Blippy, the social media site that is a “fun and easy way to see and discuss what everyone is buying”, is a Silicon Valley startup funded by a who’s who of venture capital funds. It also recently had a privacy data breach where Blippy members credit card information was accidentally exposed to search engines. The formal response from Blippy is instructive, as to how NOT to communicate to individuals affected by a data breach incident. I really wouldn’t feel very unconcerned about prospective credit card fraud when reading this:
“We take security seriously and want to assure Blippy users that this was an isolated incident from many months ago in our beta test, and doesn’t affect current users. While it looks super-scary and certainly sucks for those few people who were affected, and is embarrassing to us, it’s a lot less bad than it looks.”
There is a lot of discussion among the privacy community about the need for a federal data breach notification law that would potentially homogenize requirements for notification. There are several bills in Congress that are attempting to take on this issue. The HITECH Act already does exactly this for the healthcare industry. Blippy’s cavalier attitude adds fuel to the argument for regulations that would require all organizations to take consumer data privacy as seriously as it deserves.