Customer Data + Carelessness = Pink Slips At AOL And ElsewhereCustomer Data + Carelessness = Pink Slips At AOL And Elsewhere

Mishandling sensitive customer data has proven to be the single fastest way to lose a promising IT job this year. An AOL researcher and the researcher's supervisor found that out the hard way when they were fired from the company following an investigation into the release of information about AOL customers' search habits, a source familiar with the company's actions said Tuesday.

The source also confirmed that AOL CTO Maureen Govern has resigned from the company, although the company isn't admitting any direct connection between Govern's departure and the release of information onto the Web earlier this month of about 20 million keyword searches from about 658,000 anonymous users over a three-month period. AOL confirmed that it had posted and then taken down the information and apologized for what the company said was a mistake on the part of its research team. The data was available on the Internet for days, which was long enough for it to be downloaded and posted on other sites. Govern, who joined the AOL division of Time Warner as CTO in September, will be replaced by former CTO John McKinley, who's been with AOL since July 2003.

AOL made the search information available for download through its research site, but the company insists it had stripped each record of the searcher's name. Concerns arose that clues about the searcher's identity could be discovered by closely examining their search activity, such as searches on the user's own name.

Data that's been stolen or otherwise escaped IT's inner sanctum has caused the ax to fall on more than one IT professional in recent months. By the time the first laptop stolen from the Veterans Affairs Department was turned in to the FBI in late June, Pedro Cadenas Jr., the VA official in charge of information security, had announced his resignation from the department, and Michael McLendon, deputy assistant secretary for policy, had resigned. Ohio University suspended its director of communication network services and its manager of Internet and systems in June. The suspension was part of the Athens, Ohio, university's investigation into several data breaches in April and May that exposed 367,000 records containing Social Security numbers and other data of current and former students, alumni, and faculty.

Search data in particular is a highly prized commodity by marketers and the government, and AOL once again finds itself running afoul of privacy advocates. In January, search engine providers AOL, Yahoo, and Microsoft, which owns MSN, turned over search data in response to a Bush administration subpoena. That subpoena was part of an effort by the administration to revive an anti-porn law that was rejected by the U.S. Supreme Court. Google, however, chose to fight the subpoena.

The Electronic Frontier Foundation took particular exception to AOL's failure to protect customer data and on Aug. 14 filed a complaint with the Federal Trade Commission accusing AOL of committing "unfair and deceptive trade practices by intentionally and publicly disclosing Internet search histories of more than half a million AOL users." The EFF asked the FTC for a laundry list of remedies related to AOL's behavior, including having the company notify, via electronic and certified mail, each consumer whose search data had been publicly disclosed and provide each consumer a copy of his or her disclosed record.

What the FTC does with that complaint is out of the EFF's hands, but the organization would like to see a change in the "very cavalier way [search companies] have developed business models that apparently require them to stockpile vast amounts of search data," says EFF Senior Counsel David Sobel. "It's a bigger problem than is likely to be solved by the departure of three employees. There needs to be a more systemic evaluation of how companies generally handle personal information."

AOL is trying to repair its image through a number of initiatives designed to prevent further data mishandling. The company has created a task force led by Vice Chairman Ted Leonsis and General Counsel Randy Boe to examine privacy-related issues, including how long AOL saves search data. Other initiatives include placing additional restrictions on access to databases containing search data and other sensitive customer data, possible development of new systems that ensure that sensitive info isn't included in research databases, and employee training on info privacy issues.