In a nod toward privacy, Yahoo today said it would only keep personal data on searchers and portal users for 90 days (double that in cases of fraud or suspicious activity). This ups the ante for search firms Google, which halved its data retention time to nine months in September, and Microsoft, which has said it would drop its data retention times to six months if its competitors did. Prior to this announcement, Yahoo kept data for 13 months. Here’s how Yahoo plans to scrub the data, which includes not just search, but page views and ad views as well:
- Delete the final octet of the IP address
- Yahoo! ID will be one-way secret hashed and the last 50 percent of the hashed identifier is truncated
- Cookie identifiers are one-way secret hashed
- Add an additional search filter for personally identifiable info in search logs such as credit card numbers or social security numbers
The search firms are responding to increasing government and consumer concern about online privacy — in particular, a European Union effort to get search firms to delete user information after six months. It may also be trying to fend off pressure from a telecommunications-backed lobbying group that hopes to set the nation’s agenda when it comes to online privacy. Microsoft has a member on the board of that group, called The Future of Privacy, but Yahoo and Google do not.
Yahoo’s move is a good start for those concerned about privacy, but we’re still going to have to start talking about what controls consumers have with regard to their data and when privacy trumps the greater good.