EUROPEAN UNION CONTINUES TO LEAD THE WAY IN PROTECTING CONSUMER PERSONAL DATA

Just a little over 18 months ago, The Register in London published an article, "Google vows: We’ll keep hoarding your porn queries,” which wasn’t about the pornographic industry, but rather your personal privacy. While AOL, MSN and Yahoo had given in to government demands to hand over your search habits, Google said no to the Justice Department. But the number one search engine didn’t do it for you; they did it because their software—or algorithms, as they are referred to—could be “compromised.” Knowing Google’s track record on privacy, it is my opinion that the logistics of the situation was far more important than the protection of your privacy. The Register seems to agree. And on another front, following the release of 20 million keyword searches performed by over 500,000 AOL customers from March to May in 2006, privacy advocates concluded that the only safe search engine is one that deletes your search criteria immediately. AOL says they did it to help researchers and that the data was anonymous. “But some privacy experts said scrutinizing a user's searches could reveal information to help deduce the person's identity,” according to a piece in The Washington Post. When will these companies realize that they should not be recklessly tinkering with our sensitive data? Jump forward now to April of 2008, and the European Union’s decision to try and limit the time search engines can keep our private information. You can see the opinion here. The report says that data should be kept “no longer than necessary,” in an account on MSNBC. The keywords here are “no longer than necessary,” and are a symbol of the loopholes in legislation that is enacted today for consumer causes. You’ll find it in most state data breach laws—of course you won’t find it in federal bills because there aren’t any—and even in HIPAA, the Health Insurance Portability and Accountability Act. I plan a post later based on how this thinking re. limited accessibility to our private information extends far beyond search engines, and should apply to other collectors of personal data, particularly in the junk mail and non-junk mail industries, as well as the government. A Web marketing consultant asked the question of MSNBC: “Where’s the Harm?” referring to whether or not search engines keep data 6, 9, or 12 months. I won’t give you his name since it is so inane a question the asker doesn’t deserve credit. I can provide some facts that illustrate just how ridiculous his point is. "The 2007 Internet Crime Report" from the Justice Department received 206,884 complaints from January through December 2007 with a vast majority alleging fraud with a financial loss. The total dollar loss was almost $240 million (an increase of 20 percent over 2006) with a median loss per complaint of $680. That’s the harm! Although all of it obviously did not come from search engine search criteria—and I do not know just how much did since I don’t believe this is broken out—It proves the propensity of widespread Internet fraud. So why hang on to something that could pose a major problem if this isn’t “necessary?” There’s that word again, and it is time that both business and government define exactly what their parameters are for maintaining this data for several years, and then let the regulators decide if it is valid. I know, I know, that poses yet another problem.