Privacy commissioner orders Google to destroy data

Joins global clamour.

The Australian Privacy Commissioner has joined global counterparts in calling for Google to destroy data collected from open wi-fi networks by vehicles taking street-level photos.

In a letter sent to Google's Australian head of public policy and government affairs, Iarla Flynn, yesterday, Timothy Pilgrim ordered immediate destruction of the two-year-old data.

Pilgrim, who was made aware that data continued to exist on July 27, claimed any retained personal information that was no longer required could leave individuals at risk if misused.

"National Privacy Principle 4.2 requires that an organisation must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under NPP2," Pilgrim wrote in the letter.

"I do not require Google to retain the additional payload data and, unless there is a lawful purpose for its retention, Google should immediately destroy the data. Once this has occurred I would like confirmation from an independent third party that the data has been destroyed.

"Further, I would also request that Google undertakes an audit to ensure that no other disks containing this data exist, and to advise me once this audit is completed."

Pilgrim said he was concerned the existence of the additional disks had come to light after Google told his office that all data had been destroyed. His office investigated Google in March over the unauthorised data collection.

Pilgrim joins privacy authorities in the UK, France and elsewhere who have called on Google to either completely destroy the data, or requested to investigate its contents.

The data is believed to include usernames, passwords, login details, browsing data and email messages gleaned from unsecured wireless networks without people's knowledge, from cars involved in the search giant's Street View mapping project.

The company has sought to downplay the effects of the ongoing data storage but has faced several fines from government authorities for impeding on investigatings, including claims that the software tasked with collecting the data was from a "rogue" staffer.

It was later discovered the employee had told senior management of the data collection prior to its use.