OTTAWA — Millions of Canadians search the web every day, but the country's privacy commissioner says their favourite search engine was doing too much research into them.

Jennifer Stoddart says Google broke Canadian privacy laws when it accidentally collected personal information from unsecured wireless networks while putting together its Street View mapping service.

An investigation by Stoddart's office found complete emails, addresses, usernames and passwords. Even a list that provided the names of people suffering from certain medical conditions was collected.

"This incident was a serious violation of Canadians' privacy rights," she said in a statement.

Thousands of Canadians were likely affected, Stoddart said, by what amounted to a careless error on the part of an engineer.

According to Stoddart's investigation, the code the engineer had written to map wireless Internet signals also allowed for the capture of communications over unencrypted networks, but he never submitted it for review to Google's lawyers so no one was aware of the potential for problems.

Even when a German data collector first raised concerns about the Wi-Fi mapping earlier this year, Google denied it was collecting anything other than what was publicly available.

But upon a review, Google staff realized their cars were capturing much more than the flower pots in front of people's homes.

In an interview, Stoddart said her team was taken aback by the extent of the information.

"We had heard there was no personal information collected, we had heard that it would just be snippets, it would unintelligible, and in fact it was very intelligible," she said.

"There was a lot of personal information, some very sensitive personal information, and it wasn't that hard for them to get at it, so Google is sitting on a mound of personal information of a highly identifiable kind."

In its response to Stoddart's findings, the company said it had no intention to use the data and would keep it safe until all investigations are complete, then delete it.

Google did not immediately respond to a request for an interview.

After the privacy concerns were first raised, the company halted the roll out of Street View mapping cars in Ireland, Norway, South Africa and Sweden until it could delete the offending software.

"We recognize that serious mistakes were made in the collection of Wi-Fi payload data, and we have worked to quickly rectify them," the company said at the time.

"However we also believe that Street View is a great product for users, whether people want to find a hotel, check out a potential new home or find a restaurant."

While Stoddart said she believes the data is secure, she isn't as confident in Google's overall approach to privacy.

"This is basically the third time in sixth months that there's been a Google mix-up," she said.

"In the race to get ahead with new products, there is not sufficient attention paid to the protection of personal information."

In April, Stoddart led a group of 10 privacy regulators who wrote to Google concerned about its approach to privacy, especially in the wake of its controversial "Buzz" project, a social network built out of people's email address books.

They were also worried about the general privacy implications of Street View, which allows users to get crystal-clear pictures of homes and, in some cases, people's faces and licence plates.

Stoddart said Google needed clearer controls around new product launches as well as enhanced privacy training.

"They are leaping before they look," said Stoddart.

"They are not taking it seriously and, you know, I think that's why increasingly regulators are stepping up the tone and we're working together."

On Monday, Spanish data regulators announced they were filing a lawsuit against Google for the Wi-Fi mapping incident and seeking millions in fines.