Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

ONLINE PRIVACY

Yahoo CPO: “Privacy Cannot Be an Afterthought” (April 30, 2010)

The global Internet community "has been put on notice... that privacy cannot be an afterthought." That was the message from Yahoo, Inc., Chief Privacy Officer Anne Toth at the Office of the Privacy Commissioner's privacy consultations in Toronto on Thursday. The Globe and Mail reports that Toth distanced herself from social networking executives who have reportedly disregarded privacy as a concern, instead cautioning that if the online industry does not improve Web site privacy settings, regulators will start imposing harsher rules. David Vladeck of the U.S. Federal Trade Commission (FTC), who also spoke at the event, confirmed that the FTC plans to introduce rules this summer aimed at giving consumers more control over Web sites' use of their data. (See related story below.)
Full Story

PRIVACY

Commissioners’ Collaboration Signals Steps Toward Privacy Enforcement Without Borders (April 30, 2010)

Last week's letter by Canadian Privacy Commissioner Jennifer Stoddart and nine of her counterparts from across the globe questioning the privacy practices of several international corporations may well indicate a new era of privacy enforcement, Michael Geist suggests in a Toronto Star report. "The joint letter signals a new approach to privacy enforcement, one based on greater cooperation and mutual recognition of common privacy principles," he writes, adding, "As privacy and data protection commissioners work together on issues with a global impact, they create a new layer of enforcement that could lead to joint investigations and parallel enforcement actions. After years of grappling with the challenges of borderless privacy concerns in a bordered world, that is a development worth buzzing about."
Full Story

SOCIAL NETWORKING

OPC Conference Attendees Hear Concerns About New Facebook Application (April 30, 2010)

A Facebook application that allows users to publicly connect with third-party Web sites and share them with friends is raising privacy concerns, the Toronto Star reports. "It's what I and others call 'soft surveillance.' Marketers are building their social graphs based on...social networks, mapping connections between people," University of Ottawa Professor Ian Kerr told attendees at the Office of the Privacy Commissioner's "Understanding Online Tracking, Profiling and Targeting" conference on Thursday. Kerr suggested such applications take online tracking and profiling to a whole new level, the report states, based on users' social networks, not just personal preferences. As Jules Polonetsky, CIPP, of the U.S.-based Future of Privacy Forum put it, "if some of your friends are deadbeats, marketers may conclude you are a bad risk too."
Full Story

ONLINE PRIVACY

Discretion May Be the Key to Privacy Protection (April 30, 2010)

If you want to protect your privacy online--or anywhere else--be discreet about what you say, do and post. That's the message Les MacPherson shares in a feature he wrote for The StarPhoenix on government regulation and privacy. Referencing Privacy Commissioner Jennifer Stoddart's warning that social networking site Facebook is leaving its 400 million users vulnerable to privacy breaches, MacPherson suggests individuals need to protect their own privacy. "Why should anyone expect a level of government protection online that is unavailable to the garden-variety blabbermouth?" he asks, suggesting that "the Internet is absolutely the last place to put anything we don't want the whole world to know about."
Full Story

ONLINE PRIVACY

Is it Time for Stronger Privacy Enforcement Powers? (April 30, 2010)

"Is it enough that our privacy commissioner issues public notices? Or are fines and further enforcement powers necessary to protect the privacy of Canadians both online and off?" That is the question posed by Robert Ballantyne in a CBC report asking readers to weigh in with their privacy concerns. Online privacy affects everyone, Ballantyne suggests, questioning whether Privacy Commissioner Jennifer Stoddart should have increased enforcement powers similar to her EU counterparts. "Whether you like to share every minute detail of your life with both friends and strangers, or happen to live in that elusive log cabin in the wilderness," Ballantyne writes, "online privacy continues to be an issue for everyone interested in personal privacy."
Full Story

HEALTHCARE PRIVACY

Health Minister Dismisses Privacy Concerns in New Legislation (April 30, 2010)

British Columbia Health Minister Kevin Falcon has dismissed privacy concerns raised by Acting Information and Privacy Commissioner Paul Fraser about changes to the province's health laws, The Tyee reports. Fraser has recommended that amendments to the Ministry of Health Act, Public Health Act and Health Authorities Act dealing with the management of personal information not move forward "so that the serious privacy concerns raised by the proposed data sharing are properly and completely canvassed before any further legislative proposals are introduced." Falcon, however, has said the legislation will move ahead without changes, the report states. "In this case," the health minister said, "we just fundamentally disagree with the privacy commissioner."
Full Story

PRIVACY LAW—MEXICO

Mexico Passes Data Protection Act (April 30, 2010)

Mexico's Senate on Tuesday unanimously approved the Federal Data Protection Act. The law establishes the rights and principles of data protection in the private sector. The act is nine years in the making, according to Lina Ornelas of Mexico's Federal Institute of Access to Public Information, the organization that will oversee the protection of private individuals' personal information under the new law. The act "protects third-generation rights and takes into account the development of the internationally recognized principles of data protection," Ornelas says. Furthermore, she says, it incorporates elements from the OECD and APEC privacy frameworks.
Full Story

PRIVACY LAW—CANADA

Alberta’s Breach Notification Requirement Begins Tomorrow (April 30, 2010)

Starting tomorrow when Alberta's Personal Information Protection Amendment Act takes effect, organizations covered by PIPA will have to notify the privacy commissioner when they experience a loss of personal information. Debbie Dresen of Davis LLP notes that "businesses that are not government bodies or public bodies will be subject to the new breach notification requirements." The legislation requires breaches to be reported where it has been determined that "a real risk of significant harm" is present. The commissioner may then require additional notifications."It will be interesting to see how organizations view and respond to the new requirements," Dresen writes. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—GERMANY

Caspar to Meet with Google, Steffen to Introduce Bill Next Week (April 30, 2010)

Google has confirmed that its Street View cars collect Wi-Fi data, but a company spokesperson declares that the practice is "totally legal" and said the company has no plans to publish the data, The New York Times reports. But, "The question is what will Google do with this information?" asked Johannes Caspar, the head of data protection in Hamburg, who will meet with company representatives next week. Meanwhile, German Consumer Protection Minister Ilse Aigner is calling on Germans to opt out of Street View, and a Hamburg senator for justice plans to introduce a bill in the Bundesrat next week that would impose €50,000-60,000 fines for every instance where the company failed to eliminate the data of citizens who had opted out, the report states. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Company Apologizes for Glitch that Exposed Customers’ Credit Cards Online (April 28, 2010)

Social networking site Blippy has apologized for its recent privacy glitch that accidentally exposed members' credit card information and is promising to hire a chief security officer and invest in more security, PC Magazine reports. The company will also have regular third-party audits, invest in its systems to filter out sensitive information, control caching of information in search engines and create a security and privacy center that includes information about how Blippy is protecting its customers, the report states. Blippy has reached out to eight customers whose information might have been compromised, the report states, and will assist in resolving any issues prompted by the data breach.
Full Story

BEHAVIORAL TARGETING

Marketers Navigating Trust and Privacy Issues (April 27, 2010)

"Trust is the currency of effective advertising, and yet it's so curiously evasive and increasingly murky," Pete Blackshaw writes in an Advertising Age feature that suggests addressing privacy is among the key components to establishing and maintaining credibility. "At the heart of the privacy debate is apprehension that marketers will abuse personally identifiable data or the targeting opportunities of behavioral advertising," he writes. However, Blackshaw points out that many consumers volunteer personal information via social networks that would not have been shared publicly in the past, suggesting such changes require "a new dialogue and a new wave of thinking about how we nurture trust and the credibility of our conversations, platforms and models."
Full Story

SOCIAL NETWORKING

Online Sharing: Is There Such a Thing as TMI? (April 26, 2010)

The desire of some Internet users to share everything from what plastic surgery they've had to where they are eating and how much they've spent on the newest tech gadgets could have long-reaching ramifications. The New York Times reports that there seems to be no such thing as "too much information" on the Web. Privacy experts caution there are dangers, however. Purchase-based social networking service Blippy, for example, has inadvertently shared some users' credit card information online. "Ten years ago, people were afraid to buy stuff online. Now they're sharing everything they buy," said Barry Borsboom, creator of Please Rob Me. "Times are changing, and most people might not know where the dangers lie." (Registration may be required to access this story.)
Full Story

PRIVACY—CANADA

National Focus, Global Influence (April 26, 2010)

What began as a sole focus on the information access and privacy rights of the citizens of Quebec has evolved into a role of global influence for Canada's federal privacy commissioner. The Financial Post spoke with Commissioner Jennifer Stoddart recently about her decade-long engagement in the privacy sphere. Stoddart is in the last year of her seven-year term as the nation's top privacy regulator. She said she realized early on that "this job couldn't be done just in Canada." The article points to the global influence of her office's activities, such as its seminal investigation into Facebook's privacy practices and, more recently, the 10-nation accord calling to task Google, Inc., and other Internet companies to better respect the privacy of users.
Full Story

DATA PROTECTION

Survey: CIOs Restricting Use of Social Media (April 23, 2010)

Companies are increasingly limiting their employees' access to social networking sites, the Montreal Gazette reports. That's according to recruiting firm Robert Half Technology's recent survey, which found that 21 percent of chief information officers are limiting employees' personal use of social media sites like Facebook, Twitter and LinkedIn. "Social networking is becoming more and more of a business tool, so companies are re-evaluating their policies and ensuring they're in line with business objectives," a spokeswoman for the firm said. The study also found that most CIOs are becoming stricter in general when it comes to computing for personal use at work.
Full story

SOCIAL NETWORKING

“Exponential” Growth in Demand for Social Data (April 23, 2010)

VeriSign says its research arm, iDefense, has identified a data black market player called 'kirllos' who claimed to have for sale 1.5 million social networking accounts in bulk quantities, reports V3.co.uk. The two things that make this discovery interesting according to iDefense Director of Intelligence Rik Howard, are "the volume of social network account credentials discovered, and the fact we are seeing an eastern European hacker dip into western social networks." VeriSign is warning of an "exponential" growth in demand for black market data stolen from social networking sites, the report states. Howard warns social networking sites to make security a priority and urges companies to ensure employees use social networks with due care.
Full story

SOCIAL NETWORKING—CANADA

PIAC Files Complaint, Seeks Investigation (April 22, 2010)

The Ottawa-based Public Interest Advocacy Centre has filed a complaint with Canada's federal privacy commissioner about the Nexopia social networking site, StraightGoods.ca reports. The 35-page complaint alleges that six of Nexopia's privacy practices violate the Personal Information Protection and Electronic Documents Act. "PIAC would like to see the privacy commissioner investigate Nexopia's privacy practices for compliance with Canadian privacy law, with special consideration to how Nexopia handles the privacy and personal information of minors," said PIAC counsel John Lawford. The complaint states that the company's very advanced search function "does not respect youth privacy," and its default settings "are set to share information with the whole world."

Full Story

ONLINE PRIVACY—CANADA

Public Consultations to Begin (April 22, 2010)

Canada's federal privacy commissioner will soon embark on a series of public consultations about Canadians' use of social media, online gaming and cloud computing tools, reports SC Magazine. A spokesperson for the OPC said the sessions may influence changes to privacy legislation. "Although we feel that the Personal Information Protection and Electronic Documents Act is working relatively well, what we learn may shape the input we make to the next parliamentary review [in 2011]," said Anne-Marie Hayden. In Toronto and Montreal, the consultations will explore online tracking, profiling and targeting. The OPC will host a consultation about cloud computing in Calgary in June.

Full Story

ONLINE PRIVACY

10 Nations’ Privacy Officials Issue Stern Warning (April 22, 2010)

Privacy officials from 10 nations this week issued a stern warning to Google Inc. and other Internet companies about their privacy practices, reports TVNZ. New Zealand Privacy Commissioner Marie Shroff was one of the signatories of a letter sent to Google CEO Eric Schmidt, urging him to better protect users' data and set an example "as a leader in the online world." The data protection commissioners of Canada, France, Germany, Ireland, Israel, Italy, the Netherlands, Spain and the United Kingdom also signed the letter, which asserted that Google's rollout of its Buzz social networking service "violated the fundamental principle that individuals should be able to control the use of their personal information."
Full Story

SOCIAL NETWORKING

Zuckerberg: Building a Web Where the Default is Social (April 22, 2010)

Facebook CEO Mark Zuckerberg this week shed insight on his company's plans to make the Web more social by letting users share personal preferences on external sites across the Internet, TIME reports. The company's new Open Graph suite of products, unveiled this week at its annual developers' conference, includes a "Like" button that Facebook wants every page on the Web to have. "We are building a Web where the default is social," Zuckerberg said. The chairman of Electronic Frontiers Australia told the Sydney Morning Herald that expanding the offering to so many third-party sites will clearly bring privacy concerns.
Full Story

ONLINE PRIVACY

Generational Differences Rooted in Awareness Levels (April 21, 2010)

The Wall Street Journal reports on research findings that suggest young people care about privacy to about the same degree as older adults but are less informed about the rules of the road. "In most cases young people think very much the same as older people when it comes to online privacy," said the co-author of one of the studies, Harvard Law School Professor John Palfrey. But University of California Berkeley and University of Pennsylvania researchers found that while the desire for privacy is similar, kids and teens believe that rules surrounding the privacy of their data are more stringent than they actually are, the report states.

Full Story

DATA LOSS—CANADA

Medical Records Faxed to Newspaper (April 21, 2010)

Alberta's Information and Privacy Commission is reviewing a breach involving the medical records of a woman, which were faxed to a provincial newspaper rather than her physician. The Calgary Sun received the 11-page fax. Privacy Commissioner Frank Work said the incident appears to have resulted from "human error, plain and simple." He said he hopes doctors learn from the mistake and would like to see more physicians move toward electronic records to help prevent such errors. Although Alberta is ahead of other provinces in electronic records adoption, federal Auditor General Sheila Fraser said this week that too few doctors nationwide are making the switch.

Full Story

ONLINE PRIVACY

Site Grades Privacy of Internet Apps (April 20, 2010)

A Stanford University project has ushered in a Web forum where Internet users can review and compare the privacy and security of Internet and mobile applications, the San Francisco Chronicle  reports. The WhatApp.org site, released in beta last month, grades applications based on reviewers' answers to questions about data collection and openness, for example. One news outlet described it as a mix of Consumer Reports, Yelp and Wikipedia, but with a privacy and security focus. Its creators hope the site will bring more attention to the issues. "We've been saying this for a while," said McAfee Labs director David Marcus. "If developers use security and privacy correctly, they can be used as a competitive advantage."

Full Story

ONLINE PRIVACY

Courts Raising Questions About Internet Anonymity (April 16, 2010)

A panel of Ottawa judges is considering whether Web sites named in libel actions must identify people who post anonymous defamatory comments, and that is raising concerns among some privacy and civil liberties organizations. The Ottawa Citizen reports on privacy advocates' view that, "if the judges support unmasking anonymous posters, that could erode their privacy by allowing others to piece together vast amounts of personal information." Meanwhile, a Nova Scotia Supreme Court judge has ordered that newspapers provide the identities of anonymous commentators in legal cases such as defamation suits, stating, "They, like other people, have to be accountable for their actions."
Full Story

DATA LOSS—CANADA

Charges Filed Against Former BC Gov’t Supervisor (April 16, 2010)

Criminal charges have been filed against a BC government worker who was found to have the personal information of 1,400 citizens in his home, the Vancouver Sun reports. The RCMP discovered the data while searching the worker's home during a separate investigation. The discovery prompted provincial officials to open their own inquiry, which resulted in a critical report about the government's handling of the breach, the report states. Richard Ernest Wainwright was a supervisor in the Ministry of Children and Family Development until he was fired in October. He has been charged with forgery and fraud for allegedly falsifying his identity during the hiring process.
Full Story

INFORMATION ACCESS

Commissioner: Access to Information Being Obliterated (April 16, 2010)

When it comes to information access, delays continue to plague the government, the CBC reports. "This right is at risk of being totally obliterated because delays threaten to render the entire access regime irrelevant in our current information economy," Interim Federal Information Commissioner Suzanne Legault wrote in a special report released on Tuesday. Of the 20-plus departments she studied, Legault reported that more than half received below-average marks, noting that nearly half of the complaints her office has received have been related to delays and time extensions. Currently there is no penalty when access deadlines are missed, she said, explaining that imposing legislated timelines on departments would "make a big difference."
Full Story

ONLINE PRIVACY

Study: Young People Care about Online Privacy (April 16, 2010)

Young adults in the U.S. care about online privacy to a similar degree as older adults, according to survey findings released this week. The San Francisco Chronicle reports that researchers at two universities polled 1,000 Americans age 18 and older, finding that "older adults are more alike on many privacy topics than they are different." For example, 84 percent of 18- to 24-year-old respondents said a person should seek their consent before posting a photo or video of them to the Internet, while 90 percent of those ages 45 to 54 felt the same way. The researchers conclude that, "Public policy agendas should therefore not start with the proposition that young adults do not care about privacy..."
Full Story

HEALTHCARE PRIVACY—CANADA

More Controls Needed for Healthcare Workers’ Access to Personal Information (April 15, 2010)

Information and Privacy Commissioner Gary Dickson says there needs to be a review of how Saskatchewan trains, approves and monitors healthcare workers and their use of personal health information. Dickson's report came after an investigation into a 2009 incident where a pharmacist was caught improperly accessing drug information about a former patient. CBC reports that the pharmacist looked up information about a patient and two family members a total of nine times for personal reasons. Dickson's report also recommends tighter restrictions on when and where pharmacists and other healthcare workers should be allowed to access computers to look up such information.
Full Story

BEHAVIORAL TARGETING

Marketers Are Following You To Build Better Ads (April 15, 2010)

In the age of the Internet, marketers are watching what their customers do online in an effort to better aim ads at potential consumers. The Wall Street Journal reports that major companies are turning to smaller start-ups to help them use social networking data to target their advertising, and the trend is raising concerns among privacy advocates. One company, for example, reports that it tracks five billion online connections to weigh the data included in friend-acquaintance connections. Such ad targeting practices are raising concerns about privacy at the federal level, the report states, with some lawmakers preparing to introduce legislation in the coming weeks to make Web site tactics for collecting information on their users more transparent. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—CANADA & U.S.

Commissioner OKs University’s Move to Gmail (April 13, 2010)

Alberta Information and Privacy Commissioner Frank Work has given the University of Alberta the approval to convert its e-mail accounts to Google's Gmail service--as long as university officials warn users about the possibility that their e-mails could be examined by U.S. authorities. The Edmonton Journal reports the commissioner's decision came after the university supplied him with a privacy assessment of the Gmail plan. In his decision, Work said the university has done what it reasonably can to ensure the protection of personal information, but because the e-mails are stored on American servers, they could fall under the U.S. Patriot Act. Under that law, e-mails could be secretly viewed by American authorities, the report states.
Full Story

DATA PROTECTION—CANADA

Audits Reveal Many Deficiencies (April 12, 2010)

Recent audits of BC Ferries have revealed deficiencies in the company's data protection safeguards, reports the Globe and Mail. The company's president assured the problems will be addressed by fall and said, "We are confident that our system is safe and won't be compromised." An audit conducted last fall revealed up to 45 security deficiencies, including insufficient password protocols and a failure to audit database access. The audit also revealed that the company is storing several years' worth of unnecessary credit card data across multiple databases and that "the encryption routine is not fully secure or monitored/audited."
Full Story

GEO PRIVACY

Apple “Taking Privacy Further” (April 12, 2010)

Apple introduced its iAd mobile advertising platform last week and previewed the next version of the iPhone operating system, which will include features to help users control their geo privacy, reports the New York Times. "We're taking privacy several steps further," with iPhone OS 4, Apple's senior vice president of iPhone software said at a preview event on Thursday. Among them, OS 4 will include a status bar arrow that indicates when a user's location is being tracked as well as other "fine-grained settings" to improve users' awareness and control. Jules Polonetsky, CIPP, of the Future of Privacy Forum, said the move shows "how treating data use as a feature is a better way to communicate to users than legal policies" about privacy. (Registration may be required to access this story.)
Full Story

FINANCIAL PRIVACY

Keeping Credit Scores Private Can Mean Increased Insurance Costs (April 9, 2010)

Insurance companies across Canada are increasingly using credit scores to determine the cost of premiums, CBC-TV reports, and for those who choose privacy over sharing their scores, the costs can be significant. While companies report they do not force customers to reveal their credit scores, those who choose to keep the information private can face rate hikes. Some consumers, however, say they are willing to pay that price. "My exact words were I'll eat the discount... to keep my privacy private," said Paul Renny of Ontario. Credit scoring has been banned in Ontario and Alberta for auto insurance, the report states, while New Brunswick has become the first province to ban the practice outright for any type of insurance.
Full Story

HEALTHCARE PRIVACY

Opinion: Patient Information Should Not be Shared (April 9, 2010)

A StarPhoenix editorial calls the Saskatchewan government's decision to allow health foundations access to discharged hospital patients' personal information an infringement on citizens' privacy. The measure aims to help foundations fundraise by identifying people who might be motivated to donate. But adopting "implied consent" as the norm in disclosing patients' personal information invites sundry other medical causes to be given access to patient records, the report says. "Commissioner Gary Dickson is absolutely correct when he notes that the decision will undermine public confidence in the ambitious electronic records when, 'for no more compelling reason that just the convenience of health foundations, that information will now be shared on a routine basis.'"
Full Story

GEO PRIVACY

Commissioner Concerned about Smart Phones (April 9, 2010)

Canada's privacy commissioner says she has reservations about smart phones' potential to track users, the Montreal Gazette reports. "...People can be tracked 24 hours a day without knowing," Stoddart said. "It can be dangerous for some people to know where they are, and others just want to stay anonymous." At La Boule de Cristal conference this week, Stoddart said she's also concerned about the future implications of the phone technology, which can send coupons and other promotional materials tailored to a users' location. Stoddart said her office will study this "minority report phenomenon" in the next few months.
Full Story

PRIVACY

Interim Commissioner’s Term Set to Expire (April 9, 2010)

The term for BC Acting Information and Privacy Commissioner Paul Fraser is set to expire April 12, reports Straight.com. By law, a person is allowed to hold the temporary office for 20 sitting days of the legislature. However, according to the legislature's clerk of committees, the house could pass a motion to reappoint Fraser or extend his term, the report states. Fraser has been filling in since former commissioner David Loukidelis resigned in January. Darrell Evans, executive director of the BC Freedom of Information and Privacy Association, said he hopes the permanent commissioner will be someone who is "basically fearless."
Full Story

ONLINE PRIVACY

Companies Leverage Privacy as Competitive Advantage (April 8, 2010)

The Register explores how companies are using privacy practices as a competitive advantage. Namely, the report outlines how recent Microsoft communications seem to be leveraging privacy to differentiate the company from its competitors. The Register cites a recent company pledge to refrain from indexing Hotmail users' information for the purpose of serving targeted advertisements.
Full Story

HEALTHCARE PRIVACY—CANADA

Info Sharing Irks Privacy Commissioner (April 7, 2010)

While hospital foundations are lauding a decision by the Saskatchewan government to give them access to the names and addresses of those who have used hospital services in order to aid fundraising efforts, others are less enthused, reports CBC News. Provincial privacy commissioner Gary Dickson says, "Information that's provided so we can be diagnosed and treated shouldn't be shared with any third party without the consent of the patient. This obviously violates that." However, Provincial Health Privacy Officer Jacqueline Messer-Lepage says patients will be allowed to opt out of having their information shared with fundraisers and that "certain health regions may choose to go with an opt-in process."
Full Story

ONLINE PRIVACY

Professional Reference Hub in Beta (April 6, 2010)

A new Web site designed to help employers find out more about job candidates has some concerned about its potential for damaging professional reputations, reports San Diego Entertainer. Currently in beta and only accessible through Facebook, the Unvarnished site lets individuals create profiles of themselves or someone else. Other users can then build upon the profiles anonymously, adding feedback on professional performance. Once created, the profiles cannot be removed, the report states. Critics say the site could damage the professional patinas of "unsuspecting individuals."  
Full Story

PRIVACY LAW—CANADA

Pending Case Could “Radically” Change Privacy Law (April 6, 2010)

Later this month, Canada's Federal Court will hear a case that has the potential to radically change the nation's privacy protections, reports the Toronto Star. Law Professor and regular Star columnist Michael Geist says State Farm Mutual Automobile Insurance Co. will argue that Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), enacted in 2000, oversteps the federal government's jurisdictional power. The case stems from a 2005 State Farm customer's request to know which third parties had access to his personal information, which State Farm refused to provide. Geist writes that "if successful, PIPEDA would no longer apply to thousands of Canadian businesses and new legislation such as the Electronic Commerce Protection Act (ECPA) would be imperilled."
Full Story

SOCIAL NETWORKING

Google Buzz Gets New Privacy Controls (April 6, 2010)

Google has created new privacy controls for its Buzz social networking service, MediaPost News reports. The new privacy setting, which went into effect on Monday, includes a confirmation screen requiring users to confirm their privacy settings when they log onto Buzz, the report states. The new privacy controls include approving a list of subscribers to users' Buzz feeds. Admitting the company "didn't get everything right" when Buzz was launched in February, Google Product Manager Todd Jackson notes that Google has moved "as fast as possible" to improve it and protect the privacy of its users.
Full Story

DATA PROTECTION

UN Privacy Treaty Possible (April 5, 2010)

New Zealand Privacy Commissioner Marie Shroff says that huge increases in international data flows necessitate global privacy standards and enforcement, reports Stuff.co.nz. "We have to look at whether and how we can regulate to provide certainty for businesses and protections for individual citizens," Shroff says. A United Nations treaty might be a way to get there, according to the report. Such a treaty could address issues including search engine data collection, call centre outsourcing and payment card privacy. Shroff says she hopes it would apply to government uses of information as well, since "One of the drivers of international data flows is counterterrorism."
Full Story

SOCIAL NETWORKING

Digital Suicide: Saying Goodbye to Online Life (April 5, 2010)

There's a new movement afoot among some social networking users to take back privacy by ending their online lives. The Globe and Mail reports on recent instances where users have decided to become "digital dropouts." Reasons behind the decision to say goodbye have ranged from concerns about online friends tracking users into their offline lives to social networking interactions becoming "someone else's entertainment." While two of the most recent online suicide sites, Web 2.0 Suicide Machine and Seppukoo, are now defunct, experts agree many issues come into play when making the decision of whether to delete or not to delete online information.
Full Story

PRIVACY LAW

Fraser: FIPPA Changes Unnecessary, Gov’t Needs CPO (April 2, 2010)

BC's acting privacy commissioner says that the government's proposed changes to the provincial privacy law are unnecessary, The Tyee reports. Acting Privacy Commissioner Paul Fraser told a committee that is reviewing the Freedom of Information and Protection of Privacy Act (FIPPA) that it is already working in the ways the government wants, but a "lack of training and understanding" exists. The government told the same committee last week that it needs new powers to collect citizens' information and share it across government agencies using the forthcoming Integrated Case Management database. Fraser said that instead of rewriting the rules, the government should appoint a chief privacy officer to help interpret and communicate the existing rules.
Full Story

DATA LOSS

WHSCC Response to Breach Deemed Appropriate (April 2, 2010)

Newfoundland and Labrador Information and Privacy Commissioner Ed Ring has found that the Workplace Health Safety and Compensation Commission (WHSCC) took appropriate measures in the wake of a 2008 breach involving the exposure of clients' personal information through an online file-sharing service, VOCM reports. According to the Office of the Information and Privacy Commissioner (OIPC) report, immediately following notification of the breach, the WHSCC worked to contain it, recover the records, determine the extent of the exposure and notify those affected by the incident. The OIPC also concluded that, prior to the breach, the WHSCC "made reasonable security arrangements" under the Access to Information and Protection of Privacy Act "to protect the personal information of its clients against foreseeable risks."
Full Story

PRIVACY LAW

Warrantless Records Searches Would “Invade Privacy” (April 2, 2010)

Police told a parliamentary committee Monday that they should be allowed access to cellphone subscriber information and IP addresses without a warrant in order to better combat organized crime. But critics say allowing access without a warrant would invade personal privacy and undermine civil rights, the Edmonton Sun reports. "To just start doing willy-nilly searches without good evidence is really dangerous and is a real affront to people's personal privacy," said a spokesman from the Rocky Mountain Civil Liberties Association. However, an Alberta justice minister said laws regarding warrants need to change to keep up with technology because they are "really dated, like 20 years old."
Full Story

PRIVACY LAW

How Legislation Impacts Real Estate Transactions (April 2, 2010)

In an article for yourhome.ca, lawyer Mark Weisleder explores how Canada's privacy laws apply to the publishing and advertising of homes' selling prices. In the real estate business, writes Weisleder, "any facts about a person's home...are considered personal information because those facts can be used to identify the owner of the property." Therefore, disclosing a sales price in advertisements is prohibited under Canadian laws unless the seller grants permission. "By understanding how privacy law impacts real estate transactions," Weisleder writes, "buyers and sellers can make informed decisions regarding how their sale price is advertised, as well as protecting this very personal information from the eyes of others."
Full Story

PRIVACY

Privacy Quiz Aims to Educate Small Businesses (April 2, 2010)

Canada's Office of the Privacy Commissioner (OPC) has posted an educational quiz to its Web site as part of an effort to help small businesses identify risks. Rotating sets of five questions comprise the quiz, and answers provide links to OPC documents with additional information. Topics covered include privacy laws, video surveillance and user consent. The OPC will continue to revise questions as new privacy issues emerge.
Full Story