Second Life,” the fast-growing online site where hundreds of thousands of people play out fantasy lives online, has suffered a computer security breach that exposed the real-world personal data of its users.
Or to abuse the bard further, there is something rotten in the state of online. Almost every day, I read of major lapses in security and privacy. Whether it is a bank throwing stuff away it shouldn’t, or the AOL debacle, or laptops left in the back of cars with James Bond’s details on. (I read these everyday because I get an interesting newsletter from the Privacy association !)
Back to the Second life and stuff. At the recent Geeklaw (GIKII) conference, Nic Suzor, from QUT law School in oz presented a paper on Governance in Virtual Environments. (The slides don’t do the presentation justice, but do check out the naked gnome protest)
Nic raised the point that some people spend a lot of time in these worlds, up to 60 hours a week, and they have very little rights or protection.
Contractual terms like this worry me.
Linden Lab has the right at any time for any reason or no reason to suspend or terminate your Account, terminate this Agreement, and/or refuse any and all current or future use of the Service without notice or liability to you. In the event that Linden Lab suspends or terminates your Account or this Agreement, you understand and agree that you shall receive no refund or exchange for any unused time on a subscription, any license or subscription fees, any content or data associated with your Account, or for anything else.
If you are going to spend half your life somewhere, at least check the T&Cs. Would you sign that if you were buying somewhere to spend your weekends?
It is true that big companies often mess up with privacy. But I also worry about many of the web 2.0ish stuff that simply ignores privacy laws all together.
I like the fact that the FTC is handing out some fines.
The Federal Trade Commission announced a $1 million settlement with the social networking site Xanga.com on Thursday, the largest penalty levied to date under the Children Online Privacy Protection Act.
Data broker ChoicePoint Inc. yesterday agreed to pay a $10 million federal fine over security breaches that exposed more than 160,000 people to possible identity theft. Privacy experts praised the settlement as a warning to companies to get more serious about protecting sensitive information.
The Alpharetta, Ga.-based company, one of the nation’s largest buyers and sellers of personal information such as Social Security numbers, birth dates and addresses, also agreed to pay $5 million into a fund to compensate people who suffered as a result of the breaches.
I also like the fact that some consumers are beginning to take things a little more seriously themselves too. Look at the Facebook saga.
I’d suggest that anyone planning to collect personal data get their act together, sort out your policy, and make sure you enforce it. And while you are at it, put together some T&Cs that respect the on-line and off-line rights of your customers. Just because you are some hip new 2.0 thingy doesnt mean the law doesn’t apply to you.
I wonder how many social networks or virtual worlds have notified the UK data protection authorities when processing personal data about UK citizens. I wonder how many the IC will prosecute for not doing so.