Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

GENETIC PRIVACY

What To Ask Before You Give Away Your DNA (August 31, 2010)

When it comes to giving samples of your DNA, there are things you need to know. That's according to Marcy Darnovsky, head of the U.S.-based Center for Genetics and Society, who told The Wall Street Journal that while individuals may want to share their DNA to help scientific studies move forward, it must be done in a "responsible way" that does not put privacy at risk. Darnovsky recommends asking who will have access to the data, whether and how it will be anonymized, where it will be stored and how it will be analyzed, the report states. As Darnovsky put it, "once you give someone your genetic information, it doesn't matter if you destroy the sample" since the data will live on. (Registration may be required to access this story.)
Full Story

DATA PROTECTION

Opinion: Ten Fallacies About Web Privacy (August 30, 2010)

In a column for The Wall Street Journal, Emory University economics Prof. Paul Rubin discusses 10 fallacies about Web privacy. Rubin asserts that despite privacy advocates' arguments otherwise, increased privacy online comes at a cost to the consumer. Information helps the economy to function, Rubin says, and less of it will result in less efficient markets. More information also means firms are able to better market to specific customers, meaning they receive information useful to them more quickly. Additionally, Rubin says, it's untrue that more privacy means more safety and less risk. For example, the more information available to firms for identity verification, the less risk of identity theft, he writes. (Registration may be required to access this story.)
Full Story

BEHAVIORAL TARGETING

Ads That Follow You on the Web (August 30, 2010)

The New York Times reports on an ad industry practice known as personalized retargeting or remarketing, where Internet users are followed from site to site by ads for items they've viewed online. With more retailers and Internet companies using it, the report states, retargeting, which relies on placing cookies on users' browsers, has reached a level of precision that is leaving consumers with the palpable feeling that they are being watched as they roam the virtual aisles of online stores." While the practice is raising privacy advocates' concerns, even some advertising and media experts suggest the practice is "bold," the report states, and many users may not like it. (Registration may be required to access this story.)
Full Story

HEALTHCARE PRIVACY

More Patient Info Access Raises Concerns (August 27, 2010)

Alberta Information and Privacy Commissioner Frank Work is cautioning that access to medical files made possible by amendments to the Health Information Act set to go into effect on September 1 is expected to make the delivery of healthcare services more efficient but could also increase privacy breaches, the Calgary Herald reports. The amendments will allow more healthcare professionals--including pharmacists, podiatrists, optometrists and dental hygienists--access to patient information through the province's electronic health database. "The tendency of people to be curious about each other's state of health seems to be universal," Work said, explaining that individuals who believe their information was improperly accessed can ask for a log of who has been looking at their information from their provider and report any concerns to his office.
Full Story

PRIVACY LAW—GERMANY

Law Would Forbid Social Networking Research (August 26, 2010)

The New York Times reports German Chancellor Angela Merkel's cabinet yesterday backed a proposed law that would prevent employers from looking at job applicants' social networking activities during the hiring process. Under the law, which now moves to the parliament, employers would still be permitted to conduct general Internet searches regarding potential employees. In addition to forbidding social networking inquiries, the law would also forbid certain employee surveillance in the workplace. German Commissioner for Data Protection and Freedom of Information Peter Schaar called the proposal "a substantial improvement on the status quo in dealing with employees' data." (Registration may be required to access this story.)
Full Story

SOCIAL MEDIA

Boyd: Privacy Is Not Dead (August 26, 2010)

In the MIT Technology Review, researcher Danah Boyd says that the way privacy is encoded into software doesn't match the way we handle it in real life and that, as social media mature, "we must rethink how we encode privacy into our systems." As social media become more embedded in everyday society, Boyd says, "the mismatch between the rule-based privacy that software offers and the subtler, intuitive ways that humans understand the concept will increasingly cause cultural collisions" and users will have to work harder to gain privacy. "Instead of forcing users to do that," Boyd asks, "why not make our social software support the way we naturally handle privacy?"
Full Story

SOCIAL NETWORKING—CANADA

Commissioner’s Facebook Report Coming Soon (August 25, 2010)

Privacy Commissioner Jennifer Stoddart will soon issue her assessment of whether Facebook has come into compliance with Canadian privacy law, the Leader-Post reports. "We are currently reviewing their commitments, the changes they've made in response to our findings, and we are still in discussions, but we hope to be in a position to be able to communicate publicly on this matter sometime in the near future," said Anne-Marie Hayden of the Office of the Privacy Commissioner (OPC). Meanwhile, BC Information and Privacy Commissioner Elizabeth Denham, who played a key role in the OPC's prior Facebook investigation, has spoken in support of stronger OPC powers to address social networks and geolocation technologies. If Stoddart's forthcoming Facebook review is negative, her office can open a fresh investigation or move to seek a binding order in federal court, the report states.
Full Story

ONLINE PRIVACY

What Is Personal Information? Debate Continues (August 25, 2010)

The debate over what is and is not personal information continues to play out, as witnessed at an event last week in Seattle, WA, where one identity expert asserted that, "The notion that location information tied to random identifiers is not personally identifiable information is total hogwash." The statement led to an exchange about transparency and duplicity in privacy policies, The Register reports.
Full Story

GEO PRIVACY

Mixed Reactions to Social Network’s Location Feature (August 23, 2010)

The Wall Street Journal reports on reactions to Facebook's new location feature, "Places," which range from concerns about privacy to nods to the company for improvement over past privacy-related issues. Among those who are still concerned about the feature, which allows users to share their physical location and that of friends who have not opted out of Places, is Ireland's Data Protection Commissioner, which has announced it will be monitoring its privacy implications. Facebook has defended the new feature, stating it consulted numerous privacy and safety groups before it went live, the report states. However, advocacy groups including the Electronic Privacy Information Center have said the company has not given users adequate controls. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

The Failure of Anonymity (August 23, 2010)

In the August issue of the UCLA Law Review, Paul Ohm writes about the ways that advancing computer science has "undermined our faith in the privacy-protecting power of anonymization" in his article entitled, "Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization." The article discusses how scientists have learned to "reidentify" or "deanonymize" data, revealing the individuals behind the "anonymous" information. "By understanding this research, we realize we have made a mistake, labored beneath a fundamental misunderstanding, which has assured us much less privacy than we have assumed," the paper's abstract notes, suggesting this error "pervades nearly every information privacy law, regulation and debate, yet regulators and legal scholars have paid it scant attention."
Full Story

ONLINE PRIVACY

Gambling Site Cleared to Relaunch (August 20, 2010)

The BC Lottery Corporation (BCLC) is set to relaunch its PlayNow online gambling Web site after resolving to the satisfaction of the provincial privacy commissioner a security vulnerability that caused a breach last month, The Globe and Mail reports. BCLC took the site offline on July 15 after players reported that they could see the personal information of others. BC Privacy Commissioner Elizabeth Denham said that while the data crossover problem has been remedied, she will continue to investigate BCLC's risk management efforts. "The nature of these Web sites exposes personal information to a greater risk," Denham wrote in a letter to BCLC CEO Michael Graydon.
Full Story

HEALTHCARE PRIVACY

Health Cards Should Only Be Used for Health Purposes (August 20, 2010)

Saskatchewan Privacy Commissioner Gary Dickson says that unless businesses are providing a health service, they should not request an individual's health card. Though it is not illegal for a customer to voluntarily hand over a health card, it is illegal for businesses not providing a health service to request one, CJME reports. Despite this, some businesses have been using the health cards as a second form of identification. Dickson says that as the country builds its electronic health record system, it's important that residents feel their information is safe. "There's still a lot of education that has to happen," Dickson said.
Full Story

PERSONAL PRIVACY

Opinion: Privacy Should Come First in Smart Meter Rollout (August 20, 2010)

The government should set ground rules for smart meters in order to protect citizens' privacy, according to a Windsor Star editorial. "A better idea," the editors write, "is to give hydro customers the option of sticking with their existing meters, which would alleviate any concerns about privacy." All Ontario households will be outfitted with smart meters by the end of the year, but the provincial privacy commissioner and others have raised concerns about their associated privacy issues. Information and Privacy Commissioner Ann Cavoukian has warned that the meters will give electrical utilities rich household data that could be a "treasure trove" for hackers, thieves or marketers.
Full Story

ONLINE PRIVACY

Survey: Canadians Concerned about Privacy and Security on Mobile Devices (August 20, 2010)

A recent survey shows that though Canadians are embracing mobile technologies, security and privacy concerns remain on their radar when using them, Digital Journal reports. The KPMG International survey, "Consumers and Convergence IV," showed that to a majority of consumers, security and privacy is an issue when using a mobile device. "These consumer concerns over privacy and security are pivotal to the continued adoption of e-commerce and mobile commerce," said a spokesman from KPMG. "Companies that implement robust policies and safeguards and provide for full disclosure of these measures are likely to reap the rewards through enhanced customer attraction and retention."  
Full Story

GEO PRIVACY

Facebook Launches Places (August 19, 2010)

Facebook yesterday introduced a new geolocation feature that lets users share their locations, The New York Times reports. Called Places, the service allows users to "check in" to a place, allowing friends to see where they are and letting them find nearby friends. Users can also tag friends as being at the place. "This is not a service to broadcast your location at all times," said Places product manager Michael Sharon, "but rather one to share where you are, who you are with, when you want to." Sharon said that users will be able to control who sees their check-ins and remove themselves after being tagged. According to analysts, the company must tread carefully. "Location-aware services, if misused, could...result in catastrophic events." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Google CEO Discusses Privacy Trends (August 19, 2010)

In an interview with The Wall Street Journal, Google CEO Eric Schmidt describes a future where the transition from childhood to adulthood could include an option where adults can change their names to protect their privacy later in life. CRN reports on his point of view that "as our private information becomes ubiquitous on the Internet due to postings on social media sites such as Facebook, young people should be entitled to automatically change their name on reaching adulthood." Schmidt also discussed Google's ongoing privacy-related issues across the globe, stating it will do what is "good for consumers" and "fair" to competitors.
Full Story

DATA PROTECTION—CANADA

Commissioner: Prioritize Privacy or Watch It Go Away (August 18, 2010)

Now is the time for governments to radically change the way they police the sharing of personal information. That's according to Ontario's Information and Privacy Commissioner, Ann Cavoukian, who said at a University of Ottawa event this week that already legislation cannot keep up with advances in technology and that governments worldwide must adopt a "privacy by design" mentality and force businesses to make personal information private, the Ottawa Citizen reports. Cavoukian's privacy by design concept requires businesses to ask individuals for access to their personal information and explain the intended use before mining it. "It's your information, You should be able to decide what happens to it," Cavoukian said. "Privacy must become the default." Editor's note: Commissioner Cavoukian will lead the "Practical Privacy by Design: A Hands-On Workshop" preconference session at the upcoming IAPP Privacy Academy.
Full Story

SURVEILLANCE

With the Sky Watching, What Is and Is Not Private? (August 17, 2010)

A report published in the San Francisco Chronicle describes how "High-tech eyes in the sky--from satellite imagery to sophisticated aerial photography that maps entire communities--are being employed in creative new ways by government officials," which is raising concerns about the loss of privacy rights. From online services providing detailed views of locations across the planet to the use of such technology to monitor compliance with local, state and federal laws, Gregory Nojeim of the Washington, DC-based Center for Democracy and Technology, points out, "As technology advances, we have to revisit questions about what is and what is not private information."
Full Story

ONLINE PRIVACY

Advocates: Net Neutrality Is Necessary (August 16, 2010)

Privacy experts are questioning the impact that moving away from net neutrality, where ISPs are prohibited "from exploiting their role in delivering information to favor their own content or the content of the highest bidders," will have on online privacy. The New York Times reports on privacy advocates' concerns that in a non-neutral Web environment, "the Internet becomes more like a mall--where users are from the start viewed as consumers--and less like a public square." Cindy Cohn of the Electronic Frontier Foundation contends, "The people who are pushing for a non-neutral world are pushing it for monetary purposes," while Columbia Law School Prof. Eben Moglen believes such moves emphasize the business of the Internet at the expense of privacy. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—CANADA

Are We A See-Through Society? (August 16, 2010)

"The traditional notions of privacy and anonymity--and even the revamped versions that arose with the Web two decades ago--are dying." That's according to a report in The Globe and Mail that examines the way a few simple clicks on Internet sites can reveal settings and information that can be used to identify users. Noting that privacy legislation in Canada and many countries was drafted long before current tracking capabilities emerged, the report suggests that the Internet's "marketing-oriented assault on privacy is unnervingly complemented by a move to greater security measures, with everything from airport scanners to street surveillance cameras turning an invasive eye on citizens as they go through everyday life" resulting in a "see-through society" that features "digital doppelgangers of us all over the place."
Full Story

SOCIAL NETWORKING

Facebook Privacy Questions Remain (August 16, 2010)

Although Facebook has corrected a glitch that exposed user photos and screen names to anyone who supplied the site with a correct e-mail address but incorrect password, Bloomberg reports that the site continues to juggle users' privacy expectations with the needs of its advertising customers. Referencing the recent book, "The Facebook Effect: The Inside Story of the Company That Is Connecting the World," the report describes the conflict between Facebook's users and the advertisers who pay the site's bills. Recent issues include privacy advocates' concerns with changes in the site's policies and the results of the 2010 American Customer Satisfaction Index, which listed "privacy concerns...and commercialization and advertising" as having a negative effect on the site's users.
Full Story

ONLINE PRIVACY

RIM Responds to Indian Government (August 13, 2010)

Research in Motion (RIM) yesterday responded to the Indian government's threat to "take steps to block" some Blackberry services if they're not made accessible to law enforcement there. The Victoria Times Colonist reports that RIM has announced four principles to guide negotiations with foreign governments over access. The principles include that carriers must observe the strict context of lawful access and national security requirements by the country's judiciary and rules of law; the carrier's demands must be what BlackBerry calls "technology and vendor neutral;" there will be no changes to the security architecture for BlackBerry Enterprise Server, and RIM will maintain  a "consistent global standard for lawful access requirements that does not include special deals for specific purposes." BlackBerry services have been banned in the United Arab Emirates and Saudi Arabia, and Indonesia is also considering a ban.
Full Story

FINANCIAL PRIVACY

CICA Releases Privacy Maturity Model (August 13, 2010)

The Canadian Institute of Chartered Accountants (CICA) in conjunction with the American Institute of Certified Public Accountants has released a draft of its new Privacy Maturity Model (PMM). Based on the Generally Accepted Privacy Principles (GAPP), the PMM outlines the expectations of each level of the 73 criteria in GAPP. The CICA released the PMM as a benchmarking tool and guide to help companies strengthen their privacy practices. They are inviting comments on the draft version through October 1.
Full Story

STUDENT PRIVACY

U of O To Assess Browser-Based E-mail (August 13, 2010)

The University of Ottawa will conduct a privacy assessment before deciding whether to join many universities worldwide in trading in their current campus-based e-mail program for a browser-based system. The new system would give students online storage and access to group calendars and shared documents through virtually any device connected to the Internet, reports the Ottawa Citizen, but all this information would be stored on servers owned by Microsoft, making it subject to the U.S. Patriot Act. "There are risks associated," said Valerie Turner, the university's associate chief information officer, "and the purpose of the privacy impact assessment is to better understand the risks, to look at any remediation that would be required to ensure the protection of the data."
Full Story

GEO PRIVACY

There’s More to That Photo Than Meets the Eye (August 12, 2010)

Geotags embedded in photos and videos taken with GPS-equipped devices are invisible to the casual viewer, The New York Times reports, and that has experts concerned that many people are putting their privacy and security at risk. By looking at geotags and the text of posts, "you can easily find out where people live, what kind of things they have in their house and also when they are going to be away," said Robin Sommer, who authored the recent paper "Cybercasing the Joint: On the Privacy Implications of Geotagging" with Gerald Friedland. Peter Eckersley of the Electronic Frontier Foundation said he believes few people are aware of geotagging capabilities, "and consent is sort of a slippery slope" due to the complexities of disabling such functions. (Registration may be required to access this story.) Editor's Note: See our related story in this month's edition of Inside 1to1: Privacy.
Full Story

SOCIAL NETWORKING

Facebook Working To Fix Privacy Flaw (August 12, 2010)

Following a security researcher's announcement that entering an e-mail address into Facebook's login page with an incorrect password could result in access to the user's name and profile photo, the company has acknowledged it is working on fixing a bug that it says "temporarily prevented" its systems from working correctly. InformationWeek reports on Secfence Technologies CEO Atul Agarwal's discovery that such details could be exposed regardless of user privacy settings. Another researcher found that the site suggested valid user names, profile pictures and e-mail addresses when supplied with an incorrect e-mail address that was similar to a valid one, the report states. A Facebook spokesperson noted, "We are already working on a fix and expect to remedy the situation shortly."
Full Story

DATA LOSS—CANADA

Pharmacy Orders Blow Through Thunder Bay (August 11, 2010)

The Office of the Information and Privacy Commissioner (OIPC) of Ontario is investigating a breach of patient records discovered last week, The Chronicle Journal reports. Pharmacy orders containing patients' medical information were found blowing about public streets near the demolition site of a former hospital. A spokesperson for the Port Arthur General Hospital said a filing cabinet that was left behind when the hospital moved to a new location in 2004 may be the source of the documents. Officials are notifying the patients involved. Brian Beamish of the OIPC said his office is working with the hospital on post-breach matters.
Full Story

ONLINE PRIVACY

Google Memo Details Privacy “Soul-Searching” (August 10, 2010)

The Wall Street Journal is reporting on a confidential Google vision statement drafted two years ago, describing the document as a glimpse into the company's "soul-searching" over the use of its "vast trove" of data. "Google is pushing into uncharted privacy territory," the report states, noting, "Until recently, it refrained from aggressively cashing in on its own data about Internet users." According to the report, several of the suggestions included in the "brainstorming document" have been implemented, such as collecting user data to track them for advertising purposes. The next step, the report states, could be for the company to become a clearinghouse for data, which "would put Google--already one of the biggest repositories of consumer data anywhere--at the center of the trade in other people's data as well." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Pixels Could Replace People in Street Photography (August 10, 2010)

Two University of California researchers have come up with a way to ghost-out the images of pedestrians captured in street-level photography, InformationWeek reports. Arturo Flores and Serge Belongie described their method at the IEEE International Workshop on Mobile Vision in June, saying that it could be a way for Google to address the privacy issues associated with its Street View mapping application. The method "yields Street View images as if the pedestrians had never been there," the researchers wrote in their paper, "Removing pedestrians from Google Street View images."
Full Story

ONLINE PRIVACY

Opinion: The Internet Tracking Debate (August 9, 2010)

Following up on last week's investigative report, The Wall Street Journal is exploring "The Great Privacy Debate" around consumer tracking on the Internet. Some advocates are calling for more control of users' online information while others are supporting less intervention on the Web. Jim Harper writes that when it comes to the Internet, "If Web users supply less information to the Web, the Web will supply less information to them." He discounts assertions about "surreptitious" cookies and writes, "people should get smart and learn how to control personal information." Nicholas Carr, however, suggests that the tradeoff between personalization and privacy on the Web poses real dangers--ranging from the potential for criminals to access personal information to a society-wide erosion of privacy. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Privacy Modes Aren’t Always Private (August 9, 2010)

"Don't do anything in privacy mode that you wouldn't do with the boss looking over your shoulder," PCWorld warns in an article examining the potential to discover users' online activities through Web browsers' privacy modes. According to the findings of a trio of researchers from Stanford and Carnegie Mellon, privacy modes used by major Web browsers to "cover a user's tracks" after an online browsing session fail to purge all traces of user activities. Browser add-ons and even secure certificates can undermine user privacy, the report states, "So anyone who knows where to look for it can find it and glimpse into a user's Internet travels."
Full Story

SURVEILLANCE

Camera-Equipped Policemen an Increasing Trend (August 6, 2010)

The Toronto Star reports on the increasing trend of police officers outfitted with body cameras. Though Toronto police don't yet employ the technology, a spokesman said the trend is clearly moving in that direction. Police forces in Calgary, Victoria and Edmonton have experimented with programs or will in the near future. The cameras are meant to provide the best possible evidence and eliminate "baseless allegations," but civil rights activists have cited privacy concerns involving data use, access and retention. "Who has access to the images and audio tape? Does the person being filmed have access to it?" asked a spokeswoman from the Canadian Civil Liberties Association.
Full Story

DATA LOSS

University Alerts Surgical Patients of Breach (August 6, 2010)

The University Health Network (UHN) sent letters last week to 763 surgical patients informing them that their medical information had been compromised, CBC reports. Some of the files had been stored on a stolen unencrypted USB stick. The information included names, admission and discharge dates and surgical procedures. Privacy Commissioner Ann Cavoukian discovered the breach through a news report and "hit the roof," she said, noting her warning to health authorities months earlier to ensure health records are encrypted. UHN says it is working to make changes to ensure a similar event does not occur and that not alerting Cavoukian was a mistake. "There was a decision made that this wasn't a significant enough breach to warrant informing the commissioner, and I've apologized to the commissioner for that," UHN's CEO said.
Full Story

DATA PROTECTION

Cavoukian Launches Encryption Campaign (August 6, 2010)

Ontario's Information and Privacy Commissioner has launched an educational campaign aimed at preventing the loss or theft of unencrypted personal information stored on USB keys or laptops. The "Think Before Your Copy" campaign comes on the heels of a recent privacy breach involving the personal health information of 750 surgical patients when a purse was stolen that contained the information on an unencrypted USB stick. Commissioner Ann Cavoukian is sending letters to health colleges and professional associations, offering guidance from her office on developing educational initiatives, according to a press release. "Portable devices should never be loaded with unencrypted personal information. Either encrypt the information or remove all personal identifiers," Cavoukian said.
Full Story

ONLINE PRIVACY

Company: No Special Access to Blackberry User Data (August 6, 2010)

Research in Motion (RIM), the company behind BlackBerry smartphones, is rejecting reports that it would allow the Indian government access to user data shared via email and instant messaging. The Guardian reports that India, following bans by the United Arab Emirates and Saudi Arabia, had warned it could block some BlackBerry services based on concerns about encrypted e-mail. RIM has since issued a statement that suggestions it would allow governments to have special access to customers' data were "unfounded." The company has said that its services have been designed "to preclude RIM, or any third party, from reading encrypted information under any circumstances since RIM does not store or have access to the encrypted data."
Full Story

DATA LOSS—CANADA

Ontario Commissioner Investigating Gov’t Site (August 5, 2010)

The Office of the Ontario Information and Privacy Commissioner is looking into a reported breach of the province's change-of-address Web site, the Ottawa Citizen reports. The government is also investigating and has suspended the site after learning that a man's identity was stolen by thieves who allegedly tampered with the site via a Service Ontario kiosk in Hamilton, the report states. A spokesperson for the privacy commissioner confirmed the office had received two complaints about the site and that an investigation is underway.   
Full Story

ONLINE PRIVACY

Google CEO Discusses Technology and Privacy (August 5, 2010)

Speaking at this week's Techonomy conference in the U.S., Google CEO Eric Schmidt discussed some of the privacy-related issues spurred by the advent of new and evolving technology. Schmidt's examples included the use of computers and artificial intelligence to identify people from their online photos, CNET News reports, as well as using data collected by location-based services not only to show where people are but to predict where they are going. Schmidt said that technology is good, but the only way to manage the challenges is "much greater transparency and no anonymity" as "true anonymity is too dangerous."
Full Story

ONLINE PRIVACY

Privacy Breaches in the Clouds? Blame the Customer (August 5, 2010)

When it comes to computing in the cloud, the default contract from many major cloud providers puts the onus for any privacy problems on the customer--even if the provider is at fault for the breach, Steven J. Vaughan-Nichols writes in a report published in the San Francisco Chronicle. "You should ask questions about data security and privacy during the preliminary stages, even before you get to the contract," warns Tanya Forsheit, CIPP, of Info Law Group. "You should ask them what kind of privacy and security controls they have, whether they'll let you audit their security and what they will agree to in regards to liability." Vaughan-Nichols notes that "when it comes to cloud computing, it's better to be safe than sorry regarding both the legal and technical issues." Editor's Note: This year's Privacy Academy will feature multiple breakout sessions related to cloud computing.
Full Story

ONLINE PRIVACY

Researchers Propose “PseudoID” for Web Logins (August 4, 2010)

Google researchers are proposing using a system called "PseudoID" to protect the privacy of Internet users, InformationWeek reports. A paper presented at a conference in July describes how the system would use blind cryptographic signatures to generate pseudonyms that would allow the users to be authenticated to log into Web sites without being identified. Under current sign-on systems, the researchers note, user login information is passed through an identity provider, presenting privacy risks. Should PseudoID be adopted, the report notes, online identity providers would be prevented "from amassing information about Internet users that could harm user privacy if exposed."
Full Story

PRIVACY LAW—CANADA

BCLC Could Face Fines (August 3, 2010)

After a breach of its Web site, PlayNow.com, BC Lottery Corporation (BCLC) may face big fines, says one check card security expert. Paul Gregoire, who is licensed to check card systems for security compliance, told CTV that the range of fines for this type of breach "could be as small as $10,000 and upwards of $500,000." In a press release last week, BCLC admitted that a "defect in the error handling logic of an industry standard Web server" caused the security breach that exposed 134 users' personal information. BCLC is currently working with the BC privacy commissioner to fix the problem before relaunching the site.
Full Story

ONLINE PRIVACY

Did Last Week Mark the End of Privacy? (August 2, 2010)

CNET News reports on a conversation between media industry pundit Jeff Jarvis and Danah Boyd of Microsoft that took place at the Supernova conference in Philadelphia, PA, last week. Both speakers weighed in on privacy in the framework of social networking, the government and the media. Boyd noted security, protection of PII and avoiding embarrassment as reasons people tend to uphold privacy, while Jarvis warned that alarmism over privacy may cause people to miss "getting to the benefits of publicness that the Internet makes possible." Meanwhile, a Telegraph blogger writes about online data sharing, questioning whether the "end of privacy" has come.
Full Story