Publisher Ziff Davis Media Inc. signed an assurance agreement this week with the attorneys general of New York, California and Vermont regarding its online data collection and security practices.
The agreement stemmed from a November incident in which the credit card information of about 50 subscribers was exposed on the Web.
Terms of the deal were available on the Office of New York State Attorney General Eliot Spitzer Web site. New York-based Ziff Davis is required to:
· Encrypt sensitive data during transmission from consumers.
· Control file access through user authentication and application controls.
· Monitor and control server activity.
· Review applications prior to implementation.
· Implement risk identification and response protocols.
· Establish management oversight and employee training programs.
· The publisher also agreed to pay $500 to each consumer directly affected by the security breach.