Video Game Law Blog

June 30, 2006

The developer of Xenepic Online, a popular Japanese MMOG, announced recently that players' personal information was inadvertently compromised. Information relating to almost 300,000 players was mistakenly stored on an open download server, making it easily accessible to hackers. The information included user names, passwords, and other account information, but apparently not credit card information.

Although this episode does not seem particularly serious, it highlights the fact that game providers who collect players' personal information must be very careful about protecting that information from unauthorized access or disclosure. Consumers are increasingly aware of privacy issues, especially as fears about identity theft become more widespread and information security breaches are more widely publicized (e.g., there has been a great deal of news about the recent the US Veterans Affairs episode, in which a laptop containing personal information, including social security numbers, of millions of US veterans and military personnel was stolen). Privacy laws requiring the protection of personal information exist in many jurisdictions, and game providers should make sure that they protect and keep secure any personal information that they collect. To do otherwise risks, at best, some bad publicity and, at worst, regulatory fines or civil suits.

Coverage at (GameSpot)