Despite Google’s efforts to bolster internal privacy initiatives after its Street View fiasco, there was still room for improvement, according to the UK’s Information Commissioner.
Google should introduce a “Privacy Story” for every existing product, which explains exactly how it manages data and promote privacy features in its products.
Despite having already delivered “Privacy Design Documents” designed to track the progress of privacy initiatives in its products, Google needed to do it for all projects, while strengthening the checking process and document progress.
It now needed to roll out its pilot privacy training programs across Google as initially planned, tailor programs to specific engineering disciplines and track attendance at training.
The ICO gave Google an audit grade of “reasonable assurance”, the second highest of four possible grades from “high” to “very limited” assurance.
“The ICO’s Google audit is not a rubber stamp for the company’s data protection policies. The company needs to ensure its work in this area continues to evolve alongside new products and technologies. Google will not be filed and forgotten by the ICO,” said Information Commissioner Christopher Graham.
The commissioner initially claimed Google had not breached any UK privacy laws, but later overturned the finding after other nations’ privacy regulators began questioning Google about what exactly Wi Fi data its Street View cars had collected and Google later admitting that it had indeed collected personal information, including emails and passwords.
More security news on Google: