Canada Dashboard Digest

Many will have already heard the relatively big news this week: A new bill, S-4, was introduced in the Senate that will amend PIPEDA if it passes. I'm surprised it didn't actually get more news considering the fanfare when the government tabled it.

There is some skepticism about whether or not the government is serious this time around because it has introduced somewhat similar bills in the past only to let them die a slow and painful death. This new bill was introduced in the Senate, and some are speculating that this may have been done to try and get the bill passed quickly.

For sure, these amendments are a long time coming. Many of them are what I call “common-sense fixes." For example, getting the English and French versions of the law to jive with one another a bit better. Other more meaningful fixes are those that mirror the Alberta and British Columbia provisions dealing with employee personal information and business transactions.

The folks at the OPC are probably happy with the proposed amendments that will allow them to enter into compliance agreements with organizations. Essentially, these agreements will allow the OPC to monitor organizations for up to a year after the completion of an investigation to ensure that all recommendations are satisfactorily implemented.

Lastly, I think the codification of a breach notification scheme is a good thing, too. I don’t think this new scheme will have a significant impact because previous guidance from the federal commissioner has been clear that they expect notification to take place even without the codification in the law. So, I think most organizations have already been operating with this scheme in mind. But, getting clarity in any law is always a good thing, so I suppose it is in this case, too.

As far as the “new penalties” go, I again don’t think there’s too much to worry about. Before any penalty could be levied, a matter would have to be referred for criminal prosecution—something that probably won’t happen except in the most egregious cases. This is a far cry from the administrative monetary penalties that can be levied in some European jurisdictions directly by the data protection authority.

So, all in all, pretty good news for privacy in Canada—for some—this week. And when we also read that CRA employees were fired for privacy violations, perhaps privacy is something this government is realizing is a priority issue that people care about.

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

ONLINE PRIVACY

Apps That Overshare (September 30, 2010)

According to a study conducted by Duke University, Penn State and Intel Labs, of 30 applications for the Android smartphone studied, two-thirds exhibited "suspicious handling of sensitive data." InfoWorld reports that 15 of the applications sent users' geographic location to remote advertisement servers, even if users had specified that the app only access that data to unlock location-based features. According to the study, the loophole exists because apps have only "coarse-grain controls" for accessing personal information, but few regulations over how the data can be used.
Full Story

BEHAVIORAL TARGETING

Web Analytics Code of Ethics (September 30, 2010)

The Wall Street Journal interviewed Eric Peterson and John Lovett of consulting firm Web Analytics Demystified about their efforts to create a code of ethics for Web analysts to clarify "what this stuff can be used for, and more importantly, can't be used for." The consultants credit a recent WSJ series, "What They Know," for opening their eyes to the fact that there was no "consistent platform" for the field. The pair has proposed the creation of a certification program which could grow to become a trustmark. (Registration may be required to access this story.)
Full Story

IDENTITY THEFT

Study: Fewer Headlines Means Fewer Fears (September 30, 2010)

Forbes reports on a study released this week showing that about 25 percent of consumers now subscribe to identity theft protection services, down 42 percent since 2008. The reasons for the drop are tight budgets and a lack of major data breach headlines over the past year, according to analyst Robert Vamosi. Though the number of breaches this year is still expected to rise, the number of individual records breached has fallen more than 90 percent compared with last year due to the lack of a major breach exposing thousands or millions of records at one time. "Without those massive attacks and the headlines that follow, concerns about identity fraud are lessened," Vamosi said.
Full Story

HEALTHCARE PRIVACY—CANADA

OPC To Audit Veterans Affairs (September 29, 2010)

Privacy Commissioner Jennifer Stoddart will audit the department of veterans affairs, the Toronto Sun reports. Allegations emerged last week that government officials had inappropriately accessed and shared the healthcare records of Canadian Forces veteran Sean Bruyea, and since then another vet--Veterans Ombudsman Col. Pat Stogran--has come forward with similar allegations. Commissioner Stoddart has been investigating the Bruyea allegations for several months. A statement released by her office on Tuesday said that the preliminary findings of that investigation "raised concerns about the possibility of systemic privacy issues," prompting plans for an OPC audit. The audit "will examine the department's policies and practices against federal privacy requirements," according to the statement.
Full Story

ONLINE PRIVACY

Rosen Discusses Challenges, Solutions (September 29, 2010)

In an interview with Bank Info Security, Jeffrey Rosen, author of The Naked Crowd and past IAPP keynote speaker, outlines privacy challenges for individuals and corporations, the evolution of privacy as a worldwide concern and what the future may hold. According to Rosen, the biggest threat to privacy is "the fact that the Internet never forgets." What people want, he says, "is the ability to control their entire reputation, which in the end is an unrealistic hope but an understandable one." Rosen says expiration dates for online information is the best approach. "Inevitably we are going to make mistakes and say things we shouldn't and reveal things we shouldn't. The question is, how do we escape from these errors?"
Full Story

SOCIAL NETWORKING

Patient Data Sharing Spurs Concerns (September 29, 2010)

Even as medical identity theft becomes more prevalent, some patients are voluntarily posting their personal medical details on healthcare-related social networks, DarkReading reports. And while some divulge the information (diagnoses, medications, locations) readily, some experts worry that other patients are participating under the mistaken assumption that their posts are anonymous, thereby making themselves vulnerable to social engineering and other attacks. Nitesh Dhanjani of Ernst & Young says a patient's identity could be ascertained by linking it to data posted on other social networks. "We know...that with one handle and any one piece of data you have in Facebook, you can easily connect the dots and link everything up," Dhanjani said. (For more on patient data sharing, see the article "Health Information-Sharing Environment" from the September 2009 issue of Inside 1to1: Privacy.)
Full Story

PRIVACY LAW—CANADA

FISA Tweaked, Reintroduced (September 28, 2010)
The government has reintroduced its anti-spam legislation, Bill C-28, the Fighting Internet and Wireless Spam Act (FISA), after addressing concerns raised during the review of a similar bill that died in parliament last year, reports The Lawyers Weekly.

PRIVACY—CANADA

Daycare Livestreams Kids and Workers (September 28, 2010)

Webcams installed in a Calgary daycare years ago offer parents an opportunity to check in on their kids throughout the day and have been a big hit, reports CBC News, but Alberta's Office of the Privacy Commissioner (OPC) is taking note. Parents sign up for the service and receive a password, which changes monthly for security reasons, and according to the daycare's director, there's only been one case where a parent didn't want their child recorded. Jill Clayton of the OPC said that the office hasn't received any complaints but that parental consent is key, and there may be "some concerns about having employees on camera all day long and then monitoring that activity."
Full Story

TRAVELLERS’ PRIVACY

Stoddart on Body Scanners, U.S. Enforcement (September 24, 2010)

On Monday, Privacy Commissioner Jennifer Stoddart addressed members of the Canadian Bar Association, saying national security is one of the issues that keeps her "up at night," reports The Vancouver Sun. Commissioner Stoddart predicted that second-generation airport body scanners, which take sharper images than those currently in use, will likely come to Canadian airports. In January, 44 scanners using millimetre wave technology were purchased for use at airports in Toronto, Vancouver, Calgary, Edmonton, Winnipeg, Montreal, Ottawa and Halifax, the report states. Stoddart also called on the U.S. government to "step up" enforcement of tech giants, asking, "Why is Canada paying for the cost of this enforcement for this technology that's coming to us out of Mountain View?"
Full Story

SOCIAL NETWORKING

Divorce Details Broadcast in Cyberspace (September 24, 2010)

The National Post reports on an increasing trend where divorcing couples publish details of the split to social networking sites. One divorce coach said this has led to finger-pointing among the couples she's worked with, each accusing the other of "over-sharing" divorce details. Some couples have even reached informal non-disclosure agreements on what can and can't be shared or "tweeted" on sites like Facebook and Twitter. One family lawyer said the over-sharing phenomenon may lead to legally binding non-disclosure agreements in court, with specific references to social networking sites. "This may be becoming something that we, as lawyers in a family law case, should be considering," he said.
Full Story

PERSONAL PRIVACY

Opinion: Mandate Black Boxes (September 24, 2010)

On the heels of a tragic motor vehicle accident, the past president of the Canada Safety Council makes a plea for black boxes in all cars. In the Ottawa Citizen, Emile Therien writes that the "high-tech devices can be an invaluable tool in detecting the causes of crashes, leading to better crash investigations and safety improvements. Governments in North America need to step up to the plate and enact legislation mandating black boxes. It is high time public health, traffic safety and common sense trump privacy and other concerns." Therien acknowledges that questions about data ownership and access, among others, will need to be answered and says that "legislators will need to address these issues in the near future."
Full Story

DATA PROTECTION

Apps Will Multiply, How Will Privacy Apply? (September 24, 2010)

End-user software for mobile phones, or "apps," are on their way to becoming more popular than the Internet itself, some predict. Developed by teenage amateurs and billion-dollar companies alike, apps are capable of performing limitless tasks, from computing billing services to monitoring health information to forecasting the weather. But privacy advocates say apps come with risks to consumer privacy, as the data they solicit for use is managed by those who may or may not have experience in data protection or knowledge of privacy law. Some are calling for industry to get ahead of those risks, while others say the app developers themselves must take responsibility.
Full Story

ONLINE PRIVACY

Cookie Legality Questioned (September 24, 2010)

From the U.S. to the EU, concerns about the use of Flash cookies for online ad targeting purposes abound, ClickZ reports. And it's not just privacy advocates who are worried, the report states, with concerns also being expressed by regulators, consumers and even the advertising industry. From lawsuits in the U.S. against behavioral targeting companies to the recent statement by European Commissioner Neelie Kroes that such practices violate EU law, the questions about cookies are not going away. "If a consumer removes or blocks a cookie from their system, then a company has to respect that," said Alexander Hanff of the UK-based Privacy International, adding, "if they then go and use surreptitious methods to reinstall that cookie against the consumer's will, they are committing an offense."
Full Story

PRIVACY LAW—CANADA

Commissioner Launching New Investigation (September 23, 2010)

The Ottawa Citizen reports on the announcement yesterday by Canada's privacy commissioner that though Facebook has resolved privacy concerns raised in a 2008 complaint, she will launch fresh investigations into new features on the site. Commissioner Stoddart will explore concerns about Facebook's "like" and invitation features, which didn't exist at the time of her yearlong investigation in 2008. Stoddart says the pace of change has created these new privacy concerns. The like button allows users to vote on products and media stories and allows Facebook to collect information about the users' viewing habits and IP addresses, the report states.
Full Story

PERSONAL PRIVACY

Contributing to the Digital Universe (September 23, 2010)

"In your daily life, there are dozens of ways you transmit personal information--without ever logging on to a computer," writes Jason Magder for The Montreal Gazette. Madger notes that the information acquired daily by digital television boxes, RFID chips, vehicle GPS systems, loyalty cards, credit card companies and others, amasses "digital shadows." These digital shadows make up about 70 percent of the "digital universe," according to technology consulting firm IDC's annual study measuring the size of that universe. "It's startling now how much information people can collect about you if they know how to use the right online databases and search engines," said Colin McKay of the Office of the Privacy Commissioner of Canada.
Full Story

HEALTHCARE PRIVACY—CANADA

Vet’s Records Accessed by Government Officials (September 23, 2010)

Sean Bruyea, a Canadian Forces veteran and long-time veterans' rights activist, discovered that at least 614 people have accessed his personal records a total of 4,131 times, reports the Toronto Sun. Records Brunyea made public this week show that government officials discussed his medical records in several e-mails, and a 13-page briefing to former Veterans Affairs Minister Greg Thompson outlined Bruyea's psychiatric conditions. According to the report, Privacy Commissioner Jennifer Stoddart has been investigating the breach for more than a year and has expressed concern over the allegations. Prime Minister Stephen Harper has pledged to cooperate with Commissioner Stoddart's investigation, calling the breach "unacceptable."
Full Story

PRIVACY

Privacy Prime Time (September 23, 2010)

The New York Times reports on Google CEO Eric Schmidt's appearance on "The Colbert Report" Tuesday night to answer host Stephen Colbert's questions about privacy and a comment Schmidt once made about user anonymity. Schmidt told Colbert that Google does see users' online searches but forgets them "after a little while," and said his recent statement that users should change their names to achieve online anonymity was a joke, which Colbert said was "too hip for the room." (Registration may be required to access this story.)
Full Story

TRAVELERS’ PRIVACY

EU: Limit Passenger Data Shared With Other Countries (September 22, 2010)

The European Commission is focused on strengthening privacy rules for the sharing of air travelers' personal information with the U.S., Australia and Canada, EUobserver reports, and to limit the use of such data "exclusively to fight terrorism and serious transnational crime." New agreements are set to be negotiated with the three countries to replace those that have been deemed to lack appropriate privacy safeguards by the European Parliament. "PNR transfers have been going on for 60 years," said European Commissioner Cecilia Malmström, noting, "carriers are obliged to do it, otherwise they can't land. But we want legal clarity for passengers and to embed it with as many data protection provisions as possible."
Full Story

PRIVACY—CANADA

Canada Joins Global Enforcement Arrangement (September 22, 2010)

Canada today announced it has joined the Global Privacy Enforcement Network (GPEN), a group established to facilitate cooperation across national borders. The GPEN aims to provide cross-border points of contact, bilateral investigations and enforcement cooperation among privacy authorities. Canada joins 12 other entities, including the U.S. Federal Trade Commission, that are involved in the network, which was launched in March. "I am very pleased to be a part of this initiative," Privacy Commissioner Jennifer Stoddart said. "My office has seen dramatic growth in issues and investigations dealing with the online world and multinational companies, and we recognize that increased cooperation with our international colleagues is critical to our future success."
Full Story

PRIVACY

TPP Seeking Research Grant Proposals (September 20, 2010)

The Privacy Projects (TPP) has announced that its Winter 2010 Research Grants competition proposals are due October 29, with awards ranging from $25,000 to $100,000 per project. According to TPP, the goal of the grant program is to "advance practical and effective research relating to information and privacy governance to inform the transition we believe is underway from traditional regulatory models to emerging frameworks of demonstrated accountability and responsibility." The TPP Board of Directors is encouraging grant applicants to submit proposals addressing such areas of emphasis as legislative reforms, organizational data governance programs and consumer privacy compliance. Questions on the program may be e-mailed to TPP.
Full Story

PRIVACY—GERMANY & U.S.

A Private-Public Balancing Act (September 17, 2010)

Jeff Jarvis writes in The Faster Times on comments at a recent event in Berlin, Germany, where Schleswig-Holstein Data Protection and Privacy Commissioner Thilo Weichert continued a trend that began earlier this summer of calling out nations and industry on privacy concerns. Weichert, who previously called for the European Commission to walk away from the U.S. safe harbor principles, is quoted as saying that those who are "stupid enough" to use Google "don't deserve any better." Jarvis writes that while Weichert suggests privacy should be the default, there is merit to "publicness" and a "balancing discussion" is what is needed "so people know they have a choice and protect that choice."
Full Story

PRIVACY

Anderson: “Profound Benefits” Spur Interest in PbD (September 17, 2010)

The concept of privacy by design is gaining traction. Last week, the Information and Privacy Commissioner of Ontario announced a lineup of Privacy by Design Ambassadors that includes the likes of European Data Protection Supervisor Peter Hustinx, New Zealand Privacy Commissioner Marie Shroff and many other leading minds from industry, academia and government. Privacy by design expert Ken Anderson attributes the traction to the fact that "the benefits of privacy by design are so profound." In this Q&A, the Daily Dashboard speaks with Anderson, of the Information and Privacy Commissioner's Office of Ontario. He discusses who should be paying attention to the principles of privacy by design and why.
Full Story

ONLINE PRIVACY

Opinion: At the Border: No Warrant Needed (September 17, 2010)

When it comes to crossing the border, there is no distinction between "business" and "personal" data for portable devices like laptop computers, Michael Power writes in Borderline Privacy. Power cites a legal case where it was determined that a search of laptops at national borders does not conflict with the Canadian Charter of Rights and Freedoms. He suggests that when it comes to privacy, the focus should be on the content itself rather than on the device where data is stored. "Unless there is a change in how we think about laptops and other portable devices and their role in our lives," he writes, "we're going to have to accept that one takes a device across a border at one's own peril." Meanwhile, a spokeswoman from the Canadian Civil Liberties Association said earlier this month challenging laptop searches at U.S. borders may prompt constitutional challenges in Canada.
Full Story

CHILDREN’S PRIVACY

Tracking Preschoolers With Location-Based Microchips (September 17, 2010)

RFIDWorld Canada reports on one U.S. school using a $50,000 government grant toward establishing RFID technology to track preschool students, which a San Francisco Chronicle editorial says has created "very real privacy and safety concerns." One county's Head Start program is complying with federal requirements that it take attendance every hour using the Child Location, Observation and Utilization Data System (CLOUDS), which outfits the children in jerseys embedded with electronic locator chips. But school officials aren't the only ones capable of picking up the chips' signals; research has shown that informed criminals, for example, can trace the signals, too. "This isn't the right solution," the report states. "The privacy and safety of these very young children must outweigh the inconvenience of their teachers."
Full Story

ONLINE PRIVACY

When Augmented Reality Bites (September 16, 2010)

The Sydney Morning Herald reports on the emerging world of augmented reality (AR), the commercial promise of which "will almost certainly cement its future," the report states. The future market for AR apps is expected to reach into the hundreds of millions of consumers, but "how much personal information will people be prepared to give away in order to reap the rewards of amusements like these?" the report asks. ReadWriteWeb blogger Chris Cameron says consumers "need to...be more aware of what data they are sharing" and the founder of an online reputation management group says businesses must not overlook the "significant risks associated with these technologies."
Full Story

ONLINE PRIVACY

Web’s Creator: Mobile Devices Require Privacy Rethink (September 16, 2010)

The Internet's creator believes that mobile devices will continue to evolve and pose new privacy challenges, Sarah Perez notes in a report for ReadWriteWeb. Speaking at a conference on Wednesday, Sir Tim Berners-Lee shared concerns around the development of mobile technologies, noting that geolocation features are the "tip of the iceberg," and such devices may eventually be able to monitor everything from where users are to how they feel. "The problem that has not been worked out yet is how to allow a user to share their location while still making it easy for them to understand when they're sharing critical information, how much control they have over that information and who can access that data," Perez writes.
Full Story

ONLINE PRIVACY

Researchers: Promises Fall Short in Compact Policies (September 14, 2010)
The longtime tenets of know-say-do have been incorporated into the development of many privacy policies. According to the findings of a recent Carnegie Mellon University study, when it comes to the compact policies (CPs) created for the Platform for Privacy Preferences (P3P) protocol, industry may be falling short of doing what it says it is doing.

PERSONAL PRIVACY

Do Egyptian Mummies Have Privacy Rights? (September 14, 2010)

The assumption that ancient corpses are fair game for science is beginning to be challenged, NewScientist reports. The strict ethical guidelines that apply to human research don't extend to Egyptian mummies, which disturbs anatomist Frank Rühil and ethicist Ina Kaufmann of the University of Zurich, who say such research produces personal information including family history and medical conditions and doesn't allow for patient consent, the report states. The rights of the deceased individual must be considered and weighed against the knowledge attained by the research, Rühil says. Some regions classify such information as personal. In New Zealand, information about how someone died is considered personal data, and in the European Union, information about the deceased is considered personal if it can reveal something about living descendants.
Full Story

ONLINE PRIVACY

Cookie Questions Persist (September 13, 2010)

The Wall Street Journal recently asked for questions from readers on technology and privacy, and a key question on many readers' minds, the report states, is, "Does deleting cookies force trackers to start over, or do they just pick up where they left off, combining the new with the old?" Jules Polonetsky, CIPP, of the Future of Privacy Forum explained that when consumers delete all cookies and later enable them, tracking companies generally can't associate the data from the newly enabled ones with the old ones. "You deleted that number that the advertising company or Web site recognizes you by," he said, explaining that when users return, "they will assign you a new number and generally are not going to have a link between the new and the old." (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING

Facebook Founder Talks Privacy (September 13, 2010)

In a feature published in The New Yorker, Jose Antonio Vargas shares a conversation with Facebook founder Mark Zuckerberg that touched on issues related to privacy. Referencing recent privacy controversies involving the company and its privacy settings, Vargas writes that Zuckerberg told him privacy is the "third-rail issue" online. "A lot of people who are worried about privacy and those kinds of issues will take any minor misstep that we make and turn it into as big a deal as possible," Zuckerberg reportedly said, adding, "We realize that people will probably criticize us for this for a long time, but we just believe that this is the right thing to do."
Full Story

PRIVACY LAW

BC OIPC Rules on Agency Breach (September 10, 2010)

The Office of the Information and Privacy Commissioner of British Columbia has upheld the complaint of a man who claimed he was wronged by a government agency. According to an OIPC press release, the BC Ministry of Children and Family Development "breached its duty under section 28 of the Freedom of Information and Protection of Privacy Act." The act requires public and private-sector bodies to take all reasonable steps to ensure the accuracy of individuals' personal information. BC Privacy Commissioner Elizabeth Denham said the decision "drives home...the significance of ensuring personal information is accurate before it is used in a decision that affects someone."
Full Story

PRIVACY

Commissioner’s Future Unknown (September 10, 2010)

The Edmonton Journal reports on the impending end of Privacy Commissioner Jennifer Stoddart's seven-year term, which will come to a close in November. Stoddart has received praise from privacy watchdogs and consumer advocates for defending the privacy rights of Canadians, the report states. The federal cabinet appoints the position. A spokeswoman for Stoddart said she's ready to serve if asked, but would "respect any decision the government makes on this front." One privacy expert says the government would be wise to reappoint Stoddart, as "she has shown both national and international leadership in this area. She is respected by her fellow commissioners internationally and she's navigated some difficult issues very well."
Full Story

DATA LOSS

Stolen Hospital Laptop Affects 635 Patients (September 10, 2010)

The Burnaby RCMP and the Fraser Health Authority are investigating a laptop theft affecting 635 patients. The Vancouver Sun reports that the health authority is notifying patients of the theft, in which information including patient and doctor names and test results may have been compromised. The laptop may not have been password protected, according to a health authority spokesman, who also said it's possible the thief was caught on the hospital's surveillance system. The health authority is offering a one-year subscription to a credit monitoring service for those affected.
Full Story

PRIVACY

SK Privacy and Security Awareness Month (September 10, 2010)

Saskatchewan's Justice Minister and Attorney General Don Morgan has designated September as Privacy and Security Awareness Month. According to a news release, the initiative is part of a government-wide effort to raise awareness about data privacy within government and will include workshops for government employees and the public. "Our government is committed to protecting the privacy of personal information in our possession or control," AG Morgan said. "We are equally concerned about managing our records, keeping them secure and supporting the public's right to access records."
Full Story

SOCIAL NETWORKING

Police Force Studies Social Network Use (September 10, 2010)

A Nova Scotia police force conducted a five-week study to gauge teenagers' use of social networks, The Globe and Mail reports. Supervised by Truro police, university students created fictitious profiles to garner "friends" between the ages of 12 and 17. Two out of the nearly 300 teens who received the friend requests refused them, the report states. Constable Todd Taylor described the findings as "astounding."
Full Story

PRIVACY

Cavoukian Names Privacy Ambassadors (September 10, 2010)

Ontario Information and Privacy Commissioner Ann Cavoukian has announced the inaugural group of Privacy by Design (PbD) Ambassadors. The ambassadors program was established to publicly recognize individuals' and organizations' efforts to build privacy into their businesses and technologies on a daily basis. "With the ease that vast amounts of personal information can otherwise be collected and potentially misused, companies and government organizations can't treat privacy as an afterthought...it has to be built in from the outset, as the default option," Cavoukian said. The group includes 27 international ambassadors, including European Data Protection Supervisor Peter Hustinx and New Zealand Privacy Commissioner Marie Shroff. Editor's note: Learn how Privacy by Design is being implemented by organizations, regulators and privacy advocates around the world in the Privacy Academy preconference session, "Practical Privacy by Design: A Hands-On Workshop."
Full Story

ONLINE PRIVACY

How Much Would You Pay for Web Privacy? (September 8, 2010)

New companies aimed at helping people protect their online anonymity are facing a challenge, The Wall Street Journal reports, as many are reluctant to pay for Web privacy. With the majority of Internet users unaware of how their Web searches, posts and visits can be used by marketers and others, privacy company executives say many are uncertain about trusting their information to an unfamiliar company. As the founder of Web privacy company VaporStream put it, "Individuals don't understand the risk of privacy online." When it comes to protecting privacy online, the report states, "Overall, the Web-privacy industry remains fractured, with many free and for-purchase products tackling a range of risks. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Q&A with Microsoft’s CPO (September 8, 2010)

The Inquirer discusses online trust with Microsoft Chief Privacy Officer Brendon Lynch, CIPP. Lynch has been part of Microsoft's privacy team since 2004. In the interview, he discusses the company's move to offer tokenized authentication. He hopes the company's U-Prove technology, which he says brought to life the bridging of offline and online identities, will be built widely into identity technologies. "There's a need for rethinking and thinking deeply about how identity is dealt with online," Lynch said. "In certain situations, you want high assurance and strong authentication--for example, healthcare, when it moves online." Lynch is on the IAPP board of directors.
Full Story

PRIVACY LAW—U.S.

Groups Sue Government over Laptop Searches (September 8, 2010)

The American Civil Liberties Union, criminal defense lawyers, photographers and a university student have filed a lawsuit challenging the policy permitting officers at U.S. borders to detain travelers' laptop computers to search their contents without suspicion of wrongdoing, The Washington Post reports. The suit, filed Tuesday in U.S. District Court for the Eastern District of New York, alleges the searches violate privacy and freedom of speech and asks that they require a warrant. The Bush-era search policies were updated with Department of Homeland Security revisions under the Obama administration last year to increase information available to travelers about the searches and set time limits. Some say those changes didn't go far enough. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Google Updates Privacy Policy, Settles Buzz Suit (September 7, 2010)

Google has reached an $8.5 million settlement in a class-action suit regarding its Buzz social-networking feature, PC Magazine reports. The agreement includes an acknowledgment that the company has addressed the privacy issues and the creation of a fund for "existing organizations focused on Internet privacy policy or privacy education," the report states. The settlement was released on the same day that the company announced it will simplify its privacy policies--cutting the length of the policies by 22 percent. "To be clear, we aren't changing any of our privacy practices," Google officials wrote in the company's official blog, noting "we want to make our policies more transparent and understandable." However, Marc Rotenberg of the Electronic Privacy Information Center is questioning whether the changes will be good for Google users. The revisions go into effect October 3.
Full Story

DATA THEFT

FIFA Fans’ Personal Information Stolen, Sold (September 7, 2010)

A criminal investigation has been launched into the theft and sale of personal details of as many as 250,000 individuals from the U.S., UK, Switzerland, Portugal, the Netherlands, Poland, Italy, Germany, France, Spain and Croatia who purchased tickets to the 2006 World Cup from official FIFA outlets, the Daily Mail reports. The information, which includes passport details and dates of birth, was sold for as much as £500,000 (USD$765,132). "The unlawful trade in people's personal information is a criminal offense under the Data Protection Act," Mick Gorrill of the UK's Information Commissioner's Office said over the weekend, noting the office will be working with FIFA and international data protection authorities in the investigation.
Full Story

PRIVACY LAW

Prison Staff To Receive $1000 Each (September 3, 2010)

On August 23, a judge approved a settlement between Correctional Services of Canada and the staff of the Joyceville Institution, awarding 366 staff members $1,000 each for a 2003 incident that exposed their home addresses and phone numbers to an inmate, reports the Ottawa Citizen. According to the report, some may receive more if they can prove that the leak caused psychological or psychiatric problems. The staff's lawyer, Chris Edwards, said that the amount reflected that some of the information leaked was already publicly available. "Perhaps the most important part of the settlement is that Correctional Services Canada is doing a review of their privacy practices now, as a result of this, in most of this region's institutions," Edwards said.
Full Story

PRIVACY

Canada Joins APEC Enforcement Network (September 3, 2010)

Canada has become the newest member of the Asia Pacific Economic Cooperation's (APEC) privacy enforcement network. The APEC Cross-border Privacy Enforcement Arrangement was developed to encourage cooperation amongst privacy authorities in APEC member economies on matters of investigation, evidence collecting and enforcement, among others. Canada joins the Office of the Privacy Commissioner of Australia, Hong Kong's Office of the Privacy Commissioner for Personal Data, the Office of the Privacy Commissioner of New Zealand and the U.S. Federal Trade Commission. Privacy Commissioner of Canada Jennifer Stoddart says the arrangement will help Canada address privacy concerns related to organizations operating in multiple jurisdictions, which are increasingly common in the twenty-first century and requiring "twenty-first century tools."
Full Story

SOCIAL NETWORKING

Poll: Most Canadians Alter Privacy Settings (September 3, 2010)

ITBusiness.ca released a poll this week showing that most Canadians have adjusted their Facebook privacy settings, debunking a common belief that most people leave default settings intact. The survey polled 1,002 Canadians who have used Facebook almost daily within the past two months. Eight out of 10 have altered their privacy settings. Further, when asked about their approach to privacy on the site, 52.6 percent chose the option "I'm cautious about my privacy and have changed my settings and am very selective about what information I share," reports itWorldCanada. Brian Jackson, a senior writer with ITBusiness.ca, says, "Much of the privacy concerns around Facebook are a result of the default privacy settings. Now, it seems that most Canadians are cautious enough change that default."
Full Story

ONLINE PRIVACY

Site Reveals Tweets, Locations (September 3, 2010)

Computer security professionals have created a site to raise awareness among smartphone users about the information they reveal, the Toronto Sun reports. The site combines Twitter updates and GPS data to provide map coordinates that reveal the senders' location and Tweet content. "After analyzing your photos, someone could find out where you live, who else lives there, your commuting patterns," and other information, the developers say.
Full Story

INFORMATION ACCESS

IPCs Call for “Open Government” (September 3, 2010)

The information and privacy commissioners of Canada are calling on the government to be more transparent, the Montreal Gazette reports. In a joint resolution, the federal, provincial and territorial commissioners call for proactive sharing of information. "The norm should really be proactive disclosure," said Information Commissioner Susanne Legault from a gathering in Whitehorse. "We feel that all Canadian governments at all levels should really embrace this approach and this cultural shift." In the resolution, the commissioners call on the federal government to commit to stronger open government standards and to change the system so that Canadians get information without having to formally file access requests, among other changes.
Full Story

ONLINE PRIVACY

Personal Data Has a Price (September 2, 2010)

NetworkWorld reports on the view of digital personal data as bankable currency. Marc Davis of Microsoft, who is a backer of rights-based privacy, suggests that "every piece of data on the Internet maps back to who created it and who they know. Where they were when they did it, where they've been and where they plan to go. What they are interested in, attend to and interact with, and is around them and when they do these things." All this, he explains, has vast implications for privacy and the economy, he writes, noting that personal data "could be bankable and tradable from your Personal Data Bank," which would be "tied to clear, immediate and concrete benefits to choices about your personal data." Editor's Note: Read more about the concept of data banking and exchange.
Full Story

SOCIAL NETWORKING

The Privacy of Ping (September 2, 2010)

Apple's Ping, a music-focused social-networking service for iTunes users, was introduced this week, and the company is promising simple and straightforward privacy controls, indicating companies are now seeing the potential for privacy as grounds on which to compete, The New York Times reports. "You can get as private or as public as you want," Apple CEO Steve Jobs said of Ping, noting the device's privacy settings are "super simple." Citing recent privacy issues for large Web and social networking companies, Marc Rotenberg of the Electronic Privacy Information Center said Jobs' remarks show "privacy is very much on the minds of companies offering social-network services," and Ryan Calo of Stanford Law School's Center for Internet and Society suggested the comments show that companies are responding to public demands for simple privacy controls. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Tech Suppliers Urged To Embrace Privacy Principles (September 2, 2010)

In a feature for The Last Watchdog, Fran Maier of TRUSTe shares her personal experience underscoring the privacy risks that come with the "Internet of Things." Maier writes how her missing camera began wirelessly uploading photos to her Eye-Fi account from an unsuspecting family in Germany that did not know that the account--complete with geo-tags--was enabled. "In this new world of the Internet of Things, a family photo can be much more than that," Maier writes, noting, "It may be a sensitive piece of personal data inadvertently shared with a stranger because of insufficient privacy safeguards." As the Internet of Things grows, Maier said it will be essential for technology designers and suppliers to "incorporate transparency, accountability and choice" to protect privacy. Editor's Note: Read more about Maier's story and the unforeseen consequences of such technology.
Full Story

IDENTITY THEFT—CANADA

Commissioner Investigating Hospital Admission, Burial Under Stolen Name (September 1, 2010)

In a case that has been described as unlike anything his office has seen before, Alberta Privacy Commissioner Frank Work is launching an investigation to determine how a patient was admitted to a Calgary hospital with the stolen Alberta Health Care card of an acquaintance and was buried under that stolen name when he died in the hospital of natural causes. The Health Information Act (HIA) allows the commissioner to conduct investigations to ensure compliance with its provisions, the Calgary Herald reports. "I have decided to conduct an investigation to examine what steps are reasonable to take to ensure health information is accurate and complete before it is used by a health services provider," Work said.
Full Story

ONLINE PRIVACY

Defining the Limits of Privacy (September 1, 2010)

The way we respond to the prevalence of online data will define the limits of privacy in the next decade. That is the message Daniel J. Solove shares in a report for The Chronicle of Higher Education. "The growth of information-analysis technology will have profound consequences, both good and bad," he writes, pointing to such positives as improved research and communication while cautioning that when it comes to privacy, "it will be harder for people to escape mistakes they made in the past. Big corporations and the government will be able to learn more about our lives and have more power as a result." Solove suggests that our responses and the "legal rules we develop over the next decade to cope with these developments will determine the limits of our freedom and privacy."
Full Story

SOCIAL NETWORKING

The Future of Privacy and Publicness (September 1, 2010)

Using social networking posts and media reports, Fast Company reports that "the line that separates privacy and openness remains undefined" as individuals weigh the "benefits and risks of living in public." Focusing on responses to Facebook's recent privacy-related decisions and user posts from Twitter, the report looks at the media's role in fueling discussions and debate around privacy. Following an analysis of responses and reactions to the word privacy, among other things, the report states that the push-back from people and the press can help "push things forward collaboratively" as "we are the last generations to know privacy as it was."
Full Story