ALBANY, N.Y. (AP) – A company accused of using unauthorized personal data “mined” by other firms from about 6 million e-mail addresses nationwide has agreed to reform its practices under a $1.1 million settlement, state officials confirmed.

New York Attorney General Eliot Spitzer claims Datran Media of New York City, a leading e-mail marketer, used e-mail addresses and other personal data it obtained from several companies, according to the settlement scheduled to be announced later today. The Internet “customer acquisition” companies proclaimed on their Web sites that they wouldn’t lend or sell the information provided. Consumers were often enticed to reveal their names, addresses and financial data in exchange for free iPods and DVD movies.

Sptizer accused Datran of knowing of the companies’ pledges, but spamming those consumers with unsolicited e-mails anyway, advertising discount drugs, diet pills and other products. Spitzer’s staff said they believe it is the largest deliberate breach of Internet privacy discovered by U.S. authorities.

The investigation continues into other companies involved in the case, Spitzer said.

“We have always been and remain committed to industry best practices,” said Datran spokesman Mark Naples. “Therefore, we are pleased to resolve this matter with the attorney general and are gratified that his office worked collegially with us.”

Naples said Datran never received financial data and never sent e-mails regarding discount price drugs. He said that although 6 million e-mails are involved, that doesn’t represent 6 million people.

Spitzer said Datran cooperated with his investigators and began enacting reforms just prior to the beginning of his investigation. That probe began after an Internet security assurance company raised a concern, said Assistant Attorney General Karen Geduldig.

“Personal information equals marketing dollars,” Spitzer said. “You learn more about consumers who you want to target in a hundred different ways and there’s nothing wrong with that if you get the information properly.”

Many of these operators request personal data that can be used in marketing and for companies to better tailor their products to consumers’ needs and wants. Often, the operators of the sites promise not to sell the name or e-mail address that goes along with the data.

“You had better live up to that promise,” Spitzer said.

He said the trade in personal data is ubiquitous, but “consumers are getting smarter and most of the players in the Internet world are improving their practices. There will always be renegades whose business model depends on the improper transfer of information.”

Ken Dreifach, chief of Spitzer’s Internet Bureau, said it’s impossible to tell how much profit was derived from the privacy breach involving 7 million addresses that, after errors and duplications were eliminated, affected more than 6 million addresses nationwide.


Only subscribers are eligible to post comments. Please subscribe or to participate in the conversation. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.