Font Size

ICO audit finds improvements to Googles privacy policies

 By

The Information Commissioner’s Office

Computer/Internet/Software Articles
Submit Articles   Back to Articles

Issued on 16 August 2011

Google Inc. has taken reasonable steps to improve its privacy policies, the Information Commissioner’s Office (ICO) said today, following an audit at the company’s London office.

The ICO’s audit – which took place in London in July – was agreed as part of the terms of an undertaking that Google signed in November 2010 after the company reported that its Street View cars had collected WiFi payload data alongside the location mapping information that was the stated aim of the project. The audit found that Google has taken action in all of the agreed improvement areas. The ICO has now asked the company to go further to enhance privacy, including ensuring that users are given more information about the privacy aspects of Google products.

Information Commissioner, Christopher Graham, said:

“I’m satisfied that Google has made good progress in improving its privacy procedures following the undertaking they signed with me last year. All of the commitments they gave us have been progressed and the company have also accepted the findings of our audit report where we’ve asked them to go even further.

“The ICO’s Google audit is not a rubber stamp for the company’s data protection policies. The company needs to ensure its work in this area continues to evolve alongside new products and technologies. Google will not be filed and forgotten by the ICO.”

The audit highlighted specific areas of good practice that Google has developed, including:

• A Privacy Design Document, meaning that all new projects undergo an in-depth assessment to ensure that privacy is built in from the start.

• An internal privacy structure has been developed across all functions of the business, meaning that the resource dedicated to privacy has been enhanced – as well as its visibility across the office.

• Advanced data protection training for all engineers.

• Enhanced training for all staff covering privacy and the protection of user data.

The audit recommends that Google still needs to make improvements in some areas, including:

• All existing products to have a Privacy Story – an explanation of how data will be managed in a new product. This should be used to provide users proactively with information about the privacy features of products.

• Google should ensure that all projects have a Privacy Design Document, and that processes to check them for accuracy and completeness continue to be enhanced.

• The core training for engineers should be developed to include specific engineering disciplines, taking account of the outcomes of the Privacy Design Document.

The ICO’s audit was conducted in accordance with the Information Commissioner’s data protection audit methodology. The key elements of this are a desk-based review of relevant documentation, an on-site visit including interviews with staff and an inspection of selected records. The on-site audit field work was undertaken at Google Inc in London on 19 and 20 July 2011.

An executive summary of the Google audit is available on the ICO website here:

http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/conducting_audits.aspx

The undertaking that Google signed in November 2010 – and its accompany news release – can be found on the ICO website here:

http://www.ico.gov.uk/~/media/documents/pressreleases/2010/google_undertaking_press_release_19112010.ashx


About the Author

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We do this by promoting good practice, ruling on complaints, providing information to individuals and organisations and taking appropriate action when the law is broken.

The ICO enforces and oversees the following legislation:

  •  Data Protection Act 1998
  •  Freedom of Information Act 2000
  •  Privacy and Electronic Communications Regulations 2003
  •  Environmental Information Regulations 2004


Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2011-08-18 10:43:07 in Computer Articles

All Articles

Copyright © 2004-2019 Scopulus Limited. All rights reserved.