New York Attorney General Eliot Spitzer has agreed to a US$1.1 million settlement from an interactive marketing firm that he said reused e-mail addresses and other consumer information without authorization.
Spitzer described the case involving Datran Media as being possibly “the largest breach of privacy in Internet history” with e-mail addresses and other data about some 6 million people involved.
Setting a New Standard
Under the settlement, New York City-based Datran agreed to discontinue its practices of using improperly obtained e-mail addresses and agreed to pay $1.1 million to the state of New York.
“With this case, we hope to set a new standard for Internet marketers and consumer research companies,” Spitzer said. “Personal information secured through a promise of confidentiality must always remain confidential.”
The deal marks just the latest victory for Spitzer in the online arena. The AG has been a high-profile crusader against shady business practices, especially in the Web marketing niche.
Spitzer has taken on numerous spam-related cases and led the effort to force Wall Street investment banks to change the practices that led to misleading investor information during the dot-com boom. He also won a major settlement against interactive marketing company Intermix, which he accused of knowingly propagating adware and spyware onto consumers’ computers.
Mixed Messages
Datran was accused of improperly using information it had obtained from several companies that compile and sell information on consumers. That information often has limitations on it, which Datran was accused of ignoring.
For instance, in the largest example, Datran acquired information from a company known as Gratis Internet. That firm had assured consumers who filled out forms to win prizes on sites such as “freeipods.com” and “freedvds.com” that it would “never lend, sell or give out for any reason” the data provided.
Spitzer said a six-month investigation revealed that Datran knew of Gratis’ promise to consumers when it purchased consumer lists from it, but still sent “millions” of unsolicited e-mail messages to the addresses on the list. Some 7 million files were involved in that transaction alone, Spitzer said.
In addition to the $1.1 million payment, Datran agreed to destroy all lists and other data it obtained from Gratis and the other list sellers and avoid buying new lists without first confirming that the names on the lists do not have restrictions on them.
Datran also agreed to appoint a chief privacy officer or equivalent position.
Privacy Protection
Spitzer said Datran began revamping its policies nearly a year ago, around the time his office began investigating the company.
Datran is a privately held firm that last year took in some $60 million in venture funding as it prepares to grow.
Firms such as Datran that can provide both interactive advertising services and access to databases of consumers willing to be contacted online are growing in importance as companies recognize the value of direct contact with consumers, said Forrester analyst Eric Schmitt.
Consumers, however, need confidence that their information will be used only with authorization, or else marketers risk alienating them and prompting many more to opt out of direct contact, diminishing the value of e-mail marketing.
Unless companies agree to comply with it, “a privacy policy is more than an empty promise,” Beth Givens, director of the Privacy Rights Clearinghouse, said.
“Companies must be held to their word,” she added.
Social Media
See all Social Media