Google agrees to delete UK private data gathered by Street View cars
Posted in: Legal, Privacy & Security at 20/11/2010 22:39
Google has agreed to delete all the personal data its Street View cars collected from unsecured wireless networks and will introduce new training and guidance for its staff, the Information Commissioner said yesterday.
Christopher Graham said the search company intended to introduce improved training measures on security awareness and data-protection issues for all its employees. It will also require its engineers to maintain a privacy design document for every new project before it is launched.
Google's wi-fi data to be deleted
The UK's information commissioner has said that wi-fi data accidentally collected by Google's Street View cars will be deleted "as soon as possible".
Deputy information commissioner David Smith told the BBC that there would be no further enquiries into the matter.
He said there was no indication that any information collected "had fallen into the wrong hands".
Google to delete Street View data
Google is to delete the sensitive information - including full emails and passwords - it illegally captured from Wi-Fi networks when its Street View cars mapped the UK's towns and cities.
The technology giant has signed a commitment to improve its data handling following the Information Commissioner's Office ruling that it committed a "significant breach" of the Data Protection Act (DPA) during the mapping in the past two years.
Google signs commitment to improve data handling [news release]
Google Inc. has signed a commitment to improve data handling to ensure breaches like the collection of WiFi payload data by Google Street View vehicles do not occur again, the Information Commissioner said today.
Senior Vice President of Google, Alan Eustace, has signed an undertaking on behalf of Google Inc. which commits the company to putting into place improved training measures on security awareness and data protection issues for all employees. The company has also said it will require its engineers to maintain a privacy design document for every new project before it is launched. The payload data that Google inadvertently collected in the UK will also be deleted.
The Information Commissioner's Office (ICO) will conduct a full audit of Google's internal privacy structure, privacy training programs and its system of privacy reviews for new products. The audit will take place within nine months of the undertaking being signed.
Information Commissioner, Christopher Graham, said:
"I am very pleased to have a firm commitment from Google to work with my office to improve its handling of personal information. We don't want another breach like the collection of payload data by Google Street View vehicles to occur again.
"It is a significant achievement to have an undertaking from a major multinational corporation like Google Inc. that extends to its global policies and not just its UK activities.
"We will be keeping a close watch on the progress Google makes and will follow up with an extensive audit. Meanwhile, I welcome the fact that the WiFi payload data that should never have been collected in the first place can, at last, be deleted."
Notes to Editors
1. The undertaking that Google Inc. has signed is available on the ICO website here: http://www.ico.gov.uk/~/media/documents/library/Data_Protection/Notices/google_inc_undertaking.ashx
2. The Information Commissioner's Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
3. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
4. For more information about the Information Commissioner's Office subscribe to our e-newsletter at www.ico.gov.uk. Alternatively, you can find us on Twitter at www.twitter.com/ICOnews.
5. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
+ Fairly and lawfully processed
+ Processed for limited purposes
+ Adequate, relevant and not excessive
+ Accurate and up to date
+ Not kept for longer than is necessary
+ Processed in line with your rights
+ Not transferred to other countries without adequate protection