I feel like I read a story like this one every year. Someone buys or finds an old hard drive and tries to recover the data. They then manage to expose the fact that people still do not properly erase information on disks before discarding them to the wild:

The research – which was based on 317 computer hard drives obtained from the UK, North America, Germany and Australia – showed just how many people believe in the data fairy: though 41% of the disks were unreadable, 20% contained sufficient information to identify individuals, 5% of the disks held commercial information on organisations ranging in the UK from Man Trucks to Easington Council, and included records of a Children’s Day Care centre.

There was also illegal information with 5% of the disks holding “illicit data” and 1% of the disks bearing paedophile information. As a result, a criminal investigation has been launched in South Wales and another one in Australia.

[…]

Just how compromising and thorough the information stored on computers can be was demonstrated by data obtained from disks belonging to Port Weller Dry Dock, a Canadian ship building company.

On the drives was information that showed the company had details on a bid for the US Navy’s top secret DD21 destroyer programme, part of a US defence programme intended to equip the US navy for the 21st century.

This problem can either get better or worse with the new era of online archive and storage solutions. In other words, people can transfer the issue of handling stored data to a service-based system but can they trust that such a service will do any better job than the companies in this study?

Jon Godfrey, from Life Cycle Services, has a nice quote in the story:

“People get worried about losing data on computers but they don’t realise that erasure is as important as retention. The survey shows that the commercial sector is still chronically ignorant of the destruction and retention of data, and our experience is that the problem is actually worse than the study suggests.”

Actually, studies also show that people do not get worried about losing data. So it is perhaps more accurate to say that people simply do not always understand the risks and/or are unequipped and untrained to handle them.

The NY Times has picked up the AOL fiasco story and brought it home:

A Face Is Exposed for AOL Searcher No. 4417749

Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher’s anonymity, but it was not much of a shield.

No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from “numb fingers� to “60 single men� to “dog that urinates on everything.�

And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,� several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.�

It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,� she said, after a reporter read part of the list to her.

I can only assume that the woman who is the subject of this story, as well as the reporter, understand the significance of personalizing the issue.

I can honestly say I am glad I have not been using AOL, although I have nothing to hide. I suppose it is the same feeling as being glad I do not drive cars with exploding tires, even though I consider myself a safe driver.

One of the lessons for AOL will probably be to have a legal, privacy and security approval for any and all data transfers with external entities. I have to believe that their lawyers and security team had no idea that someone was going to post search data for public consumption, and this will probably become a good part of the discussion going forward (if not already).