Google Blogoscoped

Wednesday, June 27, 2007

Google-internal Data Restrictions

There’s two sides to protecting your personal data stored at Google: defending abuse from the outside, and defending abuse from the inside. Google’s Douglas Merrill recently gave some remarks on how Google tries defend from outside abuse. In a bit of a follow-up to Seth Finkelstein’s recent column in The Guardian (where Seth said it’s likely there are intelligence agency moles working at Google), I asked Google how they internally restrict access to data, so that e.g. a member of the Gmail team can’t access user data connected to Google Analytics, and so on. Here’s Google’s reply (note: as usual, privacy claims can’t be verified from the outside):

We restrict access internally in a number of ways. For example, product managers for Google Maps are not able to see the data collected for the Google Book Search team. For sensitive information, such as credit card info and email content, the access is more strictly limited and includes additional security measures such as tracking who accesses which data and when. This group of people is limited in their access to this data for specific purposes, such as debugging or abuse detection. Oftentimes, access to such data is automated so that there is no need for an individual to access the data. All of our employees are also bound by confidentiality agreements to protect against the misuse of data

[Thanks Victoria G.!]

Update: Following up on Matt Cutts’ suggestion in the comments I’ve also asked Microsoft and Yahoo the question on their internal data handling restrictions. Here’s Microsoft’s answer:

Microsoft implements strong security and privacy measures to help protect customer data. All personnel associated with the development or operation of Microsoft’s online services attend mandatory Privacy and Security training, which includes information related to data access and handling. To protect the confidentiality and integrity of data and ensure that the appropriate levels of security controls are applied, Microsoft’s online services employ an asset classification methodology to identify and categorize data according to sensitivity and value.In general, access to systems and any associated customer data is restricted to administrative or operational personnel only; furthermore, access to a particular online service’s data is restricted to only those personnel involved in administration of the specific system.

In the case of sensitive data, additional safeguards are employed, including monitoring access and using encryption so that operations personnel can administer the system and data without the ability to access or view the data itself. Further, by policy, product development and test personnel do not have access to the customer data stored in, or associated with, the online services they are developing.

(Yahoo’s answer so far was the less revealing “Are you a journalist?”)


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!