Google "mortified" by amount of personal info in Street View data

The search giant has implemented a number of new privacy and security measures to mitigate against future repeats

Five months after “mistakenly” collecting “fragmented” data from home networks via its Street View cars, Google has confirmed that private emails, Web addresses as well as passwords were among the data captured.

In a recent blog post, the search giant admitted to “failing badly”, noting that in May, Google had not analysed the data and did not know what information was included in the collection.

“Since then a number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded),” Google senior vice president of engineering and research, Alan Eustace, said in the post. “It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.

“We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place.”

According to the post, the company has put in place a number of new processes in an attempt to rectify its internal privacy and security practices.

The company has appointed a director of privacy, Alma Whitten, across its engineering and product management. The role will focus on building effective privacy controls into the company’s products and internal practices. The company is also looking to increase the numbers of engineers and product managers to assist with this.

Staff training procedures will also be altered with specific focus on the responsible handling and collection of data.

“In addition, starting in December, all our employees will also be required to undertake a new information security awareness program, which will include clear guidance on both security and privacy,” the post reads.

The search giant will also add a new review process to the existing review system, in which every engineering project leader will need to maintain a privacy design document, detailing how user data is being handled, for each project they are working on.

“We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users,” the post reads.

The ordeal has prompted much criticism of Google’s Street View program, including an open letter from both the Electronic Frontiers Association and Australia Privacy Foundation jointly questioning potential security breaches the program posed.

Join the CSO newsletter!

Error: Please check your email address.

Tags google street viewdataGoogleprivacy

More about GooglePrivacy Foundation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Chloe Herrick

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place