Privacy Practices

Do we collect and store only necessary user information?

As data storage becomes less expensive, it may start to seem as though there is little reason not to collect and retain as much data as possible about your users. However, the apparent ease of accumulating masses of data can hide enormous costs due to user dissatisfaction, security breaches, time-consuming subpoena requests, and privacy and free speech firestorms.

  • Capture only the data you need for your service or that you are legally required to capture. AOL reportedly receives more than 1,000 subpoenas every month requesting information about its users. Other tech companies may face similar numbers of requests, although they do not reveal exact numbers. An efficient way to avoid these costs is to capture only the data you need for your service. Do you really need an individual’s name, address, and phone number? Alternatively, could your company get by just as well with only one of these pieces of identifying information? Or none?
59% of adults in a 2008 study had refused to provide information to a business or company because they thought it was not necessary or too personal.
  • Store only necessary data. Even if you needed to capture identifying information in order to handle a specific transaction, there may be no need to retain it after the transaction is complete. Any data collected should be purged in its entirety after it is no longer necessary. Personally identifying information should rarely be retained for more than a few weeks.
Google Street View: Failing to think through and address the privacy issues related to its Street View mapping project has led to years of headaches for Google, including numerous class action lawsuits, government investigations, and expensive privacy fixes. Within weeks of Street View's 2007 launch, Google was forced to change takedown policies due to bad press over embarrassing photos and a complicated takedown process. This was followed by an invasion of privacy lawsuit filed in 2008. In 2010, when it was revealed that Street View trucks had collected data over unsecured private WiFi networks, Google again faced legal problems from numerous class action lawsuits and investigations by at least seven countries. Ongoing backlash by the EU has forced Google to blur photos and delete unblurred images, and complaints in Japan have forced the company to reshoot all the Street View footage in that country to ensure images on private property were not captured. Identifying and addressing the many privacy issues prior to launch, rather than after the fact, could have saved Google a lot of time, energy, and goodwill.

Ask, Google, Microsoft, Yahoo!: Major search engines have started to recognize the importance of limiting data-retention periods for all data. Ask developed the AskEraser, allowing users to conduct online searches without the company logging any information. Microsoft deletes the full IP address, cookies, and any other identifiable user information from its logs after 18 months. Yahoo! is now planning to anonymize all search records after three months. Google now engages in a very limited form of log anonymization after nine months for those using the search engine and not logged into a Google account. After 18 months, the company deletes a portion of the stored IP address and de-identifies the cookie information stored in its logfiles.

Privacy Policy and User Agreement Links