Google adopts tougher privacy measures
SAN FRANCISCO — Google Inc. is tightening its privacy leash on employees in an effort to ensure they don’t intrude on people while the Internet search leader collects and stores information about its users.
Besides promoting longtime employee Alma Whitten to be its director of privacy, Google said Friday that it will require all 23,000 of its employees to undergo privacy training. The company also is introducing more checks aimed at making sure workers are obeying the rules.
Google’s new privacy measures appear to be a response to recent breaches that have raised questions about the company’s internal controls and policies.
Google acknowledged in May that one of its engineers had created a program that vacuumed up potentially sensitive personal information, including e-mail addresses and passwords, from unsecured wireless networks while Google cars cruised neighborhoods around the world. The vehicles were dispatched primarily to take photos for Google’s online mapping service, but they also carried equipment to log the location of Wi-Fi networks.
The incident, which some critics have labeled as “Wi-Spy,’’ was caused by “an engineer’s careless error as well as a lack of controls to ensure that necessary procedures to protect privacy were followed,’’ Jennifer Stoddart, Canada’s privacy commissioner, concluded in a report.
Several other countries have skewered Google for scooping up 600 gigabytes of data from Wi-Fi systems for more than two years before detecting a problem five months ago in response to an inquiry from regulators in Germany.
Google initially said it had only captured fragments of people’s online activities, but Canada’s investigation determined that entire e-mails, passwords, and website addresses had been obtained and stored. In confirming Canada’s findings, Google said it wants to delete all the Wi-Fi data remaining on its computers as quickly as possible, but must wait while authorities in different countries investigate.
So far, Google has purged the Wi-Fi data it got in Ireland, Austria, Denmark, and Hong Kong. It still has the data from more than 20 other countries, including the United States, where a coalition of state attorneys generals has been looking into the breach.
The company has maintained it didn’t break any laws even as management apologized for its bad behavior.
Google’s safeguards appeared to be suspect once again after the Gawker blog reported that an engineer in its Kirkland, Wash., office had been using the privileges of his job to spy on the online accounts of four minors. Prompted by that report, Google last month acknowledged that it had fired the engineer.
Maintaining the public’s trust is critical to Google because the success of its search engine and part of its long-term business plans hinge in part on its ability to build databases about its users’ preferences. Among other things, Google believes the information helps it deliver better search results than its rivals and sell more of the ads.