Friday, March 03, 2006

Google and Privacy...

First off, let me thank Barry Benjamin, my attorney, who has helped me immensely over the past few months, with the law firm of Pitney Hardin.

Barry has been a trusted counselour, given me sound advice, and been a reliable source of data and information...on many fronts - as I begin this new professional phase of my life....

He has brought something to my attention that is fascinating.

Google's new product "Search Across Computers..."

The tool is similiar to the Google Desktop service, with one major exception.
Google will be making a record of EACH AND EVERY hardrive that is involved in the "Search Across Computers" - and housing that data on their servers.

So, when you go to San Francisco, for a meeting you can access your computer, and all of it's contents remotely, from anywhere...

Because Google has made a copy and placed it on it's servers (temporarily)...

What are the privacy implications of this for a business owner?
What are the privacy implications for the financial and healthcare industry if a employee can use this tool?

Barry writes below --- here is the official PRESS RELEASE from the law firm of Pitney Hardin

"Google's new "Search Across Computers" tool could be hazardous to a company's efforts to comply with its privacy obligations, and not just in the financial services or health related areas.

Companies outside these specific have posted privacy policies where they make specific representations about how they will protect a customer's personal information and may expressly limit disclosure of customer information to third parties. Moreover, government regulators such as the FTC have even sought sanctions and penalties against companies, going beyond posted privacy policies, if a company disclosed sensitive customer information, whether unintentionally or negligently, to third parties via a common hack, for example.

If a company employee uses Google's Search Across Computers tool, any sensitive customer information that resides on the employee's hard drive will be copied to Google's computers, unless the employee takes specific action to prevent the copying. Any reasonably competent CIO knows that employees are the most likely source of a problem with unauthorized disclosures or loss of passwords - lost laptops, lost blackberrys, common passwords (birthdays), etc.

When Google makes a copy of the sensitive customer information on its own computers that resides on the employee's hard drive, in order to make it accessible to the employee from different computers (e.g. if the employee works from home or visits the company's offices in other cities), that could very well be an unauthorized disclosure to a third party under the company's posted privacy policy. Moreover, companies are now subject to various laws which require notice to customers if the customer's information has been exposed to an unauthorized third party - a company would have no way of knowing if Google's servers are breached.

Of course, Google probably has better info security than any company that might be using its tools, but that is beside the point. The company has legal obligations that it may breach merely by its employee's use of Google's new tool. Companies need to be very wary about letting their employees install and use this new tool."

Many thanks to Barry Benjamin for the tip.....

More on the Google privacy issue to follow.


Post a Comment

<< Home