Google's mantra apparently is "don't be evil". While Google has been generally applauded around the blogosphere for fighting the subpoena from the Department of Justice for search records, there are also a number of folks who are concerned that Google's privacy practices are less than transparent.
The general public are paying much more attention to the privacy practices of companies, particularly as government agencies are getting more and more inquisitive about records that are maintained by the private sector. In Europe, for example, governments are requiring companies to keep records for much longer than usual on the hope that they'll come in handy for tracking down terrorists (and file-sharers) (EU Data Retention Directive). Right now, MSN and Yahoo! are in the crosshairs for handing over data to the US Department of Justice. MSN has even posted its own defence of their cooperation with the US government (see: The Canadian Privacy Law Blog: Microsoft responds to subpoena controversey). Recently in Canada, a number of internet service providers went to great expense to resist handing over customer information in the face of the recording industry's demands (see: The Canadian Privacy Law Blog: The new test for disclosure of identities after BMG v John Doe).
How can companies avoid being drawn into this no-win situation? It is incredibly simple (and happens to be the law in Canada):
- Don't collect any information that you do not need
- Don't keep any personally identifiable information that you do not need
If you don't need information that is personally indentifiable for your legitimate business purpose, simply do not collect it.
If you no longer need information in personally indentifiable form, don't keep it. Or if the information is still of use, don't keep it in personally identifiable form. Remove all identifiers. Irretrievably sever the link between the data and the individual. Aggregate it. Whatever you need to do, do it.
Being the custodian of information about identifiable individuals carries risk. It can be stolen. It can be hacked. It can be mis-used. It can be lost. And, it can be the subject of a subpoena. In the former examples, it can render a company subject to liability for any losses suffered by the individual. In the latter case, you can either fight disclosing the data or you can deal with the adverse publicity that may ensue.
In short, if you don't want to look like a stooge for the authorities or zealous litigants, or you don't want to pay the legal fees associated with fighting the disclosure request, don't keep the information in the first place. If you don't need it, don't collect it. If you no longer need it, get rid of it. (Securely, of course.)