Continued from page 1

Yahoo Inc., for example, will soon keep logs on people’s searches for 18 months, the same amount of time as Google Inc. That’s a reversal of its vow in late 2008 to strip out personally identifiable details after 90 days. In making an industry-leading privacy pledge, Yahoo said it became less competitive in offering personalized services enabled by long-term tracking.

Companies also face lawsuits and penalties by promising more than they can deliver. If companies are vague, their biggest risk is bad publicity when a hacking attack or a technical error exposes customers’ information.

“The lack of meaningful liability for breaches reduces the incentive for making sure that they don’t happen,” said Susan Grant, director of consumer protection for the Consumer Federation of America.

Businesses only have to be as good as their competitors. They know customers have nowhere else to go as long as everyone sets the bar low.

“Choice becomes meaningless in this context,” said Ashkan Soltani, a security researcher.

The number of records exposed in data breaches is staggering _ more than half a billion in the past six years, according to the Privacy Rights Clearinghouse.

At the same time, people are sharing more online. More than half a billion people are on Facebook, and billions of people search Google and Yahoo each month and accept tracking data files known as cookies. The Pew Internet & American Life Project found that 61 percent of adult Internet users in the U.S. have used social networks, up from less than a third in 2008.

When they aren’t sharing on social networks, they are leaving their marks with online gaming services, shopping sites and retail loyalty programs.

The dependence on technology explains why the reputations of technology companies are remarkably resilient, even after embarrassing breaches.

For example, hackers last year uncovered a security hole on AT&T Inc.’s website and exposed the email addresses of more than 100,000 iPad owners who had signed up for AT&T’s wireless Internet service. At that point, Apple had sold more than 2 million iPads. Despite the breach, the company sold some 17 million more iPads since then.

Smartphones have added a new dimension to the debate about online privacy because they also record their owners’ location.

Apple CEO Steve Jobs emerged Thursday from medical leave to try to quash a controversy over secret recordings of location information by iPhones. Apple denied directly tracking people, but said it is building a database of known Wi-Fi hot spots and cell towers to improve location-based services. Google Inc.’s Android phones do something similar.

To quiet privacy critics, Apple is changing the iPhone’s software to keep data for a week instead of indefinitely. Google says its phones only store data for a short time.

Apple’s disclosure came a day after Sony Corp. said a hacker may have stolen credit card numbers and other valuable information on the 77 million players using its PlayStation online gaming network. That would make it one of the biggest known credit card breaches.

A few weeks ago, a little-known company behind the email campaigns of Chase, Best Buy, Hilton, Walgreens and other big brands revealed that potentially millions of names and email addresses of consumers were stolen. Epsilon sends more than 40 billion emails a year on behalf of those brands for services such as customer loyalty programs.

Story Continues →