Everyone knows that Paper beats Rock when it comes to that renowned dispute resolution technique.  A Privacy Policy, however, will only help you beat FTC allegations if you abide by it. The FTC alleged that social game site operator RockYou allegedly failed to live up to the promises made in its privacy policy exposing 32 million email addresses and passwords to hackers and that RockYou also collected information about children without parental consent in violation of the Children’s Online Privacy Protection Act Rule (COPPA Rule).  To settle these charges, RockYou agreed to pay a $250,000 civil penalty and to implement a comprehensive data security program.

RockYou operated a website that allowed consumers to play games and use other applications, and collected emails and passwords from consumers for certain of those applications.   The FTC alleged that RockYou promised in its privacy policy that it would implement reasonable and appropriate measures to protect against unauthorized access to the personal information it obtained from consumers.  The FTC further alleged that RockYou failed to secure consumers data, which resulted in hackers obtaining access to approximately 32 million email addresses and passwords.

The FTC also charged RockYou with failing to abide by a second part of its privacy policy: that it would not collect information from children and that if it learned information collected was from a child would delete it. The FTC charged that the failures to abide by the privacy policy constituted a deceptive act under the FTC Act.

Regarding the COPPA Rule, the FTC charged RockYou with violating the Rule when it obtained 179,000 children’s email addresses and associated passwords without parental consent and enabled children to create personal profiles and post personal information that could be shared on line again without parental consent.

To settle the FTC’s charges, RockYou agreed to pay a $250,000 civil penalty and to injunctive provisions that bars deceptive claims regarding privacy and data security and requires RockYou to implement a comprehensive data security program and submit to security audits by independent third-party auditors every other year for 20 years.  So make sure you rock your privacy policy by sticking to the promises you make to your visitors.  And if your visitors are kids understand the FTC is closely monitoring such sites for COPPA compliance and likely this will continue to be an area of enforcement priority.