Besides promoting Alma Whitten to be its director of privacy, Google said Friday that it will require all 23,000 of its employees to undergo privacy training. It is also introducing more checks aimed at making sure workers are obeying the rules.
The measures appear to be a response to breaches that raised questions about the company’s internal controls.
Google acknowledged in May an engineer had created a program that vacuumed up potentially sensitive personal information, including e-mails and passwords, from unsecured wireless networks while Google cars cruised neighbourhoods around the world. The vehicles were dispatched primarily to take photos for its online mapping service, but also carried equipment to log the location of Wi-Fi networks.
The incident was caused by “an engineer’s careless error as well as a lack of controls to ensure that necessary procedures to protect privacy were followed,” Canada privacy commissioner Jennifer Stoddart concluded in a report this week.
Several other countries have skewered Google for scooping up 600 gigabytes of data from Wi-Fi systems for more than two years before detecting a problem five months ago in response from to an inquiry from regulators in Germany.
Canada’s investigation determined that entire e-mails, passwords and website addresses had been obtained and stored. In confirming the findings, Google said it wants to delete all the Wi-Fi data remaining on its computers, but must wait while authorities in different countries conduct their own investigations.
In addition, the Gawker blog reported that an engineer in its Kirkland, Washington, office had been spying on the online accounts of four minors. Google last month acknowledged that it had fired the engineer.