Privacy Practices

Do we minimize the links between personal information and transactional data?

By minimizing the connections between personal information about users and data about the users' activities, companies may be able to achieve desired business goals such as optimizing performance or delivering targeted advertisements and services while cultivating user trust and insulating a company from voluminous legal demands and costly security breaches. Anonymization, aggregation, and similar techniques can help you extract value from your data while protecting your users' privacy.

68% of consumers in 2000 were "not at all comfortable" with companies that create profiles that link browsing and shopping habits to identity. The numbers spiked to 82% when profiles include income, driver’s license numbers, credit data, or medical status.
  • Associate user records or personal information with transactional records only where necessary. Tying identifiable data, including IP addresses or account information, to transactional records invites privacy breaches and lawsuits. Evaluate aggregation and anonymization as tools to protect privacy while preserving the value of collected information.
YouTube: In 2008, YouTube was ordered to turn over records of every video watched by its users, including names and IP addresses, to Viacom, which was suing the company for copyright infringement. Since YouTube collected and maintained "deeply private information" linking individuals and their viewing habits, this information was available when Viacom came calling. Eventually, a compromise was reached and the data was anonymized before being turned over to Viacom. However, this close call resulted in extensive press coverage and outrage by YouTube users and privacy advocates.

AOL: In 2006, AOL and its Chief Technical Officer learned the hard way that users do not appreciate disclosure of their online search activities. The company thought that it had properly anonymized the data when it posted online the search records of 500,000 of its users for use by researchers. It was wrong. The private search habits of AOL users became public knowledge. AOL quickly pulled the dataset from its Web site, but not before the information had been mirrored on Web pages around the world and AOL's privacy breach was plastered on front pages around the globe. The incident led to the firing of the researchers involved with the database's release and the resignation of the company's Chief Technical Officer.

Privacy Policy and User Agreement Links