed to pay $1.1 million as penalties, disgorgement and costs. Datran must also:

  • Destroy the information obtained from Gratis and the other list sellers at issue;
  • Avoid acquisition of any personal consumer information without first independently confirming that such acquisition is permissible under relevant seller privacy policies; and
  • Appoint a Chief Privacy Officer or other employee to oversee privacy compliance efforts.

Spitzer noted that Datran cooperated fully with his office's investigation, and that the company began improving its list purchasing and due diligence practices in April 2005, just prior to the commencement of the investigation.

Beth Givens, Director of the Privacy Rights Clearinghouse, a consumer advocacy organization hailed the settlement.

"A privacy policy is more than an empty promise. Companies must be held to their word. Attorney General Spitzer sends an important message to any company that would violate the terms of an agreement of a data seller."

Spitzer said he hoped the case would help establish basic controls on data compiled and sold by professional consumer research companies and list builders.

"Companies must adhere to known privacy policies and promises. Failing to do so constitutes a clear consumer fraud," said Spitzer.

Spitzer's office is continuing an investigation into Gratis and other companies that compile and sell consumer information.

This matter was handled by Assistant Attorney General Karen Geduldig of the Attorney General's Internet Bureau, under the direction of Ken Dreifach, Chief of the Internet Bureau, and with the assistance of fraud analyst Sibu Thomas.


Attachment:

For Adobe PDF files you can download Adobe Reader from Adobe Systems.

sitemap Intergov foil PressOffice RegionalOffices SolicitorGeneral AppealsandOpinions ConvictionBureau CrimPros OCTF MFCU PublicIntegrityInvestigations TaxpayerProtection Antitrust ConsumerFrauds Internet InvestorProtectionRealEstateFinance CharitiesCivilRightsEnvironmentHealthCareLaborTobaccoCivilRecoveriesClaims Litigation RealPropertySOMB BudgetLegalRecruitmentHuman Resources Bureau