Canada Dashboard Digest

Many will have already heard the relatively big news this week: A new bill, S-4, was introduced in the Senate that will amend PIPEDA if it passes. I'm surprised it didn't actually get more news considering the fanfare when the government tabled it.

There is some skepticism about whether or not the government is serious this time around because it has introduced somewhat similar bills in the past only to let them die a slow and painful death. This new bill was introduced in the Senate, and some are speculating that this may have been done to try and get the bill passed quickly.

For sure, these amendments are a long time coming. Many of them are what I call “common-sense fixes." For example, getting the English and French versions of the law to jive with one another a bit better. Other more meaningful fixes are those that mirror the Alberta and British Columbia provisions dealing with employee personal information and business transactions.

The folks at the OPC are probably happy with the proposed amendments that will allow them to enter into compliance agreements with organizations. Essentially, these agreements will allow the OPC to monitor organizations for up to a year after the completion of an investigation to ensure that all recommendations are satisfactorily implemented.

Lastly, I think the codification of a breach notification scheme is a good thing, too. I don’t think this new scheme will have a significant impact because previous guidance from the federal commissioner has been clear that they expect notification to take place even without the codification in the law. So, I think most organizations have already been operating with this scheme in mind. But, getting clarity in any law is always a good thing, so I suppose it is in this case, too.

As far as the “new penalties” go, I again don’t think there’s too much to worry about. Before any penalty could be levied, a matter would have to be referred for criminal prosecution—something that probably won’t happen except in the most egregious cases. This is a far cry from the administrative monetary penalties that can be levied in some European jurisdictions directly by the data protection authority.

So, all in all, pretty good news for privacy in Canada—for some—this week. And when we also read that CRA employees were fired for privacy violations, perhaps privacy is something this government is realizing is a priority issue that people care about.

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

DATA LOSS

Former Tax Collector Breached Files of High Earners (July 30, 2010)

A former British Columbia tax collector improperly accessed the files of taxpayers over a four year period, The Vancouver Sun reports. A Canada Revenue Agency (CRA) report obtained by the newspaper reveals that, between 2005 and 2008, the employee engaged in "deliberate and systematic" mining of high-income individuals' tax information in violation of the CRA's employee code of conduct, which states that employees may only access files pertinent to their work. It is one of the largest privacy breaches in the agency's history, according to the VS. The CRA says it will not notify the taxpayers whose data was viewed, as the agency's risk assessment determined that "there was no risk of injury."    
Full Story

ONLINE PRIVACY

Google Looking into Android App Data Collection (July 30, 2010)

Google has suspended the sale of certain wallpaper applications after it was revealed at a hacker conference this week that they collect mobile phone users' personal data. The Wall Street Journal reports that the more than 80 apps sold through Google's Android store collected phone numbers and subscriber identifiers and transmitted the information to an unencrypted server. The security firm Lookout revealed the activity. Lookout CEO John Hering said the application developer notified users that the app would have access to "phone state and identity," but "I don't think most consumers would realize their personal data was being uploaded to a server," he said. (Registration may be required to access this story.)  
Full Story

PRIVACY LAW

Proposed Compromise on Census Reform (July 30, 2010)

Following the Industry Minister's announcement that the long-form census would become optional due to privacy concerns, the national body that advises Statistics Canada has called for its restoration, reports The Montreal Gazette. The National Statistics Council issued a statement expressing concern about the change, which Industry Minister Clement said was necessary due to citizens' concerns about intrusive questions. The council, however, proposes that the 2011 long-form census remain mandatory and that revisions be made to the 2016 form instead. "Debate over the future course of the census has become heated without moving toward a resolution that meets both concerns about privacy and intrusiveness, as well as the need to maintain the quality of Canada's statistical system," said National Statistics Council chair Ian McKinnon.
Full Story

CONSUMER PRIVACY

Personal Info on Recycled Cellphone (July 30, 2010)

Telus is investigating a possible privacy breach that occurred when a customer recycled her cellphone at an authorized Telus dealer, reports CTV News. The phone turned up at a local grocery store three days later with all her contacts intact. A Telus spokesperson said that the company does not allow its dealers to re-issue phones and that company policy states all personal information must be erased prior to sending phones to be recycled. The spokesperson added that employee error is probably to blame for the incident. BC Privacy Commissioner Elizabeth Denham told CTV News that companies are required by law to destroy all personal information that comes into their possession and that her office will contact Telus and the dealer to find out how they plan to handle the situation.
Full Story

ONLINE PRIVACY

Virtual Insecurity (July 29, 2010)

Companies are now able to create detailed "digital dossiers" from the Web browsing, networking and searching many of us engage in each day, raising questions about personal privacy, Financial Times reports. Self-regulation has been the norm in the U.S., but as Jessica Rich of the FTC points out, "If the goal is providing consumers with information about how their information is being used and giving them some control, that is not being achieved." U.S. legislators are discussing new laws to address online privacy issues. European regulators, meanwhile, are focused on such provisions as user consent and the "right to be forgotten," the report states. "Internet users must have effective control of what they put online and be able to correct, withdraw or delete it at will," said EU Justice Commissioner Viviane Reding.
Full Story

ONLINE PRIVACY

100M Social Network Users’ Details Published (July 29, 2010)

Personal information from 100 million Facebook users has been published online by a security consultant who was able to collect data through the site's public directory, BBC News reports. Ron Bowes said he published the list, which contains the URL of every searchable Facebook user profile along with such information as names and unique IDs, to highlight privacy issues, the report states. On the same day that reports of the list surfaced in the international media, Facebook CEO Mark Zuckerberg was meeting privately with U.S. legislators to discuss issues including online privacy. In response to the incident, Facebook has noted that data included in the creation of the list was already public. Simon Davies of Privacy International, however, contends it illustrates confusion over the site's privacy settings.
Full Story

DATA PROTECTION

Study: Thieves Shifting Gears (July 29, 2010)

A report conducted by Verizon Business and the U.S. Secret Service shows that, increasingly, criminals are partnering with
insiders to steal company data. The 2010 Data Breach Investigations Report looked at 900 data breaches that compromised 900 million records, finding that 49 percent could be linked to an insider--more than double last year's number, reports SC Magazine. "Organized crime, in general, is looking for a better way in," said Bryan Sartin, director of investigative response at Verizon Business. The study also found that no breaches occurred as a result of system vulnerability, causing the authors to recommend changes in the way many organizations approach security programs.
Full Story

ONLINE PRIVACY—CANADA

BCLC Won’t Relaunch Until Review Complete (July 28, 2010)

The BC Lottery Corporation (BCLC) will not reactivate its online gambling site until an independent security review is complete, according to an update released yesterday by BC Information and Privacy Commissioner Elizabeth Denham. Denham launched an investigation into a breach of the PlayNow.com Web site last week after BCLC divulged that it had experienced a "data crossover" that exposed the personal information of 12 users to others, The Province reports. The corporation deactivated the site after learning of the problem. A third-party security review is underway.
Full Story

SURVEILLANCE—CANADA

Commissioner Work: Crime Down, Cameras Down (July 26, 2010)

Based on a Statistics Canada report showing that Calgary's crime rate is below the national average and down seven percent from 2008, Alberta Privacy Commissioner Frank Work wants some of the city's surveillance cameras removed, reports the Calgary Herald. "The barbarians aren't loose in the streets--maybe we can afford to be a bit more skeptical," Work said. The city installed 16 cameras in high-crime areas last March and will hear a progress report this coming February. Work says the cameras don't effectively fight crime, but police say that the cameras are an important tool and have used camera footage for investigations more than 70 times since their installation.
Full Story

PRIVACY LAW

Clement Stands Behind Scrapping Long-Form Census (July 23, 2010)

Industry Minister Tony Clement says he and the prime minister are in agreement regarding his decision to make the country's long-form census optional due to privacy concerns, despite criticisms and even the resignation of Canada's chief statistician in protest. Clement said the government has taken a "compromise position" between privacy concerns and ensuring usable data from the next census in May 2011, CBC News reports. Though the Office of the Privacy Commissioner said it has received only two complaints since the 2006 census and is satisfied with the privacy protections in place, Clement says he has to be respectful of Canadians who have voiced concerns to him about the "very private nature of those questions" asked and must give them "a chance to opt out if they so choose."
Full Story

PRIVACY

Researcher Awarded for Solving Encryption Problem (July 23, 2010)

An IBM researcher has been named as the winner of the 2010 Privacy Enhancing Technology Award. The award was presented to Craig Gentry Wednesday in Berlin for solving a mathematical problem that has challenged researchers ever since public-key encryption was invented decades ago, reports CNW. Commissioner Ann Cavoukian and Microsoft are cosponsors of the award, which was created in 2003 to encourage the development of technology that helps protect privacy. Cavoukian said Gentry's accomplishment "demonstrates how technology can be an extremely effective privacy-enhancing tool" and applauds his exceptional achievement.
Full Story

ONLINE PRIVACY

Tips for Managing Your Online Information (July 22, 2010)

This week's New York Times Magazine features a report by Jeffrey Rosen on the challenges of living life in this age when the Internet has records of almost everything we do and forgets none of it. Rosen is now inviting readers to submit their questions to two of the experts he interviewed for his article, Michael Fertik of ReputationDefender, a company that offers its clients options for managing their online reputations, and Prof. Paul Ohm of the University of Colorado, who has suggested ways new laws could be drafted to limit how companies use online information to influence employment decisions. Questions on managing online information will be accepted until July 25, the report notes, with answers to be posted July 26 and 27.
Full Story

RFID

The Benefits of Information vs. Loss of Privacy (July 21, 2010)

From using RFID devices in student identification cards to track attendance at university classes to card-based customer loyalty programs, controversies around the use of RFID center on the balance between privacy and information. "RFID, and electronic storage and transmission of information more broadly, often evokes concerns about breaches of privacy. In practice, the technology often replaces tracking methods prone to security lapses," Rebecca Walberg writes in a report published in The Vancouver Sun. While some experts suggests RFID is not a threat to privacy, given that programs such as customer rewards require user consent, others, like Prof. Yeona Jang of McGill University, caution, "there are privacy issues that need to be addressed accordingly, as technology advances."
Full Story

DATA LOSS—CANADA

Gambling Site Reveals Breach of 134 Accounts (July 21, 2010)

The BC Lottery Corporation (BCLC) has revealed a data breach on its Web site that compromised the accounts of 134 users, The Vancouver Sun reports. The company shut down its gambling operations after discovering the breach, which occurred just moments after the site was relaunched. Twelve of the 134 exposed accounts allowed users to view the personal information of others, including, in one case, the last four digits of a person's credit card. Some critics say the breach has not been handled transparently. However, both BCLC and BC Information and Privacy Commissioner Elizabeth Denham, just weeks into her new appointment, say officials have acted responsibly. Denham said she'd like to be assured that all problems are resolved before the site goes live again.
Full Story

ONLINE PRIVACY

The Economic Value of Privacy (July 20, 2010)

While at least one startup is banking on consumers wanting to use their personal information as "virtual currency that can be traded," making personal information a commodity poses challenges, Steve Lohr writes in The New York Times. According to M. Ryan Calo of Stanford Law School, "There is no way to know in advance what the value of this information is." Citing last year's "What Is Privacy Worth?" study by three Carnegie Mellon researchers, Lohr points out that the value of privacy is shaped by people's expectations, as summed up by Alessandro Acquisti, one of the study's authors, who notes, "When you have privacy, you value it more, but when the starting point is that we feel we don't have privacy, we value privacy far less." (Registration may be required to access this story.)
Full Story

GEO PRIVACY

Apple Responds to Congressmen’s Inquiry (July 20, 2010)

The U.S. congressmen who recently asked Apple to disclose how the company handles customers' location information say they are pleased with the company's response, CNET News reports. Apple sent a letter to Reps. Edward J. Markey (D-MA) and Joe Barton (R-TX) on Monday stating that the company does not share customers' location information with third parties without their permission and that when customers use location-based applications, the collected information is kept anonymous. Barton applauded Apple for responding to the inquiry but added that he remains concerned about privacy policies that "run on for pages and pages" and said he hopes every business collecting information for marketing purposes "will work toward more transparency."
Full Story

PRIVACY

New Brunswick Names First Commissioner (July 16, 2010)

New Brunswick Premier Shawn Graham has named Fredericton lawyer Anne Bertrand as the province's first access to information and privacy commissioner, reports CBC News. Bertrand begins her new role September 1, when the office is officially created, but must be confirmed by the legislature after the September 27 election. As commissioner, Bertrand will be responsible for overseeing two new pieces of legislation governing access to information and health information privacy and will advocate for information and privacy issues, the report states. "I am confident that the breadth of her experience in the field of law, along with her work in the community and strong values of justice and integrity, will serve New Brunswickers well as she fulfils the commissioner's responsibilities," said Graham.
Full Story

GENETIC PRIVACY

Senate Committee Recommends More DNA Sampling (July 16, 2010)

A senate committee has recommended extending post-conviction DNA sampling to cover 246 additional offences, reports Law Times. Some defence lawyers are against the proposal, citing concerns about the eliminated need for judicial approval in the majority of cases, among others. The senate report states that while it recommends the increase, it "does not support amending the Criminal Code to allow the collection of DNA from those arrested and charged with indictable offences." But some defence lawyers aren't convinced. "It's clear they want to push for it," said one. The government is expected to go along with the senate's recommendation as the house already made the same proposal.
Full Story

HEALTHCARE PRIVACY

Rethinking the Use of Fax Machines (July 16, 2010)

The practice of faxing medical information has come under scrutiny recently after reports that personal information had mistakenly been sent to incorrect recipients, prompting the NWT healthcare system to temporarily halt faxing all medical records. Northern News Services reports that faxing is permitted again after conversations among regional health authorities resulted in new safeguards surrounding the practice. Hay River Health and Social Services Authority CEO Sue Cullen said of the new policies, "It's just causing us to look at every piece of information that we send through with regard to the client."
Full Story

PRIVACY LAW

Prison Staff Wins Breach Case (July 16, 2010)

A group of Ontario prison guards has won a class action lawsuit against the Canadian government for what they describe as an "egregious lack of concern" for safeguarding employees' personal information, reports the Toronto Sun. The suit stems from an August 2003 incident involving a list of up to 400 Joyceville Institution staff names, home phone numbers, addresses and names of spouses, which was left in an unlocked cabinet in an unsecured hallway and then circulated through the prison. As a result of the court decision, employees on the list and their spouses will receive financial compensation, and the Correctional Service of Canada (CSC) will be required to increase safeguards protecting employee privacy and security. The case will go before a Kingston court for formal approval on August 23.
Full Story

PRIVACY LAW—CANADA

Census Changes Enacted Due to Privacy Concerns (July 15, 2010)

The Canadian government has scaled back census laws, to remove a mandatory requirement that all Canadians complete a long-form census, citing widespread privacy concerns, reports the Winnipeg Free Press. Industry Minister Tony Clement said, "the government of Canada received complaints about the long-form census from citizens who felt it was an intrusion of their privacy." But Office of the Privacy Commissioner (OPC) spokesperson Anne-Marie Hayden noted that her office has received only three complaints in the last 10 years. "We've worked closely with the agency to make sure Canadians' privacy rights are respected throughout the census process," she said, adding that, in general, the OPC is satisfied with the privacy protections that are in place.
Full Story

SOCIAL NETWORKING

Int’l Companies Must Navigate Patchwork Laws (July 14, 2010)

CNET News reports on the complications companies face in complying with data protection and privacy laws across national borders. The operational reality of platforms such as Facebook, for example, "is challenged to the breaking point by the patchwork of privacy laws in different countries," said Paul Bond, a data protection attorney with Reed Smith. However, changing privacy policies to comply with various jurisdictional laws can create more problems than solutions for users, according to attorney Francoise Gilbert of IT Law Group. "What all of these people are asking is that it be more simple, more understandable, so it should not be more complex. If it's more complex, then everybody has lost."
Full Story

ONLINE PRIVACY

Study: Consumer v. Marketer Expectations (July 13, 2010)

A recently released study shows that when it comes to new technology, consumers have higher privacy expectations than marketers and most often prefer an opt-in method for collecting personal information. The University of Massachusetts Amherst study looked at cookies, RFID, text messaging, pop-up ads, telemarketing, SPAM, biometrics and loyalty cards. This is the first study to directly compare the privacy expectations of consumers and marketers. The researchers also discovered that many consumers don't understand the tools used by online companies and marketers and don't know how much, or how often, detailed information is gathered about them.
Full Story

ONLINE PRIVACY

Study: Online Habits of the Young Will Live On (July 12, 2010)

A study fielded by the Pew Research Center's Internet & American Life Project and Elon University's Imagining the Internet
Center found that most technology experts and stakeholders believe the online sharing habits of the millennial generation will
stay with them throughout their lives. Sixty-seven percent of respondents agreed with a statement that Millenials "will
continue to be ambient broadcasters who disclose a great deal of personal information in order to stay connected and take
advantage of social, economic and political opportunities." Respondents also acknowledged that new social norms and new
definitions of public and private information are already taking shape.
Full Story

PRIVACY LAW

PIPEDA Amendments Would Change Notification Provisions (July 9, 2010)

The proposed Bill C-29 amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) include key provisions focused on breach reporting and notification requirements as well as consent exemptions for the use of personal information in business transactions, Lawyers Weekly reports. The amendments would require organizations to report data security breaches involving personal information to the privacy commissioner only if they are determined to be "material," as defined by such factors as the sensitivity of the information breached and the number of individuals involved, and in cases with a "real risk of significant harm," the report states. The bill would also permit organizations to use and disclose individuals' personal information related to "prospective business transactions" without their knowledge and consent.
Full Story

PERSONAL PRIVACY

Do-Not-Call List Criticized (July 9, 2010)

Critics of the National Do-Not-Call List are labeling it as "totally useless" and arguing it should be scrapped. With more than 300,000 complaints against unwanted telemarketers, the government has imposed $73,000 in fines but had collected only $250 as of March 1, the Canadian Press reports. The free service is aimed at restricting unwanted telemarketing calls and faxes by barring calls to numbers included on the list. Telemarketers that ignore the list can be fined up to $1,500 individually or $15,000 for companies. "It is a colossal disappointment," said MP Dan McTeague, calling it "a very hollow and very empty promise to provide consumers with a modicum of assurance the list would be respected."
Full Story

ONLINE PRIVACY

Ban on Anonymity Irks Some Gamers (July 9, 2010)

The Office of the Privacy Commissioner of Canada (OPC) has received inquiries from gamers who are upset about one company's new "zero anonymity" rule. CBC News reports that World of Warcraft maker Activision/Blizzard has banned anonymous comments in its user forums to cut down on anonymous attacks and spam. "Removing the veil of anonymity typical to online dialogue will contribute to a more positive forum environment," the company said in a statement. But "people are up in arms because their real name is going to be displayed," one commenter said, noting the potential consequences. The OPC is directing inquiries to the site's chief privacy officer.
Full Story

PRIVACY LAW

Opinion: Bill C-42 Not the Right Approach (July 9, 2010)

A Victoria Times Colonist editorial voices concerns about a bill currently in parliament that, if passed, would allow other countries access to Canadian travellers' information for flights passing through their air space. The bill was proposed in response to a U.S. request for such information, but the editors say though the request was made by the U.S., Bill C-42 allows any country access to Canadian travellers' information, adding, "the government should not be handing over sovereignty on such untested legal principles so meekly...There are alternate approaches." European countries have said they will fight the U.S. proposal.
Full Story

DATA LOSS

Study Shows Hotels Hacked at “Disturbing Rate” (July 8, 2010)

A recent study by SpiderLabs found that the hotel industry was involved in 38 percent of all credit card hacking cases last year, reports The New York Times. Anthony Roman, a private security investigator, told the Times that hotels are attractive targets because "the greatest amount of credit card information can be obtained using the most simplified methods." Roman added that most hotel breaches are due to "a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems." According to the report, tough economic times have forced hotel owners to cut spending, leading to lagging security upgrades and a worsening of the problem. Credit card companies, meanwhile, are pushing for uniform security measures for all retailers. (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING—CANADA

Class Action Filed Against Facebook (July 7, 2010)

A Canadian law firm has filed a nationwide class-action suit against social networking site Facebook, The StarPhoenix reports. Regina-based Merchant Law Group LLP has filed the suit on behalf of a single class representative, the report states, but purports to represent all registered Facebook users who "were subject to misrepresentations and other wrongful practices" with regard to the site's use of their personal information. The suit's statement of claim accuses the social networking site of a long list of infractions--including invasion of privacy and conversion of personal information--and alleges the site "intentionally or negligently misrepresented" past changes to its terms of service that allowed user information to become publicly available.  
Full Story

SOCIAL NETWORKING

Stoddart Launches Dating Service Investigation (July 2, 2010)

Canada's privacy commissioner has launched an investigation into the practices of an online dating service, reports The Vancouver Sun. The investigation follows a complaint filed by a user of the service over the company's use of deactivated user account data. Stoddart says users should protect themselves by checking the privacy policies of such services before signing up, including information on data use and retention. "You put up a lot of very personal information," Stoddart said. David Fewer, director of the Canadian Internet Policy and Public Interest Clinic, predicts privacy complaints will increase as online dating continues to gain popularity. "There's a lot of them out there," he said.
Full Story

PRIVACY LAW

Committee Calls for Changes to DNA Collection Law (July 2, 2010)

A committee of senators has recommended changes to the Criminal Code that would make it easier for police to obtain, test and share DNA samples obtained from convicts, The Globe and Mail reports. A report tabled by the committee on Tuesday recommends 22 changes to the system. The report comes as the committee conducts its required review of the DNA Identification Act. Proposed amendments include allowing the immediate and automatic collection of DNA samples from adults convicted of the most serious offences without a court order, the report states. But the committee's chair said the DNA data collected "must be managed in a manner that ensures that the invasion of privacy does not exceed the established security need."
Full Story

PRIVACY LAW

OIPC: Companies Flouted PIPA (July 2, 2010)

The Alberta Office of the Information and Privacy Commissioner has ruled that two companies violated the provincial Personal Information Protection Act by using the photo of a former employee on disparaging posters after he left the companies, the Edmonton Journal reports. According to the OIPC's investigatory report, which was released on Tuesday, the employers obtained the photo from the man's driver's licence, which he had submitted at the time of hiring. In closing the investigation, OIPC adjudicator Wade Riordan Raaflaub ordered the companies to stop disclosing the man's personal information and ensure that current employees of the companies are made award of the ruling.  
Full Story

SOCIAL NETWORKING

Facebook: Third-Party Apps Must Tell Users What Data They Collect (July 2, 2010)

Facebook is now requiring outside applications and Web sites to let users know what data they collect from online profiles before asking permission from users for private information, eWeek reports. "With this new authorization process, when you log into an application with your Facebook account, the application will only be able to access the public parts of your profile by default," a company spokesman said. The recent changes are among those prompted by an agreement the social networking site reached last year with Canadian privacy authorities. Facebook noted information required to be public on the site "to make it easy for your friends to find you" will still be available to third-party applications.
Full Story

ONLINE PRIVACY

WiFi Collection Could Spur Legal Action, New Laws (July 2, 2010)

Experts believe the international controversies surrounding Google's collection of private data from unsecured wireless networks may be the impetus for new privacy regulations. A Reuters report quotes former U.S. Federal Trade Commissioner Pamela Jones Harbour's suggestion that the FTC is likely to question whether the company violated reasonable privacy expectations. Meanwhile, investigations are also underway in Europe, Australia, Canada and Hong Kong. According to one legal expert, while the company is likely to prevail in any legal action related to WiFi case, the data collection is likely to be "the one that will cause regulators to drop the hammer on Google." Google has reiterated its position that its actions were not illegal and it is "looking forward to answering questions," the report states.
Full Story

GEO PRIVACY

Privacy Breach Reveals Network Users’ Locations (July 1, 2010)

Internet site Foursquare published a notice Wednesday about a privacy breach that shared all users' location information across the Web, regardless of whether they had chosen to opt out of such broadcasts through their privacy settings, Wired reports. The location-based social network was made aware of the data breach on June 20 by "white-hat hacker" Jesper Andersen, the report states, and asked Andersen to give it nine days to address the issue. According to the report, Foursquare sent Andersen an e-mail Tuesday morning that it had fixed that "privacy leak" but had not yet solved two other issues Andersen raised and "was trying to figure out how to balance usability with privacy."
Full Story

DATA PROTECTION—CANADA

Commissioners’ Reports Call for Law Updates (July 1, 2010)

Releasing their offices' annual reports yesterday, two commissioners are calling for changes to their provinces' privacy laws. Saskatchewan Privacy Commissioner Gary Dickson's report says privacy laws need updating to protect citizens, particularly in an age of electronic health records, the CBC reports. Dickson pointed to privacy breaches at two health regions that did not terminate the employees responsible. For privacy to be respected, those who breach it must be held accountable, Dickson said. Meanwhile, acting BC Information and Privacy Commissioner Paul Fraser's annual report highlights concerns over the growth of databases. Fraser said of a recent database breach investigation, "too many staff had access to too much personal information."
Full Story