Misuse of User Data by Google Employees
The document shows how Google responded to security-related incidents between 2018 and 2020. The company fired a total of 80 employees during this period. Worryingly, many of the allegations against employees include mishandling of confidential information. In 2020, 86% of allegations included the transfer of internal-only, confidential information to external parties. Additionally, 10% of the allegations were related to “misuse of systems.” This term includes accessing user or employee data in violation of company policies. The document states that 13% of all security-related incidents in 2019 included this allegation. According to Motherboard, the company fired 26 people in 2019, and 18 the year before.
Google Releases Statement
Google, in response, released a statement to address the contents of the document. Firstly, it clarified that the misuse mentioned mostly relates to “proprietary and sensitive corporate information, or intellectual property (IP).” Secondly, it said that the number of violations, whether deliberate or unintentional, remain consistently low. Lastly, the company disclosed that they tightly restrict employee access to user data to prevent such breaches. Google relies on “a number of industry leading standards” to prevent misuse. The safeguards include:
Limiting user data access to authorized individuals. Requiring a justification to access user data. Following a multi-stage review process for granting access to data. Monitoring for access anomalies and violations.
Growing Concerns of Insider Abuse in Tech Industry
Over the last few years, there have been a growing number of reports relating to misuse of user data by employees. For instance, in 2020, Shopify faced a significant security breach caused by two rogue employees. In the same year, a Microsoft staff member from Ukraine stole over 10 million dollars from the company. It was reported, in 2018, that Facebook fired multiple employees for snooping on customers. Snapchat faced similar accusations in the following year. The growing number of reports is concerning, since a large number of people use these services regularly. In a time of growing reports of cyberattacks, it is crucial for companies to maintain the trust of their users. Google, for its part, states that it trains its employees regularly and investigates all allegations thoroughly. Violations lead to punitive actions which may include termination. Their spokesperson added, “We are transparent in publicizing the number and outcomes of our investigations to our employees and have strict processes in place to secure customer and user data from any internal or external threats.”
