Google has agreed to a settlement with the Federal Trade Commission that will require the creation of a new “privacy program” within the company after claims that its ham-handed attempt at creating a micro-blogging service called Buzz violated the privacy of a large number of its users.

The agreement with the FTC means that Google will have to report to an independent review board every two years to review its privacy policies. Google also has to very explicitly ask its users to share personal information instead of automatically synchronizing it with other users in their network. Google is also ordered to create a “comprehensive privacy program” within the company — including allocating additional staff — that will manage the company’s privacy policies.

Google recently settled with plaintiffs over the privacy concerns stirred up by Buzz for around $8.5 million — only $2,500 of which would be paid out to the individual users that filed the lawsuit. It wasn’t that bad of a deal, considering the company makes around $25 billion in revenue each year.

“The launch of Google Buzz fell short of our usual standards for transparency and user control — letting our users and Google down,” Google said in a statement on its blog. “While we worked quickly to make improvements, regulators — including the U.S. Federal Trade Commission — unsurprisingly wanted more detail about what went wrong and how we could prevent it from happening again.”

Google Buzz launched in February last year. It was supposed to sync up with Gmail users’ email inboxes. It worked too well, though, and stirred up a hornet’s nest after users discovered any Buzz user could see their entire list of contacts. Those contacts were visible by default. There were a number of options to tighten the privacy settings, but the snafu caused Buzz to be universally panned. About a month later, Google said it had misstepped and had designed the service without enough thought.