Google Inc. (Nasdaq:GOOG) has been given until July 16 to destroy “mistakenly collected payload data, including email addresses, URLs and passwords” of British citizens while it was collecting data to hone the accuracy of its maps service.
The U.K.’s Information Commissioner's Office (ICO), a government agency tasked with safeguarding data privacy, said Friday it delivered a letter dated June 11 to the Mountain View, Calif., Internet search company demanding that it destroy within 35 days a cache of data holding personal information sucked from unsecured Wi-Fi signals.
The British dispute over the Wi-Fi data goes back to 2010, when Google agreed to an audit of its Street View data collecting to ensure no further personal data was collected, and to destroy any data it already had. Google complied, but last year it discovered not all of the information had been purged from its so-called payload data.
The ICO agreed not to hit Google with a financial penalty, but demanded it develop a way to avoid harvesting personal data that Brits might be inadvertently exposing on unsecured Wi-Fi networks, a common oversight, especially in home wireless networks that are often exploited by identity thieves.
Google says the offending data had always been in so-called quarantine cages, meaning nobody has accessed them.
“The early days of Google Street View should be seen as an example of what can go wrong if technology companies fail to understand how their products are using personal information,” said Stephen Eckersley, ICO Head of Enforcement, in announcing the news on Friday. “The punishment for this breach would have been far worse, if this payload data had not been contained.”