The Federal Trade Commission announced a settlement with Myspace
over disclosure of Myspace users' personal information. The FTC
Myspace provided advertisers with the unique identifier of Myspace
users who were viewing particular pages on the social networking
site. Advertisers could use the unique identifier to locate a
user's Myspace profile to obtain personal information publicly
available on the profile and, in most instances, the user's
full name. According to the FTC, advertisers also could combine the
user's real name and other personal information with additional
information to link broader web-browsing activity to a specific
individual. The FTC claimed that these practices violated
The agency also claimed that Myspace certified that it was
complying with the U.S.-EU Safe Harbor Framework, which provides a
method for U.S. companies to transfer personal data lawfully from
the European Union to the United States. As part of its
self-certification, Myspace claimed that it complied with the Safe
Harbor Principles, including the requirements that consumers be
given notice of how their information will be used and the choice
to opt out. The FTC alleged that these statements were false.
Under the proposed settlement, Myspace is required to establish
a comprehensive privacy program designed to protect consumers'
information, and to obtain biennial assessments of its privacy
program by independent, third-party auditors for 20 years.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The National Institute of Standards and Technology has released the fourth revision of its standard-setting computer security guide, Special Publication 800-53 titled Security and Privacy Controls for Federal Information Systems and Organizations, and this marks a very important release in the world of data privacy controls and standards.
The obligations of hedge funds, investment managers and service providers to protect confidential information relating to investors and avoid breaches of data privacy legislation is increasingly in focus.
In a recently released decision from the U.S. District Court for the Southern District of Florida, Mais v. Gulf Coast Collection Bureau, et al., Judge Robert N. Scola, Jr., granted in part and denied in part cross motions for summary judgment in a putative class action before considering the issue of class certification.
The report also found that most utilities only comply with mandatory cybersecurity standards, and have not implemented voluntary NERC recommendations regarding general or specific threats (e.g., Stuxnet).