Canada Dashboard Digest

Many will have already heard the relatively big news this week: A new bill, S-4, was introduced in the Senate that will amend PIPEDA if it passes. I'm surprised it didn't actually get more news considering the fanfare when the government tabled it.

There is some skepticism about whether or not the government is serious this time around because it has introduced somewhat similar bills in the past only to let them die a slow and painful death. This new bill was introduced in the Senate, and some are speculating that this may have been done to try and get the bill passed quickly.

For sure, these amendments are a long time coming. Many of them are what I call “common-sense fixes." For example, getting the English and French versions of the law to jive with one another a bit better. Other more meaningful fixes are those that mirror the Alberta and British Columbia provisions dealing with employee personal information and business transactions.

The folks at the OPC are probably happy with the proposed amendments that will allow them to enter into compliance agreements with organizations. Essentially, these agreements will allow the OPC to monitor organizations for up to a year after the completion of an investigation to ensure that all recommendations are satisfactorily implemented.

Lastly, I think the codification of a breach notification scheme is a good thing, too. I don’t think this new scheme will have a significant impact because previous guidance from the federal commissioner has been clear that they expect notification to take place even without the codification in the law. So, I think most organizations have already been operating with this scheme in mind. But, getting clarity in any law is always a good thing, so I suppose it is in this case, too.

As far as the “new penalties” go, I again don’t think there’s too much to worry about. Before any penalty could be levied, a matter would have to be referred for criminal prosecution—something that probably won’t happen except in the most egregious cases. This is a far cry from the administrative monetary penalties that can be levied in some European jurisdictions directly by the data protection authority.

So, all in all, pretty good news for privacy in Canada—for some—this week. And when we also read that CRA employees were fired for privacy violations, perhaps privacy is something this government is realizing is a priority issue that people care about.

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

ONLINE PRIVACY

Headlines Inspire Opt-Out Technologies (February 28, 2011)
Concerns about privacy have prompted the creation of two start-ups that aim to provide online users with more choice. Following the news of a privacy breach at Facebook, a former Google engineer created a piece of software that disabled features that track browsing history, The Wall Street Journal reports. Within two weeks, 50,000 users downloaded the free application. Engineer Brian Kennish said he's since left Google so that he could create "Disconnect"--software to work with a wider array of sites' tracking devices or "widgets." The software also disables search engines from tracking users' Web movements. Meanwhile, a 19-year-old college student has started a company that allows users to opt out of tracking by 100 companies. (Registration may be required to access this story.)

ONLINE PRIVACY

Companies Take Steps To Protect Privacy (February 28, 2011)

Internet companies are taking steps to address calls for stronger online protection for Internet users, The Wall Street Journal reports. Most recently, both Microsoft and Facebook have "moved to beef up and clarify their efforts around the thorny issue of online privacy," the report states, describing Microsoft's move to add a do-not-track tool to its services and Facebook's new draft of its privacy policy with more user-friendly information headings. "The new policy is much more of a user guide to how to manage your data," said Jules Polonetsky, CIPP, of the Future of Privacy Forum, which was consulted by Facebook. "You might actually want to read this thing." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Start-Ups Capitalize on Data as Currency (February 28, 2011)

Entrepreneur Shane Green's company allows people to personally profit from providing companies with their personal data, which he says has become "a new form of currency." His company is one of about a dozen start-ups aiming to capitalize on privacy as marketers increasingly rely on personal data for targeted ads, The Wall Street Journal reports. One London real estate developer now offers to sell people's personal information on their behalf and give them 70 percent of the sale, the report states, while others offer products to help block online tracking or charge to remove users from marketing databases. One entrepreneur said while "privacy" was a hard sell as of two years ago, investors are now quick to jump at opportunities. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Governing Body Accepts Microsoft Tracking Proposal (February 25, 2011)

The World Wide Web Consortium (W3C), the governing body for HTML5, has accepted Microsoft's tracking opt-out proposal to protect consumer privacy, PCWorld reports. Microsoft's Tracking Protection allows users to choose not to be tracked on the Web by blocking the content that does the tracking, the report states. Internet Explorer's corporate vice president, Dean Hachamovitch, said online privacy is a high priority for consumers and governments around the world. Ashkan Soltani, a privacy and security researcher, called Microsoft's release of the program "a great move" that demonstrates the company's recognition "that for this to work, you want both technology and policy to work in tandem."
Full Story

BIOMETRICS

Facial Recognition Credited with Stopping Identity Theft (February 25, 2011)

When it comes to identity theft, facial recognition is a useful tool, The Vancouver Sun reports. That is based on information from the Insurance Corporation of British Columbia (ICBC) that its two-year-old facial recognition program has helped stop fraudsters who have attempted to steal deceased children's identities for fake driver's licences or identity cards. Since putting the technology in place, the ICBC has investigated 600 such frauds, the report states, and many of those cases have resulted in convictions. Facial recognition allows ICBC to know "if somebody has a licence in another name, another licence in their own name or a prohibition on a licence," spokesman Adam Grossman said. "It's too early to know the cost benefits but we're catching some pretty serious cases."
Full Story

DATA PROTECTION

Opinion: Police Database Could Be Abused (February 25, 2011)

An editorial in The Calgary Herald calls for more public input and more oversight over a police database that is now the subject of an Alberta privacy commission privacy impact assessment. Built over the last five years, The Alberta Law Officers' Network (TALON) contains more information than the existing Canadian Police Information Centre, including "everything from 911 calls to speeding tickets," the report states. Civil liberties advocates have raised concerns about privacy implications and the potential for the database to be misused. "Giving increased powers to police must be done cautiously and with more than simply vague assurances that proper checks and balances are in place," the Herald states.
Full Story

DATA PROTECTION

Cavoukian: Smart Grid Privacy is Good for Business (February 25, 2011)

Instead of utility companies asking how much money it will cost them to incorporate privacy safeguards into smart grid plans, they should be asking how much money it will save them. That's according to Ontario Information and Privacy Commissioner Ann Cavoukian in an Intelligent Utility Q & A. Cavoukian says in the two-part series that protecting privacy will help utilities to gain consumer trust and avoid data breach incidents. Instead of arguing whether the utility or the customer owns utility data, the terms "custody" and "control" should be used, she said, adding that since the utility has custody of the data, it has "obligations to protect it."
Full Story

PRIVACY LAW

Online Juror Vetting: Muddy Waters for Courts (February 25, 2011)

Law firms are increasingly using social networks and online searches to build extensive juror profiles, causing regulatory and privacy concerns. Reuters reports that lawyers are hesitant to discuss Internet vetting, partly because they aren't sure of the rules surrounding the practice; "It's like the Wild West," said a U.S. attorney. A May 2009 U.S. court case shows a judge barring a lawyer from Googling prospective jurors in the courtroom because the other lawyers had not brought laptops, but the decision was overturned by an appellate court, stating, "Internet access was open to both counsel--even if only one of them chose to utilize it."
Full Story

ONLINE PRIVACY

The Transparency-Privacy Balance Online (February 25, 2011)

Kris Kotarski, writing for The Calgary Herald, shines Louis Brandeis's principle of sunlight being the best disinfectant onto the Internet. While governments and corporations gain greater abilities to track and monitor the public online, Kotarski writes, the public has a new and broad-reaching tool for researching and "'enforcing' transparency among powerful organizations." According to Kotarski, privacy rights and anonymity are important ballast for ever-growing technology that "tilts the balance away from individual privacy." He writes, "The technologies available and the capabilities that they bring will undoubtedly continue to evolve, but it is crucial to decide on how our cultural and legal norms should evolve along with them."
Full Story

PRIVACY LAW—EU

European Council Calls for Cost Assessments on Proposed Changes to Directive (February 25, 2011)

Daily Dashboard Exclusive

The European Council has shared its opinion on the review of the European Data Protection Directive. During meetings yesterday and today in Brussels, council officials expressed general support for the review, while also outlining areas of concern and further study. Patrick Van Eecke of DLA Piper in Brussels told the Daily Dashboard that while the council generally supports the review, "it seems to be concerned about costs of compliance." The council has advised the European Commission to conduct cost analyses of the proposed changes before actually making them. The council also made recommendations concerning minors, categories of "sensitive data" and the right to be forgotten, among others.
Full Story

PRIVACY LAW—CANADA

How Much Privacy Should We Expect at Work? (February 23, 2011)

Any electronic correspondence sent at the workplace should be considered about as private as a postcard. That's the message from the head of Quebec's Privacy Commission, Jean Chartier, who recently advised that a "computer screen is not a wall that you can hide behind." A case set to unfold this week before Montreal's city council illustrates the lingering question surrounding how much privacy an employee can expect at work, The Montreal Gazette reports. A city employee claims to have been spied upon by officials who say they investigated the employee based on allegations of misconduct. Employees must work within the employer's guidelines, Quebec's privacy commission warns.
Full Story

ONLINE PRIVACY

A Gift With a Price? (February 23, 2011)

According to Andrew McAfee, principal research scientist at MIT's Center for Digital Business, an iTunes gifting policy may violate the U.S. Video Privacy and Protection Act which bans the disclosure of rental records without customer consent. The iTunes Store allows users to give up to 100 songs to a person using only the recipient's e-mail address and then notifies the giver if that person has duplicates of any of the songs in their playlist, reports PCWorld. McAfee points out that e-mail addresses are often easy to guess, and Apple doesn't require users to log in to their account or give payment card information to use the service. "This strikes me as problematic," McAfee wrote, adding that scanning a person's playlist could take a while, but the process could be automated.
Full Story

ONLINE PRIVACY

Denham: Privacy Remains a Social Norm (February 18, 2011)

Speaking before a standing-room-only crowd at the Privacy and Security Conference on Thursday, BC Privacy Commissioner Elizabeth Denham said despite the networked nature of our online world, privacy and data security remain key concerns for Internet users. "If privacy were indeed on the ropes as a social norm, we wouldn't see more countries adopting privacy laws, including serious proposals for such laws in both houses of congress in the U.S.," she said. The Victoria Times Colonist reports that Denham spoke of recent privacy investigations and the attention they have drawn from the mainstream media. Much work remains, she said, noting, "To get better services from companies or governments, we may have to give up some of our privacy, but how much is too much? That's the tricky public-policy question."
Full Story

ONLINE PRIVACY

Police Database Spurs Concerns (February 18, 2011)

Alberta's new $65 million Talon database to allow law enforcement officials to share information is being met with concerns from trial lawyers and civil liberties groups alike who believe it has the potential to violate privacy rights, The Vancouver Sun reports. Officials are calling for the government to publicize the privacy impact assessment (PIA) for the database to reveal how data on the site will be protected. However, that is not a requirement of Canadian law. As a spokesman for the Office of the Information and Privacy Commissioner's Office noted, conducting and sharing a PIA for a database such as Talon is "discretionary," although some government ministries volunteer to make them public.
Full Story

GEO PRIVACY

Privacy Concerns Limit Spread of Location Services (February 18, 2011)

In its four-part series on location-based services, The Globe and Mail explores what it describes as the "primary reason for resistance among some users to the location trend"--privacy concerns. The report references a Microsoft survey that found nearly half of all Canadians are concerned about sharing location information and "64 percent are specifically concerned with controlling which organizations have access to that information." Comparing those concerns to social networks' use of personal information, the report suggests that for businesses, "the most important first step...is to make sure the business and the customer are both clear on exactly what will and won't happen to the information collected."
Full Story

HEALTHCARE PRIVACY

Hospitals Testing Anonymization Software (February 18, 2011)

An Ottawa doctor has developed technology to protect patient privacy in the electronic health record environment, CBC News reports. Dr. Khaled El Emam, Canada Research Chair for electronic health information at the University of Ottawa, says his Privacy Analytics software makes patient records anonymous. "One has to be very careful in terms of sharing health information to make sure it's truly anonymous," Emam says, "so that we can make that available for all the good things you can do with medical data." The software is being tested in Ontario hospitals.
Full Story 

PRIVACY LAW

Opinion: Awarded PIPEDA Damages Could Open Floodgate (February 18, 2011)

After the Federal Court of Canada's decision to award damages for the first time under the Personal Information Protection and Electronic Documents Act (PIPEDA), it "will be interesting to see whether this case opens a floodgate of litigants seeking damages" opines attorney David Canton in the London Free Press. A judge ordered Transunion of Canada last December to pay $5,000 in damages to a Calgary man after it reported inaccurate personal information about him to a bank in connection with his loan application, resulting in it being denied. The court decision was based on the credit bureau's disclosure of inaccurate information and its failure to "rectify the problem in a timely manner."
Full Story  

RFID

W. Kelowna Dumps Trash Program, Again (February 18, 2011)

Citing privacy concerns, the West Kelowna council voted once again to opt out of the region's RFID trash management system, reports Kelowna Capital News. The system aims to identify and penalize people who dispose of contaminants along with their yard waste materials by linking trash bins to addresses. Council members said they want more controls and regular monitoring of the security of the data collected, noting that "the district is being asked to pay a fee for a program that infringes on the rights" of its citizens. And West Kelowna Mayor Doug Finlander said of the program that he continues to "have concerns over whether this is effective."
Full Story

DATA LOSS

Patient Data Found in Hospital Parking Lot (February 18, 2011)

The Office of the Information and Privacy Commissioner of Ontario has required St. Thomas Elgin General Hospital to investigate how a schedule containing patients' personal information was found in the hospital parking lot. A London Free Press report states that the form included 97 patients' names, addresses and reasons for visiting the hospital and OHIP numbers for at least 15 of them. The hospital has sent letters to all those affected apologizing and telling patients how to check if their OHIP numbers have been used inappropriately. According to the report, the hospital does not believe there was any malicious intent in removing the document from the building and will be handling this information electronically from now on.
Full Story

DATA PROTECTION

PCI Council Launches Training Program (February 18, 2011)

The PCI Council today begins its series of training programs intended to educate practitioners on Payment Card Industry Data Security Standards (PCI DSS). Council General Manager Bob Russo told Info Security that the courses "cover all PCI basics, including how the payment system operates straight through to how PCI works and why it is important to be compliant." Offerings include in-person sessions as well as online training, and according to Russo, there will likely be supplemental guidance throughout the year. Version 2.0 of the PCI DSS went into effect last month, and merchants have one year to comply with the new standard. "We can say confidently that (PCI compliance) is the best defense you will have against a breach, but by no means is this the ceiling," said Russo.
Full Story

PRIVACY LAW

G8 May Have Privacy Focus (February 16, 2011)
Following up on its efforts in October to move toward the goal of adopting "an international binding legal instrument harmonizing the protection of privacy," France has announced its intent to bring the world's Internet leaders to the G8 Summit in May. An announcement from France's Commission nationale de l'informatique et des libert├ęs (CNIL) suggests that including privacy on the agenda for the G8 "would mark a critical milestone in the protection of privacy against the development of digital technologies." Despite the continual exchange of data across borders and the prevalence of biometrics, geolocation and surveillance, the CNIL points out that "there is no globalized legal answer, and the levels of privacy protection are disparate."

ONLINE PRIVACY—CANADA

Report: Lottery Site Privacy Problems Fixed (February 16, 2011)

An online lottery site did not adequately protect users' privacy when it was launched, an investigation has determined, but the issues have since been addressed, The Vancouver Sun reports. British Columbia Information and Privacy Commissioner Elizabeth Denham completed an investigation into BC Lottery Corp.'s PlayNow.com, which experienced "data crossovers" last summer that allowed users to see such personal information as credit card information from other users. Announcing the investigation's findings on Tuesday, Denham noted the security gaps were not directly responsible for the data crossovers, the report states, and concluded the corporation has "since taken steps to address the problem and the site now adequately protects users' privacy."
Full Story

DATA LOSS

Dating Site Hacked, Names and Passwords Exposed (February 11, 2011)

The online dating site eHarmony has announced that a hacker used a vulnerability to access the usernames, e-mail addresses and passwords of users of its informational site eHarmony Advice. CNET News reports that the Krebs on Security blog first reported the vulnerability and soon after found eHarmony data offered for sale on an online marketplace for hacked data. The company says it has fixed the vulnerability and is notifying affected customers and suggesting that they change their passwords. "At no point during this attack did the hacker successfully get inside our eHarmony network," the company said in a blog post. The company has not released the number of users affected, but says it represents less than .05 percent of eHarmony's 33 million users.
Full Story

PRIVACY LAW

Commissioner: Info Sharing Breached Law (February 11, 2011)

Information sharing between energy company Powerstream and the city of Vaughan violated the Municipal Freedom of Information and Protection of Privacy Act, Ontario's information and privacy commissioner has ruled. The two entities stopped sharing citizen data after a complaint was lodged last year by a city hall watchdog who was concerned that residents' personal information was being misused, York Region reports. The power company had been sharing the information with the city since 2005. The commissioner's office is satisfied that the information sharing has stopped and therefore did not include recommendations in its seven-page report.
Full Story

DATA LOSS

Dickson: Breaches Need Stiffer Penalties (February 11, 2011)

Saskatchewan Privacy Commissioner Gary Dickson told The Mercury that stiffer penalties are needed for people and organizations responsible for breaches such as the recent one at Sun Country Health Region, where an employee inappropriately accessed patient prescription data. Dickson said that while the health region hasn't disclosed the employee's punishment in this case, he fears weak penalties are sending a bad message, and the Ministry of Justice is not backing stronger actions when health regions seek them. "If the penalties are light for breaches of confidentiality, then curiosity often overcomes training," Dickson worries. With many employees having access to electronic health records, the message and the punishments need to be stronger, he says.
Full Story 

PRIVACY LAW

Info-Sharing Plans Anticipated Privacy Concerns (February 11, 2011)

The Toronto Star reports on negotiations between the U.S. and Canada that would create a single security ring around the perimeter of both countries and would allow for greater information sharing about Canadians with the U.S. According to a document prepared during negotiations last fall, officials anticipated that Privacy Commissioner Jennifer Stoddart and the Council of Canadians would challenge the plan. The document therefore noted as a strategy that officials maintain an ongoing engagement with Stoddart and that the government stress that it values and respects the countries' "separate constitutional and legal frameworks that protect privacy, civil liberties and human rights."
Full Story

PRIVACY LAW

Public Salaries Are Private Information (February 11, 2011)

Quebec's new access and privacy commissioner has suggested he might recommend more transparency for public-sector salaries when he submits the commission's five-year review to the government in June, The Ottawa Citizen reports. Public-sector salaries are considered personal information in the province, and disclosure of such figures can result in fines ranging between $200 and $2,500. Senior managers' salaries may be disclosed but can take up to 30 days to process after a request is made. Supreme Court decisions have upheld the decision to keep such information private, which Privacy Commissioner Jennifer Stoddart has called "a direct challenge to our collective will to go toward the greatest possible transparency of the state."
Full Story

TRAVELLERS’ PRIVACY

Agency: Don’t Post Vacation Plans (February 11, 2011)

Canadians should abstain from posting information to their social networking profiles about their vacation plans. That was the warning from the Canadian Anti-Fraud Centre, which said that posting vacation plans on Facebook and Twitter leaves individuals vulnerable to identity fraud and home robberies, reports the Toronto Star. Thieves sifting through individuals' social media pages may also use the information to send a deceptive e-mail to family and friends claiming that they've "run into trouble overseas" and need funds, the centre warns. A CEO specializing in private home rentals says its online users are encouraged not to use real names to protect themselves and suggests privacy settings should restrict strangers' access to location-based posts.
Full Story

ONLINE PRIVACY

Schwartz Discusses the Impact of Choice on Privacy (February 8, 2011)

Barry Schwartz, author of The Paradox of Choice: Why More is Less and professor of social therapy and social action at Swarthmore College, shared his insights on the intersection of choices and privacy with the Privacy Advisor. "I think the main task facing organizations that worry about Internet privacy is to figure out a 'default' level of privacy that enables people to benefit from what the Web makes available and not be tortured by it," he explained. Schwartz, who will be a keynote speaker at the IAPP Global Privacy Summit in March, said he will be discussing "how too much choice produces paralysis rather than liberation, leads to bad decisions and reduces satisfaction with even good decisions."
Full Story

PRIVACY—CANADA & U.S.

Border Security Pact May Incite “Alarm Bells” (February 4, 2011)

Canadian Prime Minister Stephen Harper and U.S. President Barack Obama are meeting today in Washington, DC, where they are expected to sign a border security agreement that would enable greater information sharing between the two governments. The Toronto Star reports that a draft of the agreement called for a greater exchange of law enforcement information and more cooperation when it comes to verifying travellers' identities. Some in government have criticized the Harper government for not inviting a public debate on the topic, while others have speculated that the deal's associated privacy concerns will make "alarm bells go off."
Full Story

SURVEILLANCE

Report Recommends Continuing Calgary CCTV (February 4, 2011)

A report to council recommends that surveillance cameras installed in Calgary remain in place despite the concerns of the province's privacy commissioner. In 2008, council approved the installation of 16 closed-circuit television cameras in high-crime areas of the city. Footage from the cameras was examined 93 times in the past two years, and, according to the report, the public and businesses support their use. Last July, Privacy Commissioner Frank Work said that the decline in crime should have the public questioning the need for the cameras, saying, "If we are frightened by the thought of crime, we are more willing to give up privacy and other civil liberties if we think it will make us safer." The report did not recommend expanding the system.
Full Story

PRIVACY

Denham Looking into BC Gov’t Computer Crash (February 4, 2011)

The Times Colonist reports that BC Information and Privacy Commissioner Elizabeth Denham has asked to review the government's final report on a computer crash that disabled its system. Provincial officials say computer technicians making normal upgrades to the system caused Monday's crash when they inadvertently generated a large amount of traffic to the network, the report states. All government Web sites, the employee Intranet and e-mail servers were affected. Experts have ruled out an attack by hackers and say no personal information was compromised.
Full Story

TRAVELLERS’ PRIVACY

Opinion: Make Scanners Mandatory (February 4, 2011)

Pam Frampton, story editor for The Telegram, shares her side of the airport body-scanner debate in an op-ed saying, "I'm all for personal privacy, but in this case I think it's trumped by public safety." She would like to see mandatory body scanning for all passengers and crew. The way things are now, says Frampton, "even if you've been scanned, not all of your fellow passengers will have been, and where's the reassurance in that?" Frampton acknowledges the concerns voiced by Privacy Commissioner Jennifer Stoddart and opponents of the machines but notes that the Canadian Air Transport Security Authority says it has taken steps to address privacy concerns.
Full Story

TRAVELERS’ PRIVACY—U.S.

TSA Deploys New Body Scanners (February 4, 2011)

The Transportation Security Administration this week debuted software designed to make airport body scanners less invasive, The Washington Post reports. The software creates generic body images and displays any detected anomalies in a red outlined box around the specific area of concern. The software will be incorporated at Reagan National Airport in Washington, DC, and in Atlanta, the report states, and could eventually land at all 78 airports currently using body scanning technology. "We believe it addresses the privacy issues that have been raised," said TSA Chief John Pistole. (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING—U.S.

Fake Dating Site Mines Profile Pictures (February 4, 2011)

The world's largest social networking site is "not amused" that two artists gathered public profiles of more than a million of its users to create a fake dating Web site, the San Francisco Chronicle reports. "Users can search based on nationality, traits like 'easy going' and gender or can simply enter a name and see if they're in the database. When users click a result to 'arrange a date,' they're taken to the person's public Facebook profile," the report states. The site mined the profile data without Facebook's permission, the report states, and the company plans to "take appropriate action."
Full Story

PERSONAL PRIVACY

Cavoukian Releases Smart Grid Study (February 2, 2011)

Ontario Privacy Commissioner Ann Cavoukian today released a study on an Ontario utility's approach to smart meter deployment, which she says should serve as the model for all future smart grid investment, The Globe and Mail reports. Released at a California event, Operationalizing Privacy by Design: The Ontario Smart Grid Case Study is the third in a suite of papers on smart grid deployment. It describes the utility's policy to only include customer identification information in the company's own billing records and not share it with third parties unless consent is acquired for service offers. "Smart grid technologies have the potential to collect extremely detailed information about energy consumption in the home, which can lead to the unwelcome profiling of individuals," Cavoukian said.
Full Story

DATA LOSS—CANADA

Dickson: Breaches Need Stiffer Penalties (February 2, 2011)

Saskatchewan Privacy Commissioner Gary Dickson told the Leader-Post that the province needs to dole out stiffer penalties to individuals and organizations responsible for data breaches. The comments came on the heels of a breach at the Sun Country Health Region where an employee inappropriately accessed patient prescription data. Dickson said he was "impressed" with the investigation but noted privacy breaches involving electronic health records are serious matters and risk undermining public confidence in the system. "In a number of cases, termination would be the appropriate response," Dickson said, adding, "A minor fine or a suspension of a couple weeks without pay in my mind really minimizes what I think is a much more serious matter."
Full Story

ONLINE PRIVACY

Mozilla Offers Do-Not-Track Feature (February 1, 2011)
Mozilla has confirmed that its Firefox 4 Web browser will include a do-not-track system allowing users to opt out of targeted advertising, V3.co.uk reports. "This is just our first step," said Mozilla developer Sid Stamm. "We are exploring ways to empower users to have more robust and precise control over their data, and will share our progress on this as it is made." Google has added a similar feature to its Chrome browser, while Microsoft is exploring tracking protection to work consistently across browsers. The announcements come in the midst of questions about what "do not track" actually means, prompting the Center for Democracy & Technology to release a draft definition.

DATA PROTECTION—CANADA

MPs Pleased with Response to Privacy (February 1, 2011)

A House of Commons committee says the privacy of Canadians is being protected by online mapping applications like Google Maps, Winnipeg Free Press reports. The committee has been examining efforts by companies that build online maps using real pictures of homes and streets, such as Google and Canpages, the report states, and says both companies' policies about notifying individuals of filming and blurring identifying information are sufficient. Following Privacy Commissioner Jennifer Stoddart's investigation and subsequent recommendations about Google Street View cars' accidental collection of WiFi data, MPs now say they are "cautiously optimistic" that Google is taking privacy more seriously since it hired a privacy director and introduced employee training. Stoddart had said today was Google's deadline for compliance. The committee, however, said it has concerns about companies not considering privacy in the development phase of new technologies.
Full Story

DATA PROTECTION

Study: Compliance Saves Money (February 1, 2011)

A benchmark study conducted by the Ponemon Institute and sponsored by Tripwire has shown that investing in IT and security compliance can save companies money over time. Bank Info Security reports that through interviews with 160 IT practitioners across a broad range of industries, the study found that companies that review and maintain compliance with security standards spend an average of $3.5 million yearly, while the cost of noncompliance came in at $9.4 million--due mostly to business disruption and loss of productivity, according to the researchers. Tripwire's Rekha Shenoy noted that, in terms of compliance reviews, "PCI was the one that was top of mind across all industries, because they all take card payments."
Full Story