Google Implements Stricter Internal Privacy Regs


Share this Post

Again and again, Google's apologized for collecting sensitive WiFi data while taking pictures for its Street View program.  Now the search giant's issued another apology, and also announced several concrete steps it's taking to ensure nothing similar happens in the future.

Alan Eustace, Senior Vice President of Engineering and Research, named three key points in a post considered important enough to go up on the Official Google Blog, the Google Public Policy Blog, and the Google European Public Policy Blog.

Eustace began, "First . . . we have appointed Alma Whitten as our director of privacy across both engineering and product management.  Her focus will be to ensure that we build effective privacy controls into our products and internal practices."

Second, "[W]e're enhancing our core training for engineers and other important groups (such as product management and legal) with a particular focus on the responsible collection, use and handling of data.  In addition, starting in December, all our employees will also be required to undertake a new information security awareness program, which will include clear guidance on both security and privacy."

Finally, according to Eustace, "[W]e're adding a new process to our existing review system, in which every engineering project leader will be required to maintain a privacy design document for each initiative they are working on.  This document will record how user data is handled and will be reviewed regularly by managers, as well as by an independent internal audit team."

These steps should satisfy the Privacy Commissioner of Canada, along with a number of other regulators and critics, perhaps.

GoogleEustace further indicated that, although experts have found emails and passwords among the bits of data Google collected, the company hadn't analyzed the data closely enough to know they were there, and he said the entire situation has "mortified" Google's employees.