SOCIAL GAMING OUTFIT Rockyou has agreed to implement a "comprehensive data security programme" and cough up a $250,000 fine to the US Federal Trade Commission (FTC).
The FTC revealed that after it issued a complaint against Rockyou the gaming web site operator agreed to settle charges that, despite promoting its internal security measures, it failed to protect the privacy of its users. This allowed hackers to access the personal details of 32 million users, including almost 200,000 children.
It alleged that Rockyou "knowingly collected" approximately 179,000 childrens' email addresses and associated passwords during registration without their parents' consent and enabled children to create personal profiles and post personal information on slide shows that could be shared online.
The company also asked for childrens' dates of birth, and so must have knowingly accepted registrations from children under 13. In addition, the company's security failures put users' including childrens' personal information at risk, according to the FTC.
The trade regulator said its proposed settlement order bars deceptive claims regarding privacy and data security and requires Rockyou to implement a data security programme and submit to security audits by independent third-party auditors every other year for 20 years. It also requires Rockyou to delete information collected from children under age 13 and bars further COPPA violations.
The FTC said its complaint against Rockyou is part of its ongoing effort to make sure that companies live up to the privacy promises they make to consumers, and that childrens' information isn't collected or shared online without their parents' consent. µ