The data privacy and breach stories that have made the biggest headlines over the past couple of years have principally involved companies either not adequately securing data or being the subject or hackers, which in turn resulted in exposure to statutory breach claims under various state laws, contractual breach claims and tort liability under negligence theory. So, the news this week that Netflix is suspending its much vaunted Netflix Prize 2 until it resolves data privacy concerns expressed by the Federal Trade Commission (FTC) provides a good reminder of the authority at the federal level of the FTC to hold companies accountable for the assurances they provide their customers about data privacy.
Well before the advent of the Nobel Prize, arguably the premier prize for scientific achievement, there existed a tradition dating back at least to the Enlightenment of science-focused groups and clubs staking a prize for the proving of some scientific theorem or mathematical conjecture. In a sense, Netflix was following in this long tradition, with a little bit of marketing and general business savvy thrown in to the mix, when in 2006 it announced its initial Netflix Prize contest in which it would award $1 million to whoever could most improve its movie recommendation algorithm. Much like a mini-space program, this spurred numerous teams of professional and amateur researchers to pore over the data that Netflix then made available to facilitate the contest. Therein lies the rub. The data was supposed to be anonymous — and for all practical purposes this may have been the case. The data was purged of all names and other personally identifiable information. Yet, proving that clever people can do a lot with very little, a separate researchers uninterested in the Netflix prize proceeded to show that with a little effort the purportedly anonymous data was, in fact, not so anonymous.
NetFlix Blog Notice on Ending Contest: NetflixBlog–PrizeNotice
FTC Letter Closing Investigation: http://www.ftc.gov/os/closings/100312netflixletter.pdf