10 August 2006
On apologies
Posted by Barnabas under: Security .
Most are familiar with the AOL fiasco this week (they accidentally made the search logs of more than 650,000 users public), and the resulting apology:
Although there was no personally identifiable data linked to these accounts, we’re absolutely not defending this. It was a mistake, and we apologize. We’ve launched an internal investigation into what happened, and we are taking steps to ensure that this type of thing never happens again.
Still, the data was specific enough for the NY Times to track one user down. When confronted with that story, the AOL spokesperson apologized specifically to the unmasked woman, but added “there is not a whole lot we can do.” He went on to explain that the system that collected this data did not record the screen names of the users whose searches were captured, which I do not believe. There has to be a way for AOL to identify every one of the 650 thousand customers who were affected by this breach of privacy and apologize to them directly or somehow try to make it right. After all, how were these numbers consistently generated in the first place? (Perhaps the number is an internal customer ID, or maybe it’s a hash of their username.) Instead, AOL issued conditional apologies that can be summed up as this: “we’re sorry, but what’s done is done, it’s really not so bad, and it probably won’t happen again.”
I contrast this “apology” with a message I received yesterday from Peter Blum, developer of some very useful ASP.NET controls which I downloaded this week. Out of respect I don’t want to go into specifics of exactly what happened, but via e-mail he described the problem, sincerely expressed his personal remorse (”I feel really bad about my mistake”) and extended my license period. Here’s the kicker: this is a trial product and I’m not a paying customer (yet). I think other companies might have hoped their mistake went unnoticed, or perhaps qualified their mistake and become defensive. Further, Mr. Blum made sure to give me something as proactive compensation (an extension of the trial period), even though I personally had not yet complained. I am impressed.
As long as they are staffed by human beings, companies will occasionally make mistakes. The lesson in it for us here at Greenlight Wireless, a company that is also entrusted with sensitive user data, is to do our best in protecting that data, but be forthright and proactively apologetic if/when we accidentally let our customers down.
One Comment so far...
Greenlight Wireless Blog » The Duty of Guarding Privacy Says:
8 September 2006 at 5:52 pm.
[...] On my personal blog today I contrasted the “apology” from AOL this week about accidentally publicizing thousands of their user’s private searches with a proactive apology I received from Peter Blum over a mistake with some trial software I downloaded from his company. There are right and wrong ways to apologize, certainly. I read a comment somewhere recently that AOL just can’t seem to generate good PR no matter what they do nowadays. [...]