It seems that every month there are new enforcement actions to report in the privacy space. The past month has been a blockbuster, where varied enforcers have taken action against diverse players--with big results.
This week we learned that social network Myspace is being sued for allegedly sharing its members' data with aggregators without first obtaining their consent. The complaint, filed in U.S. District Court on Wednesday, accuses Myspace of transmitting member data to aggregators who then package and sell it to advertisers.
This news follows that of a recent Securities and Exchange Commission (SEC) action against a dissolved securities firm whose management allowed an employee to take clients' personal data to another firm. The SEC fined the company's chief compliance officer $15,000 for failing to ensure the protection of confidential customer data, suggesting that regulators' actions following breaches of personal data are becoming, well, more personal.
You'll learn more about the SEC action in one of this month's stories. It is one of a slew of similar actions in recent weeks that indicate U.S. agencies are focusing on privacy matters more deeply than ever before.
The Federal Trade Commission's March agreement with Google over what the company has admitted was a less-than-flawless debut of its Buzz social network will see FTC auditors examining Google's privacy practices for the next 20 years. Recent fines levied by the Department of Health and Human Services Office of Civil Rights indicate that agency has increased its focus on enforcing privacy. And, later this month, the U.S. Supreme Court will hear a case related to the use of doctors' prescribing practices for marketing purposes.
We'll be watching. We hope you will be, too.
J. Trevor Hughes, CIPP
President & CEO, IAPP