Privacy Commissioner “concerned” over Google’s secret data stash. The search giant was found to have retained data on Aussie Wifi users, which it pledged to destroy, but didn’t, the PC confirmed.
Click to enlarge
The Privacy Commissioner, Timothy Pilgrim, confirmed he has ordered Google to destroy two remaining disks containing data on Aussie Internet usage it nabbed from unsecured Wi-Fi networks.
The unauthorised collecting of data, said to include including emails and passwords, occurred in 2010 while Google was driving around collecting information for its Street View in its seemingly innocent little car.
The search giant previously gave a written undertaking that it would destroy the data after the Privacy Commissioner’s investigation into Google actions under the Privacy Act in May 2010, which at the time Communications Minister Stephen Conroy described as “the single greatest breach in the history of privacy”.
Google said the data collection was a “mistake.”
However, the Commissioner was advised in July last that Google was still holding on to a “portion” of the collected data, which also included info on New Zealanders’ web usage.
Mr Pilgirm says he remains “concerned that this data still exists given that Google previously confirmed that all data relating to this issue had been destroyed,” in a statement yesterday.
“I have advised Google that it is important that there is no further Street View Wi-Fi data in Google’s possession requiring destruction.”
The Commissioner has also requested further information about Google’s auditing process after the data oversight “to allow me to better understand the steps taken during the review of their disk inventory.”
“I have informed Google that it should immediately destroy this data, unless there is a lawful purpose for its retention. Once this has occurred I have asked Google to again confirm via an independent third party that the data has been destroyed.”
The Privacy Commissioner also issued a stiff warning to organisations over their “responsibility to protect customer privacy and securely store the data that they hold.”
“Personal information that is no longer being used or is out of date should be destroyed or permanently deidentified.”