Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

ONLINE PRIVACY

New Browser Raises Privacy Concerns (September 30, 2011)

Computerworld reports on Amazon's new Silk browser and the concerns raised by privacy advocates. The browser will connect to a cloud service owned by the company, thereby speeding up browsing capabilities, and, according to the company, a secure connection will be established "from the cloud to the site owner on your behalf for page requests of sites using SSL." A representative from the Center for Democracy & Technology said, "This makes Amazon your ISP...I don't think it's at all clear that Amazon can step into that," but he added it was a "great move" for the company to offer an opt-out to customers. The Electronic Frontier Foundation commented that "there are some worrisome privacy issues" in general around use of browsing history.
Full Story

PRIVACY LAW

Gov’t Reintroduces PIPEDA Amendments (September 30, 2011)

Minister of Industry Christian Paradis has reintroduced amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) in the House of Commons, Storage and Destruction Business reports. The bill's amendments would require organizations to report "material breaches of personal information" directly to the Privacy Commissioner of Canada; notify individuals of when their information is compromised, and streamline rules for companies, among others. Paradis said, "Canada already has a solid legislative framework in place to ensure the protection of personal information...these amendments are based on extensive consultations and will help us maintain a balanced and practical approach to privacy law." 
Full Story

DATA LOSS

Lost Memory Stick Contained PHI of 1,500 (September 30, 2011)

The personal information of approximately 1,500 patients at a hospital in St. John has gone missing, the Telegraph-Journal reports. The USB storage device, which was used as a main system backup, contained patient information, including Medicare numbers. After an in-depth search for the missing device, the hospital's chief privacy officer (CPO) said that they believed the item had been misplaced. Affected patients were notified of the incident. In addition to contacting New Brunswick's access to information and privacy commissioner, the CPO said the hospital is developing "a policy that gives direction to staff about storage of electronic personal health information."     
Full Story

SURVEILLANCE

Advocates: Law Would “Open Window” Into Private Lives (September 30, 2011)

Expectations that "so-called lawful access legislation" introduced in 2009 could soon be reintroduced is raising privacy concerns, The Vancouver Sun reports. The proposal was based on concerns regarding criminals' use of mobile phones and the Internet, but the report cites fears that if the legislation is reintroduced, "the new rules would open a new window into our private lives that police would be able to peer through without a warrant." BC Information and Privacy Commissioner Elizabeth Denham has cautioned, "If you are setting up private sector in a way that will provide easier access to the police, that's shifting our fundamental outlook about privacy and civil rights protections of constitutional rights."
Full Story

DATA LOSS

Health Records Found on Street (September 30, 2011)

A media outlet in Calgary was given medical records that were found on the street, iNews880 reports. The records contain names, birth dates and surgical procedures. Alberta's information and privacy commissioner is currently investigating the incident. A spokesperson for the commissioner said, "There's a lot of very personal information in those files."
Full Story

CHILDREN’S PRIVACY

OPC Launches Contest on Privacy Issues (September 30, 2011)

The Office of the Privacy Commissioner has announced that it will host the fourth annual My Privacy & Me National Video Contest to help educate children aged 12 to 18 on privacy issues surrounding common online activities, Digital Journal reports. Students are invited to submit video public service announcements associated with social networking, mobile devices, online gaming or cybersecurity. Privacy Commissioner Jennifer Stoddart said, "Young Canadians are in constant contact with others...They're talking, texting, trading images and playing online games. Does this mean they don't care about privacy? We think they do--and we want to help them to show us how."
Full Story
 

SOCIAL NETWORKING

Site Introduces New Privacy Features (September 30, 2011)

Music streaming site Spotify has introduced new privacy features in the wake of complaints about its integration with the world's largest social network, the Financial Times reports. The music service had "quietly introduced the requirement that all new users sign up with a Facebook account rather than the usual e-mail" and "defaulted to sharing all a user's listening habits," the report states. While users could choose to opt out of sharing their music tastes through Facebook, in response to "hundreds of complaints," Spotify's CEO has announced a new "private listening" mode, noting, "we value feedback and will make changes based on it." (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING

DPC Opens Investigation; Data Use Concerns Persist (September 29, 2011)

Following an advocacy group's logging of more than 20 complaints, Ireland's Data Protection Commission "will examine all of Facebook's activities outside the U.S. and Canada" with a goal of publishing its findings by the end of the year, siliconrepublic reports. Meanwhile, the Financial Times highlights privacy advocates' concerns that the social network is not adequately informing users of the potential for information "it will collect from new entertainment and media applications" to be used in advertising. One advocate said, "If the ad were to publish facts about you without your knowledge...it would cross into extremely creepy territory," while Facebook stressed its features "only work if people explicitly opt in to them."
Full Story

FINANCIAL PRIVACY

Firms Scrambling Ahead of PCI DSS Audits (September 29, 2011)

Firms are struggling to maintain compliance with PCI DSS standards, SearchSecurity.com reports. That's based on the "2011 Verizon Payment Card Industry Compliance Report," which looked at more than 100 PCI DSS assessments conducted by Verizon's PCI Qualified Security Assessors in 2010, based on compliance with 12 PCI DSS standards. The report found 21 percent of organizations were fully compliant, and when compliance is achieved, it's not maintained through the next assessment period. Organizations are meeting about 80 percent of requirements, a Verizon spokesman said, adding, "We're seeing lots of scrambling to get things in order for the assessor, and that's not the intent of PCI DSS at all."
Full Story

SOCIAL NETWORKING

Technologist Says Site Fixed Cookie Problem (September 28, 2011)

ZDNet reports that Facebook has denied technologist Nik Cubrilovic's claim that the social networking site tracks users even after they have logged out. Cubrilovic, whose claims incited concerns among privacy advocates this week, says Facebook has since made changes to the logout process, alleviating privacy concerns. He has detailed the functions of what he says are the site's five persistent cookies, including the user ID, which he says is now destroyed when a user logs out. The rest of the cookies, Cubrilovic says, are not concerning and users "shouldn't worry about them."
Full Story

SOCIAL NETWORKING

Site’s Redesign Ignites Concerns (September 27, 2011)

Facebook's planned redesign has some users and privacy advocates concerned, The Washington Post reports. The redesign will integrate third-party apps into a user's profile page and update user activity on those apps automatically, meaning "users will have to think more carefully about what apps they use, since their private media consumption, exercise routines and other habits could be automatically published on their profiles," the report states. Pam Dixon of the World Privacy Forum said consumers have voiced that they don't understand the new, more granular privacy controls. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Opinion: Search Engines Need Discretion (September 27, 2011)

In a column for The New York Times, Noam Cohen analyzes the "predicament" surrounding the loss of control of one's online identity through search engine algorithms. One such case involves a U.S. presidential candidate whose lost online identity "stands as a chilling example of what it means to be at the mercy" of a search engine algorithm. A search engine company says that "search results are a reflection of the content and information that is available on the Web," but Cohen writes that the issue should be directed at the companies, not the algorithms, "especially when it comes to hurting living, breathing people." (Registration may be required to access this story.)
Full Story

PRIVACY

Report Spotlights “New World of Corporate Privacy” (September 26, 2011)
The Wall Street Journal explores the value of privacy impact assessments to avoid "running into regulatory fire in the complicated landscape of privacy law" across jurisdictions, pointing out that a "growing cadre of professionals is being hired to manage companies' privacy risk." The report spotlights the work of the IAPP; includes insights from several IAPP members from leading companies including GE, IBM, Apple and Hewlett-Packard, and quotes IAPP President and CEO J. Trevor Hughes, CIPP, who explains that when it comes to the work of privacy professionals, "Early on it was all about compliance. Today, there is as much business-management focus as there is law and compliance." (Registration may be required to access this story.)

DATA PROTECTION

New Technologies and Tips for Protecting Data (September 26, 2011)

The frequency and scale of recent data breaches is causing many companies to reevaluate their data protection mechanisms and question what to do in the event of a cyberattack. The Wall Street Journal reports on new methods of system security that go beyond the password, such as two-factor authentication and machine fingerprinting. While not perfect, one expert equates the additional security to "putting speed bumps in front of the bad guys." In a separate report, the WSJ outlines a list of steps to take if your organization has been hacked, including preemptive training and planning; when to call in the experts and authorities, and tips on notifying customers. (Registration may be required to access this story.)
Full Story

PERSONAL PRIVACY

Complaint Lodged Against Liberal Party (September 23, 2011)

A woman has lodged a complaint with the Prince Edward Island (PEI) privacy commissioner after e-mails she sent to a cabinet minister were released to the media by the Liberal Party, reports CTV.ca. The woman claims she thought the two e-mails--in which she alleges corruption in the immigration nominee program--would be kept confidential, but the Liberal Party denies any reasonable expectation of privacy. PEI Privacy Commissioner Maria MacDonald said, after initial examination, she doesn't see any relevant exemptions in the law allowing for the release of the e-mails, but the Liberal Party is not a public agency and therefore not covered by the privacy law. MacDonald will not confirm whether her office is investigating the complaint. 
Full Story

CHILDREN’S PRIVACY

Commissioner Urges Teenagers To Protect Privacy (September 23, 2011)

Privacy Commissioner Jennifer Stoddart is encouraging teenagers to consider the consequences before posting personal data online so that they can "take advantage of all of the benefits that the online world has to offer--without having any regrets later." Stoddart has released "Protecting Your Online Rep" to help educate high school students about how to protect their privacy and is planning to release similar packages for younger students later this year, The Toronto Star reports. "Think twice about every piece of information before you post it on the Internet," Stoddart said, "because once it's up there it can be impossible to take down."
Full Story

PRIVACY LAW

Commissioner Releases Lawyer Guidance (September 23, 2011)

The Office of the Privacy Commissioner (OPC) has created a handbook for lawyers explaining how the Personal Information Protection and Electronic Documents Act applies to law practice in the private sector. "While lawyers may be familiar with privacy laws in general, they may benefit from some concrete guidance on how to apply the laws to their own practice," said the OPC's general counsel, adding, "Canadian lawyers have a leadership opportunity to serve as exemplars of ethical and respectful conduct on behalf of their profession and the clients they serve."
Full Story

DATA PROTECTION

Ontario Commissioner Releases Whitepaper (September 23, 2011)

Ontario's Information and Privacy Commissioner has released a whitepaper for regulators, decision-makers and policy-makers. "Privacy by Design in Law, Policy and Practice" aims to "help support the wide implementation of the principles of Privacy by Design," the paper states. It encourages companies to "go beyond mere legal compliance with notice, choice, access, security and enforcement requirements" and, instead, design their own approaches to risk management within regulatory frameworks.
Full Story

SOCIAL NETWORKING

Facebook and Netflix Pair Up (September 23, 2011)

At Facebook's f8 conference yesterday, Netflix announced that it will integrate its video streaming services with Facebook, allowing users to watch videos--and see what their friends are watching--on Facebook. The service will be available in 44 countries, not including the U.S., where the Video Privacy Protection Act (VPPA) prevents the disclosure of video sales and rentals, reports The Washington Post. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—CANADA

No Online Monitoring in Crime Bill (September 22, 2011)

Prime Minister Stephen Harper's crime bill was revealed on Tuesday without a provision to allow for increased access to individuals' online activities, pleasing opponents of "lawful access," reports PostMedia News. "I take this as a positive, that even if Prime Minister Stephen Harper is going to reintroduce this, he'll allow Canadians to debate it," said one lawful access opponent. Canada's federal and provincial privacy commissioners expressed their concerns with the proposal in a letter earlier this year, saying it would "significantly diminish" Canadians' privacy. Government officials are stressing that more anti-crime legislation is on the way, and authorities need "21st century tools" to fight online criminals.     
Full Story

HEALTHCARE PRIVACY

Survey: Industry Lacks Data Security (September 22, 2011)

A survey of the healthcare industry reveals that less than half the companies surveyed are bolstering privacy and security measures to keep up with the growing use of digital technology, Reuters reports. Of the 600 executives interviewed by PricewaterhouseCoopers' Health Research Institute, nearly 74 percent are planning to expand the use of electronic health records, but only 47 percent are addressing related privacy and security implications. One of the report's contributors, Jim Koenig, CIPP, said, "health IT and new uses of health information are changing quickly and the privacy and security sometimes may not be moving in step...That is some of the most sensitive and important information to a consumer, so with the advancement of healthcare IT, it's only natural that advancements in privacy and security should come along."  
Full Story

ONLINE PRIVACY

Researcher: Smartphone IDs Not Secure (September 19, 2011)

The Wall Street Journal reports on the use of smartphones' unique ID numbers as a way for criminals to access users' social networks. While the IDs do not contain user information in and of themselves, the report notes that "app developers and mobile ad networks often use them to keep track of user accounts, sometimes storing them along with more sensitive information like name, location, e-mail address or social-networking data," effectively using the IDs as what researcher Aldo Cortesi describes as a not-too-secure key to that information. "Mobile security is not limited to a singular app or games overall--it's an issue that the entire mobile ecosystem needs to address," Cortesi said. (Registration may be required to access this story.)
Full Story

PRIVACY LAW

Report Challenges Border Plan (September 16, 2011)

Prime Minister Stephen Harper and U.S. President Barack Obama are expected to announce the details of the "Beyond the Border" perimeter security pact in the coming weeks, reports Postmedia News. The U.S. ambassador to Canada says the plan will enhance security for both countries and "make the lives of people and businesses who need to go back and forth across the border...more efficient." But a recent report echoes privacy advocates' concerns over cross-border data sharing and says the deal may contravene the Data Protection Law. In his report, "Shared Vision or Myopia: The Politics of Perimeter Security and Economic Competitiveness," Gar Pardy says the deal represents an "integration of security matters" and recommends the privacy commissioner review and monitor all information-sharing agreements.
Full Story

SURVEILLANCE

Advocates, Politicians Vocal Against “Lawful Access” (September 16, 2011)

An open Internet advocacy group has launched a campaign against proposed legislation that would give authorities more power to conduct Web surveillance and intercept communications. The Vancouver Sun reports that OpenMedia's campaign has received the support of the federal Green Party, and the federal New Democrats have also voiced objections to the proposed legislation. OpenMedia posted online video advertisements showing how it believes the legislation would invade citizens' privacy and has circulated a petition signed by about 65,000 people. The Canadian privacy commissioner recently released a survey showing that eight of 10 Canadians did not feel authorities "should be able to request information from telecommunications companies about Canadians and their Internet usage without a warrant from the courts."
Full Story

TRAVELLERS’ PRIVACY

ePassports Feature Facial Recognition Technology (September 16, 2011)

Canada will roll out its ePassports by the end of 2012, featuring enhanced digital security measures such as facial recognition technology. The new documents will include an electronic chip encoded with the individual's name, sex, date and place of birth, as well as a digital image, The Vancouver Sun reports. Some experts say the new passports' enhanced features are not justified. "There hasn't been any debate if it's a good thing or not," says Andrew Clement of the Information Policy Research Program at the University of Toronto, adding that the facial recognition technology could be used to screen images in watch lists. "It's concerning that our everyday activity is surveyed," he said.
Full Story
 

PRIVACY LAW

Commissioner Approves Gov’t Investigation (September 16, 2011)

British Columbia's privacy commissioner has approved a government internal review of a security breach incident that occurred in 2009, The Vancouver Sun reports. An employee from the Ministry of Housing and Social Development in the Lower Mainland, who has since resigned, allegedly e-mailed sensitive information about government clients to a U.S. Department of Homeland Security border guard, the report states. After monitoring the government investigation, the privacy commissioner issued a closing report on February 18. A spokeswoman for the commissioner said, "The investigator was satisfied that the government had taken the appropriate steps in responding to this breach, including developing adequate prevention strategies."
Full Story

INFORMATION ACCESS

Hospital To Release Data Thief’s Identity (September 16, 2011)

The North Bay Regional Health Centre announced that it will reveal the name of the nurse who breached the data of more than 5,800 of its patients--but only to those patients, reports the North Bay Nugget. The hospital was waiting for official notice from the Office of the Ontario Information and Privacy Commissioner on the privacy laws surrounding the release. After reading a letter submitted to the North Bay Nugget by Commissioner Ann Cavoukian stating, "Privacy considerations do not prevent the identity of the staff member responsible for the breach being disclosed to the affected individuals," the hospital decided to make the name known to victims who request it. Marc Buchard, the hospital's chief privacy officer, said those who want the nurse's name may contact him.
Full Story

CHILDREN’S PRIVACY

OPC Releases Online Tool (September 16, 2011)

The Office of the Privacy Commissioner (OPC) has created a tool to help teachers and others communicate to children about ways "technology can affect their privacy and to show them how to build a secure online identity and keep their personal information safe," says the OPC release. The package--aimed at students in grades nine through 12--includes a presentation with detailed notes and ideas for class discussions.
Full Story

DATA PROTECTION

Top Security Threats for Small Businesses (September 16, 2011)

The Globe and Mail reports on the 10 most overlooked security threats for small businesses. Informatica Corporation Chief Security Officer Claudiu Popa, CIPP, says top threats include malware infections leading to data loss, malicious breaches, hijacked domain names, insider threats, breaches caused by infected devices, data breaches and theft. When it comes to breaches as a result of insufficient security, the problem is that lost data "cannot verifiably be recovered with the damage undone. Once copied or transferred, those actions can't be undone," Popa writes, suggesting that firms take action to properly encrypt data at all steps of the information lifecycle.
Full Story

PRIVACY

Opinion: Digital Policies Absent in Political Debates (September 16, 2011)

Last week saw the beginnings of Ontario's election campaign, and Liberals, Progressive Conservatives and the NDP were promoting their policies, but according to Ottawa Citizen columnist Michael Geist, notably absent were digital policy plans. While the federal government generally takes the lead on digital policy, provinces are often the keepers of consumer protection and civil rights legislation, he notes. "With privacy reform stalled at the federal level, there is an important role to play for provincial governments, yet the issue is not discussed by any of the three provincial parties. Several Canadian provinces including Alberta, British Columbia and Quebec have enacted broad-based privacy legislation. Ontario has not, raising the question of where the parties stand," he writes.
Full Story

PRIVACY

Jennifer Barrett Glasgow Receives 2011 Privacy Vanguard Award (September 16, 2011)
Jennifer Barrett Glasgow, CIPP, Acxiom Corporation Executive for Global Public Policy and Privacy, received the 2011 IAPP Privacy Vanguard Award at the annual Privacy Dinner last night in Dallas, TX. Presenting the award, past IAPP Board Chairman and GE Chief Privacy Leader Nuala O'Connor Kelly, CIPP, CIPP/G, described Barrett Glasgow as an educator, advocate and "model of courage, of poise and grace." Also recognized at the dinner were the winners of the 2011 HP-IAPP Innovation Awards--Warner Bros. Entertainment, Inc., Ontario Telemedicine Network and Heartland Payment Systems. Texas Comptroller Susan Combs delivered the evening's keynote address on how agencies, businesses and organizations can learn from a data breach, make proactive data protection choices and improve for the future.

ONLINE PRIVACY

Google Offers Location Service Opt-Out (September 14, 2011)

The New York Times reports Google will provide an option for residential WiFi routers to be removed from a registry the company uses to locate cell towers. The change comes in the wake of warnings by EU data protection regulators that "unauthorized use of data sent by WiFi routers, which can broadcast the names, locations and identities of cell phones within their range, violated European law," the report states. Google Global Privacy Counsel Peter Fleischer noted the opt-out comes at the request of several European data protection authorities and "will allow an access point owner to opt out from Google's location services." The opt-out will be available internationally, the report states. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—CANADA

Damages Awarded Under PIPEDA (September 14, 2011)

A Canadian bank must pay monetary damages to a client after one of its employees disclosed the client's account information, reports Employment Law Today. An attorney representing Nicole Landry's husband in their divorce case subpoenaed a Royal Bank of Canada (RBC) employee to deliver Landry's bank account information to court. The employee also faxed Landry's information to the attorney without her consent, which violates RBC policies and the Personal Information Protection and Electronic Documents Act (PIPEDA). Landry claimed personal harm and humiliation--for which PIPEDA allows monetary damages--and was awarded $4,500. This is the second time damages have been awarded in PIPEDA's 10-year history.
Full Story

SOCIAL NETWORKING

Facebook Tests “Smart Lists” Feature (September 13, 2011)

Facebook has been testing a new privacy feature with a select number of users, reports Mobiledia. Smart Lists allows users to group their friends in categories and customize news feeds to deliver content to certain lists. The report states that the feature may be Facebook's response to Google+, which uses its "Circles" feature to categorize groups of people. Facebook has not officially announced the feature or when it will be released to all users.
Full Story

PRIVACY

Mexican DPA Discusses Data Protection, International Conference (September 12, 2011)
For the first time in its 33-year history, the International Conference of Data Protection and Privacy Commissioners (ICDPPC) will be held in Latin America, hosted this year by Mexico's Federal Institute for Access to Information and Data Protection (IFAI). In this Daily Dashboard exclusive, IFAI President Commissioner Jacqueline Peschard discusses the highlights of the upcoming 2011 conference, entitled "PRIVACY: The Global Age," as well as the work of the IFAI and the international data protection landscape. As Peschard puts it, in a time when data is not hemmed in by geographic boundaries, DPAs must work together across borders, which is one of the key aims of ICDPPC.

BEHAVIORAL TARGETING

W3C Announces Tracking Protection Working Group (September 12, 2011)

The World Wide Web Consortium (W3C) recently announced its Tracking Protection Working Group, established to create a "set of standards that enables individuals to express their preferences and choices about online tracking and enables transparency concerning online tracking activities," the group said on its blog. The Register reports that one of the first hurdles the group may face is getting all the stakeholders to agree on the standards. "A critical element of the group's success will be broad-based participation," W3C said, adding that do-not-track efforts by Microsoft and Mozilla will act as the basis for the group's work. Aleecia McDonald, senior privacy researcher at Mozilla, and another unidentified industry leader will co-chair the group. 
Full Story

PERSONAL PRIVACY—U.S. & CANADA

9/11’s Effect on Societal Norms (September 12, 2011)

American Public Media's "Marketplace" explores how the convergence of the government's post-9/11 intensified security efforts and Internet giants' remake of the online environment created a "data collection revolution." Researchers and an industry executive weigh in on ways that government investments in surveillance technology--such as facial recognition--have made possible online features and applications that, according to Alessandro Acquisti of Carnegie Mellon University, are "bringing us closer to a world where online and offline data merge. The consequences can be cool but also very creepy." Meanwhile, British Columbia Privacy Commissioner Elizabeth Denham questions whether the "progression of security measures," and subsequent loss of privacy, "has been effective or proportionate to the threat." Editor's Note: For more on the implications of Sept. 11 on privacy, read the Daily Dashboard exclusive, "An Unexpected Sept. 11 Legacy: Privacy and Civil Liberties Oversight Board Remains Dormant," and "How 9/11 Changed Privacy," from this month's Privacy Advisor.
Full Story

TRAVELLERS’ PRIVACY

Border Security Plans Raise Privacy Concerns (September 9, 2011)

Ten years after the September 11 attacks, many Canadians are finding travel into the U.S. more difficult as restrictions imposed by U.S. authorities increase, the Winnipeg Free Press reports. Border security could intensify as both countries enact a perimeter security pact with the purpose of improving travel security within North America. Privacy Commissioner Jennifer Stoddart expressed concern about the move "towards an American-style model of collecting personal information" because "tidbits of our lives from everywhere would be increasingly pulled together in accordance with an American model rather than a Canadian model, which tends to segregate the information for privacy purposes and share only on a 'needs-to-know' basis." The U.S. Ambassador to Canada said that more transparency about the talks could help assuage concerns.
Full Story

TRAVELLERS’ PRIVACY

Stoddart Offers Conditions for Perimeter Agreement (September 9, 2011)

In The Huffington Post Canada, Privacy Commissioner Jennifer Stoddart discusses the emerging Canada-U.S. perimeter agreement and the need to incorporate a respect for privacy. "As the pursuit of greater security continues, it doesn't have to come at privacy's expense," Stoddart writes, noting that she takes comfort in a recent comment by Foreign Affairs Minister John Baird that a respect for "the legal and privacy rights of Canadians" is essential to the process. "Given my role, I want to see those words ring true," says Stoddart, going on to offer three "essential conditions that any future agreement should meet in order to truly and properly 'promote' and 'respect' our privacy rights."     
Full Story

INFORMATION ACCESS

Work Investigating Candidate’s Document Shredding (September 9, 2011)

Information and Privacy Commissioner Frank Work has launched an investigation into allegations that an Alberta politician destroyed records before leaving office, The Vancouver Sun reports. Work launched the investigation after leaked documents indicated that Conservative leadership candidate Ted Morton's staff deleted e-mails and shredded documents before Morton left his position as minister of finance and sustainable resource development, allegations a Work spokesman calls "serious," adding that Work is concerned others may be doing the same thing. It is not yet clear whether the destroyed documents would have been subject to the Freedom of Information and Protection of Privacy Act. 
Full Story

PERSONAL PRIVACY

Opinion: Get Smart About Mobile Privacy (September 9, 2011)

The Windsor Star reports on the recently released survey results showing that only four out of 10 Canadians use password locks or change privacy settings to protect their privacy when using mobile phones, while nearly 70 percent "insisted" their mobile phones did not contain personal information. Privacy Commissioner Jennifer Stoddart said, "Mobile phones increasingly hold a lot of personal information, but it doesn't seem like Canadians think they do." The report warns that "Canadians need to wise up" because "smartphones will get people in trouble if they're not smart enough to use them judiciously." The report also revealed how different generations manage mobile phone privacy.   
Full Story

CHILDREN’S PRIVACY

Experts: Kids Unaware of Internet Threats (September 8, 2011)

USA Today reports on the likelihood that social networks and mobile apps could violate the privacy of the children and teens who use them. From a recent settlement of a Children's Online Privacy and Protection Act violation in the U.S. to calls by the UK's data protection authority for children to know their rights regarding online privacy, experts are calling for more education for youth who "exchange their personal data to Web services without knowing the possible consequences." Meanwhile, WBAL-TV 11 News reports on parents in one U.S. state who are questioning why they should provide schools with their children's Social Security numbers.  
Full Story

SURVEILLANCE

Facial Recognition Technology Seeing “Boom Time” (September 7, 2011)

Forbes reports on the increasing popularity of facial recognition technology, now experiencing its "boom time." The technology is being used by police departments, casinos and bars, among others. Shoe retailer Adidas is now testing the technology in order to market shoes to specific age and gender demographics, and Kraft foods is working with supermarket chains with hopes of installing facial recognition kiosks in order to better target specific consumers. "You can put this technology into kiosks, vending machines, digital signs," said a spokesman for Intel, a developer of the software. "It's going to become a much more common thing in the next few years."    
Full Story

ONLINE PRIVACY

Smartphone Makers Respond to Tracking Allegations (September 6, 2011)

Microsoft has responded to a class-action lawsuit, saying the location data it collects through its Windows Phone camera is not linked to a specific device or user, reports The Next Web. While the suit claims the software collects users' geographical coordinates even after they request not to be tracked, Microsoft says that because it does not collect unique identifiers, "the Windows Phone camera would not enable Microsoft to identify an individual or 'track' his or her movements." Meanwhile, smartphone maker HTC responded to claims that at least two of its phones collect location and personal data, explaining that the data in question is de-identified, encrypted and only collected upon user opt-in.
Full Story

SURVEILLANCE

In Wake of Riots, Report Calls for More CCTV (September 2, 2011)

A report released by the city manager on Thursday recommends that Vancouver beef up its use of closed circuit television cameras (CCTV) at large events, GlobalBC reports. The report follows a review sparked by the June riots that occurred after the Stanley Cup finals. "The city and Vancouver Police Department should bring forward to council an updated policy with regard to the future use of CCTV cameras for special events to assist with monitoring crowd activities, deployment of first responders...and identification of suspects...in the event of a significant disturbance." The use of CCTV for security purposes has been controversial in the past.
Full Story

GEO PRIVACY

Mobile Apps in an Instant-Gratification Society (September 2, 2011)

The Toronto Star looks at the personal information tradeoff inherent in certain mobile app offerings. An investigation last year found widespread transmission of phones' locations by apps. With some developers beginning to offer location-based coupons, there is fear that consumers will be persuaded to share ever more data. "We're very bad at calculating risk or cost, so we make bad choices about sharing information," says privacy researcher and consultant Ashkan Soltani. "Instant gratification will discount things in the future." Soltani adds that legislation requiring consent for data collection probably won't work. "Without baseline privacy protection and a list of acceptable and unacceptable practices, the consent model may create more bad outcomes," Soltani says.
Full Story

SOCIAL NETWORKING

Young Are More Privacy-Aware Than Old (September 2, 2011)

A CBC News report takes a closer look at one of the findings in a survey recently released by the Office of the Privacy Commissioner. The study found that young adults are more privacy-savvy than older users when it comes to understanding and using the privacy controls on social media sites. "They seem to be thinking about privacy a lot more than other generations did, from what we can observe," said Privacy Commissioner Jennifer Stoddart, adding that because social media is such an integral part of their lives, "they're forced to confront privacy issues more often."
Full Story

DATA LOSS

Work: Encryption’s Cheap, Not Used Enough (September 2, 2011)

Data breach notifications are underreported by two-thirds, says Alberta Information and Privacy Commissioner Frank Work. The 90 breach notifications made to Work's office since spring 2010 represent one-third of the number of actual leaks, the Edmonton Journal reports. Work said the breaches are largely due to carelessness, such as people leaving laptops in coffee shops or accidentally sending an e-mail to the wrong person. But they are also due to a lack of data encryption. "For the minimal cost of encrypting information, it's amazing how many organizations still don't do it," Work said.
Full Story

INFORMATION ACCESS

Groups Want Access Case Probed (September 2, 2011)

Newspapers Canada, the Canadian Taxpayers Federation and the BC Freedom of Information and Privacy Association are requesting a probe into why the RCMP dropped its investigation into alleged political interference with the release of government information, the Winnipeg Free Press reports. The incident involved a political aide's refusal to disclose a document requested under the Access to Information Act in 2009. Canada's information commissioner later concluded that the political aide's actions were inappropriate. The RCMP was called in but has dropped its investigation. The three groups wrote a letter this week asking for a House of Commons committee investigation into the matter.
Full Story

PERSONAL PRIVACY

Opinion: Survey Results Concerning, Room for Optimism (September 2, 2011)

Responding to survey results that were released last week by Privacy Commissioner Jennifer Stoddart, a ChronicleHerald.ca editorial asks whether Canadians are "turning a blind eye" to personal data protection on their mobile devices. The results found that less than four in 10 Canadians have made attempts to protect their personal data. "There's also room for optimism," the article notes, because individuals using mobile devices the most--those aged between 18 and 34--were more likely to adjust their privacy settings. Stoddart said, "Young people are sometimes stereotyped as digital exhibitionists who are quite uninhibited in posting comments and personal images...And yet, this new data shows that they not only care about privacy, they are actually leaders in protecting it."
Full Story

PRIVACY LAW

Class-Action Filed on Behalf of Mobile Phone Users (September 2, 2011)

A proposed class-action lawsuit filed on behalf of Windows Phone 7 users in a Seattle, WA, court on Wednesday alleges that Microsoft designed the phone to track customers regardless of their preferences, The Sydney Morning Herald reports. The suit alleges the company designed camera software on the phone's operating system to collect users' geographical coordinates even if they had requested not to be tracked, the report states. The suit also alleges that statements the company made in a letter to the U.S. Congress were "false." 
Full Story

ONLINE PRIVACY

Kundra: Cloud Concerns re: Privacy “Unfounded and Ridiculous” (September 1, 2011)
Former U.S. Chief Information Officer Vivek Kundra is sounding off on governments' reluctance to adopt cloud computing due to privacy and information security concerns, noting the U.S. government's outsourcing of more than 4,700 systems "and yet when it comes to cloud for some reason these fears are raised," reports The Australian. In The New York Times, Kundra  writes that "governments around the world are wasting billions of dollars on unnecessary information technology," adding that cloud computing is often more secure than traditional methods. Taking part in a Digital Agenda panel on Wednesday, Kundra urged government officials to think about how they are serving constituents. "All that money's being spent on redundant infrastructure, redundant application that we're not able to optimize," he said. Meanwhile, Kundra's Digital Agenda co-panelist Vice President of the European Commission Digital Agenda Neelie Kroes said that while she agrees there are benefits to the adoption of cloud computing, the value depends on trust and security in the system, and there are cultural hurdles to overcome that will take time, ZDNet reports. Editor's Note: Navigate, an IAPP executive forum being held on September 14 in Dallas, TX, will feature a special program entitled Putting Cloud Computing on Trial to fully explore these issues.