Ashley Madison reaches settlement with FTC over data security issues

If you’re concerned about data security and privacy, you need to know about the FTC’s settlement with ruby ​​Corporation, ruby ​​Life Inc., and ADL Media Inc. (the company that operates AshleyMadison.com).

AshleyMadison.com promotes a “100% safe and anonymous” dating site. It supports these claims by adding a “Trusted Security Award” icon and an image indicating that the site is “100% discreet.”

The site promises “thousands of women” in your city (note that about 16 million of the 19 million profiles in the United States are men). It then used “participant profiles” – fake profiles created by staff who communicated like real female users. The company created these profiles using information from existing members who had not had any account activity for a period of time. Many times, non-paying users will upgrade to full membership so they can message people they think are real users but are actually fake profiles.

For users worried about others discovering their activities on the site, the site promises you can “delete your digital traces.” For just $19, you can purchase Complete Delete, which promises to delete all of your information from AshleyMadison.com. We talk about information like: name; relationship status; sexual preferences and desired encounters; desired activities; photos; and financial information. It sounds like people don’t want to leak this information in public, right?

In July 2015, a group called “The Impact Team” invaded Ashley Madison’s computer system. The group threatened to release all user information of Ashley Madison unless the site was shut down. When the company balked, the organization released the personal information of 36 million users. This is a lot of very personal information about a lot of people.

It even includes information from people who paid for “complete deletion.” It turns out that Ashley Madison retains personal information for up to 12 months after “complete deletion” and sometimes fails to completely delete personal information.

How did this happen? The FTC’s complaint alleges that AshleyMadison.com failed to provide reasonable data security through various practices, including:

  • No written information security policy
  • Failure to implement reasonable access controls
  • Failure to provide adequate data security training to personnel
  • Failure to monitor third-party service providers

These basic principles are outlined in the FTC’s “Start Safe” guidance.

The FTC’s five-count complaint alleges deception and unfairness. The deception offenses include: misrepresenting that the company took reasonable steps to ensure the security of AshleyMadison.com; misrepresenting that participant profiles were from real women; misrepresenting that profiles were deleted; and misrepresenting that data security seals (you guessed it—without writing Companies with poor data security policies do not actually receive the Trusted Security Award). Finally, the complaint alleges that the company’s unfair safety practices harmed or had the potential to harm consumers.

The FTC’s settlement with Ruby Corporation and its subsidiaries prohibits the companies from making such misrepresentations. It also requires them to maintain comprehensive information security programs and conduct evaluations every two years.

The FTC is not alone. The FTC settled with thirteen states and the District of Columbia. The FTC also received help from its international counterparts in Canada and Australia. Following the joint investigation, the Office of the Canadian Privacy Commissioner entered into a compliance agreement with Toronto-based Ruby Corporation, and the Office of the Australian Information Commissioner also entered into an enforceable undertaking. These agreements focus on remediation measures to improve the company’s data security and data retention policies.

So what lessons have we learned from the Ashley Madison affair? Businesses must keep their promises. If you collect sensitive personal information, you must protect it.

For more guidance on how to do this, check out Protecting Personal Information: A Guide for Business and Start Safe: A Guide for Business. For additional compliance resources, visit the Business Center’s Privacy & Security Portal.

Source link

from Tech Empire Solutions https://techempiresolutions.com/ashley-madison-reaches-settlement-with-ftc-over-data-security-issues/
via https://techempiresolutions.com/

from Tech Empire Solutions https://techempiresolutions.wordpress.com/2024/02/01/ashley-madison-reaches-settlement-with-ftc-over-data-security-issues/
via https://techempiresolutions.com/



from Mary Ashley https://maryashle.wordpress.com/2024/02/01/ashley-madison-reaches-settlement-with-ftc-over-data-security-issues/
via https://techempiresolutions.com/

Comments

Post a Comment

Popular posts from this blog

Comic creators backlash against indie bar remaking them

Freelance comics writers and artists blame publishers Scout Comics of don’t pay them To do their job, in some cases, without doing so (or communicating with them) for a year or more. Preparing for the Sandworm Scenario in the Dunes: Part Two everything starts from Jared Lujan co-founder of 2023 one-shot All the devils are here, claimed on social media that he was “screwed” by Scout and advised new creators to stay away from the company.in his Twitter In the post, he claimed that he had not been paid for his work in “over a year” and that when he tried to find out the truth, he was met with hostility. “The editorial director hinted that we would be blacklisted for complaining,” Lujan said.[and the] The executive came in acting like he was going to help, but now he’s ghosting us too. If that’s all true at the top, you know why everything else sucks. “ Following Luján’s post, other creators chimed in with their own Boy Scout experiences.Many, such as artist Christ...
Read more