Privacy Advisor

Notes from the Executive Director

May 1, 2008

Springtime at 43 degrees north finds Canadians shedding their parkas and squeezing every last ray of sunlight possible from the day. That's what we found at the IAPP's first-ever Canadian Privacy Summit in Toronto May 21-23, where hundreds of lively Canadian privacy pros gathered to learn, network and become privacy certified.

The three-day event was a big hit in this country whose privacy policies other nations covet. Privacy pros came out of the trenches to hear, share and connect on privacy issues large and small alongside Canada's privacy commissioners and experts from across the country.
But all good things must end, and leaving Toronto on a high note was the only way to leave such a great city. Today, the full heat of almost-summer is upon us, while our friends in the southern hemisphere look ahead to their winter season. Although our climates differ, the privacy issues we contemplate on a daily basis are the same.

Another day, another stolen laptop.
It seems I've just digested the news of the UnitedHealthcare data breach that resulted in the identity thefts of 155 University of California-Irvine graduate students, yet as I write, another massive breach is making headlines, this time at Stanford University, where the personal information of tens of thousands of current and former employees has been put at risk. And to think that these are just the breaches we hear about... A recent Gartner study suggests that only a small percentage of retailers hit by information breaches actually notify the public of the incident. There is something tiring about weekly data breach headlines. Equally as discouraging is the annual report of the office of the Canadian privacy commissioner, which highlights the fact that despite the notoriety these breaches bring, a great many organizations still haven't taken basic measures to protect private data.

There is no end in sight to the issues we all work so hard to resolve. And, like poison ivy bubbling just under the surface of the skin, new ones come into the fray every day. Locational privacy was in the news again this month, and is bound to become a bigger topic as researchers continue their efforts in this area. We'll examine this topic in an upcoming issue of the Privacy Advisor.

Meanwhile, in this month's issue we're excited to bring you an insightful look at the history and privacy implications of U.S. Fusion Centers (did you know almost every state has one?), and a story on practical and important steps you can take to make your organization rock solid when it comes to data destruction.

I hope you enjoy this issue of the Privacy Advisor.

J. Trevor Hughes, CIPP
Executive Director, IAPP