Yesterday, the Attorneys General for the states of New York and Texas announced that settlements had been reached with social networking site Tagged.com over claims that Tagged misappropriated the identities and email address books of its members and sent millions of deceptive and unsolicited emails promoting use of its site. In New York, the company has agreed to pay $500,000 in penalties and costs and to adopt “industry-leading measures” to govern the use of its members’ personal information; in Texas, the company will pay $250,000 in penalties and costs and will implement new data privacy and security features.
With more than 80 million members worldwide, Tagged bills itself as the third-largest internet-based social networking site in the U.S., after Facebook and MySpace. Previously, Tagged requested that members provide the company access to their email address books during the enrollment process (through a process termed “import your friends”). Those contacts were then sent auto-messages purporting to be from the new member. Under its agreements with New York and Texas, Tagged will need to seek specific consent before accessing its members’ address books and will need to disclose specifically how that data will be used (including by whom and for how long). The Texas judgment also requires Tagged to designate a “corporate level compliance representative” to oversee its compliance with the terms of the agreed-upon judgment and that state’s data and privacy protection laws, as well as to respond to consumer complaints or inquiries regarding Tagged’s privacy guidelines.
While social networking sites and other web-based member communities face intense competition to reach and enroll new members, these companies must be careful to ensure that their recruiting efforts do not run afoul of the data security and privacy laws of the jurisdictions in which their members live.
- Taja-Nia Henderson and Amy Mudge
