Canada Dashboard Digest

Many will have already heard the relatively big news this week: A new bill, S-4, was introduced in the Senate that will amend PIPEDA if it passes. I'm surprised it didn't actually get more news considering the fanfare when the government tabled it.

There is some skepticism about whether or not the government is serious this time around because it has introduced somewhat similar bills in the past only to let them die a slow and painful death. This new bill was introduced in the Senate, and some are speculating that this may have been done to try and get the bill passed quickly.

For sure, these amendments are a long time coming. Many of them are what I call “common-sense fixes." For example, getting the English and French versions of the law to jive with one another a bit better. Other more meaningful fixes are those that mirror the Alberta and British Columbia provisions dealing with employee personal information and business transactions.

The folks at the OPC are probably happy with the proposed amendments that will allow them to enter into compliance agreements with organizations. Essentially, these agreements will allow the OPC to monitor organizations for up to a year after the completion of an investigation to ensure that all recommendations are satisfactorily implemented.

Lastly, I think the codification of a breach notification scheme is a good thing, too. I don’t think this new scheme will have a significant impact because previous guidance from the federal commissioner has been clear that they expect notification to take place even without the codification in the law. So, I think most organizations have already been operating with this scheme in mind. But, getting clarity in any law is always a good thing, so I suppose it is in this case, too.

As far as the “new penalties” go, I again don’t think there’s too much to worry about. Before any penalty could be levied, a matter would have to be referred for criminal prosecution—something that probably won’t happen except in the most egregious cases. This is a far cry from the administrative monetary penalties that can be levied in some European jurisdictions directly by the data protection authority.

So, all in all, pretty good news for privacy in Canada—for some—this week. And when we also read that CRA employees were fired for privacy violations, perhaps privacy is something this government is realizing is a priority issue that people care about.

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

SOCIAL NETWORKING

Advocates Not “Liking” Ad Plan (January 31, 2011)

While a new feature on the world's largest social network is being seen as potential gold for advertising, privacy advocates and some users are raising concerns, USA TODAY reports. The new advertising format uses Facebook members' "likes" and other online actions to create promotional content in the form of "Sponsored Stories," which "became available for large brands to buy last week and is being rolled out over the next few weeks to Facebook's more than 500 million members." The Electronic Frontier Foundation is calling for an opt-out option for users. "Any time they make a change, people react, especially if there is a commercial element," says Future of Privacy Forum Director Jules Polonetsky, CIPP.
Full Story

ONLINE PRIVACY

Data Privacy Day Brings Words of Caution (January 28, 2011)

On the eve of Data Privacy Day, Privacy Commissioner Jennifer Stoddart issued a statement urging individuals to remember to protect their personal information when sharing online. "There are nearly two billion people now using the Internet," Stoddart noted in a message about Data Privacy Day. "That's two billion people who can potentially access information about you with the click of a button." Both Stoddart and BC Information and Privacy Commissioner Elizabeth Denham shared insights on how the prevalence of personal information online affects privacy in ways that are spurring concerns. The goal of the annual Data Privacy Day is to help raise awareness about the impact of technology on privacy rights and personal information.
Full Story

 

SOCIAL NETWORKING

Work: Employee Guidelines a Good Idea (January 28, 2011)

Alberta Privacy Commissioner Frank Work is warning that employees who use social networks to complain about their workplaces "can't necessarily expect privacy legislation to prevent their employer from using those remarks against them," the Calgary Herald reports. The city's new guidelines governing social media state, "The line between your public and private lives is blurred in online social networks...Should it be determined that your social media reputation may be adversely affecting the city's reputation, the decision may be made to remove you as an authorized spokesperson on city-related issues." Work said having guidelines is a good idea, the report states, and advises exercising good judgment when it comes to posting online.
Full Story

PRIVACY LAW

Buzz Lawsuit Filed (January 28, 2011)

E-Commerce Times reports on a class-action suit filed by a Manitoba resident over Google's social networking service, Buzz. The lawsuit comes in the wake of Google's settlement in the U.S. of a Buzz class-action suit for $8.5 million. The lawsuit cites "unspecified damages regarding alleged problems stemming from Google's social networking and messaging tool," the report states. The suit contends that although Google told users that they had a choice, the company automatically activated Buzz for its Gmail accounts. Attorney Norman Rosenbaum called the issue "a breach of privacy... it automatically affected all of your followers. Even if you said you didn't want to have your e-mail list forwarded, it did it anyway."
Full Story
 

DATA LOSS

Medicine Centre Breach Could Affect 60,000 (January 28, 2011)

Ottawa's Bruyere Family Medicine Centre is alerting patients that some of their personal information may have been compromised after the theft of two computers, CBC reports. Though neither computer contained medical information, data on as many as 60,000 of the clinic's patients between 1971 and July 2006 may be stored on them, including names, dates of birth, street addresses and health card numbers. There is no evidence to suggest the information has been accessed or used inappropriately, and the incident has been reported to police and the privacy commissioner, the report states.
Full Story

PRIVACY

BC Commissioner Creates Advisory Board (January 28, 2011)

BC Information and Privacy Commissioner Elizabeth Denham has announced that she has invited six people from both the public and private sector to serve on an advisory board to help identify and address emerging privacy problems, CANOE reports. As most of her office's staff "are fully utilized resolving important access disputes and privacy complaints," Denham explained, "I want to enhance the office's other vital responsibilities, such as public education, policy work, research and providing expert guidance to public and private sector." The advisory board members include a former provincial privacy commissioner, two academics, a former assistant privacy commissioner, a privacy consultant and a former police complaints commissioner.
Full Story

SOCIAL NETWORKING

Advertisers To Have Access To Online Posts (January 28, 2011)

The Associated Press reports that Facebook users' posts may soon be retransmitted to their online friends as "sponsored stories" from advertisers. The feature, which will be based on users' current privacy settings, does not currently have an opt-out provision. "Involving users in advertisements without their consent has been a thorny issue for Facebook," the report states, quoting Marc Rotenberg of the Electronic Privacy Information Center's suggestion that the company is making money off users' names or likenesses without their consent. The practice is "subtle and misleading," Rotenberg said, recommending users object to the plan.
Full Story

ONLINE PRIVACY

Privacy as Competitive Edge (January 27, 2011)

The Wall Street Journal examines whether startup search engine DuckDuckGo's pledge to honor user privacy by not storing personal data or sending search information to other sites will provide a competitive edge against online search giants. The report poses the question, "Would you switch search engines for privacy reasons, or are other aspects of search more important to you?" DuckDuckGo's founder has said the company's goal is to appeal "to a non-negligible part of the population," adding he expects the site to see about 4 million searches this month, up from a typical 2.5 million per month before he publicized its privacy features. (Registration may be required to access this story.)
Full Story

SURVEILLANCE

Coming Soon: Cameras Everywhere (January 27, 2011)

USA TODAY reports on the ubiquity of digital sensors and the resulting "explosion of sensor data collection and storage." One chief technical officer predicts that sensors, already status quo in airports, subways, banks, ID cards and laptops, "will touch nearly every aspect of our lives." Privacy concerns need to be addressed before then, says privacy expert Christopher Wolf. "What's new is the capacity for databases to share data and therefore to put together the pieces of a puzzle that can identify us in surprising ways--ways that really could be an invasion of privacy," Wolf said. The article also discusses the potentially "chilling effect" of photo tagging.
Full Story

PRIVACY—CANADA

Stoddart Looks to Privacy Enforcement (January 26, 2011)

The Ottawa Citizen reports on Privacy Commissioner Jennifer Stoddart's first public lecture of 2011, where she "put the Canadian privacy and business communities on notice that she intends to use her new mandate to reshape the enforcement side of Canadian privacy law." During her talk at the University of Ottawa, Stoddart spoke of strategies to move organizations into better privacy compliance practices. Stoddart said enforcement reform is likely to focus on such factors as penalties for violations and empowering the Office of the Privacy Commissioner to "name organizations that violate the law," the report states.
Full Story

ONLINE PRIVACY

Search Engines Offer Opt-Out Plans (January 25, 2011)

Major media outlets are reporting on plans by Google and Mozilla to offer do-not-track options for their users. Google has announced its new "Keep My Opt-Outs" tool, which enables users of its Chrome Web browser to permanently opt out of online tracking, while Mozilla's new opt-out tool for its Firefox browser provides users with more understanding and control of how their personal information is being used by advertisers. A Federal Trade Commission spokeswoman discussed efforts by Mozilla, Microsoft and Google to provide do-not-track options. Meanwhile, MediaPost News reports that while the FTC is cheering such plans, "whether ad networks and online marketers will follow those preferences is far from clear."
Full Story

ONLINE PRIVACY

Opinion: Is There a Dark Lining in the Cloud? (January 25, 2011)

There are many benefits to cloud computing, but European Commissioner Viviane Reding questions, "is there a dark lining to the cloud?" In an opinion piece for The Wall Street Journal, Reding cautions, "Consumers who store data in the cloud risk losing control over their photos, contacts and e-mails. Data is whirling around the world: A UK resident who creates an online personal agenda could use software hosted in Germany that is then processed in India, stored in Poland and accessed in Spain." Describing the European Commission's commitment to privacy, she writes that the EU's data protection rules "have stood the test of time, but now they need to be modernized to reflect the new technological landscape." (Registration may be required to access this story.)
Full Story

DATA LOSS

Smartphone User Data Potentially Exposed (January 24, 2011)

A mobile application developer has warned of a data breach that could affect up to 10 million users, SC Magazine reports. Trapster.com says a hacker may have accessed user e-mail addresses and passwords and advises that users change their passwords. The company believes this was a single event and has rewritten the software code to prevent future attacks, it says. It is now notifying those potentially affected, though there is no evidence that the data has been used.
Full Story

DATA PROTECTION

Stoddart: Fining Powers May Be Necessary (January 21, 2011)

Privacy Commissioner Jennifer Stoddart says her office may need fine-levying authority in order to more effectively protect the privacy of Canadians, according to an article in The Wire Report. In a speech at the University of Ottawa's Centre for Law, Technology and Society on Wednesday, Stoddart said, "I am increasingly of the view that we may need stronger powers to be an effective privacy guardian for Canadians. Canada has become one of the few major countries where the data protection regulator lacks the ability to issue orders and impose fines." Editor's note: To learn more about the fine-issuing capabilities of privacy regulators worldwide, see the IAPP's 2010 Data Protection Authorities Global Benchmarking Survey. (IAPP member login required.)
Full Story

DATA PROTECTION

Commissioner Orders Retailer: Protect PII (January 21, 2011)

Alberta's privacy commissioner has ordered Staples Canada to better protect personal information, The Edmonton Journal reports. The retailer must now ask customers that bring a computer in for repair if the machine contains a hard drive and if they authorize any personal information to be destroyed or preserved if the company buys back the computer, the report states. The commissioner's order follows an investigation after the store bought back a computer but could not locate its hard drive when the customer requested it be wiped of PII. A spokesman for the commissioner said though the order is Staples-specific, "the message would be that we would like all companies that deal with computers to have similar policies and procedures in place."
Full Story

DATA LOSS

NS Officer To Investigate Alleged Breach (January 21, 2011)

Nova Scotia's privacy review officer has decided to launch an investigation into an alleged breach of confidentiality at the Workers' Compensation Board (WCB), The Chronicle Herald reports. The board allegedly mailed the personal information of one person--including social insurance number, birth date, address, phone number and medical record--to someone else. Privacy officer Dulcie McCallum said, "This is an important issue...This is people's personal health information." The WCB says that the information was not disclosed to anyone, according to the report, and a spokeswoman for the board welcomed a possible inquiry, saying, "We'll work with them to give them whatever they need."
Full Story

HEALTHCARE PRIVACY

Hospital Ordered To Examine PHI Protection After Breach (January 21, 2011)

Ontario Information and Privacy Commissioner Ann Cavoukian has ordered Ottawa Hospital to examine its rules and practices relating to personal health information following another electronic breach of a patient's medical records, the Ottawa Citizen reports. Cavoukian has found that the hospital "failed to comply with certain elements of a revised policy," the reports states, after asking the hospital to consider changes following a breach in 2005 that was "strikingly similar" to one recently investigated. Cavoukian has concluded, "the actions taken to prevent the unauthorized use and disclosure by employees in this hospital have not been effective" and fail to comply with a section of the Personal Health Information Protection Act.
Full Story

DATA PROTECTION

More Calls for Privacy by Design Expected (January 21, 2011)

As demonstrated across Canada recently, potentially privacy-invasive technologies are entering our everyday lives with increasing regularity. In recent weeks and months, Canadians have pondered the possibility of surveillance cameras on buses, radio frequency identification technology in trash bins and have witnessed the entrance of facial-recognition technology into casinos. Privacy is affecting what many view as "low tech" industries, writes Brian Bowman for the Winnipeg Sun. Bowman adds that we'll see more of this in the coming year and, accompanying it, we'll hear more calls for privacy by design, the embedding of privacy within such technologies.
Full Story

DATA PROTECTION

Cartmell: SGI Strikes Balance on Privacy (January 21, 2011)

In a StarPhoenix op-ed, the president and CEO of SGI responds to charges that his company collects too much personal health information. Saskatchewan Information and Privacy Commissioner Gary Dickson announced recently that the government auto insurer was "over collecting" information about claimants. Dickson said the company should revise its procedures. But CEO Andrew Cartmell says SGI collects the complete medical records of only a minority of customers who have filed complex injury claims. Cartmell adds that "SGI always asks customers for their consent to obtain medical records, and customers have the right to refuse."
Full Story

GENETIC PRIVACY

Controversial DNA Method: Could it Catch Criminals? (January 21, 2011)

DNA evidence has linked a single unknown man to three sex assaults in Vancouver, and police say he could be responsible for five more unresolved cases, CTV reports. Some say that a controversial DNA analysis, which helped to capture a murderer in the U.S., could potentially help BC police capture the suspect, but privacy advocates have lobbied against the method, which is legal in only two U.S. states. It involves finding "near matches" to the suspect's DNA sample in order to locate family members that may lead police to the suspect. Canada's Office of the Privacy Commissioner says the method has moral implications and at this point it would "not support it."
Full Story

DATA PROTECTION

Online Services Come with a Cost: PII (January 21, 2011)

The U.S. government's recent request for WikiLeaks users' personal information and communication highlight the challenge facing many individuals and brands online, opines Mitch Joel for The Montreal Gazette. The Internet serves as a business place and the companies operating on it need to make money, Joel writes. User data is the currency. The privacy policy you may have agreed to when signing up for a service is subject to change at any time and should be considered a "buyer beware" modality. There are lots of opportunities provided by online services, but they come at a cost, he says.
Full Story

SOCIAL NETWORKING

Facebook Suspends Third-Party Plans (January 21, 2011)

Facebook has decided to suspend its latest privacy policy modification, which would have enabled third-party applications to access users' addresses and cell phone numbers, reports the Inquirer. The company said it would protect users' personal information by only sharing it with third parties if the user explicitly granted permission to do so, but a Facebook spokesman this week said the company would "temporarily disable the feature" based on feedback that it could make people more clearly aware of the changes. Some have questioned how the third parties would use the additional data.
Full Story

ONLINE PRIVACY

Flash Fix is Important First Step (January 21, 2011)

The Wall Street Journal reports on efforts to improve privacy controls in Adobe's Flash video player after privacy advocates and regulators raised concerns that companies could use such technology to track Internet users. "So-called 'Flash cookies,' which are small files stored on a user's computer through the Flash program, have raised privacy questions because they are more difficult for users to detect and delete than regular cookies associated with Web browsers," the report states, noting that although Adobe's effort to simplify the program's settings is an important step, it "doesn't solve all the issues associated with this type of tracking," and other video programs can also track users. (Registration may be required to access this story.)
Full Story

DATA PROTECTION

Survey: PCI DSS Standards Necessary (January 21, 2011)

A new survey has found that the majority of IT security practitioners believe that the Payment Card Industry Data Security Standard (PCI DSS) is necessary for protecting cardholder information, SC Magazine reports. The Cisco survey polled 500 IT security decision makers in healthcare, finance, retail and education, a majority of whom said they were "very confident" they could pass an assessment today. The greatest challenge for PCI DSS compliance is educating employees about the proper handling of cardholder data, the report states. Respondents also indicated they expect "significantly increased spending" on PCI compliance this year.
Full Story

PRIVACY

Work Issues Annual Report (January 14, 2011)

Alberta Information and Privacy Commissioner Frank Work has issued his annual report for 2010. The report highlights key issues and laws and includes judicial decisions, statistical information, investigation reports and a breakdown of cases by legislation. An Edmonton Journal report references Work's opening message in the report, which includes a call for more transparency for the provincial government. Also in his message, Work looks at challenges for the year ahead, calling for his office to "mediate and adjudicate in a more timely fashion with the resources we have."
Full Story

BIOMETRICS

Cavoukian Lauds Casino Facial Recognition Plan (January 14, 2011)

Ontario Privacy Commissioner Ann Cavoukian has lauded a new facial scanning system to be installed in all 27 Ontario Lottery and Gaming Corporation casinos, hailing it as "the most privacy-protected system using biometric encryption in the world," reports the Toronto Star. The system aims to help self-professed problem gamblers stay out of casinos. Beginning in May, those entering an Ontario Lottery and Gaming Corporation casino will have their faces digitally scanned and their identities cross-checked with a database of people who have voluntarily banned themselves from casinos, the report states. The developers of the system's privacy component--University of Toronto biometric engineers--say their methods ensure no permanent link between a biometric template of a person's face and that person's private information.
Full Story

PRIVACY

Quebec’s Privacy Commissioner To Focus on Access (January 14, 2011)

The Montreal Gazette reports on the swearing in of Quebec's new information access and privacy commissioner, Jean Chartier, noting his focus will be on "access to government information and a preventive approach in privacy protection...informing people they are not obliged to divulge extensive private information just to join a video club, for online shopping or to join a social network." At his first news conference this week, Chartier said that when it comes to privacy, "This is your personal information. You should protect it." He has also said the commission's rulings must follow access and privacy laws as written or face having those decisions challenged in the courts.
Full Story

PRIVACY LAW

Guilty Verdict for Census Avoider (January 14, 2011)

A Saskatchewan woman has been found guilty of violating Canada's census law because she refused to answer questions that she said violated her right to personal privacy, CBC News reports. Sandra Finley had argued that questions related to her employment, sexual orientation and ethnic background, among others, were not the government's business. But a provincial judge ruled on Thursday that Finley's privacy rights were not violated by the requirement to fill out the 2006 long form, the report states. Finley faces up to three months in jail and a $500 fine. She will be sentenced on January 20.
Full Story

PRIVACY LAW

What Will Bill C-28 Mean to You? (January 14, 2011)

In a report for the Toronto Sun, David Canton explores the implications of the recently passed Bill C-28 anti-spam legislation, which is expected to go into force later this year. "If you think it won't affect you because you don't send mass e-mails trying to sell random products and don't infest other people's computers with spyware, you would be wrong," he writes. Canton explores the implications of Bill C-28 on commercial electronic messages such as instant messages, social media and even software updates. Potentially, he writes, "while the intention is to control what we all understand as spam and spyware, it has the potential to affect many things that we may not intuitively" consider as such.
Full Story

DATA LOSS—CANADA

Breaches Not Reported Publicly (January 12, 2011)

Infosecurity reports that Statistics Canada has experienced a number of recent data breaches that have exposed sensitive information and, while the cases were investigated, Statistics Canada failed to report the breaches publicly. "There have been a number of data breach cases of employees having their laptops containing confidential information stolen," the report states, noting at least two incidents where "employees left sticky notes with the passwords on their computers." The Office of the Privacy Commissioner has labeled a separate incident where employment records of 66 census takers and managers were left in surplus filing cabinets and sold at auction as "a serious matter."
Full Story

PRIVACY LAW—CANADA

Government Refuses to Release Contract (January 12, 2011)

Despite an order to do so by the provincial privacy commissioner, the BC government has refused to hand over the full, unedited copy of its $300 million contract with IBM to the Freedom of Information and Privacy Association (FIPA), the Times Colonist reports. An adjudicator had decided last November that the government must turn over the contract, as well. A spokeswoman for the Citizens' Services Ministry said it has turned over almost all of the 535-page contract, withholding only server names and network addresses to protect against hackers. "They are out there and they are smart," Citizens' Services Minister Mary MacNeil said. "In the end, security is paramount."
Full Story

SURVEILLANCE—CANADA

Bus Cameras Delayed Due to Privacy Concerns (January 10, 2011)

The Record reports on concerns about transit service plans to install surveillance cameras on Waterloo buses later this year. Grand River Transit has delayed installing the cameras due to complaints that the regional council hadn't consulted the public on the plans and that no surveillance policy existed, the report states. The council has since launched a public consultation and the transit service is reportedly developing policies on data retention and use. A spokesperson for the Office of the Information and Privacy Commissioner of Ontario said, "I think it's critical to have those policies in place before the cameras go live."
Full Story

PRIVACY LAW

Opinion: Utility Information Should be Considered Private (January 7, 2011)

Lawyer Bob Aaron opines on the Supreme Court of Canada's 7-9 decision that court evidence introduced based on a warrantless police search was permissible, the Toronto Star reports. The case involved a suspected marijuana home-grow operation. Calgary police, upon suspicion, asked the home's utility supplier to install a home-energy monitor without a warrant. The information was used in court to convict the home owner after police obtained a search warrant and seized significant amounts of marijuana and related grow-operation items. As smart meters that record home energy usage are increasingly installed in Canadian homes, Aaron writes, "police in this country can't simply go and seize electrical readings from local hydro suppliers."
Full Story

SOCIAL NETWORKING

A 2010 Privacy Review (January 7, 2011)

In a report for the National Post, Matt Hartley looks back on 2010 and the impact social networking has had on privacy. "Just a few years ago, I might have felt uncomfortable revealing quite so much of myself to the world," he writes, "But in the age of Facebook and Twitter, of Foursquare and Xbox Live, all of us--not just reporters--have a public profile, an online persona we place before the world." The year that was 2010, he suggests, may well be remembered "as the year the general public's understanding of privacy began to change." However, he notes, it has also been the year when social networks began to "get serious" about privacy.
Full Story

PRIVACY

A-to-Z Year in Review (January 7, 2011)

In the Ottawa Citizen, Michael Geist offers an A-to-Z year-in-review of technology law developments in 2010, a period he describes as "exceptionally active." Geist mentions the passage of anti-spam legislation, large fines for violators of do-not-call rules and Facebook, "which settled several privacy complaints with the privacy commissioner of Canada." He also highlights some of the year's most notorious rulings on alleged privacy violations, such as the Supreme Court's decision in Queen v. Gomboc regarding the privacy of electricity usage data. Geist is the Canada Research Chair in Internet and E-Commerce Law at the University of Ottawa.
Full Story

HEALTHCARE PRIVACY—CANADA

Commissioner: Insurer Collects Too Much PHI (January 6, 2011)

The Regina Leader-Post reports on Saskatchewan Information and Privacy Commissioner Gary Dickson's announcement that SGI, the government auto insurer, "has rejected his authority to investigate the complaints of three individuals injured in accidents over SGI's use of their personal health information." Although the decision has put limits on his investigation, Dickson has said there is clear evidence the insurer is "over collecting" personal health information, the report states, citing one case where a complainant said the company collected information on her daughter and the child's birth father. Dickson wants SGI to revise its procedures and is asking the legislature to amend the province's privacy laws related to the use of health information.
Full Story

SOCIAL NETWORKING—CANADA

Experts: “Design for Privacy” (January 5, 2011)

"Every business needs to listen to Ontario's Privacy Commissioner Ann Cavoukian and design privacy principles and practices into their operations," Don Tapscott and Anthony D. Williams write in a CTV News report, noting that is especially true for social networks. The report considers the importance of privacy in the world of social media, suggesting, "In the past we only worried about Big Brother governments assembling detailed dossiers about us. Then came what privacy advocates called Little Brother--corporations that collect data from their customers." The authors advocate Privacy by Design for all companies and urge individuals to be vigilant about what they do online.
Full Story

PRIVACY LAW—CANADA

Manitoba Man Files Buzz Lawsuit (January 5, 2011)

A Manitoba man has filed a class-action suit over alleged problems with the launch of Google's Buzz program earlier this year, The Vancouver Sun reports. Norman Rosenbaum, the plaintiff's attorney, alleges that even though Google told users they could choose whether or not to use the company's Buzz service, it automatically activated on users' Gmail accounts, the report states. "It's a breach of privacy," Rosenbaum said. "It automatically affected all of your followers. Even if you said you didn't want to have your e-mail list forwarded, it did it anyway." The suit is seeking unspecified damages, the report states.
Full Story

DATA PROTECTION

Most Info Sec Budgets Unchanged for 2011 (January 4, 2011)

The Great Recession may have lingering effects on information security plans in 2011, SC Magazine reports. That's according to a recent survey that found 36 percent of respondents expect their budgets for IT security projects and data leakage prevention efforts to increase in 2011, compared with 41 percent in 2010. The Guarding Against a Data Breach survey, conducted by SC Magazine, ArcSight and research firm CA Walker, polled 468 information security leaders. Sixty percent expect their budgets to remain the same. Concerns about damage to the brand and compliance demands are top drivers for security planning, the report states.
Full Story

PRIVACY—CANADA

Manitoba Hires Privacy Adjudicator (January 3, 2011)

The Manitoba government has appointed its first information and privacy adjudicator, CBC News reports. Based on input from citizens on how best to allow for information access while protecting privacy, the government appointed Ron Perozzo, Manitoba's acting conflict-of-interest commissioner, who will help resolve access and privacy complaints, the report states. Perozzo will be able to issue binding orders to the government, school divisions or regional health authorities that do not follow the ombudsman's recommendations.
Full Story