UPDATED: It pays to follow Internet privacy statements.

That's the $1.1 million lesson learned by New York-based e-mail marketing firm Datran Media. The company agreed to pay the amount after the state's attorney general charged it with using 6,000 e-mail addresses it obtained fraudulently.

The e-mails were purchased from companies, including one that offered a chance to win free iPods in exchange for e-mail addresses.

Despite a privacy policy assuring consumers it would "never lend, sell or give out for any reason" the e-mail addresses of visitors, Gratis Internet sold Datran 7 million personal files, according to a statement announcing the settlement.

As part of the agreement, Datran also agreed to destroy the e-mail addresses obtained from Gratis, stop buying personal information unless it checks the seller's privacy policy, and appoint a chief privacy officer.

"We take this matter very seriously," said Datran spokesperson Mark Naples. "Therefore, we believe it was important to confront it head-on and resolve it quickly.

While Datran discontinued the practice in the first half of 2005 –- and began to do so well before any inquiry from the attorney general -– many marketing and list owner companies continue to engage in this practice."

The agency continues to investigate Gratis, along with other companies collecting and selling personal data, according to the attorney general's office.

"A privacy policy is more than an empty promise," said Beth Givens, director of the Privacy Rights Clearinghouse, in a statement. Givens told internetnews.com the lawsuit was very important.

While the lawsuit tells marketers there are consequences to flaunting consumer privacy, the watchdog group would like to see the a law requiring marketers inform people where they purchased their name. "Privacy abuse can be done invisibly," said Givens.

This article was first published on InternetNews.com. To read the full article, click here.