Sarah Wesley Wheaton Quoted on E3 Data Breach

GameDaily.biz recently covered the ESA data breach that left a list of addresses, phone numbers and email addresses for E3 media attendees exposed.

Here is an excerpt:

As a result of this incident, the ESA could find itself the subject of civil lawsuits, according to attorney Sarah Wesley Wheaton of Odin Law & Media. The distribution of the list across sites known to harbor harassers may create legal liability for the lobbying group, but not at the federal level.

Federal law has not caught up to this common sense ‘you know about it, disclose it’ approach in many sectors, and the FTC only has the authority to find liability in sectors such as financial, healthcare, children, education, and government,” Wheaton told GameDaily. “The FTC could [potentially] bring an enforcement action through their authority to protect consumers against unfair and deceptive practices, but this is also unlikely. There has never been a successful case against a company for failing to impose strict enough login credentials and I assume similar reasoning will apply [here]. While there weren’t any login credentials in ESA’s case, because the personal information seems mostly limited to names and addresses and did not include social security information or other embarrassing personal information, the lack of encrypted spreadsheets would likely not considered unfair by the FTC.”

You can read the whole article here: E3 data breach that exposed 2,000 journalists’ private data puts ESA in legal crosshairs