
Two Californians and a New York resident have sued AOL, claiming that the search information, while not including names, did contain phone numbers, birth dates and social security data, and has been used by other organisations to identify specific AOL members. They seek damages,fees and AOL's promise "never to do it again".
AOL, and other organisations, can have all the good intentions in the world. But, what about the "human element"? Weinstein says none of AOL's privacy policies were violated. We have no reason to believe otherwise.
That doesn't change the fact that confidential subscriber information is no longer confidential.
Why not actively consider the encryption of confidential data to put some teeth in your privacy directives? That way, the information is inaccessible to prying eyes - even when the next screw-up occurs. And it will.
Encryption is only a technology. Coupled with enterprise-wide security management and enforceable, audit-visible, data access rules, encryptionoffers a sound way to minimise damage to brand and business.