WASHINGTON — Google pledged Friday to strengthen its privacy and security practices after its “Street View” mapping service gathered private wireless data, including emails and passwords, in dozens of countries.
“We work hard at Google to earn your trust, and we’re acutely aware that we failed badly here,” Alan Eustace, Google’s senior vice president of engineering and research, said in a blog post.
“So we’ve spent the past several months looking at how to strengthen our internal privacy and security practices,” he said.
Eustace provided Google’s most detailed description yet of the private data on unsecured wireless networks scooped up by Street View cars as they cruised through cities around the world taking pictures.
“While most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords,” he said. “We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place.
“We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users,” Eustace said.
He said Google was appointing Alma Whitten, a Google expert on privacy and security, as director of privacy “to ensure that we build effective privacy controls into our products and internal practices.”
Google would also enhance privacy training and require employees to take part in a new “information security awareness program,” Eustace said.
In addition, Google will require that a “privacy design document” be included as part of all of its engineering projects, he said.
Google announced in May that Street View cars taking photographs of cities in more than 30 countries had inadvertently gathered data sent over unsecured Wi-Fi systems.
Canada’s privacy commissioner said Tuesday the data collected included “complete emails, email addresses, usernames and passwords, names and residential telephone numbers and addresses.
“Some of the captured information was very sensitive, such as a list that provided the names of people suffering from certain medical conditions, along with their telephone numbers and addresses,” it said.
Google has since stopped the collection of Wi-Fi data, used to provide location-based services such as driving directions in Google Maps and other products, by Street View cars.
In June, Google said it has already deleted private wireless data collected by its Street View cars in Austria, Denmark and Ireland.
Google is facing civil suits in Oregon and several other US states demanding millions of dollars in damages over its collection of personal wireless data and a number of countries have taken action against Street View.
Spain’s data protection authority has filed suit against Google and the Czech data protection authority last month banned the company from taking Street View pictures, saying they violated privacy.
Google this week said that nearly a quarter of a million Germans have asked the Internet company to pixel out images of their houses on Street View.
Street View, which was launched in 2006, lets users view panoramic street scenes on Google Maps and take a virtual “walk” through cities such as New York, Paris or Hong Kong.
Until the practice was stopped, Street View cars were collecting Wi-Fi data in Australia, Austria, Belgium, Brazil, Britain, Canada, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hong Kong, Hungary, Ireland, Italy, Japan, Luxembourg, Macau, Mexico, the Netherlands, New Zealand, Norway, Poland, Portugal, Romania, Singapore, South Africa, South Korea, Spain, Sweden, Switzerland, Taiwan and the United States.