X

RockYou settles with FTC over charges of exposing user info

Settlement with social gaming site also alleges the company violated Children's Online Privacy Protection Act Rule by collecting and disclosing personal information without parents' consent.

Martin LaMonica Former Staff writer, CNET News
Martin LaMonica is a senior writer covering green tech and cutting-edge technologies. He joined CNET in 2002 to cover enterprise IT and Web development and was previously executive editor of IT publication InfoWorld.
See full bio
Martin LaMonica
RockYou makes social games for children, including Zoo World. Screen capture by Martin LaMonica/CNET

The Federal Trade Commission today said it has reached a settlement with online gaming company RockYou relating to charges that it did not protect personal information.

Hackers accessed information of RockYou's 32 million users in 2009, according to an FTC statement. The FTC also alleges that RockYou violated the Children's Online Privacy Protection Act Rule (COPPA Rule) by collecting information, such as birthdays, of about 179,000 children.

RockYou is required to pay a $250,000 civil penalty and implement a data security program, according to the proposed settlement.

The company's Web site is used for social games, such as making and sharing slideshows. During registration, RockYou collected e-mail addresses, passwords, and dates of birth of children under 13 years old, according to the FTC. Under the COPPA Rule, personal information can only be collected and disclosed online with parents' consent.

The company also violated the FTC Act by indicating that it did not collect children's information and that it would delete that data, according to the settlement (PDF).

The FTC charges that RockYou did not have a clear disclosure policy and did not maintain adequate data protection practices, such as encryption, to guard against data breaches.