Yes, Web privacy policies have been enforced through lawsuits and the actions of government agencies.
For example, some state attorney generals (AGs), notably Eliot Spitzer of New York, are aggressively applying consumer protection statutes to promote Web security. Technology publisher Ziff Davis agreed with the New York, California and Vermont attorneys general to pay $125,000 in legal fines, costs and damages for insecurity on its Web site. (Read more about it here.)
The agreement concluded an investigation launched by the AGs on the grounds that Ziff Davis had violated state deceptive trade practices statutes.
Within those 12,000 entries, a mere 50 contained credit card information. As a result of this security lapse, at least five consumers suffered from fraudulent transactions against their credit cards.
Ziff Davis cooperated with the investigation and reached an out-of-court agreement with the AGs. Ziff Davis agreed to implement new security controls. It agreed to pay $500 to each of the 50 credit cardholders whose credit card information was exposed. And it agreed to pay the AGs $100,000.
Editor's note: None of Mr. Wright's statements on SearchSecurity.com are legal advice for any particular situation. If you need legal advice, you should consult a lawyer.
This was first published in February 2004