A class action lawsuit alleges that the Internet tracking and analytics firm, comScore has been using highly aggressive tactics to surreptitiously collect large amounts of personal data on individuals. The lawsuit claims violations of the Stored Communications Act, the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act and Illinois Consumer Fraud and Deceptive Practices Act. The plaintiffs to the lawsuit claim comScore collects information such as Social Security numbers, credit card numbers, passwords and other data from individuals' computers. It also alleges that comScore's software will modify the computer's security settings, open backdoors, redirect Internet traffic and scan documents and emails for information.
Likewise, is inadvertent collection of PII ever permitted? What efforts did comScore use to avoid collection of sensitive data? Was the data passed back to comScore in a secure transmission (https)? If not, are the Massachusetts privacy regulations (201 CMR 17.01, et. seq.) or Illinois Consumer Fraud and Deceptive Practices Act violated?
See articles regarding the lawsuit: