Five months after “mistakenly” collecting “fragmented” data from home networks via its Street View cars, Google has confirmed that private emails, Web addresses as well as passwords were among the data captured.
In a recent blog post, the search giant admitted to “failing badly”, noting that in May, Google had not analysed the data and did not know what information was included in the collection.
“Since then a number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded),” Google senior vice president of engineering and research, Alan Eustace, said in the post. “It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.
“We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place.”
According to the post, the company has put in place a number of new processes in an attempt to rectify its internal privacy and security practices.
The company has appointed a director of privacy, Alma Whitten, across its engineering and product management. The role will focus on building effective privacy controls into the company’s products and internal practices. The company is also looking to increase the numbers of engineers and product managers to assist with this.
Staff training procedures will also be altered with specific focus on the responsible handling and collection of data.
“In addition, starting in December, all our employees will also be required to undertake a new information security awareness program, which will include clear guidance on both security and privacy,” the post reads.
The search giant will also add a new review process to the existing review system, in which every engineering project leader will need to maintain a privacy design document, detailing how user data is being handled, for each project they are working on.
“We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users,” the post reads.
The ordeal has prompted much criticism of Google’s Street View program, including an open letter from both the Electronic Frontiers Association and Australia Privacy Foundation jointly questioning potential security breaches the program posed.