eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
In privacy circles, a mostly forgotten incident from the end of the dot-com euphoria aptly illustrates the lack of regard most companies have toward protecting personal data, even if they make a point of promising to do so.
The episode occurred in mid-2000, when Toysmart.com Inc., a Web-based retailer, went out of business. Among the assets the company put on the block during bankruptcy proceedings was one that caught the eye of regulators at the Federal Trade Commission: the names, e-mail and mailing addresses, and shopping histories of 250,000 Toysmart customers. Toysmart was offering these records to the highest bidder, despite an online privacy policy that explicitly stated the company would never share customer data with any third party.
With the Web surging with an enormous amount of commercial activity and sensitive information, the FTC had recently beefed up its Internet consumer-protection efforts. Commission regulators decided that Toysmarts blatant disdain for its own privacy oath was just too contemptuous to be ignored. Backed by 44 state attorneys general, the FTC sued to block the Toysmart data auction, arguing that it constituted a “deceptive practice.” In early 2001, an agreement was forged under which Toysmart investor, the Walt Disney Co., would buy the companys customer data for $50,000 and then promptly destroy it.