While Google Calendar is a great way to keep organized, people have found another use for it. Using Google Calendar and the new “Search Public Events” feature, people are able to scoop up “private” corporate data that’s probably meant to be private, but is set for the public to view.
Google Calendar allows users to select whether they want the content of their calendar private or public. If it’s made public, the data within those calendars can be returned in the Google Calendar search results.
According to PC World, information has come up in search results about vendor meetings, and the names of projects in the works. Dial-in numbers and passcodes for business meetings are also turning up. One example they came across was details for a JPMorgan Chase & Co conference call regarding a “SAN Security Remediation Project.”
The problem is that people use Google Calendar to keep themselves organized, so they include all of their important business meetings and events in detail, apparently not realizing that they set their calendar to public.
I decided to go see for myself what kind of corporate data I could find, and so I went to Google Calendar and typed in “passcode” as my search term, and clicked “search public events.” It came up with hundreds of results with most of them containing telephone numbers and passcodes for conference calls. Results like:
- Apple Conference Call Northern California (link)
- NASA Academy Operations Forum (link)
- IBM Sales Event (link)
Will companies restrict their employees from using Google Calendar and other online methods for organization because of this? It’s not a likely way for sensitive information to get leaked, but it’s happening. The users are the ones to blame because they’re not setting their calendars to private, leaving the World to see everything!
This is one reason why public applications just don’t do well with corporate users who clearly don’t know how to use the application appropriately.
This was posted on the PC article but I think it is relevant to your readers…
Google Calendar is very useful tool. Like all tools it is important to learn how to use them properly. I must say it is slightly surprising that a person in an IT position would be a participant in this ‘leak’ for lack of a better term.
Google Calendar settings are easy to use and we here at the Calgoo office default our business calendars to private. That way there is a number of steps one must go through to make a calendar public, and thus very hard to do by accident.
Perhaps the instructions / best practices are the needed improvement points here. Google did not cause an information leak – there was just a problem with the user not knowing how to use the settings.
- Calgoo
[calgoo.com]
I think people will realize that Google did not cause an information leak. Clearly it was a problem where the users set their calendars to public.
Google has absolutely no control over what data users put in their calendars.I was just more amused that people put this kind of information in their calendars and then don’t take the time to make sure that they are set to private.
I always set my calendars to private as well. I don’t see why people feel the need to share their calendars with the world anyways, especially work-related calendars.