Attorney General Lockyer Gains Enhanced Privacy Protections in Consumer Protection Cases

Wednesday, August 28, 2002
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

(SACRAMENTO) – Attorney General Bill Lockyer announced today a multi-state settlement with Ziff Davis to enhance consumer privacy protections by the multi-media company that failed to establish security measures to protect customer personal information such as credit card numbers.

A day earlier, Lockyer joined with nine other state attorneys general in a multi-state settlement with DoubleClick, the nation's leading Internet advertising service, to set new standards for consumer online privacy. Central to the settlement is public disclosure of how information is gathered from people who visit web sites.

"Consumers taking advantage of the cyber-marketplace should be able to trust what a company is selling them – whether it's a product or a privacy policy," Lockyer said.

Investigators found that Ziff Davis failed to have in place even standard security precautions for consumer personal data when its privacy policy assured customers of privacy protections. Under the settlement, the New York-based company must provide accurate representations of its privacy and security practices to the public. The company also must address internal and external risks to the privacy and security of consumer data by means of monitoring information systems, adequate personnel and management training, and establishment of procedures to prevent and respond to intrusions or other system failures that could result in the breach of consumer privacy. The assurance was agreed upon by Ziff Davis, which publishes among other things magazines on technology and the Internet, and the states of California, New York and Vermont.

In the DoubleClick settlement, the company must accurately disclose its data collection practices. Any company that uses DoubleClick to place ads on web sites also must disclose in its own privacy policy DoubleClick's activities. The case stems from DoubleClick's practice of invisibly collecting consumer data while displaying web-page banner ads and using e-commerce technology services on the web sites of other companies. Through DoubleClick's widespread network of clients, consumers generally would not be aware of being tagged with DoubleClick cookies. Under the settlement, consumer will have a means to avoid the cookies and an outside third-party will conduct three reviews in the next four years to assess compliance with the enhanced consumer protections. States involved in the settlement were Arizona, California, Connecticut, Massachusetts, Michigan, New Jersey, New Mexico, New York, Vermont, and Washington.

# # #