Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

DATA PROTECTION

Survey Suggests Businesses Not Worried About Breaches (May 28, 2010)

The Office of the Privacy Commissioner (OPC) has released survey results that suggest Canadian businesses are not concerned about privacy breach risks despite the fact they are collecting more information about their customers than ever before. The OPC commissioned the survey, which found that 42 percent of the 1,005 businesses polled are not concerned about security breaches, according to the commission's press release. "Given the severity and number of major data spills that we have seen reported in the headlines over the past few years, it is concerning to see that businesses are not more apprehensive about this issue," said Assistant Privacy Commissioner Elizabeth Denham.
Full Story

GENETIC PRIVACY

Class Action Filed Over Infant Blood Samples (May 28, 2010)

British Columbia's Provincial Health Services Authority is facing a class action lawsuit for its collection and use of infants' blood samples without parental permission, Courthouse News Service reports. A mother of two says the authority is maintaining 800,000 samples collected from babies born in BC since 1999. Her complaint states that the samples have been accessed by researchers for "unknown research and testing purposes" and that "The blood sample storage facility amounts to a legally unauthorized fully functional DNA database." The class is seeking destruction of the samples and damages, according to the report.
Full Story

ONLINE PRIVACY

Investigations, Court Actions Abound Over Google WiFi Collection (May 28, 2010)

A U.S. federal court has issued a restraining order prohibiting Google from destroying data it collected over WiFi networks, The San Francisco Chronicle reports. The court is also ordering Google to turn over two copies of wireless data collected from the U.S., where suits have also been filed in Oregon, Massachusetts, California and Washington, DC. In Australia, the Australian Privacy Foundation has said there are grounds for consumers to pursue legal recourse, suggesting the company violated the Telecommunications Act and the Privacy Act. Investigations into Google's collection of personal information through its Street View vehicles are ongoing across the globe, including in the Czech Republic, where the Office for Personal Data Protection has reported Google could face fines of up to €392,000.
Full Story

SOCIAL NETWORKING

Privacy Officials’ Reactions Split Over Facebook Changes (May 27, 2010)

Canada's federal and provincial privacy commissioners are offering different opinions based on their first reviews of Facebook's announcement of its new privacy settings. Assistant Privacy Commissioner Elizabeth Denham cautioned that the social networking site is still not compliant with federal privacy laws, noting the new settings still require public disclosure of user names, profile information, pictures, gender and networks, The Globe and Mail reports. "They have dialed it back a bit...but we don't think they have gone far enough," Denham said. Ontario Privacy Commissioner Ann Cavoukian had a more positive reaction, saying she is "very pleased with the response," but adding that her office will be reviewing the changes in the weeks ahead because "the devil is in the details, or in this case, the devil is in the default." Meanwhile, Gartner analyst Ray Valdes suggests Facebook's move could affect the privacy policies of other technology companies, saying, "Facebook is a very large canary in the coal mine...Competitors are watching to see how much Facebook can get away with and what are the limits that are considered acceptable by government and users." Facebook Vice President Christopher Cox has said the company will be consulting with Canada's federal privacy commissioner on the office's specific concerns.
Full Story

PRIVACY LAW—CANADA

Opinion: C-29 Disappoints (May 27, 2010)

A Canadian scholar weighs in on one of two bills tabled by Industry Minister Tony Clement this week, calling C-29--the Safeguarding Canadians' Personal Information Act--a "huge disappointment." On his blog, University of Ottawa law professor Michael Geist describes the bill to amend the country's private sector privacy law to include breach notification requirements as "very weak when compared with similar laws found elsewhere." Geist cites a lack of penalties for failures to notify and outlines the bill's new business exceptions, concluding that "C-29 does not do nearly enough to advance the Canadian privacy law framework in a manner that actually protects personal privacy."   
Full Story

PRIVACY LAW—CANADA

Gov’t Tables Anti-Spam Legislation (May 26, 2010)

The Canadian government yesterday tabled what Industry Minister Tony Clement described as long-overdue legislation--an anti-spam law that would impose up to $1 million penalties and would allow for civil actions against violators. Clement said the Fighting Internet and Wireless Spam Act would result in "a significant diminution" of spam and would nix Canada's reputation as a haven for spammers, The Vancouver Sun reports. The Office of the Privacy Commissioner would enforce the legislation, which would also see the creation of a spam reporting centre. University of Ottawa law professor Michael Geist praised the bill and predicted its swift passage.
Full Story

PRIVACY LAW—CANADA

Proposed PIPEDA Amendments Would Require Breach Notifications (May 26, 2010)

Proposed amendments to Canada's private sector privacy law would require that companies report material data breaches to the Office of the Privacy Commissioner and notify affected individuals in cases involving significant risks, The Vancouver Sun reports. The government tabled the proposed amendments on Tuesday. They would require companies to notify affected individuals "when the organization deems the breach to pose a real risk of significant harm, such as identity theft, fraud or damage to reputation." Privacy Commissioner Jennifer Stoddart welcomed the proposal, but Janet Lo of the Public Interest Advocacy Centre said "that's a really, really high trigger threshold to inform the individual." University of Ottawa law professor Michael Geist described the Safeguarding Canadians' Personal Information Act as "the anti-privacy privacy bill."
Full Story

EMPLOYEE PRIVACY—CANADA

Commissioner Probes Credit Checks (May 26, 2010)

Alberta's privacy commissioner is investigating why some Alberta government employees were the subject of credit checks earlier this year, The Edmonton Journal reports. The Alberta Union of Provincial Employees is calling Alberta Justice's credit checks on 27 employees--revealed by an anonymous tipster after employees noticed flags on their credit reports--an "unnecessary invasion of privacy." The union has filed a grievance against the government. In a letter to those affected, Deputy Minister Ray Bodnarek apologized and said proper procedures and government-wide protocols had not been followed, but records of the credit checks had since been destroyed. "I take this matter very seriously and have further instructed that internal mechanisms are established and followed to ensure this type of error does not occur again," he said.
Full Story

SOCIAL NETWORKING

Will Privacy Concerns Drive Users Away from Facebook? (May 26, 2010)

Despite criticism over the way Facebook handles personal information, users are flocking to the world's largest social networking site, Businessweek reports. As of last month, Facebook had more than 519 million users, the report states, up from the 411 million it had eight months ago. Meanwhile, an online survey of more than 5,000 Mashable readers offered a different perspective, with about 30 percent indicating that due to concerns about the way the site handles personal information, they plan to leave Facebook. Despite those concerns, analyst Augie Ray of Forrester Research suggests, "I don't think we're going see an immediate and large migration away from Facebook. There isn't a real clear alternative for people to do the sorts of sharing that they've really come to expect and enjoy."
Full Story

ONLINE PRIVACY

The Dangers of “You Are What You Buy” Sites (May 24, 2010)

Shoppers are sharing everything from how much they paid for lunch to where they're traveling through purchase-based networking sites Blippy and Swipely, prompting privacy advocates to warn such information could be at risk. The Washington Post reports on concerns about divulging "a dangerous level of personal financial information" that could be gold for behavioral advertisers. Blippy users, for example, share details on about $1.5 million worth of transactions every week, the report states, and give the company access to credit, debit and online accounts to create purchase histories and post new transactions to the site. "Blippy already knows what you're doing with every swipe," the report states, "And friends, or strangers, can join your network and watch your money leave your wallet." (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING

Sites Sent User Data to Advertisers (May 21, 2010)

The Wall Street Journal reports that Facebook, MySpace and other social networking sites have been sharing data with advertising companies, potentially in breach of industry standards and their own privacy policies. In reviewing the code of seven sites at the request of the newspaper, Harvard Business School Associate Professor Ben Edelman found that when a user clicks on ads, the sites send the user name or ID numbers tied to the personal profile, giving advertisers the potential to find out more about the person behind the ad. The professor wrote to the Federal Trade Commission yesterday to request an investigation. According to the report, Facebook has changed its code to address the issue. Many of the advertisers receiving the data, meanwhile, said they have not made use of it. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

More Google Inquiries Launched (May 21, 2010)

The list of authorities planning to investigate Google's collection of data from wireless networks continues to grow, The New York Times reports. Officials in Spain, France and the Czech Republic announced Thursday that they plan to investigate the company's admission that it inadvertently collected "snippets of Web sites and e-mail messages" from unsecured WiFi networks, the report states. Germany has already started an inquiry, while regulators in the UK and Ireland have reported they are not initiating investigations but have asked Google to destroy the data collected in their countries. Nations around the globe, including the U.S. and Australia, are also considering what action to take. Privacy lawyers believe the company is likely to face fines and suffer damage to its reputation but not "serious criminal convictions." (Registration may be required to access this story.)
Full Story

GENETIC PRIVACY

Advocates Question Newborn DNA Samples (May 21, 2010)

A Canadian civil liberties group says parents should be asking questions about the storage of their newborns' DNA, the Calgary Sun reports. The BC Civil Liberties Association recently launched a complaint about newborn metabolic screening in BC, where 800,000 blood samples from newborns' heels are stored after being screened for disorders. The BC Privacy Commission is investigating the practice and at least one parent has filed a lawsuit for invasion of privacy, the report states. Dave Eby, the executive director of the BC Civil Liberties Association, says parents should be asking "how the blood sample cards are used--whether there is access by pharmaceutical companies, medical research or anyone else."
Full Story

SURVEILLANCE

CCTV for the G20 (May 21, 2010)

Toronto police have begun installing 77 closed-circuit video cameras in and around the city's financial district to address security concerns in connection with the G20 Summit in June. The Globe and Mail reports that only 18 such cameras are currently in use in Canada's largest city, prompting some privacy advocates to raise concerns about the removal of the additional cameras once the event is over. Police have said the cameras will be taken down but that any footage depicting potential evidence will be retained. Voicing concerns about the additional CCTVs, Jonathan Goldsbie of the Toronto Public Space Committee said, "I'm expecting the worst from the G20, but I'm more concerned about leftover technology and leftover police infrastructure."
Full Story

DATA LOSS

Medical Cards on the Street (May 21, 2010)

Thursday morning, in an industrial area of Regina, a man found medical cards containing personal information such as names, telephone numbers, addresses and birth dates lying on the street. The Leader-Post reports that an employee at a local shredding and recycling company lost the cards while transporting the materials between buildings. The company's president, Jack Shaw, said that when they found out that some materials had gone astray, other employees were called out to search for the materials. Shaw estimates they found about a dozen cards. "We cleaned up the entire area, and we never found anything else," said Shaw. "This is the first time this has happened and there will not be another one."
Full Story

PRIVACY LAW

Toronto Woman Sues Phone Company for Data Release (May 21, 2010)

A Toronto woman is suing her former phone company, alleging that its billing practices invaded her privacy and led to the end of her marriage, the Toronto Star reports. Gabrielle Nagy claims that the company mailed her husband their household's invoices for services including Nagy's mobile phone--which she maintained separately under her maiden name--consolidating them without her consent and allowing her husband to discover her extramarital affair. A statement of claim filed in Ontario's Superior Court of Justice says the "previously private and confidential information" disclosed by the phone statement led to the plaintiff's husband's ability to inquire about the nature of her calls.
Full Story

BIOMETRICS

Google Execs Debate Facial Recognition Launch (May 21, 2010)

There's an internal debate going on over at Google right now, the Financial Times reports, as the company's executives are wrestling over whether to launch controversial facial recognition technology. Google CEO Eric Schmidt noted that recent public disputes over privacy issues have caused the management team to review its procedures and the launch of new technologies, saying, "Facial recognition is a good example...anything we did in that area would be highly, highly planned, discussed and reviewed." Google currently uses the technology in its photo sharing service, but held back on launching the technology more broadly. Schmidt has not, however, ruled out introducing the technology in the future, the report states.
Full Story

SOCIAL NETWORKING

Facebook Hunkers Down While Users Open Up (May 21, 2010)

The backlash to recent changes by Facebook to make more public users' profiles has resulted in all-hands and closed-door meetings at the company's headquarters, The Wall Street Journal reports. Meanwhile, the U.S. Federal Trade Commission is looking into how social networks use members' data and European regulators are calling on the company to address what they describe as "unacceptable" practices. "The company can't afford not to act" the report states. But one blogger asserts that the privacy concerns are overblown, saying that "FB is a publishing function" and users give up privacy in order to use it. "If you think it's a problem," writes Mark Cuban, "deactivate your account." (Registration may be required to access this story.)
Full Story

BEHAVIORAL TARGETING

Study: Regulations Affect Ads’ Effectiveness (May 20, 2010)

A study conducted by marketing professors concludes that even moderate regulation impacts the effectiveness of ad targeting, reports MediaPost News. The study explored European participants' intent to purchase and compared the results with similar studies carried out in non-EU countries, concluding that online ad effectiveness in Europe is lower by more than 65 percent due to more stringent online privacy laws, the researchers say. Another academic suggests the findings may be due to greater consumer awareness in the EU about targeted ads rather than the regulations.
Full Story

SOCIAL NETWORKING

MySpace Launches Simplified Privacy Settings (May 18, 2010)

MySpace has announced it has created simplified privacy settings for user information, The Wall Street Journal reports. The new controls include giving users the option of selecting one privacy setting for all their information as well as choosing whether to make their profile public to friends only, to all users over the age of 18 or to everyone. MySpace users also have the ability to block the sharing of their information with other Web sites or third-party applications, the report states. In disclosing the company's new policies, MySpace Co-President Mike Jones said, "we want to get out and state a clear position so that our users understand that we take privacy very seriously." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Tracking Web Users? No Cookies Necessary (May 18, 2010)

Deleting those cookies from your Web browser is not enough to protect your privacy online, an Electronic Frontier Foundation computer scientist asserts in a paper due to be formally presented this summer. CNET News reports on Peter Eckersley's findings that modern browsers have been designed to provide Web sites with "a torrent of information thought to be innocuous" that can actually become personally identifiable when taken in combination and compared with other browsers. Eckersley said the law should treat these "browser fingerprints" as personally identifiable information and is recommending changes to ensure browsers send less information about their configuration settings to Web sites.
Full Story

GENETIC PRIVACY

Complaint Filed on Storage, Use of Newborns’ DNA (May 14, 2010)

The BC Civil Liberties Association has helped launch a complaint with the province's privacy commission on behalf of a Vancouver parent who believes that newborn screening procedures that result in the storage of infant blood samples in laboratories across the country are a breach of privacy. The Globe and Mail reports that the complaint, which is the first of its kind in the province, seeks to have all blood sample cards destroyed in cases where parents did not give consent for their storage. Civil libertarians and privacy advocates are raising concerns that parents are not informed that their babies' genetic information will be stored indefinitely and could be used for research purposes, the report states.
Full Story

DATA LOSS

Patient Records Accidentally Faxed to NWT Resident (May 14, 2010)

A Yellowknife woman whose fax number was one digit off from that of a hospital has reported receiving about a dozen pages of confidential medical information about Northwest Territory patients receiving cancer treatment in Alberta. CBC News reports that the resident came forward after learning of a similar case of records being accidently sent to the Canadian Broadcasting Corporation's Yellowknife station. She had tried to notify hospital officials in the past, the report states, but had received no response. NWT Information and Privacy Commissioner Elaine Keenan Bengts, who said it should be standard practice for healthcare staff to verify contact numbers before sending confidential medical information by fax, said she will be contacting Alberta's privacy commissioner as the documents originated in that province.
Full Story

RFID

Enhanced Driver’s Licence Demand “Underwhelming” (May 14, 2010)

The four provinces that have been issuing RFID-enabled identification are reporting the demand has been lower than anticipated. The enhanced driver's licence (EDL) and enhanced identification card (EIC) programs were implemented in Ontario, British Columbia, Quebec and Manitoba to ease cross-border travel as the U.S. Western Hemisphere Travel Initiative requires Canadians to prove their citizenship when traveling into the U.S., itbusiness.ca reports. The enhanced identifications have been criticized by privacy commissioners because the RFID can be read within a vicinity of several meters by any standard chip reader, the report states. Ontario Privacy Commissioner Ann Cavoukian, meanwhile, has suggested travelers use passports until the RFID chip is replaced with one that can be turned on and off by the owner.
Full Story

DATA PROTECTION

Cybersecurity Leader Needed in Canada (May 14, 2010)

The Canadian Advanced Technology Alliance is among the groups and individuals that are suggesting the time has come for a senior bureaucrat to oversee online security, SC Magazine reports. Others, meanwhile, suggest the work of Privacy Commissioner Jennifer Stoddart in addressing high-profile cases involving social networks and online services proves the government is doing enough. However, Anil Somayaji of Carleton University suggests they may be making a mistake in confusing privacy with security. "It's the difference between worrying about someone knowing what you ate for lunch and someone stealing your lunch," he says. "We need to be concerned about both."
Full Story

PRIVACY

Annual Report Addresses Smart Grid, Other Concerns (May 14, 2010)

Embedding privacy into the Smart Grid will be essential as its implementation goes forward, according to Ontario Information and Privacy Commissioner Ann Cavoukian's 2009 Annual Report, released Tuesday. "The Smart Grid is presently in its infancy worldwide," Cavoukian said, adding, "I'm confident that many jurisdictions will look to our work being done in Ontario as the privacy standard to be met. We are creating the necessary framework with which to address this issue." Cavoukian also highlighted recommendations to amend the Personal Health Information Protection Act to better protect patient records discarded by health professionals, CNW reports. The report also includes key statistics from the past year.
Full Story

HEALTHCARE PRIVACY

Solution Needed To Protect Abandoned Patient Records (May 14, 2010)

Ontario Information and Privacy Commissioner Ann Cavoukian is calling for improved information management, especially in light of problems with abandoned patient healthcare records in the province, itbusiness.ca reports. Cavoukian's requests have come after her office's busiest year to date, in which 264 privacy complaints were filed against government organizations and another 169 against Ontario's health sector. When personally identifiable information is no longer needed, paper records and hard drives must be destroyed, Cavoukian said, suggesting, "Take a hammer to it or do some sort of physical destruction to make sure that data can't be restored. The risk to not protecting your customers' information is much greater than the costs of good privacy protection."
Full Story

PRIVACY LAW

Alberta Data Breach Notification Law Now In Effect (May 14, 2010)

Alberta is now the first province to have a data breach notification requirement in effect, SC Magazine reports, and experts believe the change could have a significant impact on practices across the country. Under the amendment to the Personal Information Protection Act (PIPA), which went into effect May 1, organizations must notify individuals placed at risk by a security breach and outline its circumstances, scope and timeline. Additionally, that information must be provided to the province's privacy commissioner with an assessment of the risk of harm to individuals and an outline of what has been done to reduce that risk and notify the victims. One expert suggests that, nationally, Alberta's law "is now going to be the standard, the way things are done."
Full Story

SOCIAL NETWORKING

Article 29 Working Party Condemns Privacy Changes, Facebook Announces New Security Features (May 14, 2010)

Europe's Article 29 Working Party sent a letter to Facebook this week, informing the social networking site that "it is unacceptable that the company fundamentally changed the default settings on its social networking platform to the detriment of a user," the Christian Science Monitor reports. The Working Party is calling for default settings that allow users to self-select the contacts that will be able to view their information as well as for maximum user control when it comes to third-party applications on social networks. Meanwhile, the company has announced that it will roll out new security features, including unusual activity notifications and login verifications.
Full Story

SOCIAL NETWORKING

Privacy Concerns Prompting “Facebook Suicides” (May 14, 2010)

If online searches are any indicator, there is a growing movement afoot to cut ties with the world's most popular social networking site over its controversial privacy changes. That is the focus of a report in The Montreal Gazette that points to Google Canada's recent reports that "the top online search related to 'Facebook account' is 'delete Facebook,' while the fastest-rising related query is 'deactivate Facebook account,' up 40 percent over the past 90 days." According to Amy Muise of the University of Guelph, who received a grant from the Office of the Privacy Commissioner to study the site, "To be on Facebook, and use it for what it's good for, you do have to risk your privacy. And we're starting to see a backlash over that."
Full Story

HEALTHCARE PRIVACY—CANADA

Health Minister Backs Off Patient Record Sharing (May 13, 2010)

Saskatchewan Health Commissioner Don McMorris has temporarily halted a controversial new plan that allows hospitals to share patient information with fundraising organizations, reports CBC News. McMorris says he won't allow hospitals to release patient data until he can tell patients how they can opt out of the plan "We are going to take our time on this, because we know the sensitivity," he said, "and so what I would just do is ask the general public to be patient." McMorris's plan was criticized by the NDP and the provincial privacy commissioner. Both voiced concerns about patient privacy and pushed for an opt-in rather than opt-out system.
Full Story

ONLINE PRIVACY

Is Tracking Users’ Favorite Kindle Passages Intrusive? (May 13, 2010)

Amazon can now track and display the book passages users most often highlight on their Kindles, raising concerns about the privacy implications of collecting and storing such information. The new feature, which is already being used by some Kindle owners, is expected to be rolled out in the weeks ahead as an automatically enabled update for Kindle's software, according to media reports, and opting out will result in the loss of the device's notes and highlights backup service. The Christian Science Monitor reports that Bnet, a business management Web site, has pointed to the possibility that publishing such information could erode consumer trust, while Amazon has stated that in sharing the highlights, it does not disclose customers' identities or information.
Full Story

HEALTHCARE PRIVACY

Experts: Consequences Needed for Snoopers (May 13, 2010)

The advent of electronic health records brings new privacy concerns for healthcare facilities, especially in terms of employee snooping, says a healthcare industry consultant. HealthLeaders Media reports that Kate Borten, president of U.S.-based The Marblehead Group, says healthcare organizations should not only block employees' access to PHI, but also they should "have strict policies and penalties in place for those who snoop at patient records." Another healthcare privacy expert says the recent prison sentence handed down to a former healthcare worker who viewed patient records inappropriately sends a strong message and suggests that organizations set their own examples by firing employees caught snooping.
Full Story

TRAVELERS’ PRIVACY—CANADA & U.S.

Secure Flight Raises Privacy Concerns (May 12, 2010)

Canadian Assistant Privacy Commissioner Chantal Bernier shared privacy concerns about the U.S. Secure Flight program, telling parliament that there is little Canada can do about it, The Vancouver Sun reports. When Secure Flight goes into effect in December, passengers who raise the suspicions of U.S. authorities can be prevented from boarding flights that cross U.S. airspace. The new policy will also allow the U.S. government to retain passengers' personal information--including passport and itinerary information--for lengths of time ranging from one week to 99 years, the report states. Bernier said the collection of personal information on Canadian travelers by U.S. authorities "is not without risk," but that, "We unfortunately do not have any jurisdiction to affect change in that regard."
Full Story

SOCIAL NETWORKING

Service Provides Forum for Anonymous Insults (May 12, 2010)

A new social network with more than 28 million users worldwide has become "the online version of the bathroom wall in school," The New York Times reports. In the past two months, the report states, Formspring.me has become the site of choice for thousands of middle and high school students. The site allows users to answer questions without identifying themselves--prompting many to publicize cruel responses about their appearances, friends and dating habits. According to the report, a 17-year-old soccer player from New York who had received many nasty messages on the site committed suicide in March. "There's nothing positive on there, absolutely nothing," one school counselor said, "but the kids don't seem to be able to stop reading..." (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING

Nerds Unite on Privacy-Rich Social Network (May 12, 2010)

Four college students are creating a social network that differentiates on privacy, and the funds rolling in to back the project suggest a strong demand for such an offering, The New York Times reports. The creators of Diaspora* plan to freely distribute the software and will open the code so other programmers can build upon it, the report states. "In our real lives, we talk to each other," says co-creator Raphael Sofaer, describing why centralized social networks are unnecessary. "We don't need to hand our messages to a hub." The creators say the value of existing social networks "is negligible in the scale of what they are doing, and what we are giving up is all of our privacy."
Full Story

ONLINE PRIVACY

Google Responds to DPAs (May 10, 2010)

Google officials have responded to the 10 data protection authorities who last month expressed disappointment with the company's privacy practices and urged CEO Eric Schmidt to "incorporate fundamental privacy principles directly into the design of new online services" and to set an example "as a leader in the online world." In a letter to the DPAs on Friday, Google's top global privacy executives outlined the company's core privacy principles and stressed that "Respecting privacy is part of every Googler's job," and that the company is "committed to ensuring that privacy is designed into our products at every stage of the development cycle."
Full Story

PRIVACY—CANADA

Denham: Post Provides Unique Challenges (May 10, 2010)

Newly appointed BC Information and Privacy Commissioner Elizabeth Denham has cited the unique nature of the job in her decision to leave her post in the federal privacy commissioner's office. "The lobbyist registry is a unique challenge because there is no other information and privacy commissioner across the country that has the responsibility for the lobbyist registry," she said in a Times Colonist interview. "The freedom of information work is also very interesting to me." Denham, who is expected to start her six-year term in July, said such issues as balancing the province's privacy law with emerging technologies are similar to those facing other provincial and federal governments. "Data is borderless now," she said. "These are live issues everywhere."
Full Story

PRIVACY

Denham Named BC Information and Privacy Commissioner (May 7, 2010)

Federal Assistant Privacy Commissioner Elizabeth Denham has been appointed to a six-year term as British Columbia's new information and privacy commissioner. Denham has spearheaded high-profile investigations into social networking and other online services to improve privacy safeguards during her term as assistant privacy commissioner, the Times Colonist reports. "We had a good number of applications for the position, we interviewed six candidates and the committee unanimously felt that Ms. Denham had all of the qualities and experience we were looking for," said Stephanie Cadieux, chair of the five-member committee that unanimously recommended Denham for the post. Denham's start date at the Office of the Information and Privacy Commissioner has not yet been announced.
Full Story

PRIVACY LAW

Asst. Commissioner: OPC Needs Stronger Powers (May 7, 2010)

Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) needs to be strengthened to better handle threats from certain online services, and the Office of the Privacy Commissioner of Canada may need stronger powers to deal with the challenges they pose. That was the message from Assistant Privacy Commissioner Elizabeth Denham at a recent consultation in Toronto, itbusiness.ca reports. Denham, who was just appointed as BC's information and privacy commissioner, said that given the challenges posed by new technology, "we very well may need stronger powers...We have a study underway at our office with two academics looking at whether stronger enforcement powers are warranted." Two more events to gather input on updating PIPEDA are scheduled in Montreal on May 19 and Calgary on June 21.
Full Story

DATA PROTECTION

Social Networking Users Find Profile Information Used for Marketing (May 7, 2010)

The Vancouver Sun reports on the use of social media profile data for marketing purposes on other Web sites without users' knowledge or permission. One woman discovered that her photograph had been used in a "hot singles" ad when the ad showed up on her husband's profile page. Experts say recent changes to Facebook's privacy settings exacerbate the risks associated with self-publishing personal information. Canadian Privacy Commissioner Jennifer Stoddart criticized the changes, and Assistant Privacy Commissioner Elizabeth Denham said, "We are not happy. I think we will have an announcement to make in the next few weeks."
Full Story

CHILDREN’S PRIVACY

Internet 101: Your Information is Infinitely Available (May 7, 2010)

The Internet is a positive tool and common method of communication for teens, but many--especially teenage girls--remain vulnerable to predators due to a lack of understanding of what happens to their online communications, reports the Ottawa Citizen. "Young people today see the Internet as part of their lived space..." says Shaheen Shariff, associate professor of education at McGill University. "They do not understand that what they send is available to an infinite audience and the information can be permanently damaging to them." She and other experts are asking for a collaborative effort by parents and teachers to educate the teens in their lives about how they should use the Internet.
Full Story

BEHAVIOURAL TARGETING

Marketers Curtail BT Methods Due to Privacy Concerns (May 7, 2010)

A survey of marketers has revealed that privacy fears are slowing adoption of behavioural targeting methods, The New York Times reports. The Ponemon Institute surveyed 90 marketers for the independent study. Nearly all of the respondents indicated that privacy concerns had them restricting their use of the method, despite the fact that 70 percent feel the method is more effective and despite estimates on how much more lucrative it is than traditional advertising. "Privacy fears are definitely having an economic impact," said the institute's founder, Larry Ponemon, CIPP. While the advertising industry has increased its efforts to ease privacy fears, economists say "information asymmetry" is at least partially to blame for their persistence. (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING

An “Inopportunely Timed” Glitch Gets Fixed (May 6, 2010)

The New York Times reports on a glitch that gave Facebook users access to friends' chats for a few hours yesterday. The glitch has been fixed, but users are frustrated, the report states. "While this breach appears to be relatively small, it's inopportunely timed," said Forrester Research analyst Augie Ray. "It threatens to undermine what Facebook hopes to achieve with its network over the next few years, because users have to ask whether it is a platform worthy of their trust." Recent changes to site's privacy settings have elicited criticism from advocates and users alike. But the company's vice president for public policy said the unease is a reflection of a greater shift in the online world. (Registration may be required to access this story.)
Full Story

HEALTHCARE PRIVACY—CANADA

Health Minister Apologizes (May 6, 2010)

Saskatchewan Health Minister Don McMorris says he consulted Privacy Commissioner Gary Dickson before amending data sharing rules for Saskatchewan hospitals, but it was years ago and under another government party, reports The Canadian Press. McMorris has come under fire for leading the house to believe that he spoke with Commissioner Dickson recently about legislative changes that now allow Saskatchewan hospitals to share patient names and addresses with fundraising foundations without patient consent. McMorris apologized for misleading the house and has acknowledged that the commissioner has never been in favor of the changes.
Full Story

TRAVELERS’ PRIVACY

Hotels Identify Guests Through Online Reviews (May 5, 2010)

An increasing number of hotels have been finding ways to figure out who you are if you're reviewing them anonymously online, The Washington Post reports. Travel experts point out that hotels are using such online data as locations, dates and usernames to narrow down identity. "Once they find a likely match," the report states, "the review is added to a hotel's guest preference records, next to information such as frequent-guest number, newspaper choice and preferred room type." One expert suggests that with the evolution of technology, "every hotel representative could have a toolbar on his or her computer that reveals everything about a guest at the click of a mouse." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—CANADA

Appellate Court Sets Standard for Disclosing Anonymous Posters (May 5, 2010)

The Ontario Superior Court of Justice has issued its decision on an appeal filed by the Canadian Civil Liberties Association and CIPPIC regarding whether Web site owners can be ordered to disclose the identities of anonymous users accused of defamation. Michael Geist reports that the court referenced factors raised by the Federal Court of Appeal in the case Sony BMG v. Doe, including that public interest must outweigh legitimate privacy interests when it comes to disclosure. The court determined the "principles are similarly applicable to defamation cases," the report states, and has established specific criteria for requests related to information on anonymous online posters.
Full Story

SOCIAL NETWORKING

MySpace Creates New CPO Post (May 4, 2010)

Social networking service MySpace has promoted its vice president of business and legal affairs to its newly created chief privacy officer position, VentureBeat reports. Jennifer Mardosz will now be responsible for managing the risks and business impacts of privacy laws and policies for MySpace, the report states. And just as MySpace was announcing the creation of its new CPO post, rival social networking site Facebook's former CPO was criticizing the company's new "instant personalization" program. Chris Kelly, who is now running for California Attorney General, wrote, "I strongly encourage Facebook to structure all its programs to allow Facebook users to give permission before their information is shared with third parties."
Full Story

PRIVACY LAW—MEXICO

Violators of Mexico’s Data Protection Act Could Face Prison Time (May 4, 2010)

Those convicted of selling confidential personal data collected by the government will face up to five years in prison under Mexico's new Federal Data Protection Act, the Latin American Herald Tribune reports. The new law also mandates fines as high as $2.9 million for the improper use of sensitive data, the report states. Mexico's Federal Institute for Access to Public Information (IFAI) has announced that the new law will give citizens assurance their information will be used only for legitimate purposes and provides them with the right to view their government files and have erroneous items removed. The legislation is also consistent with international standards, according to an IFAI statement.
Full Story