In the amidst of ongoing tussle between the Street View and Security aencies over WiFi payload data collection by Google. Today, Google introduced some changes to strengthen its privacy controls, as well as talking to external regulators globally about possible improvements to their policies.
Here's a summary of changes:
- First, Alma Whitten is appointed as director of privacy across both engineering and product management -- with a focus to build effective privacy controls into Google products and its internal practices.
- Second, Google employees received orientation training on privacy principles are required to sign Code of Conduct, which includes sections on privacy and protection of user data.
- Third, a new process added to existing review system, in which every project leader will be required to maintain a privacy document for each initiative they're working on. This document will record how user data is handled and will be reviewed regularly by managers, as well as by an independent internal audit team.
Finally, Alan Eustace reports that "no one inside Google had analyzed in detail the data we had mistakenly collected, so we didn't know what disks contained. Since then a number of external regulators have inspected the data as part of their investigations (seven of which've now been concluded). It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords. We want to delete this data as soon as possible."