Google Oct. 22 admitted that its Street View cars had collected peoples' entire passwords, e-mails and browser URLs from unencrypted WiFi networks.
The search engine said it is also taking steps to improve privacy by installing a director of privacy, who will make sure that employees are properly instructed on Google's privacy principles and internal compliance procedures.
Google said in May that Street View, a Google Maps feature that records images of city streets all over the world, had accidentally stored 600 gigabytes of citizens' data from more than 30 countries since 2007.
Alan Eustace, Google's senior vice president of engineering and research, said in his May 14 blog post that the data collected comprised only fragments of e-mails, password information and URLs. Google has since worked with authorities in Germany, Ireland, the United Kingdom and the United States, among others, to delete or turn over the data.
However, Eustace said in a new blog post that some users' whole e-mails, passwords and browser URLs were collected via the Street View cars, whose computers captured the data on disk drives in Google's possession.
But Google had not analyzed the data it collected, so the company's engineers did not know what the disks contained. External regulators found that whole data was indeed stored by Street View.
"It's clear from those inspections that while most of the data is fragmentary, in some instances entire e-mails and URLs were captured, as well as passwords," Eustace said. "We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place."
Eustace added that Google is putting in three measures to ensure such issues don't happen in the future. Google appointed Alma Whitten as director of privacy to make sure the company's engineering and product groups practice privacy techniques.
Whitten, Google's engineering lead on privacy for the last two years, will have several additional engineers and product managers working with her.