CNIL Fines Google for Privacy Breach

March 22, 2011 - PRLog -- Recently, French regulator CNIL fined Google for violating data protection laws. The authorities imposed a fine of 100,000 euros on Google for unauthorized collection of personal information from Wi-Fi networks, while capturing pictures for the company’s Street View service. While, the pictures were taken for enhancing the location finder ability of the service, it also resulted in capture of personal data such as login information, e-mail messages, mac addresses and other personal data from private and unencrypted Wi-Fi networks. The information was collected without the approval of the concerned individuals. Google started deploying vehicles with multi- dimensional cameras in 2007 to gather panoramic views of streets. The vehicles are called as street cars and the latest version has 15 lenses to capture 360 degree pictures.

CNIL started investigating the data breach case last year. Google subsequently admitted that over 600GB of data was accidentally collected. The company apologized and ensured that personal data will not be collected. However, regulators observed that Google continues to collect information such as details regarding access points through Latitude. Latitude is a mobile application, which allows users to enable other users to view their location. CNIL claimed that Google collects the data, without the knowledge of the users. According to the regulator, Google denied access to source code of software used to gather data for the street view. The French regulator also claimed that Google refused to inform users in France on the use of their phones to collect data on Wi-Fi networks. Data protection authorities in several other countries are also investigating the alleged data breach by Google.

Unauthorized data collection not only violates the privacy of the affected individuals, but also compromises information security. The extracted information could be misused for tracking user activity, analyzing trends and promoting products. Individuals having access to the collected information may also misuse them for unscrupulous purpose. While organizations must make use of technological advancements to improve services provided to the customers, they must ensure that they do not infringe on the privacy of the users. Data and privacy breach incidents may also have legal, financial and reputational implications for the business.

Data and privacy breach may be caused by intentional collection or dissemination of information, accidental disclosure, insider theft, security flaws and computer intrusions. Hiring IT professionals qualified in penetration testing, masters of security science, security audit and other security certifications would enable organizations in timely identification and mitigation of threat vectors.

Organizations must adhere to data protection laws and must take consent of the customer for using the data as required by the laws of the respective countries. Access to privileged data must be restricted to select users. Employees could be trained on security threats and data protection requirements through online degree and e-learning programs. Organizations must have proper monitoring mechanisms in place to track any unauthorized employee activity. IT professionals could also be encouraged to undertake online university degree programs on IT security and data protection to enable them to devise appropriate data protection mechanisms in the organization.

Contact Press

EC-Council
Website:  http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).