The company that operates and has agreed to a $38 Million settlement of a class action law suit alleging that it violated its own privacy policy when it shared user data with a marketing partner without user consent. The plaintiffs alleged that they were harmed because the partner, an operator of a discount and rewards program, allegedly enrolled the users into the program without consent, resulting in charges to their credit cards. While the allegations in this case are more egregious than typical allegations of data sharing contrary to what is represented in a privacy policy, it illustrates the importance in making sure that a site's practices (including sharing with promotional and marketing partners and affiliates) are consistent with its privacy policy and that the privacy policy gives clear, understandable notice of the site's data collection, use, storage and sharing practices. Sites should audit data privacy and security practices and policies regularly and make sure that those with access to the data understand and follow the company's obligations. The case is: In re Easy Saver Rewards Litigation, Case No. 09-CV-02094-AJB (USDC S.D. CA). The parties filed a joint motion for class certification and approval of the settlement on June 13, 2012.