Not enough, still BS'ing
"To hear Fleischer tell it, Google is walking the razor-thin line between security, innovation and compliance on the one side and privacy on the other."
Yeh, they're in full on bullplop mode. Basically they continue to keep searches per IP address. They refuse to derive the search metrics they need immediately and discard the raw data. That data is personally identifiable, as the AOL case showed.
They are flat out in violation of EU privacy laws, but then they know it because their answers are misleading, hostile and evasive.
SOX has nothing to do with their searches, zero, zip, nada, that's an excuse. Alice in wonderland stuff.
Saying they need to keep the cookie to identify language preference, is also an excuse.
cookie: language = english
Doesn't require personally identifiable data.
It's not worth talking to them at this point, their answers and the sheer hostility to fixing the problem show a staggering contempt for the people they're talking too.
I'd remind you that this is yet another case of a need to give the EU Privacy body legal teeth. Because without those teeth, companies only pay lip service to these EU directives.