An article in today’s New York Times reveals that AOL voluntarily released data from more than 650,000 Americans to aid a study being conducted by a group of researchers. While AOL did not provide the names of people conducting the searches, with a little investigation it would be very easy to connect a name to a number.
The New York Times did just that, identifying AOL user 4417749 as Thelma Arnold, a 62-year-old widow living in Lilburn, Georgia. Over a three-month period, Arnold conducted hundreds of searches, including those for “numb fingers,” “60 single men” and “dog that urinates on everything.” Arnold also looked for information relating to her friends’ health problems, including “hand tremors,” “nicotine addiction,” “dry mouth” and “bipolar disorder.”
AOL’s move has bloggers, privacy advocates and others up in arms. Techcrunch has an excellent post about this issue. In addition, John Grohol, Psy. D, author of the blog World of Psychology had this to say:
“Why should this be allowed to happen, time and time again, and companies only receive a gentle slap on the wrist and perhaps a small fine? Do their privacy policies (the actual policies, not what they write down) change as a result of a goof such as this? The public never knows, outside of the generic corporate assurances we’re used to receiving from nameless, faceless corporations more interested in mining your user data for as much of their own purposes as for yours.”
I share Grohol’s concern. According to Harris Interactive, 117 million Americans are turning to online search engines for healthcare-related information. This number may increase significantly as the consumer-driven healthcare movement accelerates. In addition, many may begin to turn to health-specific search engines for streamlined, reliable and highly-relevant content. What steps are Internet search companies like Google, Healia and Healthline taking to prevent AOL redux?
Commentary From Healthline & Healia
To answer this question, I contacted executives at Healia and Healthline. I asked them to provide me with their reaction to the AOL incident and to talk about how they protect users’ data. Their responses are below.
Healthline: Bill McGee, Vice President, Marketing and Sales
Healthline’s Reaction To The AOL Incident
“Frankly it’s difficult to understand why AOL would voluntarily release users’ search data. We can see why they might want to use this information internally, but we do not understand why they would allow it to be used for academic research.”
Healthline’s Stance On User Privacy
“At Healthline, users’ privacy is paramount. We do not release data about users’ search activities to third parties. For example, we have been approached by companies interested in using our data for behavioral targeting. If we employed this technique, people using our site to find information about erectile dysfunction might see an advertisement for Viagra when they visit the New York Times. We have refused all requests to use our data in this fashion. We take our users’ privacy seriously.
In addition, we do not collect personal data from people who use our site – with the exception of those who register with Healthline. We also collect information about the type of browser people use and where they come from. We do not share any of this data.
I should note that we may provide information to respond to a legal action. However, we would carefully evaluate each request before releasing our data."
Healia: Tom Eng, Founder, Chairman and Chief Architect
Q: What is Healia's response to AOL's release of the details of users' search habits?
A: This unfortunate incident illustrates why protecting the privacy of user-generated data on the Internet is extremely important and organizations always need to be vigilant about user protections. Although the AOL incident was related to search-related data, it should be recognized that any data generated by the use of any Internet-based tool, search-related, health-related or otherwise, needs to be strictly protected.
Q: Would Healia ever release information to a government agency or other individual/organization seeking to conduct research on users' search patterns?
Healia does not share any search-related information, anonymous or otherwise, with third parties. In the future, Healia, like almost all eHealth companies, may elect to share anonymous, summary information with third parties but this summary information can never be used to identify an individual or to link an individual with a specific health condition. That is, summary data is the kind of generic data that is routinely released by government agencies and presented in market research reports. This type of data cannot be used to identify specific individuals.
Q: What kind of information does Healia collect about users?
Q: What steps has Healia taken to ensure that users' information remains confidential?
A: All data on Healia is protected by industry standard procedures and security software/hardware in a world-class data center with 24 hour security. In addition, we have extremely strict company procedures and policies to ensure that user data is never released to anyone without an exhaustive review process and written approval by the CEO and at least one other authorized senior executive.