Re: But... do people *really*
" But... do people *really* wander around with the GPS on their mobile phone permanently on?"
It depends on what mobile they're using. AFAIK Android defaults to location services switched on all the time. That doesn't mean the GPS chipset itself is running all the time; Android is perfectly capable of generating location data from proximate WiFi networks. It will switch on GPS only if an application asks for high precision location data when there is a shortage of recognisable WiFi networks nearby.
Specific problems for Ashly Maddison With Location Accuracy
There is another angle to the deleted accounts containing location data, one that could expose the company to far wider claims than at present. Whilst mobiles are reasonably good at measuring their position, they're not perfect. Where I live for example my mobile will quite often say that it's located in my next door neighbour's house. That simply down to the limitation on the accuracy of the location services.
So, if I had been an Ashly Maddison user (which I wasn't), and had created an account from home and then deleted the account, the remaining data that has now been leaked would now point resoundingly at my neighbour's property. The other remaining data wouldn't be so far off the mark either. If his other half then made a search she would undertandably, though erroneously, conclude that he had been a user of Ashly Maddison.
And in this hypothetical situation, what sort of person would it take to volunteer that there might actually be a mistake in their neighbour's findings at the risk of wrecking their own domestic situation? Afterall, Ashly Maddison probably haven't got enough data left to say no, he was never a user, etc.
Data Protection Act and Data Accuracy
In other words, this leaked deleted data might ruin the lives of people who are utterly uninvolved with this seedy company, simply because of the limitations of a mobile phone's location services.
At least here in the UK this could create a massive liability under the Data Protection Act. A company is required by law to accurately process information. If they're using something as sensitive as location data as part of that processing (and they clearly are), they have to be completely certain that the location data is completely correct. In a lot of residential areas, being accurate to within 10m, or even 5m, is not good enough to denote the actual building where the user resides (if they were stupid enough to set up the location from home). That fact alone could land them with a massive fine.