Canada Dashboard Digest

Many will have already heard the relatively big news this week: A new bill, S-4, was introduced in the Senate that will amend PIPEDA if it passes. I'm surprised it didn't actually get more news considering the fanfare when the government tabled it.

There is some skepticism about whether or not the government is serious this time around because it has introduced somewhat similar bills in the past only to let them die a slow and painful death. This new bill was introduced in the Senate, and some are speculating that this may have been done to try and get the bill passed quickly.

For sure, these amendments are a long time coming. Many of them are what I call “common-sense fixes." For example, getting the English and French versions of the law to jive with one another a bit better. Other more meaningful fixes are those that mirror the Alberta and British Columbia provisions dealing with employee personal information and business transactions.

The folks at the OPC are probably happy with the proposed amendments that will allow them to enter into compliance agreements with organizations. Essentially, these agreements will allow the OPC to monitor organizations for up to a year after the completion of an investigation to ensure that all recommendations are satisfactorily implemented.

Lastly, I think the codification of a breach notification scheme is a good thing, too. I don’t think this new scheme will have a significant impact because previous guidance from the federal commissioner has been clear that they expect notification to take place even without the codification in the law. So, I think most organizations have already been operating with this scheme in mind. But, getting clarity in any law is always a good thing, so I suppose it is in this case, too.

As far as the “new penalties” go, I again don’t think there’s too much to worry about. Before any penalty could be levied, a matter would have to be referred for criminal prosecution—something that probably won’t happen except in the most egregious cases. This is a far cry from the administrative monetary penalties that can be levied in some European jurisdictions directly by the data protection authority.

So, all in all, pretty good news for privacy in Canada—for some—this week. And when we also read that CRA employees were fired for privacy violations, perhaps privacy is something this government is realizing is a priority issue that people care about.

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

PRIVACY

PM Nominates Stoddart for Reappointment (November 25, 2010)

Prime Minister Stephen Harper on Wednesday moved to extend the term of Privacy Commissioner Jennifer Stoddart, The Globe and Mail reports, nominating her to be reappointed for another three years. "Jennifer Stoddart is extremely well-qualified to continue in the role of privacy commissioner of Canada," the prime minister said. "She brings to the position considerable expertise in privacy protection issues and a deep understanding of the importance of open and transparent government. I am pleased that she has agreed to be nominated to continue in this important role." The House of Commons will now consider the nomination.
Full Story

PRIVACY LAW

Supreme Court Rules on Power Monitoring Case (November 25, 2010)

In a split decision on Wednesday, the Supreme Court of Canada upheld the notion that police do not need a search warrant to monitor electricity customers' usage patterns, the Toronto Star reports. The court restored the conviction of a Calgary man whose utility company outfitted his home with a digital recording device at the request of police. Four justices said the monitoring device did not invade the man's privacy, the report states, while three said it probably invaded his privacy and two asserted that it did invade his privacy. One dissenting justice described the case as "an incremental but ominous step toward the erosion of the right to privacy." 
Full Story

EMPLOYEE PRIVACY

Commissioner Investigates Proposed Search Law (November 25, 2010)

Privacy Commissioner Jennifer Stoddart is investigating a government plan to give Canada Border Service Agency (CBSA) officers expanded powers to search airport and port employees in new customs-controlled areas, reports The Montreal Gazette. The plan aims to curtail drug trafficking by cutting down on airport employees' involvement in the trade. Currently, CBSA officers can search employees as they are leaving a customs-controlled area; under the proposal, the officers would be able to search any employee within the newly defined areas with "reasonable grounds" to suspect they are involved in illegal activity. The commissioner's spokeswoman said, "there are clearly privacy implications for workers, and we would expect these new powers to be used very judiciously."
Full Story

BIOMETRICS

Casinos and Racetracks Gearing Up for 2011 (November 25, 2010)

Ontario gambling outlets are gearing up for the implementation of biometric systems designed to aid self-described gambling addicts, CBC News reports. In 2011, the Ontario Lottery and Gaming Corporation (OLG) will outfit casinos and racetrack slot rooms with facial recognition video cameras that will send an alert to staff when someone who has self-registered with the system walks through the doors, the report states. The facility's security staff would then "talk to the person and remind them about the requirements and counsel them to leave," said OLG spokesman Rui Brum. The system was designed with data protection in mind and has been lauded by the provincial privacy commissioner.
Full Story

HEALTHCARE PRIVACY

Psychologists Say New Law Poses Ethical Challenges (November 25, 2010)

The Association of Psychologists of Nova Scotia says that the passing of Bill 89 would jeopardize patients' privacy and put providers in a position where they might be expected to break their code of ethics, reports the Canadian Press. The bill would allow healthcare providers to share patient information within a patient's "circle of care" without express consent. Myles Genest, a Halifax psychologist, says that wording is too vague to ensure proper control of patient data.
Full Story

SURVEILLANCE

On Camera in Edmonton (November 25, 2010)

Global News is publishing a two-part series that follows NAIT student Ryan Flaherty around the city of Edmonton on his morning route to explore answers to the questions surrounding surveillance. "There's probably not a lot of spots where you aren't under surveillance in some way," Flaherty said. On city property alone, there are thousands of cameras, but how many is too many, the report asks. "What does it say when you have to put everyone under surveillance all the time?" wonders Alberta information and privacy commissioner, Frank Work.
Full Story

ONLINE PRIVACY

Profiling Technology Making a Comeback (November 24, 2010)

Two years after an outcry by privacy advocates in the U.S. and UK appeared to squelch its use, deep packet inspection is on the verge of a comeback, The Wall Street Journal reports. Deep packet inspection is more powerful than other tracking techniques "because it can be used to monitor all online activity, not just Web browsing," the report states. Two U.S.-based companies now pitching use of such services have said they protect user privacy with such steps as user consent. The FTC has stated providers "should, at a minimum, notify consumers that the ISP was mining the information and obtain clear consumer consent." (Registration may be required to access this story.)
Full Story

EMPLOYEE PRIVACY—CANADA

Stoddart Investigates Proposed Search Law (November 24, 2010)

Stoddart Investigates Proposed Search Law
Canadian Privacy Commissioner Jennifer Stoddart is investigating a government plan to give Canada Border Service Agency (CBSA) officers expanded powers to search airport and port employees in new customs-controlled areas, reports iPolitics.ca. The plan aims to curtail drug trafficking by cutting down on airport employees' involvement in the trade. Currently, CBSA officers can search employees as they are leaving a customs-controlled area; under the proposal, the officers would be able to search any employee within the newly defined areas with "reasonable grounds" to suspect they are involved in illegal activity. The commissioner's spokeswoman said, "there are clearly privacy implications for workers, and we would expect these new powers to be used very judiciously."
Full Story

DATA PROTECTION

Smartphones in the Workplace: A Problem? (November 23, 2010)

A recent survey found that eight out of 10 CIOs rank data breaches as their top security concern and think that using smartphones in the workplace increases their vulnerability to attack, InformationWeek reports. Market researcher Ovum and the European Association for e-identity and Security released the survey's report this week, which also found that half of organizations fail to authenticate employees' mobile devices but that 48 percent of employees are allowed to use personal mobile devices to connect to corporate systems. "Employees will want to use their devices, no matter who owns them, for both their work and personal lives," said an Ovum spokesman, adding that it's unrealistic to delineate between those uses.
Full Story

PRIVACY LAW

Commissioner Concerned About Secure Flight (November 19, 2010)

The privacy commissioner has called on the government to mitigate the impact of the U.S. Secure Flight program. Beginning in December, the program will allow U.S. authorities to prevent suspicious passengers from boarding flights that cross U.S. airspace and will allow U.S. authorities to retain data on suspicious passengers for up to 99 years. Commissioner Jennifer Stoddart told a House of Commons committee yesterday that the government should fight for concessions to shorten the amount of time passenger data is kept on file. She added concerns that "information collected can be disclosed and used for purposes other than aviation security." Meanwhile, during a visit to Toronto this week, U.S. Department of Homeland Security Chief Privacy Officer Mary Ellen Callahan discussed the intersection of security and privacy.
Full Story

PRIVACY LAW

Gov’t Settles Lawsuit Over Privacy Breach (November 19, 2010)

The Canadian government has settled a lawsuit brought by a veteran whose files were found to have been shared inappropriately among government officials, the Toronto Sun reports. Veteran Sean Bruyea said, "I sincerely thank the minister and the prime minister for facilitating a dignified and expedited closure to this matter." The Office of the Privacy Commissioner concluded its investigation into the matter last month, finding that Bruyea's medical and personal information had been shared unscrupulously with "department officials who had no need to see it." 
Full Story

STUDENT PRIVACY

School Board Delays Fielding of Questionnaire (November 19, 2010)

Ontario's Ottawa-Carleton District School Board is delaying the launch of a student survey that has been a source of controversy due to privacy concerns, the CBC reports. The board announced this week that it will share the questions with Ontario's information and privacy commissioner before fielding. The survey is intended to help school officials better address the needs of students, but the sensitive nature of some of the questions has raised red flags among parents and advocates.
Full Story

BIOMETRICS

Cavoukian and OLG Announce Biometrics for Gamblers (November 19, 2010)

The Ontario Lottery and Gaming Corporation (OLG) and Ontario Information and Privacy Commissioner Ann Cavoukian released a whitepaper last week announcing a facial-recognition technology to be rolled out in 2011 at OLG gaming sites. The opt-in system will detect a gambler's live facial biometric and unlock the necessary information and alert security to do a manual check, according to a press release. Cavoukian said the technology will "offer dramatically improved privacy protection over simple facial recognition, without compromising any functionality, security or performance," and is based on Cavoukian's privacy-by-design principles. 
Full Story

PRIVACY LAW

Geist Outlines Access Proposals (November 19, 2010)

In the Ottawa Citizen, University of Ottawa faculty member Michael Geist provides the gist of three bills tabled earlier this month that he says could "reshape the Internet in Canada." Geist describes the proposals' three-pronged approach. "The first prong mandates the disclosure of Internet provider customer information without court oversight," he writes, while the second prong "requires Internet providers to dramatically rework their networks to allow for real-time surveillance." The third prong creates new powers for law enforcement to obtain access to surveillance data. "Few would argue that it is important to ensure that law enforcement has the necessary tools to address online crime issues," Geist writes. "Yet these proposals come at an enormous financial and privacy cost..."
Full Story

PERSONAL PRIVACY

Commissioner Calls for Smart Grid Privacy (November 19, 2010)

Ontario's information and privacy commissioner says utilities are largely ignoring privacy concerns when it comes to the emerging smart grid, SC Magazine reports. Speaking at a Toronto event this week, Commissioner Ann Cavoukian said the smart grid, which will digitize consumer energy use, will produce detailed information capable of identifying individuals' behavioral patterns, such as when one uses electrical appliances, watches TV or showers. "Home is the most private of places," Cavoukian said. "Our home is our castle. Nobody should know what is going on there." Privacy considerations must be embedded into the smart grid as it's deployed, she said, adding that utilities must determine what personal information is being collected and how it is being used.
Full Story

PRIVACY

Stoddart: Job Challenges Increase with Technology (November 19, 2010)

Privacy Commissioner Jennifer Stoddart says the challenges to her job are becoming increasingly complex as changes occur in the way information is exchanged between businesses and their customers, itWorld reports. Speaking at a Toronto event this week, the commissioner said her office hopes to see the compulsory breach notification bill, C-29, and the anti-spam bill, C-28, realized, as well as a modernization of Canada's Privacy Act. Stoddart said that an investigation into social networking sites has proven that her office "can act quickly, decisively and with a great deal of expert depth." She called for privacy on such sites to be a default rather than an "add-on in a drop-in menu."
Full Story

ONLINE PRIVACY

Online Landscape Reshaped by Data Scraping (November 19, 2010)

CTV News reports on the ways the Internet is changing as data becomes currency. Take Chris Ye, for example, whose company develops software applications for social networks. Ye studies the age, gender and location of Facebook friends, allowing him to target certain groups as potential customers. Data scraping for insights on users will continue to transform consumer experiences to become increasingly personalized, but it's a nightmare for privacy regulators, the report states. At a Toronto event this week, Colin McKay of Canada's Office of the Privacy Commissioner said, "People are fine sharing information until it gets creepy. And creepy usually comes in the form of a highly targeted ad."
Full Story

PRIVACY LAW—CANADA

Disclosure Changes Concern OPC (November 18, 2010)

The Office of the Privacy Commissioner (OPC) has raised concerns about its ability to properly assess potential privacy breaches due to changes in the way government departments report potential risks, CBC News reports. "It is not an improvement; we feel that, unfortunately, the new directive will be less of a guarantee," said Assistant Privacy Commissioner Chantal Bernier. The OPC is taking steps to change the directive, the report states, including sending a letter of expectations directly to departments outlining what is required to properly assess new initiatives and when that information would be needed for the OPC's assessment.
Full Story

DATA PROTECTION—CANADA

Guarding Against or Recovering From a Breach (November 18, 2010)

The Globe and Mail reports on one company's recovery from a privacy breach, highlighting steps taken to guard against future breaches and tips from experts on protecting personal information. The report quotes Paul Battista of Ernst & Young Canada on the difficulties businesses face in rebuilding confidence after a privacy breach, even with effective, timely responses to such incidents. In a policy document on privacy issues, the Canadian Institute of Chartered Accountants points to the vulnerabilities inherent in storing personal information online as raising "concerns for organizations, governments and the public in general...The organization cannot outsource its ultimate responsibility for privacy for its business processes."
Full Story

ONLINE PRIVACY

Analysts, Others React to New Messaging System (November 17, 2010)

Analysts and others are reacting to news that Facebook has launched a messaging system, Computerworld reports. Company founder Mark Zuckerberg introduced Facebook Messages at a press conference earlier this week. The system will enable e-mail, instant messaging, SMS and Facebook messages, and the company will archive conversation histories, according to a Deutsche Welle report. "The more Facebook puts itself in a position to receive, store and safeguard the most private communications we have, the more Facebook will need to be vigilant to protect privacy and guard against hacking and theft," said Forrester Research analyst Augie Ray. 
Full Story

ONLINE PRIVACY

Studies Point to Benefits of Privacy Icons (November 16, 2010)

Two recent studies indicate that privacy icons are effective, The New York Times reports. The first study, conducted by TRUSTe and Publishers Clearing House over six months, allowed users to click on an icon to learn about interest-based ads, provide feedback and opt out. Only 1.1 percent chose to opt out of all advertising networks. A study by Better Advertising and Dynamic Logic analyzed reactions to the Digital Advertising Alliance's icon, finding that 67 percent preferred brands that gave them more control, including opt-out provisions. "The level of transparency and control accrues really positive benefits to the brands that take this extra step," said Scott Meyer of Better Advertising. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Opinion: Forget Being Forgotten (November 15, 2010)

On both sides of the Atlantic, privacy is front and center on the regulatory stage. The Wall Street Journal reports on discussions in the U.S. on new laws and an EU proposal that, "People should have the 'right to be forgotten' when their data is no longer needed or they want their data to be deleted." However, Adam Thierer, president of the Progress and Freedom Foundation, contends, "A privacy right should only concern information that is actually private. What a 'right to be forgotten' does is try to take information that is, by default, public information, and pretend that it's private." (Registration may be required to access this story.)
Full Story

PRIVACY LAW

Health Minister: I Did Not Breach Privacy Laws (November 12, 2010)

The Newfoundland and Labrador Medical Association (NLMA) says it is preparing a brief to the privacy commissioner alleging that the region's health minister breached a St. John's physician's privacy, CBC News reports. NLMA President Pat O'Shea says Health Minister Jerome Kennedy crossed a line by disclosing the specific salary details of one physician during a media briefing on the topic. Kennedy says the public is entitled to know the salary details because the group of physicians in question "made compensation a very public issue," and government has an obligation to share full details. Privacy Commissioner Ed Ring said he could not conclude whether Kennedy breached privacy law before completing an investigation.
Full Story

PRIVACY LAW

OIPC: Ontario’s PHIPA a Blueprint for Change (November 12, 2010)

A recent editorial in the Canadian Medical Association Journal calls for improvements to the federal Privacy Act in the wake of a scandal involving the sensitive medical records of a veteran and urges the government to look at other nations' laws for guidance, the CBC reports. But Ontario's information and privacy commissioner says it need not look that far. Commissioner Ann Cavoukian says Ontario's Personal Health Information Protection Act (PHIPA) has already served as a model in other Canadian jurisdictions and could serve as a blueprint for improving the federal law.
Full Story

DATA BREACH

Online Glitch Exposes Personal Info (November 12, 2010)

When Service Canada switched members to a new Web site aiming to give them a one-stop-shop for managing benefits, a glitch exposed the social insurance numbers and banking information of about 75 to other members on the site, reports the CBC. The company shut down the site after users reported the breach; three days later, it notified the Office of the Privacy Commissioner, which voiced some concern over the delay. IAPP Canada Managing Director Kris Klein, CIPP/C, said the glitch is "unsettling," and he "can't imagine why it didn't result in the immediate notification to the privacy commissioner and the immediate notification to the individuals."
Full Story

DATA LOSS

Study: Breaches Increasing, Costs Decreasing (November 12, 2010)

A new study has found that while Canadian data breaches are on the rise, the cost of such breaches is going down due to better detection and containment techniques, IT World reports. The study polled 500 businesses and IT professionals and was conducted by Telus Corp. and the University of Toronto's Rotman School of Management. It found that Canadian businesses reported 29 percent more data breaches in 2010 than the previous year but that the costs associated with the breaches have decreased by 78 percent. The study also found that companies are struggling with controlling social networking access but that employees at such companies ultimately waste productivity trying to circumvent such controls.
Full Story

SURVEILLANCE

Parking Ticket Technology in Question (November 12, 2010)

The Globe and Mail reports on an increasing municipal trend to use licence plate recognition technology for parking enforcement. Kelowna, Whistler and North Victoria have begun using the technology, which is raising privacy concerns, the report states. At issue is how much information should be recorded and how long it should be stored, according to a spokesman for BC's Office of the Information and Privacy Commissioner. "In our view, the longer you retain it, the greater the danger it will be used for other purposes," he said. The BC Freedom of Information and Privacy Association has called on the commissioner's office to issue guidelines on the new technology.
Full Story

ONLINE PRIVACY

Google Accuses Facebook of Data Protectionism (November 12, 2010)

Google has taken a shot at Facebook in what VentureBeat describes as a "battle of sass" between the two companies. This week, Google blocked Facebook from importing Gmail contacts, saying that "data should be free" and that Facebook does not allow for easy export of contact information. When Facebook gave users a workaround, Google created a warning page entitled "Trap My Data," where users are prompted to think twice about uploading their contacts to the social networking site. The page also invites Gmail users to "register a complaint over data protectionism."
Full Story

ONLINE PRIVACY

Ad Exec: Public Debate Needed (November 12, 2010)

Online privacy is on the minds of executives gathered at the Monaco Media Forum this week. ADWEEK reports that consensus is building around the idea that marketers and publishers should give consumers more information about data-collection practices. "My aim is to have a public debate on the issue, which is not happening," said Alain Levy, CEO of digital ad network Weborama. But consumer education is expected to be difficult in today's everyone-wants-to-sell-data environment, and the success of industry's early efforts in this direction remain to be determined, says a Berkman Center for Internet and Society co-director.
Full Story

ONLINE PRIVACY—CANADA

Are IP Addresses Private? (November 11, 2010)

The Montreal Gazette reports on a potentially groundbreaking case for Canada as the Saskatchewan Court of Appeal grapples with the privacy of Internet protocol (IP) addresses. The case involves a man who was convicted last year on child pornography charges. Using a Freedom of Information and Protection of Privacy Act request, Saskatoon law enforcement officers sought his IP address from his Internet service provider, which provided his name, home address, phone number and e-mail address. The defense has argued it was too easy for police to find the user of the IP address, the report states, but the prosecution says IP addresses are not private because anyone on the Internet can find them.
Full Story

SOCIAL NETWORKING

Web Company: Put Privacy Before Ads (November 9, 2010)

Founders of a new browser aimed at social network users are not planning on selling ads, The Wall Street Journal reports, because they believe it will be a conflict of interest with user privacy. RockMelt made its public debut in a test version Monday, the report states, and while it has some big-name investors, the company has said that when it comes to making money, an ad network is not part of the plan. The focus, said co-founder Tim Howes, is on improved Web browsing, and "you can't have a good user experience if somebody is (taking) your data and using it to sell ads." (Registration may be required to access this story.)
Full Story

GEO PRIVACY

Location-Based Services See Success Ahead (November 8, 2010)

The location-based services industry has had no problem finding investors. That's because of how valuable the currency that is personal data is to marketing, The New York Times reports. Advertisers plan to spend $1.8 billion on location-based marketing in 2015, according to ABI Research. And users are happy to give up their personal data for a service they find useful, the report states, even despite concerns about their privacy. "Many people are in a more 'transactional' frame of mind" when it comes to their personal information, said the director of the Internet and American Life Project. "They will share information if they think they can get something of value for it." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Somebody’s Camera Is Watching You (November 8, 2010)

They are tiny, lightweight and can even be worn tucked into your hair accessory or just above your ear as they record everything that's going on around you. The New York Times reports on these "wearable" cameras that have the ability to "record life's memorable moments as they unfold" and the privacy questions they raise. Harvard Prof. Jonathan Zittrain suggests that with proper procedures in place, the cameras could help future historians, noting, "We have painstakingly reconstructed ancient civilizations based on pottery and a few tablets... I would love to leave this legacy instead." However, he also acknowledges that as photos and video of unsuspecting individuals show up on the Internet, the devices are likely to raise privacy concerns. (Registration may be required to access this story.) Editor's note: Read more about the practice of recording every moment in the feature, "Valuing, protecting and commoditizing your personal information: Is 'data banking' the answer?" from the June edition of Inside 1to1: Privacy.
Full Story

HEALTHCARE PRIVACY

VA Staffers Decry Info Sessions (November 5, 2010)

Information sessions designed to educate Veterans Affairs department staff on data handling are having a demoralizing effect on some within the department who claim they are being made to pay for the failures of those in positions of authority, the Canadian Press reports. Veterans Affairs Minister Jean-Pierre Blackburn promised the sessions after the Office of the Privacy Commissioner found that the VA contravened the Privacy Act in sharing a veteran's sensitive records among government officials. "A statement by the Senior Management Committee acknowledging and accepting responsibility for this violation of the Privacy Act would go much further than forcing staff to attend a 'Need to Know' information session," said one VA staffer.
Full Story

DATA LOSS

Employee Accessed Patient Records (November 5, 2010)

Bluewater Health and the North Lambton Community Health Centre have notified and apologized to more than 100 patients for an incident where an employee inappropriately accessed their personal information, reports the Canadian Press. The employee, who no longer works for the facility, accessed OHIP numbers and records of hospital visits, prompting the hospital to review its practices on employee access to patient information. "Health information is private, and we will do everything we can to prevent this from happening in the future," said Kathy Bresett, executive director of the North Lambton Community Health Centre.
Full Story

STUDENT PRIVACY

Student Survey Draws Concern (November 5, 2010)

The Ottawa public school board will later this month conduct a voluntary survey that has raised privacy concerns due to the "deeply personal" data students will be asked to provide, reports the Ottawa Citizen. The survey is modeled on one conducted in Toronto a few years ago and aims to help school administrators learn more about students in order to better tailor student services and education. Ottawa school board chair Cathy Curry told the Citizen that the board gave substantial consideration to the privacy implications to ensure survey questions comply with the province's freedom of information and education acts and human rights code.
Full Story

DATA LOSS

Employee Accessed Patient Files, Hospital Quiet on Discipline (November 5, 2010)

The health records of an Ottawa Hospital patient were inappropriately accessed by one of its employees--the ex-wife of the patient's husband--and now the patient has filed a grievance with Ontario's Information and Privacy Commissioner, the Ottawa Citizen reports. She says she is concerned that the hospital has not taken the case seriously. The hospital says it has disciplined the employee, but declined to provide details, citing privacy laws. "This incident has been dealt appropriately based on The Ottawa Hospital's Privacy Policy," the hospital's privacy officer said in a letter to the patient.
Full Story

CHILDREN’S PRIVACY

Eye-Spy Barbie? (November 4, 2010)

The Sydney Morning Herald reports that Barbie may be getting older, but she is certainly keeping up with new technology--with her most recent iteration, complete with a built-in camera, raising privacy concerns. The Barbie Video Girl doll comes equipped with the ability to record up to 30 minutes of video and a color LCD screen in her back. The doll is being criticized for enabling children to film themselves and others using the hidden camera in the doll's necklace, creating videos that can then be transferred to a computer. Some experts suggest better privacy laws are needed to protect children against the potential inappropriate use of technology.
Full Story

RFID

RFID Guidelines in Development (November 3, 2010)

Trade associations and technology companies have come together to develop guidelines and standards to support the push for RFID technology across the apparel supply chain, RFID News reports. The "Item Level RFID Initiative" group includes the National Retail Federation, Retail Industry Leaders Association, Voluntary Interindustry Commerce Solutions and standards organization GS1, among others. The group intends to support the need to protect consumer privacy when using RFID technology, the report states, and to list guidelines for RFID use. Macy's and Walmart are among the retailers that have switched to RFID technology.
Full Story

SOCIAL NETWORKING

New Feature Raises Concerns (November 2, 2010)

"Friendship Pages," a new Facebook feature that shows the relationship between friends, is raising privacy concerns, InformationWeek reports. The new feature uses public information shared between friends that would be linked under relevant wall posts, stories and profile photos and would be accessible to those who are Facebook friends with at least one of the two users, the report states. Some users, however, are voicing privacy concerns. As one user put it, "While I'm all for innovation, privacy should come first...If you introduce a new feature, notify the community when it arrives." Users are also calling for clear opt-in or opt-out choices for such features.
Full Story

ONLINE PRIVACY

Rethinking Privacy in the Cloud (November 2, 2010)

With privacy concerns abounding when it comes to Internet use and cloud computing, eSecurityPlanet explores the idea of rethinking privacy in the cloud. "To gain some clarity on the cloud privacy issue, it is helpful to break down the exposure use cases into three categories," the report states, focusing on the issues of unintentional user-driven data leaks, lack of provider protections and intentional breaches perpetrated for monetary gain. When it comes to cloud computing, the report suggests, "providers have a responsibility to let users and enterprises know when they're using our information to hop on the marketing gravy train and selling sensitive information to other vendors and advertisers." Editor's Note: The upcoming IAPP Practical Privacy Series will feature a session on cloud computing issues entitled "Cutting Through the Cloud Computing Fog: Evaluation, Adoption, Privacy and Security."
Full Story

PRIVACY LAW—CANADA

Legislation Aims To Improve Medical Practices (November 2, 2010)

Health legislation proclaimed in New Brunswick in September will provide better guidance for medical professionals about how they should record, access and use a patient's personal medical information, The Daily Gleaner reports. The Personal Health Information Privacy and Access Act will govern the collection, use, disclosure and secure destruction of personal health information by every public user, the report states. One health network's chief privacy officer says the legislation will also provide guidance on breach notification and management of electronic health records. "It gives us a consistent practice so everybody's using that same standard, whereas in the past, the different facilities may have had their own policy or practice."
Full Story

SOCIAL NETWORKING

Facebook Suspends Apps for Sharing User Data (November 1, 2010)

The Wall Street Journal reports that Facebook has announced a data broker paid application developers for users' information, prompting the world's largest social networking site to place some of its app developers on a six-month suspension. In its announcement, Facebook wrote that it has a "zero tolerance" policy for data brokers "because they undermine the value that users have come to expect from Facebook," the report states. The company has said the apps in question were not providing data that users had set as private, but wrote that "this violation of our policy is something we take seriously." Facebook has not named the app developers or data broker involved, the report states. (Registration may be required to access this story.)
Full Story

FINANCIAL PRIVACY

PCI DSS Changes Welcomed (November 1, 2010)

Although the PCI Security Standards Council (PCI SSC) revisions to the PCI data security standard (PCI DSS) and payment application data security standard (PA DSS) have been described as minor, the response so far has been positive, SC Magazine reports. The new version, which will go into effect on Jan. 1, "does not introduce any new major requirements, and the majority of changes are modifications to the language, which clarify the meaning of the requirements and make understanding and adoption easier for merchants," the report states. The report highlights the positive responses by several organizations and data protection professionals to the changes announced last week.
Full Story

SOCIAL NETWORKING

Filling Privacy’s Generation Gap (November 1, 2010)

Michael Geist writes of this past week's 32nd Annual Data Protection and Privacy Commissioner Conference and the focus on the perception of "a growing privacy divide between generations, with older and younger demographics seemingly adopting sharply different views on the importance of privacy." In this Toronto Star report, he writes that "longstanding privacy norms are being increasingly challenged by the massive popularity of social networks that encourage users to share information," citing strategies to balance openness and personal privacy while ensuring companies "understand the legal limits on collecting, using and disclosing personal information and for users to know that the law stands ready to assist them if those rules are violated."
Full Story