tag:blogger.com,1999:blog-9959351.post114262307404220732..comments2023-10-14T04:53:34.428-04:00Comments on Tsibouris Privacy + Technology Law Blog: NY AG settles massive privacy breachDino Tsibourishttp://www.blogger.com/profile/16507887938640430240noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-9959351.post-1143491591805448922006-03-27T15:33:00.000-05:002006-03-27T15:33:00.000-05:00In the lawsuit filed against Gratis Spitzer states...In the lawsuit filed against Gratis Spitzer states that Gratis falsely represented to each (Datran, JDR, and Jumpstart) that it has received its users' permission to share the data. PP 31 of verified petition. So did Datran settle because they were concerned that they would be held responsible for the privacy guarantee in GRatis' privacy policies even though in the agreement they had with Gratis, Gratis "warranted that the data being shared consisted of records of persons who have supplied Affirmative Consent (as defined in the Can-Spam Act of 2003) to receive third party commercial em-mail advertising messages?" In the investigations that preceded the Datran settlement the Attorney general found that "Notwithstanding this deceptive statement in their agreement, Datran apparently knew about, or discovered, the restrictions on the data, prior to accepting it. For this and related practices, Datran entered into a voluntary Assurance of Discontinuance with the Attorney General..."<BR/> <BR/>So what if Datran had not known? Would they be responsible for investigating the privacy policy themselves? What if they privacy policy had changed after the agreement was made and Gratis did not notify Datran?<BR/> <BR/>Thoughts?Anonymousnoreply@blogger.com