UPDATE Oct 10, 2012: Google will destroy sensitive data incorrectly collected by its Street View cars as they photographed New Zealand, a source close to the company's nearest corporate headquarters, in Sydney, told NBR today. The destruction would be verified by a third-party, NBR was told.
This morning, NZ's Privacy Commissioner issued a statement to media revealing Google had not destroyed the data, as previous pledged (see below).
Google Australia spokesman Johnny Luu would not confirm or deny if Google had plans to destroy the data, offering only that his company was working closely with the Commissioner to resolve the situation.
Timeline
May 2010: News breaks that Google NZ Street View cars had collected WiFi information, including segments of communications crossing unsecured WiFi networks.
December 2010: Privacy Commissioner concludes investigation, finding Google in breach of NZ privacy law. Google provides undertakings, including undertaking to destroy the payload information.
March 2011: Google verifies that payload information destroyed, supported by independent report.
End of July 2012: Google notifies several privacy regulators that a check had unearthed the fact that it still had payload information from WiFi networks. Privacy Commissioner immediately asks Google to check whether it still held any New Zealand payload information.
October 2012: Google notifies NZ Commissioner that it has located one disk that may contain NZ and Australian payload information.
Source: NZ Privacy Commission
Google on privacy: we’re not so bad
Aug 15, 2011 Google has deleted data collected with its Google Street View cars which got them into hot water with the Privacy Commissioner last year, the company has announced.
On Google’s blog today, senior vice president knowledge Alan Eustace said the company had deleted the payload data, which included information about people’s WiFi addresses, its Google Street View cars had collected when they began driving in 2007.
The deliberate collection of such data, which detailed the names, strengths and security status of wireless networks, was partly responsible for an increase in complaints to the Privacy Commissioner Marie Shroff, who launched an investigation in May 2010.
The Commissioner found that Google had breached the Privacy Act with its collected data, had failed to properly notify the public and that such collection was unfair. However, Ms Shroff said in December that Google had acknowledged it had gone about things the wrong way and that it had had a legitimate reason for collecting the data.
Google’s announcement today said it had been a mistaken collection of publicly broadcast payload data, and that it had downloaded the data in February, under independent supervision.
Google also said it had made a commitment to the Commissioner to conduct a Privacy Impact Assessment (PIA) on any further Street View activities in the country, which it published today.
The PIA states that Google will continue to ensure Street View images are not real time, and to blur faces and license plates. In addition, the company has said it removed all WiFi equipment from Street View cars, and would not be collecting such data.
In October it appointed a director of privacy across engineering and product management, to ensure effective privacy controls were built into products and internal practices, the company said.
Google also said that as part of its privacy overhaul, every engineering project leader is required to maintain a privacy design document for each project, recording how user data is handled. This document would be reviewed regularly by managers and an independent internal audit team, it said.
Google apologised for its mistake and said it was looking forward to getting Street View cars back on the road.
“Maintaining people’s trust is crucial to everything we do, and we have to earn that trust every single day.”