The fallout from AOL's unintended release of personal search data of 658,000 subscribers could include fines, lawsuits, and changes in law and policy regarding search queries.
"If you look through the data, you see that people searched for their own names, their family history, resources in their local neighborhood. If taken together, it's patently false that this data cannot identify individuals. I found one myself, where I think if I gave it five minutes on the phone I could confirm who it was."
Weinstein said AOL is very upset about the release and the company has repeatedly apologized to subscribers. He said the size of the data pool makes it unlikely that AOL can determine which users' information was revealed and, for that reason, it is unlikely individual subscribers would receive notices. He said the published material only represents .3 percent of the total data from three months of 2006 and affected about 1.5 percent of users.
He declined to comment on an employee's blog entry stating that the company should not maintain that type of information in the first place.
"I would note, however, that AOL only retains personal, linked search terms for 30 days now," he said.
Weinstein added that the company was leading an internal investigation, to make appropriate changes and make sure nothing similar ever happens again.
Jonathan Zittrain, a professor of Internet governance and regulations at Oxford University and co-founder of Harvard Law School's Berkman Center for Internet & Society, said during an interview that he did not think AOL violated its privacy agreement. He said the search data is valuable to researchers trying to figure out what goes on in people's minds at a given time. He added that it would be hard for victims to show harm but the release could still have a major impact.
"It may just be one of those watershed privacy events that capture public attention," Zittrain said.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.