However facepalm-worthy Google’s accidental collection of sensitive data sent over WiFi networks may have been, the search giant is at least wasting no time in remedying the situation. At the request of the Irish Data Protection Authority, Google has already deleted the data it accumulated in Ireland, and the company appears set to dispose of the data it collected in the UK, as well.
Alex Stamos, a partner at a security consulting firm called iSEC Partners, confirmed the first part of this story. In a letter provided by Google, he wrote, "Before my arrival, Google staff had consolidated the wi-fi packet captures onto four hard drives. . . . Upon my acquisition of the drives from Google staff, I noted that the hard drives had been stored in a secure manner within a secure portion of the facility."
Next, Stamos stated, "I created two new encrypted volumes on separate hard drives, and copied over all of the data with the exception of data that was identified as being captured within the Republic of Ireland. I then witnessed the physical destruction of the four original hard drives."
As for what’s happening with regards to the UK dataset, Charles Arthur reported today that the UK Information Commissioner’s Office has ordered Google to destroy it, and while that might sound severe, it’s actually a good sign for the company. Consider that the Information Commissioner’s Office might have tried to use the data as evidence in an investigation, or at least asked Google to let its people witness the process.
Of course, it’s looking likely at this point that many independent privacy groups, along with German authorities and the FTC, will not be so quick to forgive Google’s mistake.