Information Commissioner to open new UK inquiry into Google Wi-Fi data harvesting

In August, the Information Commissioner's Office cleared Google of a privacy breach because initial investigations showed only fragments of information had been collected.

But at the weekend, Google said further investigations by various national privacy bodies had revealed that in some cases, much more detailed data was harvested.

In a blog post, Alan Eustace, senior vice-president for engineering and research at Google said, "It's clear from those inspections that while most of the data is fragmentary, in some instances entire e-mails and URLs were captured, as well as passwords."

Google will delete this data as soon as possible, he said.

According to Eustace, Google is "mortified" by what happened, but confident that the appointment of a director of privacy, training on privacy for employees, and changes to internal compliance procedures will improve the firm's privacy and security practices.

Google has appointed privacy and secuirty exptert Alma Whitten as its director of privacy across both engineering and product management, he said.

"Her focus will be to ensure that we build effective privacy controls into our products and internal practices," Eustace wrote.

The Information Commissioner's Office has announced that it will ask Google if e-mails and passwords were collected in the UK, according to the Financial Times.

If it finds that Google did breach the Data Protection Act, the search company could be the first to face a fine of up to £500,000 for a serious breach of personal information.

Authorities in many more of the 30 countries where Street View cars operate have been investigating, making the case the most damaging privacy breach to hit Google, although the company has also been criticised over the Google Buzz social network service, which initially exposed user data by default.

In September, Google agreed to pay $8.5m (£5.4m) to settle a private class-action lawsuit that alleged its Buzz social networking service violated users' privacy.

This article was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?