Google Inc. is tightening its privacy leash on employees in an effort to ensure they don't intrude on people while the Internet search leader collects and stores information about its users.
Besides promoting longtime employee Alma Whitten to be its director of privacy, Google said Friday that it will require all 23,000 of its employees to undergo privacy training. The company also is introducing more checks aimed at making sure workers are obeying the rules.
Google's tougher privacy measures appear to be a response to recent breaches that have raised questions about the company's internal controls and policies.
In the most glaring example that indicated the company didn't have a good grasp on what its workers were doing, Google acknowledged in May that one of its engineers had created a program that vacuumed up potentially sensitive personal information, including e-mails and passwords, from unsecured wireless networks while Google cars cruised neighborhoods around the world. The vehicles were dispatched primarily to take photos for Google's online mapping service, but they also carried equipment to log the location of Wi-Fi networks.
The incident, which some critics have derisively labeled as "Wi-Spy," was caused by "an engineer's careless error as well as a lack of controls to ensure that necessary procedures to protect privacy were followed," Canada Privacy Commissioner Jennifer Stoddart concluded in a report this week.
Several other countries have skewered Google for scooping up 600 gigabytes of data _ equivalent to about six floors of an academic library _ from Wi-Fi systems for more than two years before detecting a problem five months ago in response from to an inquiry from regulators in Germany.
Google initially said it had only captured fragments of people's online activities, but Canada's investigation determined that entire e-mails, passwords and website addresses had been obtained and stored. In confirming Canada's findings Friday, Google said it wants to delete all the Wi-Fi data remaining on its computers as quickly as possible, but must hold on to most of the information while authorities in different countries conduct their own investigations.
So far, Google has purged the Wi-Fi data it got in Ireland, Austria, Denmark and Hong Kong after gaining clearance from regulators in those countries. It still has the data from more than 20 other countries, including the United States, where a coalition of state attorneys generals has been looking into the breach.
While some countries have asserted Google's Wi-Fi snooping was illegal, the company has maintained it didn't break any laws even as management apologized for its bad behavior.
"We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users," Alan Eustace, Google's head of engineering, wrote in a Friday blog post.
Google's privacy safeguards appeared to be suspect once again after the Gawker blog reported that an engineer in its Kirkland, Wash. office had been using the privileges of his job to spy on the online accounts of four minors. Prompted by that report, Google last month acknowledged that it had fired the engineer for violating its privacy policies.
Maintaining the public's trust is critical to Google because the success of its search engine and part of its long-term business plans hinge in part on its ability to build databases about its users' preferences. Among other things, Google believes the information helps it deliver better search results than its rivals and sell more of the ads that generate virtually all the company's revenue.
Google, based in Mountain View, Calif., hopes to become an even bigger part of people's online lives by introducing more social networking features on its website so it can better compete with Facebook in the increasingly lucrative field of connecting friends and family members online. When Google introduced a social networking option into its free e-mail service in February, many users protested because the feature exposed their contact lists without prior permission.