Back in December 2010, when Walgreens sent out its first breach notifications, one of the troubling aspects was that despite the fact that consumers had unsubscribed from their mailings, their data had been retained. The December 2010 notification email read, in part: We realize you previously unsubscribed from promotional emails from Walgreens, and that will continue. As a…
Category: Breaches
Privacy harm: have we shrugged off some breaches too quickly?
One of the issues that those of us who log or compile data breaches and privacy breaches have often debated is what to do with breaches that involve “only” names or names and e-mail addresses. There are those who would argue that such incidents are not really a huge deal as they are unlikely to…
Illinois Identity Theft Statute Partially Invalidated–People v. Madrigal
Eric Goldman writes: People v. Madrigal, 2011 WL 1074427 (Ill. March 24, 2011) Many state anti-identity theft laws are written very broadly. This loose drafting creates the possibility that they unintentionally restrict innocent–and indeed socially desirable–activity. Today’s case is a good example of sloppy statutory drafting. Fortunately, a vigilant Illinois Supreme Court fixed the legislative…
(update) Play.com: Security breach related to “irregular activity” at email service provider
Anh Nguyen provides an update on a breach reported on this blog yesterday. At the time, I had raised the possibility that the breach might be linked to a previously known breach involving SilverPop. It turns out that was the explanation: Play.com has emailed its customers again to shed more light on the security breach…