In a major privacy breach, Google Inc. has admitted for the first time that they have "mistakenly" retrieved and stored personal data from households using their "Street View" cars.
In May this year, Google's Street View cars which are known for gathering images of city's streets, accidently collected data from unsecured wireless networks used by people in over 30 countries.
When confronted at that time, Google retorted that the information gathered were only "fragments" of unencrypted data as the vehicles were always on the move and as the car's wireless equipment changed channels automatically every few seconds.
The latest disclosure comes only a few days after Canada's private watchdog accused Google for violating the rights of thousands of Canadians by collecting personal details. The investigation was joined by regulators in Germany, France and Spain and a joint probe was launched by a coalition of over 30 state attorneys general in the U.S. Attorney General Richard Blumenthal from Connecticut is leading this multi-state investigation.
"It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords," said Alan Eustace, Google Vice President of Engineering and Research in a Google blog post on Friday.
Eustace also stated that a series of changes have been incorporated in the company in order to strengthen their internal privacy and security practices. The company has appointed Alma Whitten as their director of privacy across engineering and product management whose main function will be to ensure that a strong and effective privacy control is established.
"We work hard at Google to earn your trust, and we're acutely aware that we failed badly here," said Eustace in the blog post.
In addition to Google's Code of Conduct that employees sign during their period of orientation, the company is now enhancing their core training for engineers and product management groups, particularly focusing on responsible collection, use and handling of data. Also, starting December, all company employees will be required to undertake a new information security awareness program comprising clear-cut instructions on security and privacy.
To contact the editor, e-mail: