From my experience interning twice at Google, I was very impressed by their standard for privacy and the protections they had put in place. They have teams dedicated to just researching ways to improve information security.

Two projects I found fascinating: 1) A system that analyses all attempts and actual accesses to user data by employees (this access it self was very regulated on a need-only basis), determining whether the given user that was accessed falls somewhere within the employee's likely social graph, and flagging anything suspicious to their security team. So if an employee tried to view their ex's info, or their friend's roommates info, etc. the system would auto-flag them and an investigation would likely result in that employee being immediately terminated.

2) Much of Google's data is accessible by many production services. This is a security weakness, however, there was a project to make the data layer enforce security constraints so that applications could only access data relavent to them, and additionally also enforcing security on a user-level (so an app could only access that user's data if it had an access token for that user). Mind you, this is not even limiting admin access, this is actually preventing the code from accessing the data even if the app's built-in security features fail.