RockYou settles with FTC over charges of exposing user info
Settlement with social gaming site also alleges the company violated Children's Online Privacy Protection Act Rule by collecting and disclosing personal information without parents' consent.
The Federal Trade Commission today said it has reached a settlement with online gaming company RockYou relating to charges that it did not protect personal information.
Hackers accessed information of RockYou's 32 million users in 2009, according to an FTC statement. The FTC also alleges that RockYou violated the Children's Online Privacy Protection Act Rule (COPPA Rule) by collecting information, such as birthdays, of about 179,000 children.
RockYou is required to pay a $250,000 civil penalty and implement a data security program, according to the proposed settlement.
The company's Web site is used for social games, such as making and sharing slideshows. During registration, RockYou collected e-mail addresses, passwords, and dates of birth of children under 13 years old, according to the FTC. Under the COPPA Rule, personal information can only be collected and disclosed online with parents' consent.
The company also violated the FTC Act by indicating that it did not collect children's information and that it would delete that data, according to the settlement (PDF).
The FTC charges that RockYou did not have a clear disclosure policy and did not maintain adequate data protection practices, such as encryption, to guard against data breaches.