Privacy Practices | Privacy & Free Speech: It's Good for Business

Do we collect and store only necessary user information?

As data storage becomes less expensive, it may start to seem as though there is little reason not to collect and retain as much data as possible about your users. However, the apparent ease of accumulating masses of data can hide enormous costs due to user dissatisfaction, security breaches, time-consuming subpoena requests, and privacy and free speech firestorms.

Capture only the data you need for your service or that you are legally required to capture. AOL reportedly receives more than 1,000 subpoenas every month requesting information about its users. Other tech companies may face similar numbers of requests, although they do not reveal exact numbers. An efficient way to avoid these costs is to capture only the data you need for your service. Do you really need an individual’s name, address, and phone number? Alternatively, could your company get by just as well with only one of these pieces of identifying information? Or none?

59% of adults in a 2008 study had refused to provide information to a business or company because they thought it was not necessary or too personal.

Store only necessary data. Even if you needed to capture identifying information in order to handle a specific transaction, there may be no need to retain it after the transaction is complete. Any data collected should be purged in its entirety after it is no longer necessary. Personally identifying information should rarely be retained for more than a few weeks.

Ask, Google, Microsoft, Yahoo!: Major search engines have started to recognize the importance of limiting data-retention periods for all data. Ask developed the AskEraser, allowing users to conduct online searches without the company logging any information. Microsoft deletes the full IP address, cookies, and any other identifiable user information from its logs after 18 months. Yahoo! is now planning to anonymize all search records after three months. Google now engages in a very limited form of log anonymization after nine months for those using the search engine and not logged into a Google account. After 18 months, the company deletes a portion of the stored IP address and de-identifies the cookie information stored in its logfiles.