Google Privacy Audit Finds Improvements, but More Work Needed

The UK Information Commissioner’s Office (ICO) has released the Google Inc. Data Protection Audit Report: Executive Summary (August 2011), concluding that Google has “taken reasonable steps to improve its privacy policies”. The audit was conducted in July 2011 in relation to Google’s unauthorised collection of data from unsecured wireless networks.

The audit report notes that since the incident, Google has developed a number of areas of good practice, These include undertaking a privacy impact assessment for new projects, allocating resources to privacy throughout the company, and providing additional training for staff.

Although the ICO is satisfied with the improvements instituted so far, it has also urged Google to take further steps, including disclosing to users how each product affects personal information protection, the use of Privacy by Design for new projects, and additional privacy training for engineers.

Information Commissioner Christopher Graham said that the audit is “not a rubber stamp”, and warned that the ICO will continue to monitor Google’s policies and practices.
ICO’s media release (16 August 2011)

Related news items:
Computerworld: UK says Google needs further privacy improvements (16 August 2011)
BBC News: Google gets privacy ‘to-do’ list from watchdog (17 August 2011)
(Source: ICO; Computerworld; BBC News)