Canada's privacy commissioner said Tuesday Google broke Canadian privacy laws when it accidentally collected personal information from unsecured wireless networks while putting together its Street View mapping service.
An investigation by Privacy Commissioner Jennifer Stoddart's office found complete emails, addresses, usernames and passwords. Even a list that provided the names of people suffering from certain medical conditions was collected.
Stoddart said thousands of Canadians were likely affected by what amounted to a careless error on the part of an engineer.
According to the investigation, the code the engineer wrote to map wireless Internet signals also allowed for the capture of communications over unencrypted networks, but they never submitted it for review to Google's lawyers so no one was aware of the potential for problems.
"This incident was a serious violation of Canadians' privacy rights," Stoddart said in a statement.
Even when a German data collector first raised concerns about the Wi-Fi mapping earlier this year, Google denied it was collecting anything other than what was publicly available.
But upon a review, Google staff realized their cars were capturing much more than the flower pots in front of people's homes.
In its response to Stoddart's findings, Google said it had no intention to use the data and would keep it safe until all investigations are complete, then delete it.
After the privacy concerns were first raised, the company halted the roll out of Street View mapping cars in Ireland, Norway, South Africa and Sweden until it could delete the offending software.
Google shares fell $10.33 to $607.38 in afternoon trading.