Internet giant Google will delete the data it collected from private computers through its Street View cars and will implement a number of internal procedures to ensure the incident never happens again, the company has said in a blog post.
The announcement comes as the Australian Federal Police has also said its investigation into the matter is ongoing, due to the “complex nature” of the possible breaches. The Australian Privacy Commissioner said in July the company had breached the Privacy Act.
Senior vice president of engineering and research, Alan Eustace, said in the post the company will now complete a series of reforms within its own business to ensure the company does not inadvertently steal data gain.
“We’ve spent the past several months looking at how to strengthen our internal privacy and security practices, as well as talking to external regulators globally about possible improvements to our policies,” the company said.
The first is a restructuring of the company’s personnel. Alma Whitten has been appointed as the company’s director of privacy in the engineering and product management departments, with her roll to “ensure that we build effective privacy controls into our products and internal practices”.
The second reform is training. All Google employees in the engineering department, “and other important groups”, will be given training with a focus on the collection, use and handling of data.
And from December, all employees will be required to take part in a new information security awareness program, “which will include clear guidance on both security and privacy”.
Finally, Google says the company is now adding a new process in its existing review system requiring every engineering project leader to maintain a privacy design document. This document will record how user data is handled, and this will be reviewed regularly by managers and an independent internal audit team.
Eustace also said that since the company had first addressed the issue in May, the stolen data has been analysed and “in some instances” entire emails and URLs were captured. “We want to delete this data as soon as possible”.
“We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users.”
“We believe these changes will significantly improve our internal practices (though no system can of course entirely eliminate human error), and we look forward to seeing the innovative new security and privacy features that Alma and her team develop.”
Meanwhile, the Australian Federal Police says it has now sought legal advice to clarify aspects of the legislation relevant to its investigation into Google, saying that the timespan of the investigation “may be protracted due to the complex nature of these types of matters”.
“The AFP will continue to work with appropriate organisations including the Office of the Privacy Commissioner and the Attorney-General’s Department in the process of resolving this matter.”
The Street View debacle has been ongoing for months. Google has been investigated by the privacy regulators of several different nations, including several in Europe and Canada, after the company said it had captured data from unprotected wireless networks through its Street View cars.
In July, the Australian Privacy Commissioner said that Google had broken the Privacy Act by stealing data from Wi-Fi networks. Commissioner Karen Curtis also said that at the time she was unable to issue a sanction.
The incident has raised questions about Google’s power over user-data, and the responsibility the company has to educate users about how to protect themselves from losing information through unsecured networks.