The fallout thus far has been swift. The co-chairmen of the U.S. House of Representatives Bipartisan Privacy Caucus (U.S. Reps. Markey and Barton) have sent an inquiry to Facebook about the issue. The Canadian Privacy Commissioner is considering yet another investigation of Facebook. And two class action lawsuits have been filed, the first targeting one of the major app companies named in the article (Zynga Game Network) and the other naming Facebook as a defendant. Both claim breach of the federal Stored Communications Act, among other causes of action.
To avoid these situations, companies should include appropriate contractual protections such as requiring web publishers, advertising networks and other web business partners to provide warranties and indemnities related to the unauthorized transmission of such personal information. Companies should also consider conducting periodic technical reviews of the data flows among their business partners to ensure that no unexpected data is being transmitted.