Google’s Privacy Improvements Satisfy Canadian Enforcer

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

Google Inc. has implemented remedial measures to reduce the risk of future privacy violations, such as those that occurred during Google’s collection of WiFi data for its “Street View” service in 2010, according to Canadian Privacy Commissioner Jennifer Stoddart.

Collection of Personal Information

Stoddart initiated an investigation under Canada’s federal private-sector privacy law after Google admitted that it had collected data transmitted over unprotected wireless networks installed in homes and businesses around the globe.

Personal information collected included complete e-mails, usernames and passwords, and home telephone numbers. Stoddart’s investigation concluded that the incident was largely a result of Google’s lack of proper privacy policies and procedures.

New Training, Procedures

The Office of the Privacy Commissioner issued findings and recommendations in October 2010 and asked for a response by February 2011. Stoddart announced on June 6 that the Office is satisfied with the measures that Google has agreed to implement, including the augmentation of privacy and security training provided to all employees; the implementation of a system for tracking projects that collect, use, or store personal information; and the establishment of a process for conducting periodic audits and reviews of privacy practices. Google also told the Office that it had begun to delete the data it collected in Canada.

“Google appears to be well on the way to resolving serious shortcomings in the way in which it addresses privacy issues,” Stoddart said. “However, given the significance of the problems we found during our investigation, we will continue to monitor how Google implements our recommendations.”

More information on the Canadian Privacy Commissioner’s findings can be found here.