23 Aug One Year After Ashley Madison Criminal Hack — ruby Voluntarily Enters Compliance Agreement
ruby Voluntarily Enters Compliance Agreement with the Office of the Privacy Commissioner of Canada and Enforceable Undertaking with the Office of the Australian Information Commissioner
A year after a criminal hack against its online dating site Ashley Madison, ruby has voluntarily entered into a compliance agreement with the Office of the Privacy Commissioner of Canada (OPC) and an enforceable undertaking with the Office of the Australian Information (OAIC) Commissioner.
“We hope that by openly speaking about the breach and our commitments to the OPC and the OAIC, we can help other organizations and business leaders who are facing increased cyber security challenges,” says Rob Segal, CEO, ruby. “The company has cooperated with the Commissioners throughout their investigation and will continue to share information with them as we honour the terms of the compliance agreement and enforceable undertaking,” he says.
Segal, who took the helm of ruby in mid-April and announced a total repositioning in July, says that entering into the agreements is an important milestone in the ongoing transformation of the company. “The company continues to make significant, ongoing investments in privacy and security to address the constantly evolving threats facing online businesses. These investments are the cornerstone of rebuilding consumer trust over the long-term,” he says.
The agreement and enforceable undertaking, which were released today by the OPC and OAIC along with their joint report, sets out four categories of recommendations: Safeguards, Retention, Accuracy and Transparency.
In the documents, the company confirms it acknowledges the Commissioner’s report without agreeing with the findings, and confirms it will fully implement the Commissioner’s recommendations.
Compliance Agreement & Undertaking Highlights
According to newly appointed President James Millership, the company has already implemented new security measures and taken significant steps toward many of the recommendations.
- By December 31, 2016 the company will complete a comprehensive third-party review of the protections it has in place to protect personal information. Millership confirms a third party privacy review is underway and is a key priority for the company’s leadership team.
- No later than May 31, 2017, the company will further augment, document and implement its information security framework. Millership says this process is well underway and the company already has mandatory security and privacy awareness training for employees and an ongoing security enhancement process in progress.
- No later than March 31, 2017, the company will update its practices related to the retention of personal information of users who are inactive or have deactivated accounts to ensure that it is not holding personal information beyond an appropriate retention period – and inform members of these updated policies.
- The company will continue to provide a no-cost option for individuals to request deletion of their account profile information. Millership confirms the company has been offering free account deletion to members since September 2015.
- No later than March 31, 2017, the company will either amend its account creation process to allow users to join AshleyMadison.com without providing an email address, or implement measures to enhance the accuracy of email addresses provided to it.
“Today’s news confirms the company has proactively made important changes since last year. These agreements are our ongoing commitment to privacy and security investment — and to open, transparent communication with our members,” says Millership.
ruby is the global leader in open-minded dating and the innovator behind AshleyMadison.com, CougarLife.com and EstablishedMen.com Founded in 2007, the company is headquartered in Toronto, Canada.