Complaint Filed in AOL Blunder

The Electronic Frontier Foundation has filed a complaint with the Federal Trade Commission over AOL's recent exposure of customer search data.

In what a spokesman called "a screwup," AOL last week released search records of some 658,000 customers for analysis over the Web. The company covered up the users' names, but it neglected to sanitize the search data itself, which contained names, Social Security numbers, and other personal Web data. (See Users Outraged by AOL Gaffe.)

The EFF is asking the FTC to investigate the online service provider's privacy practices and force AOL to stop logging search data, except when absolutely necessary. The complaint alleges that AOL engaged in deceptive and unfair trade practices that violate FTC rules.

AOL had no comment on the filing.

The EFF further asks the FTC to order AOL to disclose the full extent of the breach and notify every customer that may have been affected. The online civil liberties group also asks the FTC to force AOL to expedite service cancellation for customers who want to be dropped from the service, and to pay for one year of credit monitoring services for the affected customers.

The EFF also wants the FTC to force AOL to amend its privacy policies and to submit to a biannual, third-party assessment of its privacy and security practices.

"While AOL has rightly apologized, its customers deserve more than that -- AOL must take steps to rectify the damage done and to improve its privacy-protections in the future," The EFF said. "Congress should also take note of this latest Data Valdez by creating stronger, crystal clear legal protections for user information and by limiting data retention."

— Tim Wilson, Site Editor, Dark Reading