AOL also has formed a task force to consider its privacy practices, including how long the company saves data and the type of data stored. "[W]e are taking a number of additional steps, on top of our strong existing security systems, to help ensure this type of incident never happens again," AOL head Jonathan Miller told employees Monday in a memo. AOL vice chairman Ted Leonsis and general counsel Randy Boe will lead the task force.
Last month, AOL's technology research department sparked a crisis for the company by posting 20 million search queries made from March through May by 658,000 members. The queries were on a publicly accessible Web site for about two weeks before bloggers noticed them and began commenting during the weekend of Aug. 6-7. AOL apologized and removed the data, but it had already been copied and circulated online.
While AOL's research department had attempted to anonymize the information by replacing members' names with numbers, the search terms themselves--including names, addresses and social security numbers--provided clues to some users' identities. The New York Times quickly identified and profiled one such user, Thelma Arnold, a formerly "anonymous" AOL member whose search queries had been posted.
The data breach also has renewed a debate about how much information search engines should store about users. Last year, Google successfully argued that users' privacy would be compromised if it complied with a subpoena for user queries by the U.S. Department of Justice. A federal judge in that case ruled that Google did not need to turn over information about search queries.
Last week, the Electronic Frontier Foundation and World Privacy Forum both filed complaints against AOL with the Federal Trade Commission.