False representation by a company of its security protocols: an odd decision to make, in light of the growing frequency and severity of data breaches that have struck retailers and consumers in 2014 like slaps from an Emmy-worthy Peter Dinklage.
That is why, if LinkedIn is found guilty of the class-action lawsuit of fraud of which it is accused, other companies will have to take note. Whatever the veracity, or lack thereof, of the allegations, you should ensure there is absolutely no ambiguity or confusion as to what your security policies and standards entail. A clear delineation might have prevented, in this case, Khalilah Wright from arguing that “the representation in the Privacy Policy is likely to deceive the public because consumers would believe that LinkedIn used a more effective method of securing its users’ data than it actually did,” as U.S. District Court Judge Edward Davila puts it. And though LinkedIn was successful in getting two of the charges dropped, the court refused to dismiss the unfair competition claim based on fraud, “holding that when a company makes false representations, … “a consumer who is induced by them to purchase a product that she otherwise would not have purchased has standing to bring an action” under California’s unfair competition law.”
After all, the plaintiff only upgraded to her premium account because she read her information would be guarded with “industry standard protocols and technology.” Yet hackers were able to sneak in and post the passwords of 6.5 LinkedIn members online; lacking the requisite two-layered encryption at the time, the industry standard protocol was not provided as promised, claims Wright.
So, in the end, I don’t know what the ruling will be, nor do I want to speculate. The takeaway regardless is eminent: be clear, be straightforward, and most importantly, make sure your protection is as good as you say. Otherwise you might end up with charges and potential penalties you just can’t escape.
Written by Jonathan Weicher
No comments:
Post a Comment