The FTC has again provided us with a road map to compliance through the Myspace consent order. Here are the takeaways that should concern every company with an online presence.
Keeping the FTC Out of Your Space — The Takeaways
Don’t Let Default Be Your Fault. Much of the FTC’s complaint focused on Myspace’s default settings which displayed a user’s full name on their profile page. When advertisers obtained the FriendID from Myspace, they were almost certainly then given access to the user’s full name because of the default setting. You should examine your default settings to ensure that your users are not disclosing PII to third parties unless they have expressly agreed to do so, and unless it is absolutely necessary. Ensuring that you maintain a high level of privacy protection under your default settings may prevent third parties from indirectly accessing users’ PII. Default settings should be reviewed each time that new functionality is added, technical solutions or plug-ins are changed, and at least annually.