We’ve spent the past several months looking at how to strengthen our internal privacy and security practices, as well as talking to external regulators globally about possible improvements to our policies. Here’s a summary of the changes we’re now making.
* First, people: we have appointed Alma Whitten as our director of privacy across both engineering and product management. Her focus will be to ensure that we build effective privacy controls into our products and internal practices. Alma is an internationally recognized expert in the computer science field of privacy and security. She has been our engineering lead on privacy for the last two years, and we will significantly increase the number of engineers and product managers working with her in this new role.
* Second, training: All our employees already receive orientation training on Google’s privacy principles and are required to sign Google’s Code of Conduct, which includes sections on privacy and the protection of user data. However, to ensure we do an even better job, we’re enhancing our core training for engineers and other important groups (such as product management and legal) with a particular focus on the responsible collection, use and handling of data. In addition, starting in December, all our employees will also be required to undertake a new information security awareness program, which will include clear guidance on both security and privacy.