Defending The Kingdom

America Online fired two employees and its chief technology officer because of the release of user search data earlier this month, says the New York Times:

‘This incident took place because some employees did not exercise good judgment or review their proposal with our privacy team,’ Miller said in a second memo. ‘We are taking appropriate action with the employees who were responsible.’

Accountability is a good thing when it comes to enforcing privacy requirements in any organization, and AOL seems to be taking it seriously. The company is taking several steps to ensure that this never happens again, such as keeping tighter controls on employee access to data, educating employees about privacy issues, and reviewing data retention and privacy policies.

I hope other companies that harbour large collections of user data are paying close attention. Then again, AOL didn’t take the hint from privacy fiascos that came before it (for example, it has been just over a year since ChoicePoint, a company that gathers and sells data about consumers, announced that it gave up sensitive information on more than 160,000 people to criminals posing as ChoicePoint customers – the media coverage on the story was extensive).

It may be that more companies won’t take their customers’ privacy seriously until they are the ones that pay for mishandling. If people lose or relinquish control over their private details to be used for commercial purposes, it is reasonable to demand that the information be treated delicately. If a company fails to meet this burden, it should suffer economic consequences.

Once the onus is on the gate-keepers of the data (a title long ago given up by the true owners of personal data, individuals), I have little doubt that business minds will come to adequate solutions. And if they don’t, injured parties should be compensated accordingly.

Anything less than full responsibility would be rather lopsided. After all, companies use collections of personal data to improve marketing, build better products, and grow profits; they should suffer the downside of these activities as well, particularly if it is due to negligence, incompetence, or lack of concern.