Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

PERSONAL PRIVACY

Commissioner Investigating Utility Data Collection (July 29, 2011)

BC's privacy commissioner will investigate a utility's smart meter program to ensure it complies with privacy laws, The Vancouver Sun reports. Commissioner Elizabeth Denham says she will investigate BC Hydro's program after her office received numerous complaints that the smart meters collect personal information that may breach privacy. "The privacy and security of energy consumption data is a very real issue for citizens throughout the province," Denham said. "With an increase in the frequency of the information collected from smart meters comes an increased responsibility on BC Hydro to ensure that privacy and security is built into the grid."
Full Story

ONLINE PRIVACY—CANADA

Privacy by Design: A Boon to Business (July 29, 2011)

Kashmir Hill interviews Ontario Information and Privacy Commissioner Ann Cavoukian for Forbes about the ways Privacy by Design is helping improve consumer trust. "One of the core principles," says Cavoukian, "is for companies to make users' data private by default." Privacy By Design means "simply that companies are starting to bake privacy into their products, relying less on privacy policies few bother to read," Hill writes. And the notion is starting to take off globally; U.S. lawmakers incorporated the term into a recently proposed bill, and Hill shows examples of companies' use of the principle. "Privacy has historically been viewed as an impediment to innovation and progress, but that's so yesterday and so ineffective as a business model," Cavoukian says.
Full Story

DATA LOSS

Officials: Missing Records Show EMRs Needed (July 29, 2011)

Ontario's privacy commissioner is investigating a breach that occurred when Cancer Care Ontario mailed about 12,000 cancer screening tests, itbusiness.ca reports. Commissioner Ann Cavoukian, echoing the sentiment of Premier Dalton McGuinty, said the loss supports the case for reliable electronic medical records systems, adding, "In this day and age, how could Cancer Care Ontario decide to send hard copies of sensitive personal data of patients through the mail? How could Canada Post have lost track of the records?" Cancer Care Ontario alerted the commissioner's office of the missing screening tests on June 27. A search for the records turned up about 5,000 in physicians' offices.  
Full Story

ONLINE PRIVACY

Opinion: Notification Laws Needed (July 29, 2011)

Between large-scale data breaches bringing light to inadequate cybersecurity practices and the volumes of data that companies hold about their customers, privacy concerns are bubbling to the surface, but the lack of a breach notification law puts consumers at greater risk, reports The Mark. "It comes down to meaningful consent, which entails informed consent," said Privacy Commissioner Jennifer Stoddart, who has taken on industry giants in her efforts to protect consumer privacy. Delaying breach notification, according to the report, puts consumers at risk as they continue to use compromised websites and, at times, allows companies to downplay breaches. 
Full Story

BIOMETRICS

Commissioner: Facial Recognition With Privacy Is Possible (July 29, 2011)

While social networks struggle with appropriate ways to use facial recognition technology, organizations across Canada have implemented it for a wide range of purposes, and Canadian "e-passports," expected out next year, will also contain a chip to be used with the technology, reports The Globe and Mail. One privacy expert says "there is a tendency to over-rely on technology," adding, "It has the potential to slip from one purpose to the next so easily no one stops to ask why or what are you doing with it." Ontario Information and Privacy Commissioner Ann Cavoukian also warns of the risks of unintended use, but says privacy is possible in these technologies with proper controls. 
Full Story

BIOMETRICS

No “Tag Suggestions” for Canada (July 29, 2011)

While Facebook works to address privacy concerns for its "Tag Suggestions" facial recognition feature across many regions of the globe, Canadians have not yet had the opportunity to try it out for themselves. The Globe and Mail reports that a Facebook spokesman said the company currently has no plans to offer Tag Suggestions to Canadians. Meanwhile, privacy concerns surrounding the service have sparked a coalition in the U.S. to bring a complaint to the Federal Trade Commission, and European privacy watchdogs are also looking into possible privacy violations. But a U.S. state attorney general issued a statement following a meeting with Facebook officials saying the company "has made significant changes that will provide better service and greater privacy protection to its users."  
Full Story

PERSONAL PRIVACY

Technology Increasingly Diminishing Anonymization (July 29, 2011)

CNET News reports on one operating system's collection of millions of devices' location-based data, including laptops, cell phones and other WiFi devices. According to the report, Microsoft collects and publishes such locations--which can be as specific as a street address--to a database intended to help deliver location-based search results such as weather, movie times, maps and directions. Meanwhile, a Stanford researcher lists the ways identity can be linked to data that was initially collected anonymously, and an article in The Economist reports on soon-to-be unveiled research demonstrating the ease with which facial recognition technology can be used to identify "random passersby" and "personal details about them."
Full Story

PRIVACY

Opinion: Right to Privacy Definitions Need Updating (July 26, 2011)
In The Wall Street Journal, L. Gordon Crovitz writes that in light of a phone hacking scandal, definitions of the right to privacy need to be updated. The debate surrounding the right to privacy in recent years has focused on new media, he writes, "but when we post details about ourselves on social media or reply to online marketing, we are choosing to become less private." Hacking phones is "a clear-cut violation of privacy," Crovitz writes, "but the clarity of this violation highlights how much ambiguity there is in other claimed areas of privacy."

PRIVACY

Privacy Leads 2011 Concerns (July 26, 2011)

ReadWriteWeb reports on privacy concerns as a top trend of 2011 so far. The report looks at privacy-focused social networks and examines concerns about smartphones and a do-not-track mechanism. The report predicts that, in response to Google's social network that allows users to publish information to targeted "circles," Facebook will likely enable selective sharing by the year's end. The report also notes researchers' revelation that smartphones are capable of storing user location data, noting a survey by TRUSTe indicating that 77 percent of respondents don't want their location data shared. 
Full Story

DATA LOSS

Preparing for Mandatory Breach Notification (July 25, 2011)

As data security breach notification requirements become more widespread on a global scale, businesses are at greater risk for brand damage, customer loss and regulatory scrutiny. In a special pre-release article for the September issue of The Privacy Advisor, Baker McKenzie's Brian Hengesbaugh, CIPP, Michael Stoker and Daniel Krone discuss the 10 steps every organization should take to address these requirements. They say an organization's actions "should be tailored to reflect its industry; geographic footprint; data collections and transfers; history of data security incidents," and other factors. The authors outline specific steps organizations can take. (IAPP member login required.)
Full Story

ONLINE PRIVACY

Commissioner: Better Online Privacy Protections Needed (July 22, 2011)

Assistant Privacy Commissioner Chantal Bernier says Canadians navigating the Internet should have better protections of their personal privacy from companies that use, sell and leave their information unprotected, the Toronto Star reports. Bernier also thinks a recurring five-year review by a committee in parliament would help allay online privacy concerns as well as determine whether the privacy commission could have the authority to fine violators. "There will be a big focus on the privacy of individuals using the Internet," says Bernier, "to see whether the current legislation is sufficient to address this new context."
Full Story

BIOMETRICS

OLG: Facial Recognition Targets “Problem Gamblers” (July 22, 2011)

Rideau Carleton Raceway is one of a number of Ontario-based casinos that have begun using facial recognition technology to prevent "problem gamblers" from entering casinos, the Ottawa Citizen reports. The Ontario Lottery and Gaming Corp. (OLG) introduced the new technology this spring to help with the province's estimated 300,000 "problem gamblers." The OLG's Paul Pellizzari says 19 out of the province's 27 casinos are now using facial recognition systems, adding, "We took what the industry standard was for encryption and we enhanced it and did a number of other things to make it hard to hack into. But if it was hacked into, unauthorized people would not be able to access the data."
Full Story

INFORMATION ACCESS

Open Government Websites Launched (July 22, 2011)

The British Columbian government has rolled out two new websites that will give the public access to databases and documents disclosed under freedom-of-information requests, CBC reports. One website features nearly 2,500 databases, which are available to download digitally and include birth rates, cancer statistics and budget figures, according to the report. A second website will allow freedom-of-information request access but will only be available for three days per request. Information and Privacy Commissioner Elizabeth Denham has applauded the sites but says there is more work ahead. "I think, over time, government will become more used to putting the data out there," says Denham. "But by doing so, they obviously open themselves up to criticism."
Full Story

DATA PROTECTION

Commissioner Discusses Privacy By Redesign (July 22, 2011)

In an interview with BankInfoSecurity, Ontario Information and Privacy Commissioner Ann Cavoukian discusses strategies that incorporate privacy into existing systems. Privacy By Redesign attempts to implement privacy strategies by looking at data use, what is permissible and the creation of a consent management system. "How can we expand the notion of embedding these protections proactively into the system," Cavoukian says, "so that it automatically knows when to seek out additional consent." The interview also covers the fundamentals of Privacy By Design, Privacy By Redesign's goals and ways organizations can improve privacy structure.
Full Story

PRIVACY LAW

Opinion: OPC Popularity “Remarkable” (July 22, 2011)

In a column for the London Free Press, David Canton considers a call by scholars for the Office of the Privacy Commissioner (OPC) to be granted "limited power to make orders, including the ability to impose penalties such as fines." Such a change would "significantly increase the power and authority of the privacy commissioner," he writes, noting the "remarkable" popularity of the OPC, which "received 200 requests to present speeches and attended and delivered 150 speeches and presentations in 2010." He also notes that Stoddart has "received more than 250 media requests; launched a blog, youth website and youth blog; sent out 700 tweets, and attracted almost 2,000 followers on Twitter."
Full Story
 

EMPLOYEE PRIVACY

Opinion: Employers Should Assess Reasonable Expectation of Privacy (July 22, 2011)

In a column for the Financial Post, Drew Hasselback writes that employers have the right to know what an employee does on a company-issued computer, but employers should be careful about how they weigh their rights against an employee's privacy rights. Hasselback says that the "heart of the matter is reasonable expectation of privacy." Implementing formal policies that clearly state an employer's expectations and rights is a first step, but "even with a clear policy in place, the employer needs to consider whether the employee has a reasonable expectation of privacy over the files or e-mails." A Vancouver-based attorney adds that before an employer starts monitoring usage, "Ask yourself: Is there a less privacy-intrusive way to do it?"
Full Story

BEHAVIOURAL TARGETING

Opinion: Search Algorithms Affect Awareness (July 22, 2011)

An Ottawa Citizen report explores how behavioural advertising, search algorithms and Internet filtering are changing the types of information individuals receive. Many individuals are not aware that their browsing and search habits, computer type and location affect results from search engines. If individuals search for news online, they may only receive what is relevant, and that means "our understanding about what's happening in the world could be diminished," the report states. Corporations should gather and use personal information responsibly, but, the report states, users have a "growing responsibility, too, to become aware and self-aware...to guard against locking ourselves away in echo chambers of our own devising."
Full Story

DATA PROTECTION—CANADA

Commissioner Recommends Charges Against Doctor (July 21, 2011)

Saskatchewan Information and Privacy Commissioner Gary Dickson has released a report that includes 11 recommendations in response to the discovery of patient health records found in a dumpster earlier this year. Dickson has named a doctor as a "trustee responsible for the records" and has recommended that legal action be taken against the individual and clinic for violation of the Health Information Protection Act, The StarPhoenix reports. "This is without question the largest breach of patient privacy that our office has encountered in eight years since the Health Information Protection Act was enacted," Dickson wrote in the report. If convicted, the doctor could face up to a $500,000 fine.
Full Story

SOCIAL NETWORKING

Opinion: New Site Puts Privacy First (July 19, 2011)

A new social networking site has learned the lessons of past privacy mishaps and made privacy the "No. 1 feature of its new service," says Nick Bilton in The New York Times. Google launched its new social network Google+ last month and now has 10 million users whose posts are private by default, the report states. Breaches of user privacy on other sites have rarely led to repercussions, and users have mostly stuck with Facebook because there hasn't been a "viable alternative," Bilton writes, adding, Google seems to have learned "the importance of privacy for consumers online." (Registration may be required to access this story.)
Full Story

PRIVACY LAW

Comments Sought in Anti-Spam Regulations (July 19, 2011)

The entities that will implement Canada's Anti-Spam Legislation have each released draft regulations for comment. Industry Canada's draft regulations define what constitutes family and personal relationships--both exceptions to obtaining user consent under the proposed legislation, Hunton & Williams' Privacy and Information Security Law Blog reports, which could affect "forward to a friend" marketing campaigns. The Canadian Radio-television and Telecommunications Commission draft regulations address commercial electronic message content; request for express consent requirements for sending commercial messages, and notice and consent requirements.
Full Story

DATA PROTECTION

Outsourcers Working to Allay Fears (July 18, 2011)

With reports of large-scale data breaches attracting media attention, companies that outsource services are looking for ways to assure customers that sensitive data is being adequately protected. ComputerWeekly reports that according to PricewaterhouseCoopers (PwC), many outsourcers are using independent reports to show that they have robust protections in place, and this increased trust and transparency has become a competitive advantage. "Companies are increasingly looking for comfort that the operational activities that they have outsourced, be it transaction processing, logistics management or cloud computing, are being properly controlled," said Neil Hewitt of PwC.
Full Story

PERSONAL PRIVACY

Stoddart: Border Pact With U.S. Needs Safeguards (July 15, 2011)

Privacy Commissioner Jennifer Stoddart has voiced concerns over a pact between Canada and the U.S. that is expected to increase data sharing between the countries. The plan, aimed at improving security while easing congestion at the border, needs transparency, controls and limits, says Stoddart, adding that the two countries may differ on points such as reasonable expectations of privacy, what constitutes personal information and transferring data to third parties, reports the Winnipeg Free Press. Stoddart encouraged the government to push for a "made-in-Canada" model, saying a U.S. approach "would not only offend the value Canadians traditionally place in their privacy but may have the effect of hurting the reputation of Canada abroad as a destination of choice."

Full Story

INFORMATION ACCESS

Bernier: Privacy Shouldn’t Impede Public Safety (July 15, 2011)

Assistant Privacy Commissioner Chantal Bernier says it's up to the Canada Border Services Agency (CBSA) to decide whether to release personal information of those being investigated for war crimes, reports the Toronto Sun. The Canadian Police Association and members of parliament have called for the CBSA to name fugitives residing in Canada illegally, but CBSA officials say they won't release the names of war criminals because they are protected by privacy laws. Bernier said her office "has always been clear that privacy does not stand in the way of public safety," the report states, adding that privacy is also "not an excuse to promote secrecy."

Full Story 

INFORMATION ACCESS

Work Retiring, But Not Pulling Punches (July 15, 2011)

As Alberta Privacy Commissioner Frank Work gets ready to retire in December, he acknowledges there are "signs of promise" in terms of government openness but reminds politicians, "information does not belong to government, it belongs to the people who elected you..." Work has long criticized the Albertan government for secrecy; in this year's annual report, he called out "a lack of leadership at the provincial level with respect to access to information," and more recently, in the Edmonton Journal, he offered suggestions for transparency going forward. "Don't say it unless you mean it. Don't toy with us. Don't toss 'open,' 'accountable,' transparent' at us unless you intend to follow through."

Full Story

PRIVACY LAW

Group: Gov’t Initiatives Could Harm Canadians’ Privacy (July 15, 2011)

The Montreal Gazette reports that a group of privacy advocates is voicing concerns about the potential impact of several government initiatives. The Canadian Association of Professional Access and Privacy Administrators (CAPAPA) is taking issue with the Lawful Access Law--which would require Internet service providers to monitor online behaviour and identify individuals to law enforcement without a warrant--and the Anti-Counterfeiting Trade Agreement (ACTA)--which would require Canada to sync copyright laws with 37 other countries and punish copyright infringers by denying them Internet access for one year. Taken individually, the initiatives may seem innocuous, but "if you put it all together, it has a cumulative effect," said a CAPAPA spokeswoman.

Full Story

DATA LOSS

Even The Web-Savvy Get Breached (July 15, 2011)

Though Chester Wisniewski has 488 different passwords, he was still recently the victim of online hacking, Moneyville reports. Wisniewski, a computer security expert, was one of the victims of the Sony PlayStation breach, which affected 100 million users. Had he used that same password for other sites, such as his online banking, the repercussions would have been worse. "Unfortunately, once you have stolen someone's Facebook or e-mail account, it kind of unlocks everything in their life...it's easy to commit identity theft," Wisniewski said. Users should protect themselves by using multiple, strong passwords that change every so often and avoiding conducting private business on public computers, the report states.

Full Story

HEALTHCARE PRIVACY

Health Authority Mistakenly Shares Data (July 15, 2011)

The Cape Breton District Health Authority gave 277 patients' names, addresses and two lab results to researchers without first gaining consent, reports The Cape Breton Post. While a proper protocol was in place, doctors did not follow it. The authority's CEO, John Malcom, has called the incident a "serious error" and said the authority has written letters to all those affected and "strengthened the understanding of this in health records, so in the future, before any access is given to patient results like this, we have to see the consent of the individual." Malcom said all the data has been withdrawn from the study and returned to the authority.

Full Story

PRIVACY LAW—UK

Phone hacking scandal prompts closer look at ICO’s call for jail terms (July 15, 2011)

A renewed interest in issuing custodial sentences for those who flout data protection law has emerged in the wake of the News of the World phone hacking scandal. In a speech this week, Deputy Prime Minister Nick Clegg said those convicted of obtaining personal data by deception should be jailed, according to a BBC News report. And Prime Minister David Cameron acknowledged that 2006 reports from the Information Commissioner's Office that detailed data handling issues and recommended custodial sentences for data infractions were not given the attention they deserved. Stewart Room, a partner at Field Fisher Waterhouse in London, told the IAPP Europe Data Protection Digest that the scandal "has captured the public imagination and the Coalition Government will have to react...The introduction of jail sentences is now inevitable."
Full Story

SOCIAL NETWORKING

Privacy Approach May Determine Success (July 13, 2011)

CNNMoney reports on new competition in social networking, and the report says privacy may end up determining the leader. While Facebook holds the major market share, Google's new Google+ is being lauded by testers for its privacy controls. "Web users may benefit from a Facebook-Google rivalry, but for a different reason: The best way for these companies to differentiate their social media offerings is by preserving personal privacy," the report states.
Full Story
 

ONLINE PRIVACY

Cloud Concerns Pervasive (July 12, 2011)

Across jurisdictions, concerns about privacy in the cloud persist. "There is no global law of cyberspace or law of the Internet, although there are separate pieces of legislation relating to privacy, spam, electronic transactions, cybercrime and more," one Australian expert writes, cautioning that recent breaches are a warning to all businesses. Technorati reports that, additionally, concerns about differing regulations, such as the U.S. Patriot Act being at odds with EU data protection rules, are also problematic. "All this could lead to something as drastic as the EU banning--even if only temporarily--U.S. companies from operating cloud services within the EU," the report states.
Full Story
 

ONLINE PRIVACY

Groupon To Collect, Share More User Data (July 11, 2011)

Groupon has e-mailed its 83 million subscribers to announce changes to its privacy policy, including that it will begin collecting more information about its customers to share with its business partners, The Washington Post reports. It will also begin using geolocation information for marketing purposes. The expanded categories of information Groupon will now collect include user habits and interests, which it will share with third parties. It now shares contact, relationship, transaction and mobile location information. The company has also released details on the ways it collects and uses such information. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

It’s a Privacy Policy. It’s a Game. It’s Both! (July 8, 2011)
An online game manufacturer yesterday launched "PrivacyVille," a tutorial on its privacy policy that users play like a game. Players follow along and learn about how Zynga will protect users' personal information, reports CNET News. The company says the game is not meant as a substitute for its official privacy policy and Privacy Center but as an educational tool. Unlike Zynga's other games, PrivacyVille does not require a Zynga or Facebook account, but players earn points redeemable in some of the company's other games that do.

PRIVACY LAW

Dickson: Consequences Needed (July 8, 2011)

Saskatchewan Information and Privacy Commissioner Gary Dickson cited an incident from earlier this year where boxes of patient medical records were disposed of in a dumpster as an example of the need for stricter privacy laws, The StarPhoenix reports. Speaking after the release of his annual report on Monday, Dickson said, "We're not going to have the level of compliance and the pervasiveness of compliant practice that I think Saskatchewan residents are entitled to until there are particularly serious consequences." Investigations are often the result of careless errors or the curiosity of employees who "snoop in somebody else's health records or somebody else's personal information," he said.
Full Story

PERSONAL PRIVACY

Audit Reveals Sensitive Data on Machines (July 8, 2011)

After the Office of the Privacy Commissioner released an audit in its annual report showing that more than a third of Staples' refurbished electronic equipment still held private data, a U.S. attorney general is asking for more information on its refurbishing process. The Hartford Courant reports that personal information was found on digital devices in 15 of the 17 stores audited, including passport numbers, employment information and driver's license numbers. Connecticut Attorney General George Jepsen sent a letter to the company last week requesting more information on its practices and policies. "It is critically important that used and refurbished products are scrubbed of any personal information by previous owners," Jepsen said.
Full Story

INFORMATION ACCESS

Work’s Suggestions for a Transparent Government (July 8, 2011)

Nearing the end of his term as Alberta's privacy commissioner, Frank Work offers suggestions for incoming leadership on how to approach government transparency. "Remember, the whole idea of the Freedom of Information and Protection of Privacy Act (FOIP) is to ensure that the public has access to information held by government," Work writes for the Edmonton Journal. He goes on to say that obeying FOIP is not enough. "Tell your cabinet that you expect them to get the information out there...Instruct your ministers to deliver the same message," he writes. Work recommends a rewrite of the chief information officer's job description and additional FOIP coordinators to ensure these goals are met.
Full Story

DATA LOSS

A Property Right in Personal Information? (July 7, 2011)

Plaintiffs in data breach claims have been unsuccessful in convincing courts that they have suffered harms as a result of a breach, but "a new theory that claims a property right in personal information has recently been tried," writes Andrew Clearwater, CIPP, in an article for the current edition of the IAPP's Privacy Advisor newsletter. Clearwater says that, under this theory, a data breach causes a loss of personal information property and, therefore, a concrete or particularized harm has been realized." The approach is being tested in a case against RockYou Inc.
Full Story
 

BIOMETRICS—CANADA

Opinion: Don’t Trade Privacy for Quick IDs (July 5, 2011)

An editorial in the Victoria Times Colonist opines that while the desire to catch Vancouver rioters is understandable, Insurance Corp. of British Columbia (ICBC) sharing its database of images with police raises significant privacy issues. "None of the three million people in the ICBC database gave their consent for their images to be used in this way," the report states. And British Colombia Privacy Commissioner Elizabeth Denham has said that though the sharing is legal, she has concerns about using the photos for a purpose other than that for which they were collected. "Technology has outstripped our privacy regulations and laws. Until we catch up, ICBC and other organizations should be putting privacy first," the author writes.
Full Story

DATA LOSS

$40 Million Class-Action Suit Sought in Durham (July 1, 2011)

SC Magazine reports on a $40 million class-action suit that has been filed against the Durham Region over the loss of an unencrypted USB flash drive. The drive contained personal information of nearly 84,000 people who had been vaccinated against the H1N1 flu virus during a two-month span in 2009. The suit claims that the region was negligent, breached its fiduciary duty and violated patients' privacy and the Canadian Charter of Rights and Freedoms, according to the report. The drive--which contained names, addresses, phone numbers, birth dates, health card numbers, primary care physician names and other personal health information--was lost in the parking lot of the regional headquarters by a public health worker.

Full Story

PRIVACY LAW

Concern About Proposed ISP Legislation (July 1, 2011)

Canada's privacy commissioner and several civil rights groups have expressed concern about proposed legislation that would require Internet service providers to use communication-interception technology as well as share subscriber information to law enforcement without a warrant, the Montreal Gazette reports. Entitled "Lawful Access," it may be included in an omnibus bill proposed by the Conservatives to be tough on crime. The assistant privacy commissioner says, "Our concern is that we have not yet seen a demonstrable need for the extent of access to personal information by law enforcement and national security authorities...We believe any measure that seeks to put more personal information in the hands of government in general must be justified."

Full Story

HEALTHCARE PRIVACY

Investigation Explores Medical Record Payment Requirements (July 1, 2011)

The Globe and Mail reports on the reason patients must pay for the transfer of their own medical records. According to the report, one healthcare provider attempted to charge $2,532 for a copy of medical records. "We've had many complaints of this nature where we've reduced the fee significantly," says Ontario Information and Privacy Commissioner Ann Cavoukian. As part of its annual report, her office set a benchmark to limit fees. Defending the practice of charging medical fees, one doctor says, "We're not asking for patients to pay for the information that's in the file...We're asking them to pay for the clerical time and the effort of putting the copy together." 

Full Story

PERSONAL PRIVACY

Opinion: Smart Grid Must Ensure Privacy from Start (July 1, 2011)

In an editorial for the Times Colonist, BC Privacy Commissioner Elizabeth Denham writes about her office's collaboration with BC Hydro as it implements the smart grid, which will digitize home energy use. "With an increase in the granularity of information comes an increased potential for abuse," Denham writes, adding that key smart grid privacy and security issues include making sure that information is protected as it moves along the grid; privacy is built in at the earliest stage; customers have access to their own--but no one else's--household energy data, and customer energy information is used only for the purposes it was collected.

Full Story

PERSONAL PRIVACY

More Citizens Need “Privacy Literacy” (July 1, 2011)

In this digital age, two of Canada's privacy watchdogs do not think individuals should have to sacrifice their privacy in order to reap the benefits of digital innovation, the Toronto Star reports. Ontario's information and privacy commissioner has reported that many mobile phones "can reveal damaging and perhaps embarrassing information, or lead to discrimination." Canada's privacy commissioner notes that four out of five Canadians use the Internet daily, but "many people don't know they're leaving a trail of digital bread crumbs when they click their way through websites. They don't know that those crumbs are stored, analyzed and accessible."

Full Story

DATA PROTECTION

Commissioner Discusses Privacy By Design (July 1, 2011)

In a podcast for GovInfoSecurity, Ontario Information and Privacy Commissioner Ann Cavoukian discusses Privacy By Design and a new concept, privacy by redesign. Saying that organizations are often their own biggest obstacle, she adds, "You have to weave privacy throughout the entire organization in order for it to work effectively." In the interview, Cavoukian discusses the fundamental components of Privacy By Design, the goals of privacy by redesign and improvements organizations can make to improve their privacy initiatives.

Full Story