Andy Wibbels reports that AOL has released data on hundreds of thousands of users’ queries. Reasonable? Of course, since they include no personally identifiable information.
But how reasonable is it? When you type in a search query, do you expect that search will be completely anonymous, not even matched up with other searches you do?
We’re in a world now where we leave electronic trails all over the place. Many aren’t even intentional. Toll booths, for example, use FastPass to provide the convenience of not stopping to pay cash. But the FastPass records who went where and when. Presumably, those records could be subpoena’d and used as evidence in a court case.
“So what?” you cry, “I’ve done nothing wrong.” Nope, you haven’t. Which is why you should be concerned that those FastPass records are unhackable, completely accurate, and unforgeable. But they aren’t. To the extent we even have legally enforced standards for data integrity, companies rarely even mention when they have security leaks, much less pay any kind of penalty for it.
My credit card number was one of the ones that got accidentally leaked last year. That could have resulted in identity theft. But the company wouldn’t be liable for the direct or indirect costs to me, despite it being their own negligent information protection that caused the problem.
So when someone trusts you with their information, be worthy of that trust. Either take the steps to keep their info private, and really use tight security so you know it’s private, or destroy it completely when you’re done with it. The issue isn’t whether people have done something wrong; it’s whether someone could be harmed by a misuse of their data.
Privacy isn’t just about hiding what you do. It’s about confidence that collected information can’t be falsified, forged, or misused.