fringe: ESRB accidentally releases email addresses of Real ID complainants

[security curmudgeon <jericho () attrition org>]

[While e-mail addresses are public, the specific list and their
  association with Real ID complaints is not.]

http://www.joystiq.com/2010/07/12/esrb-accidentally-releases-email-addresses-of-real-id-complainan/

ESRB accidentally releases email addresses of Real ID complainants
by Ben Gilbert  on Jul 12th 2010 11:10PM

In an ironic turn of events this evening, it appears that the 
Entertainment Software Ratings Board has revealed the entire list of email 
addresses belonging to people who appealed to the ESA's rating group over 
Blizzard's recently proposed and then retracted Real ID implementation. 
According to our World of Warcraft-focused sister site WoW.com, the ESRB 
issued a response letter to the nearly 1,000 folks who had emailed with 
complaints about Blizzard's decision -- unfortunately, it seems that 
rather than hide everyone's email addresses, someone hit "reply all."

We've dropped the letter itself beyond the break, which, as WoW.com points 
out, concludes with a statement espousing the ESRB's "Privacy Online" 
program. Whoops! All that said, mistakes will happen from time to time. 
Unlike Blizzard, however, the ESRB can't simply take this back.

"Thank you for contacting the Entertainment Software Rating Board (ESRB) 
regarding the policy recently announced by Blizzard Entertainment which 
would have required participants in its official forums to post comments 
using their real first and last names, and for expressing your concerns 
regarding potential privacy implications.

It is our understanding that Blizzard has provided an update announcing 
that it will not be implementing the above-referenced policy with respect 
to its forums, and users will not be required to post using their real 
names. You can read Blizzard's announcement regarding this most recent 
development at 
http://forums.worldofwarcraft.com/thread.html?topicId=25968987278&sid=1&pageNo=1.

Separately, if you have questions regarding Blizzard's implementation of 
its Real ID option -- which by our understanding is unrelated to 
Blizzard's plans for its forums -- and/or the new capabilities this option 
offers, they will likely be answered by reviewing the information posted 
at http://www.battle.net/realid/.

ESRB, through its Privacy Online program, helps companies develop 
practices to safeguard users' personal information online while still 
providing a safe and enjoyable video game experience for all. We 
appreciate your taking the time to contact us with your concerns, and 
please feel free to direct any future inquiries you may have regarding 
online privacy to our attention.

Regards,

Entertainment Software Rating Board"
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php