Privacy Online: The ESRB's Epic Fail

Entertainment Software Rating Board

Entertainment Software
Rating Board

When I feel like my privacy is being compromised, I don’t immediately think of contacting the US Entertainment Software Rating Board (ESRB). And even if I did, I certainly wouldn’t now.

In the past, the ESRB has played a sort of consumer affairs role when it comes to online privacy – they run the Privacy Online program, which has been created to help companies comply with the assortment of online privacy laws (such as the Children’s Online Privacy Protection Act – COPPA).

So, despite being a seemingly odd choice, it wasn’t a complete stretch to think that they may be of some assistance to gamers when Blizzard announced they would be forcing their customers to use their real names online.


No Comment.

As we know, Blizzard recently back-flipped on their decision, largely due to consumer concerns and gamer backlash. Appropriately, the Privacy department of the ESRB replied to everyone who had emailed them about the Real ID drama – inadvertently causing a little bit of their own.

The email itself wasn’t the problem:

Thank you for contacting the Entertainment Software Rating Board (ESRB) regarding the policy recently announced by Blizzard Entertainment which would have required participants in its official forums to post comments using their real first and last names, and for expressing your concerns regarding potential privacy implications.

It is our understanding that Blizzard has provided an update announcing that it will not be implementing the above-referenced policy with respect to its forums, and users will not be required to post using their real names. You can read Blizzard’s announcement regarding this most recent development at

Separately, if you have questions regarding Blizzard’s implementation of its Real ID option — which by our understanding is unrelated to Blizzard’s plans for its forums — and/or the new capabilities this option offers, they will likely be answered by reviewing the information posted at

ESRB, through its Privacy Online program, helps companies develop practices to safeguard users’ personal information online while still providing a safe and enjoyable video game experience for all. We appreciate your taking the time to contact us with your concerns, and please feel free to direct any future inquiries you may have regarding online privacy to our attention.


Entertainment Software Rating Board

What appeared in the body of the email is fine. What appeared in the recipient field is the problem. It looks like someone pasted the list of nearly 1,000 addresses into the “To” field of their email client, rather than the “BCC” field, managing to expose the email address of each of the privacy-concerned gamers to anyone who received the email.

Email from the ESRB

(names blurred to protect the innocent)

The ironing, as they say, is delicious – and it gives a whole new spin to the entirety of the ESRB‘s otherwise well-intentioned missive.


(Credit, image:

Tags: , , , , , ,

Facebook Google+ Linkedin Pinterest Reddit Stumbleupon Tumblr N4G Twitter