The Internet behemoth doesn’t take kindly to being forced to do anything. However, Google had little choice but to comply with demands from the Information Commissioner’s Office (ICO), the United Kingdom’s independent authority that promotes individual privacy, to do a better job communicating with its users.
“This undertaking marks a significant step forward following a long investigation and extensive dialogue,” said Steve Eckersley, Head of Enforcement at the ICO. “Google’s commitment today to make these necessary changes will improve the information UK consumers receive when using their online services and products.”
Adhering to Data Privacy Laws
“Whilst our investigation concluded that this case hasn’t resulted in substantial damage and distress to consumers, it is still important for organizations to properly understand the impact of their actions and the requirement to comply with data protection law,” said Eckersley. “Ensuring that personal data is processed fairly and transparently is a key requirement of the [Data Protection] Act.”
According to the Eckersley, the ICO's "investigation has identified some important learning points not only for Google, but also for all organizations operating online, particularly when they seek to combine and use data across services. It is vital that there is clear and effective information available to enable users to understand the implications of their data being combined. The detailed agreement Google has signed setting out its commitments will ensure that.”
Despite Privacy, Breaches Continue
There are strict laws in place to protect data, and watchdog organizations are giving Google, Yahoo and Microsoft fits over privacy, yet we still see massive breaches almost weekly. So what's going wrong?
Kurt Mueffelmann, CEO of Cryptzone, a data protection provider with over 700 customers, told us today’s information security landscape is plagued with vulnerabilities that leave companies, and all too often the personal information of individuals, exposed to the potential of a breach. He’s calling for a fresh approach to network and application security that helps to remove some of the gaps, both internal and external, that lead to data leaking out.
“Giving users access to everything is no longer a viable option with malware attacks and other vulnerabilities allowing hackers to gain entry unnoticed. Companies need to layer their defenses to ensure that they limit what users can see once within the walls of the trusted network, based on who they are and other important variables, and then control what they can do with sensitive information,” he said.
“This will not only help prevent outside attacks but also mitigate risks created by the more unassuming threat, users themselves."