E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: The Star

Posted on October 20, 2010

Thousands of Canadians likely had their privacy compromised when Google inadvertently collected personal information while putting together its Street View mapping service, Canada's privacy commissioner says.

Jennifer Stoddart says the search engine company broke Canadian privacy laws by collecting personal information from unsecured wireless networks between March 2009 and May 2010.

An investigation by Stoddart's office found complete emails, addresses, usernames and passwords. Even a list that provided the names of people suffering from certain medical conditions was collected.

"This incident was a serious violation of Canadians' privacy rights," she said in a statement.

The breach occurred because a software engineer did not forward programming code he had written in 2006 to a Google lawyer to review it for privacy implications. That code captured the content of communications over unencrypted networks and was a part of software designed to collect information for the mapping service about locations of public Wi-Fi signals.

Google told the privacy investigators it was unaware of the private data being collected because when it reviewed the software prior to it being installed on Street View cars, the review was only to ensure it did not interfere with other Street View operations, such as photographing neighbourhoods.

In May, Google staff realized their cars were capturing much more than the flower pots in front of people's homes and the company stopped using the software. It does not intend to resume collecting Wi-Fi data with its Street View cars.

In an interview, Stoddart said her team was taken aback by the extent of the information.

"There was a lot of personal information, some very sensitive personal information, and it wasn't that hard for them to get at it, so Google is sitting on a mound of personal information of a highly identifiable kind."

In its response to Stoddart's findings, the company said it had no intention to use the data and would keep it safe until all investigations are complete, then delete it.

"It's pretty clear everybody's agreeing it was an error and it shouldn't happen," said Michael Geist, the Canada research chair in Internet and e-commerce law at the University of Ottawa.

While it's a serious breach, Geist said Google is "more responsive than a lot of the other companies" about dealing with these issues.

"I don't think any organization wants to find itself in the crosshairs of the privacy commissioner or facing damage to their reputation, so what we find now is a much greater willingness to acknowledge error and to try to address it."

While Stoddart said she believes the data is secure, she isn't as confident in Google's overall approach to privacy.

"This is basically the third time in sixth months that there's been a Google mix-up," she said.

"In the race to get ahead with new products, there is not sufficient attention paid to the protection of personal information."

The commissioner recommended that by Feb. 1 Google designate an individual responsible for ensuring the company complies with privacy laws, that privacy training of employees be enhanced and that the private data be deleted.

"If they choose not to, the commissioner does have the power to take the matter to the federal court," said commissioner's office spokesperson Anne-Marie Hayden.

"We certainly don't want to stand in the way of innovation but at the same time we want companies to be mindful, as they're building these new cool products, to be sure to take privacy into account," she said. The Privacy Commissioner's letter of findings is here: Preliminary Letter of Findings - October 19, 2010

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.