Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

ONLINE PRIVACY

Exploring the Privacy Button (November 28, 2011)

In a podcast, The New York Times' media desk reporter, Tanzina Vega, discusses one company's attempt to offer its users an easy-to-use method to control their online data while exploring how the One Click Privacy button works. The new control, made by BrightTag, comes out while the Federal Trade Commission and the World Wide Web Consortium work on the creation of do-not-track standards. (Registration may be required to access this story.)
Full Story

PRIVACY LAW

Supreme Court Won’t Hear Appeal (November 25, 2011)

The Supreme Court of Canada will not hear an appeal of a lower court's ruling concerning a retailer's data collection practices, Macleans reports. Alberta Privacy Commissioner Frank Work sought the Supreme Court's involvement after the Alberta Court of Appeal ruled in June that Work's attempt to nix Leon's practice of collecting driver's licence numbers from customers "allowed the privacy rights of the individuals to outweigh the rights of the business," the report states. "It's really a victory for a reasonable approach for these privacy issues," said Geoff Hall, a lawyer for Leon's, in responding to the Supreme Court's decision not to hear the case.
Full Story

INFORMATION ACCESS

Commissioner: Deleting Data Breaks Law (November 25, 2011)

The Canadian Press reports that Information Commissioner Suzanne Legault has told a Commons committee that a bill introduced last month to cease the registration of long guns and delete more than seven million records in the federal long-gun registry "would set a bad precedent for the destruction of government records" and violate the Library and Archives of Canada Act. Also speaking before the committee, Privacy Commissioner Jennifer Stoddart "urged caution in destroying the data, pointing to regulations that require institutions to keep records for at least two years," the report states. 
Full Story

DATA PROTECTION

Councillor Requests Mailing List Investigation (November 25, 2011)

A local official is requesting that Elections Canada investigate the source of a mailing list used by a campaign group, Canada.com reports. Comox Valley Common Sense group paid Canada Post to deliver personally addressed cards to voters, the report states, including one addressed to Courtenay Councillor Ronna-Rae Leonard's mother at Leonard's home. But Leonard's mother was deceased and never lived at that address. "My concern is about a breach of privacy and the potential for identity theft," Leonard said, adding that "if an anonymous group can get hold of such personal details, I want to know where from and what the implications might be."  
Full Story

INFORMATION ACCESS

Dickson: Review Reports Show Trend in Denying Access (November 25, 2011)

Saskatchewan Privacy Commissioner Gary Dickson has reprimanded the City of Saskatoon for obstructing the public's access to information under The Local Authority Freedom of Information and Protection of Privacy Act, reports News Talk 650. In three Review Reports issued this week, Dickson highlights instances where information access has been denied. He says the trend "suggests a systemic issue or problem that warrants some attention by the mayor."
Full Story

DATA PROTECTION

University Plans To Outsource E-mail Service (November 25, 2011)

Plans by Ryerson University to outsource its e-mail services to a private company have some concerned about privacy and security, the Toronto Star reports. Ryerson plans to use Google Apps Education Edition system, a move similar to that of Lakehead University in 2006, which prompted that university's faculty union to file a grievance that their privacy and academic freedom were infringed upon. Since Google is a U.S. company, the U.S. government could potentially require Google to provide access to such data under the USA PATRIOT Act, the report states. The grievance was dismissed with the arbitrator saying e-mails should be considered as confidential as postcards. 
Full Story

PRIVACY LAW

NDP Warns of e-Communications Legislation (November 25, 2011)

The New Democratic Party's (NDP) critic on privacy issues has warned that the proposed electronic communications monitoring law contains elements that he considers "very disturbing," Lavalnews.ca reports. Warnings from Timmins-James Bay MP Charlie Angus came after the federal privacy commissioner expressed similar concerns to Public Safety Minister Vic Toews last month. Angus says his number one concern with the legislation is the ability for the police to access warrantless geotracking information of individuals "simply on a hunch or on a whim...The tracking information gives an enormous amount of power to the police." 
Full Story

PERSONAL PRIVACY

Group Seeks Citizens’ Petition on Smart Meters (November 25, 2011)

Organizers of a group opposed to smart meters confirmed at a recent press conference that they will seek public support to use the Recall and Initiative Act to prevent BC Hydro's continued installation of household smart meters, The Vancouver Sun reports. The group, StopSmartMeters.ca, says health and privacy are among their concerns, and neither the utility nor the provincial government has been responsive to their objections. Board members Walt McGinnis and Steve Satow are asking citizens to register their objections on its website.
Full Story

ONLINE PRIVACY

Privacy-Focused Browser Extension Released (November 23, 2011)

PCWorld reports on a team of European and U.S.-based privacy researchers and product designers that has released "a browser-based implementation of Privicons, a project that aims to provide users with a simple method of expressing their expectations of privacy when sending e-mail." The "Privicons" are six icons matched with instructions such as "don't attribute" or "keep private" that users can add to their e-mails "to instruct recipients about how to handle a message or its content," the report states. Project proponents note it is based on user choice rather than the technological enforcement used for most e-mail privacy efforts. 
Full Story

DATA THEFT

Company Reports Attempted Hack (November 22, 2011)

PCWorld reports that AT&T has notified customers of an "organized and systematic" attempt to access their personal account information. In an e-mail, the company said that it did not "believe that the perpetrators of this attack obtained access" to the accounts when using auto script technology to "determine whether AT&T telephone numbers were linked to online AT&T accounts." The company said it will investigate the incident.
Full Story

EMPLOYEE PRIVACY—CANADA

Review: Board Must Protect Privacy (November 21, 2011)

The Chronicle Herald reports on the completion of a review of the Workers' Compensation Board of Nova Scotia launched in January by Dulcie McCallum, the province's freedom of information and privacy review officer. "Internal memos show that the board has broken the province's privacy law with 155 breaches of clients' personal information over a 32-month period," the report states, noting the review includes 21 recommendations for improved data protection and advises the board "to put privacy on a higher plane and recognize that it is the guardian of sensitive personal and personal health information." The board's CEO has said it plans to adopt all of the report's recommendations.
Full Story

PRIVACY

OPC Annual Report Spotlights Concerns (November 18, 2011)

Government data breaches, "disturbing gaps" in the way police manage personal information and concerns about airport security are among the issues highlighted in Privacy Commissioner Jennifer Stoddart's annual report. In addition to the full report, the Office of the Privacy Commissioner (OPC) has published an audit of selected RCMP databases and one on airport security practices. The report also highlights a "record number of breaches of personal information" reported by the government, the National Post reports--up 38 percent from the previous year. But, the OPC report notes, that may not be cause for alarm because it could "simply mean that organizations are becoming more diligent in reporting incidents to us."
Full Story

DATA LOSS

Study Finds Gov’t Insider Breaches Soaring (November 18, 2011)

CBC News reports on a new study indicating that government Internet data breaches by insiders are on the rise. While IT security breaches across all sectors dropped by 50 percent--with government breaches dropping 23 percent from 2010--that was not the case for insider breaches in the government sector, which include both malicious and accidental incidents. Insider breaches "grew by 28 percent between 2010 and 2011 and are up 68 percent since 2008," the report states, now comprising 42 percent of those reported by government entities. That compares to insiders being responsible for 27 percent of breaches at public organizations and 16 percent at private businesses, the report states.
Full Story

TRAVELERS’ PRIVACY

Commissioner Raises Airport Data Collection Concerns (November 18, 2011)

"The Government of Canada is collecting too much information about some air travelers and is not always safeguarding it properly." Those findings were included in an audit published this week by Privacy Commissioner Jennifer Stoddart that reviewed Canadian Air Transport Security Authority privacy policies and practices. The commissioner has determined the authority reached "beyond its mandate" by collecting information on passengers in ways that were "not related to aviation security." The audit also found "types of personal information collected by the agency were not always properly secured" and that prohibited items--including closed-circuit television cameras--were located in full-body scan screening rooms.
Full Story

DATA PROTECTION

BC Commissioner Seeks Budget Increase (November 18, 2011)

BC Privacy Commissioner Elizabeth Denham yesterday asked a committee of MLAs for a budget increase to account for new work that her office will take on in the coming year, The Victoria Times Colonist reports. Denham wants $490,000 to fund a new team that will handle the work associated with reviewing and writing rules on cross-ministry data sharing, the report states. Denham's office was tasked with this work under reforms to the provincial Privacy Act passed last month. "The reality is that these types of massive data-linking initiatives, if not done with proper regard for protection of privacy or robust independent oversight, is a privacy disaster in the making," Denham told the committee.
Full Story

PRIVACY

Cavoukian Named Among Canada’s Top Influential Women (November 18, 2011)

Ontario Information and Privacy Commissioner Ann Cavoukian has been named one of Canada's 25 most influential women by Women of Influence, Digital Journal reports. The award cites Cavoukian's work in protecting privacy and recognizes her as one of the leading privacy experts in the world. "I am deeply honored at being included in this distinguished group of women and hope to shine greater attention to the pursuit of preserving our freedoms, which are built up on a bedrock of privacy," the commissioner said.
Full Story

ONLINE PRIVACY

CEO Discusses Complexity of Privacy on the Web (November 18, 2011)

A company that ranks users' online influence using their social media activity is facing criticism for creating "shadow profiles" of non-users without permission, and while some are criticizing the company, others say it is using the same practice as many others by scouring the Web for data and aggregating it. In a Q&A with itbusiness.ca, Klout CEO Joe Fernandez discusses the "privacy wake-up call," noting the complexity of privacy in a social networking world and adding, "The biggest thing we screwed up was just surprising all of our users."
Full Story

PRIVACY LAW

OPC Seeks Legal Agent Submissions (November 18, 2011)

The Office of the Privacy Commissioner (OPC) Legal Services, Policy and Research (LSPR) Branch has announced it "is inviting Expressions of Interest (EOI) from interested lawyers or law firms with demonstrated competence and ability to comply with the criteria set out in the EOI and the related Schedule A" through November 30. "To carry out the mandate of the LSPR Branch, the OPC relies on in-house counsel as well as private-sector lawyers, both domestic and international, to deliver legal services where demand for services exceeds available internal resources and/or expertise," the announcement notes. Full details are available through the OPC website.
Full Story

ONLINE PRIVACY

Company Offers WiFi Opt-Out (November 16, 2011)
Google has agreed to provide a WiFi opt-out method for users who prefer to keep the names and locations of their wireless routers out of the company's database. The move comes after the company faced increased pressure from data protection authorities in the Netherlands, The New York Times reports.

ONLINE PRIVACY

Should Consumers Worry? Experts Share Views (November 16, 2011)

The Wall Street Journal assembled a diverse panel of experts to discuss the degree to which individuals should worry about their online privacy, including topics such as social network privacy controls, online behavioral advertising and government surveillance. Panelists included Steptoe & Johnson Partner Stewart Baker, Microsoft Senior Researcher danah boyd, CUNY Graduate School of Journalism Prof. Jeff Jarvis and Open Society Institute Fellow Christopher Soghoian. "If we overregulate privacy managing only to the worst case," said Jarvis, "we could lose sight of the benefits of publicness, the value of sharing." Personal data collected by firms "is like toxic waste," said Soghoian, "eventually, there will be an accident that will be impossible to clean up, leaving those whose data has spewed all over the Internet to bear the full costs of the breach." (Registration may be required to access this story.) Editor's Note: Jeff Jarvis will deliver a keynote address at the IAPP Global Privacy Summit 2012.
Full Story

PRIVACY LAW

APEC Endorses Cross-Border Rules (November 15, 2011)

At a meeting in Hawaii this week, the Asia-Pacific Economic Cooperation (APEC) leaders endorsed the APEC Cross-Border Privacy Rules (CPBRs), reports Hunton & Williams' Privacy and Information Security Law Blog. Implementing the rules enables data flow across borders "while enhancing data privacy practices; facilitating regulatory cooperating, and enabling greater accountability through the use of common principles, coordinated legal approaches and accountability agents," said an APEC statement. Welcoming the approval of the rules, FTC Commissioner Edith Ramirez said they have the potential to "significantly benefit companies, consumers and privacy regulators." The APEC Data Privacy Subgroup will next begin developing the structure for CBPR implementation, the report states. 
Full Story

PRIVACY LAW—CANADA & U.S.

Stoddart: Border Agreement Shouldn’t Sacrifice Privacy (November 15, 2011)

The perimeter agreement negotiations currently underway between Canada and the U.S. "can easily be compared to two individuals drastically redefining their relationship," writes Canadian Privacy Commissioner Jennifer Stoddart in The Huffington Post Canada. Noting that both countries "strongly value their privacy and realize its importance to the vitality of our democracies," Stoddart points out that "some key legislative differences on privacy protection exist between our countries," meaning that Canadians should "think about what we share and where we differ." Stoddart highlights three main differences between U.S. and Canadian approaches to privacy, including the protection of citizens' privacy from the federal government; national privacy legislation and an independent authority to oversee privacy issues.
Full Story

BIOMETRICS

Creepy or Cool? Facial Recognition Is on the Rise (November 14, 2011)
From digital billboards that target advertising based on the demographics of passersby to an app that scans bars determining the average age and gender of the crowd to Facebook's "Tag Suggestions" feature, facial recognition is looking like the wave of the future, The New York Times reports. While some see the trend as an opportunity to offer and receive relevant information, others are concerned about potentially more intrusive uses of the technology.

INFORMATION ACCESS

Appeals Court: Commissioner Has Right To Access Files (November 11, 2011)

Newfoundland and Labrador Information and Privacy Commissioner Ed Ring is pleased with a court of appeal ruling that the provincial Department of Justice (DOJ) should have turned over information he requested, Lawyers Weekly reports. The DOJ had denied Ring's request for records, claiming solicitor-client privilege under the Access to Information and Protection of Privacy Act. Overturning a Supreme Court Trial Division ruling, Justice Michael Harrington wrote in his decision that "the commissioner's routine exercise of his authority to review solicitor-client privileged materials is absolutely necessary." Ring's attorney called the decision a "very important one."  

Full Story

PRIVACY LAW

Commissioner’s Office Investigating Veterans Affairs (November 11, 2011)

The Office of the Privacy Commissioner (OPC) says an audit of Veterans Affairs Canada's privacy practices will be released early next year, CBC News reports. The announcement follows complaints from a third veteran, Sylvain Chartrand, that his medical records were accessed 4,000 times in seven years. Veteran Sean Bruyea claimed last year that his records were inappropriately accessed, resulting in some Veterans Affairs officials being reprimanded or suspended and prompting a second veteran to come forward. "We are currently conducting an audit of Veterans Affairs," said OPC spokeswoman Anne-Marie Hayden. "It is examining, at a systemic level, the department's personal information management practices and compliance with federal privacy legislation."

Full Story

DATA LOSS

Researchers Used Socialbot To Collect Personal Data (November 11, 2011)

A study conducted by University of British Columbia researchers says Facebook's security system failed to stop a Facebook imposter  from collecting personal information about thousands of members, reports the Edmonton Journal. The researchers will present a paper at a conference next month announcing that they used "socialbots" to collect 250 gigabytes of information from Facebook users over an eight-week period. The data included e-mail addresses, phone numbers and other profile information, the report states. An Edmonton Journal op-ed says the information the socialbot was able to glean is the fault of the users who uploaded the information, not Facebook.

Full Story

BIOMETRICS

Police Say Fingerprinting Not a Done Deal (November 11, 2011)

Niagara police say they may not pursue a study that could ask strippers, cabbies and bus drivers to provide fingerprints on the job, reports The Standard. The Niagara Regional Police licensing unit is investigating biometrics as a way to protect against identity theft, but there has been public concern. Vaughn Stewart, acting chair of the police board's licensing committee, said any program would be thoroughly considered before implemented. "We would need legal opinions on this, whether it's appropriate. It's like the airport. Do you like being patted down and having to take your shoes off? Society has made the decision that those little infringements are for the greater good," Stewart said.

Full Story

DATA PROTECTION

Commissioner Launches Guide for Teachers (November 11, 2011)

Ontario Information and Privacy Commissioner Ann Cavoukian has launched a new guide for high school teachers on privacy, Digital Journal reports. The Resource Guide for Grade 11/12 Teachers aims to "engage students' interest and stimulate group discussion on a variety of timely topics," the report states. The commissioner's office launched a similar guide for grade 10 teachers last year. "As technology continues to evolve, it is...important to educate teens about privacy protection and the fact that privacy is not about secrecy--it is about the right of individuals to control their own personal information."

Full Story

DATA LOSS

CRA Employee Loses Tax Data on 2,700 (November 11, 2011)

Privacy Commissioner Jennifer Stoddart is asking why she was never informed of a 2006 Canada Revenue Agency (CRA) data breach in which an employee copied the tax records of almost 2,700 citizens to CDs--and allowed a portion of those to be downloaded to a friend's laptop, reports CTV. During a 2008 grievance hearing against CRA, the employee produced the CDs and asked the panel to read an e-mail saved to one of them, triggering an investigation into the data security practices of the organization. While the disks have been recovered, the laptop is still missing. The CRA says the investigation shows the data was deleted from the laptop "in such a way that an average user could not access through a normal operating system." 

Full Story

SOCIAL NETWORKING

A Look At One Site’s Privacy Changes (November 11, 2011)

Financial Times reports on Facebook's history with privacy regulators. Most recently, Ontario Information and Privacy Commissioner Ann Cavoukian said she's "disappointed" that Facebook has "gone in a direction that is not in line with privacy." But the company's first brush with privacy regulators came in July 2009 with a report from Privacy Commissioner Jennifer Stoddart on its "serious privacy gaps." The report incited changes to the company's privacy policy that limited the amount of data third-party applications could collect and required specifications on personal information accessed. Facebook CEO Mark Zuckerburg called the company's changes "a pretty big overhaul to the system we have." (Registration may be required to access this story.)   

Full Story

DATA LOSS

Gaming Service Breached (November 11, 2011)

V3.co.uk reports that hackers have infiltrated the systems of Valve--a games developer--and accessed customer data from the company's Steam networking service. In addition to "defacement" of Steam's online forums, a database containing user names, e-mail addresses, purchase histories and billing addresses was accessed. Valve also said that credit card numbers and passwords were obtained but were encrypted. A statement from Valve said, "We do not have evidence that encrypted credit card numbers or personally identifying information was taken by the intruders, or that the protection on credit card numbers or passwords was cracked." The online forums will remain disabled while an investigation ensues.  
Full Story

DATA PROTECTION

Carrots, Sticks and Big Data (November 11, 2011)

In The Mercury News, Larry Magid summarizes last week's 33rd International Conference of Data Protection and Privacy Commissioners in Mexico City. Magid observes that "there are tensions not only between regulators and those they regulate but among regulators themselves, who don't always agree on just whether they should be wielding sticks or dangling carrots." Meanwhile, the Mexico City Declaration has been published online, revealing global data protection authorities' intentions for the coming year, which include a commitment to explore transparency mechanisms; communicate about priorities and resource allocation, and "share knowledge among themselves and with privacy validation bodies and organizations of privacy professionals," among other measures.      

Full Story

DATA LOSS

Experts: CPO, Plans Needed To Avoid High-Cost Breaches (November 11, 2011)

"Having a good plan in place can seriously reduce the costs resulting from the breach as, in these kinds of situations, the longer things run without being dealt with in the proper fashion, the more costly it can get." That's the message from one of the cyber-risk experts sharing insights on guarding against high-cost data breaches in a Financial Times feature. Given the ever-increasing amount of personal data that companies hold about their customers, the report highlights safeguards that apply across jurisdictions and borders, including having a breach response plan and a dedicated chief privacy officer in place. (Registration may be required to access this story.)    

Full Story

PRIVACY

Science Fiction Comes to Life with IoT (November 10, 2011)

Computerworld reports on the emergence of the Internet of Things (IoT)--"where anything with intelligence (including machines, roads and buildings) will have an online presence"--and ways in which classic science-fiction scenarios are coming true. A representative from Cisco predicts that there will be 50 billion connected devices by the year 2020. Social networks would act as the connective tissue between them. "In the coming years, anything that has an on-off switch will be on the network...I foresee it in just about every industry and stream of life," he says. The IoT brings with it concerns about security and privacy protection. A representative from the Massachusetts Institute of Technology said, "Basic e-mail is still getting hacked, and we've had that for 25 years."   
Full Story

PRIVACY LAW

Multinationals Struggle To Comply With Varied Laws (November 9, 2011)

Describing online privacy as "an issue of central importance for businesses in every industry," Financial Times explores the efforts of policymakers to strengthen existing privacy laws and introduce new ones as Internet technologies evolve ahead of legislation. "The rules differ widely from country to country, with varying degrees of enforcement," the report states, noting that from the sectoral privacy regulations of the U.S. to those "stricter laws" in place in such countries as the UK, Germany and Canada, "the large and growing body of different national privacy regimes means that multinational businesses operating in many markets, face an increasingly difficult task in complying with them all." (Registration may be required to access this story.)
Full Story

DATA LOSS

Company Takes Down Websites After Breach (November 7, 2011)

Adidas has taken down some of its websites after it learned of a "sophisticated, criminal cyber attack" last week, The Inquirer reports. The company has said it does not believe consumer data was compromised, but as a precaution, it took the sites offline while it conducted a "thorough forensic review." The company has implemented more security measures and said, "nothing is more important to us than the privacy and security of our consumers' personal data." 
Full Story

DATA LOSS

Medical Records Lost in Two Incidents (November 4, 2011)

British Columbia Information and Privacy Commissioner Elizabeth Denham has initiated an investigation into two separate incidents involving compromised government medical records, CBC News reports. In a written statement, Denham said that one incident involves a lost unencrypted laptop that contains personal information of approximately 450 patients of the Vancouver Coastal Health Authority. A second incident involves improper disposal of Ministry of Children and Family Development records, which contained names, addresses, birth dates and client health card numbers, according to the report. Of the incidents, Denham said, "British Columbians have a right to expect that ministries and health authorities will take all reasonable steps to protect their personal information."
Full Story

PRIVACY LAW

University Responds To Commissioner (November 4, 2011)

Memorial University has responded to Newfoundland and Labrador Information and Privacy Commissioner Ed Ring's ruling that the school breached the Access to Information and Protection of Privacy Act (ATIPPA) when it created a health and employment records registry, VOCM.com reports. A representative from the university said that the privacy commissioner's ruling is concerning because it raises issues that the representative claims are not covered by the ATIPPA.
Full Story

PRIVACY LAW

Gun Registry Data Sharing Debate Continues (November 4, 2011)

The Toronto Star reports on Privacy Commissioner Jennifer Stoddart's response to a request for information regarding information sharing provisions within the Privacy Act. With Bill C-19, the Conservative majority government hopes to eliminate the federal gun registry, spurring public debates about certain provisions of the bill and media reports suggesting that gun registry information could be shared with provinces and territories, which appears to be contrary to statements made earlier by Minister Vic Toews. To highlight this, an NDP MP made public a letter from the privacy commissioner written in response to questions about the information sharing. While the letter points to a section of the Privacy Act that could permit the disclosure, in appropriate circumstances, the Office of the Privacy Commissioner has not commented on Bill C-19 and whether or not such a disclosure would be appropriate.
Full Story

PRIVACY LAW

Opinion: Anti-Spam Legislation Likely Delayed (November 4, 2011)

Writing in the Ottawa Citizen that it's "déjà vu all over again," Michael Geist contends that the anti-spam bill will likely be delayed because "the same groups" are making "the same arguments" against passing the current draft legislation. Over the summer, Industry Canada and the Canadian Radio-television and Telecommunications Commission called for comments on the bill, which generated arguments to amend it. "Some of the suggested changes make sense," Geist says, "and have garnered near universal support...Yet, for every legitimate regulatory concern, there seems to be a group that wants to reopen the carefully crafted legislative compromise." Geist adds, "The relentless campaign against the legislation has proven effective as it appears virtually certain that the government will now delay its implementation."  
Full Story

ONLINE PRIVACY

Opinion: Privacy Choices Should Remain Private (November 4, 2011)

In a column for The Huffington Post, Michel Kelly-Gagnon questions whether citizens should trust the government to protect their online privacy. Choosing a "social life in favour of privacy" and "sacrificing some privacy in order to have more of a social life" is a choice everyone should have the right to exercise. "Some people," Kelly-Gagnon writes, "seem to think that individuals are not wise enough to make these choices and that somebody has to decide for them and impose the same trade-off on everybody." Private companies, he asserts, have incentives to keep consumer data private. "I am simply proposing to rely mostly on private choices" to address privacy issues, Kelly-Gagnon writes.
Full Story

SOCIAL NETWORKING

Opinion: Gov’t Youth Program Takes Wrong Approach (November 4, 2011)

In column for Macleans.ca, Emma Teitel writes that the federal government is taking the wrong approach in its youth privacy initiative because the program "fails to address what is arguably the most insidious social media problem facing youth today: it's impossible for them to control who takes their picture and where they turn up online...The reality is that avoiding being in a single party picture on Facebook means avoiding the party altogether." While the campaign says, "If you don't want a future college/job/internship/scholarship/sports team to see it, don't post it publically," Teitel says that's "difficult to manage, especially when you're not the one taking or posting the photos."  
Full Story

PRIVACY LAW

Nunavut Proposes Privacy Act Amendments (November 4, 2011)

After finalizing a review of the Access to Information and Protection of Privacy Act, the government of Nunavut has announced that it will propose amendments that will provide improved "accountability and transparency," Nunatsiaq Online reports. Speaking in front of the legislative assembly last week, Nunavut Premier Eva Aariak said, "The major change to be considered is to make privacy oversight mandatory." The government of Nunavut has said that it will present amendments by the end of 2012.
Full Story

BEHAVIORAL TARGETING

Google Releases Opt-Out Feature for Users (November 3, 2011)

Google has released a new feature to explain why Google search and Gmail users have been targeted by advertisements and allow them to opt out of such ads from future search page results, reports The Wall Street Journal. "Why These Ads" is an effort to increase company transparency when it comes to behavioral advertising, the company's senior vice president of advertising wrote in a blog post. "Because ads should be just as useful as any other information on the Web, we try to make them as relevant as possible for you. Over the coming weeks, we're making improvements to provide greater transparency and choice regarding the ads you see on Google search and Gmail," the blog states. (Registration may be required to access this story.)  
Full Story

ONLINE PRIVACY

IAB Issues Guide on Data Uses (November 3, 2011)

The Interactive Advertising Bureau (IAB) has published a new guide to help media planners, publishers and data providers communicate about their data uses, MediaPost News reports. The "Data Segments and Techniques Lexicon" aims to give "relevant parties a common set of terms and collection methods around the use of data to create audience segments for online campaigns," the report states. The guide provides instruction on the use of data for behavioral targeting; defines terms such as first- and third-parties, and clarifies various categories of user data, such as "inferred," "predictive" and "descriptive" data.  
Full Story

SOCIAL NETWORKING

Impending “Timeline” Release Elicits Concerns (November 3, 2011)

USA TODAY reports on Facebook's impending overhaul of its members' profile pages with the unveiling of its new "Timeline" feature. The feature will display members' history on Facebook comprehensively, which has drawn criticism from privacy advocates. "Things, over time, get harder to find, and that is sometimes a good thing," said Marc Rotenberg of the Electronic Privacy Information Center (EPIC). In letters to the Federal Trade Commission, EPIC has voiced concerns that Facebook should "honor its past commitment to privacy settings," the report states. Facebook says users will have five days to hide aspects of their profiles that they don't want as part of their history. 
Full Story

PRIVACY LAW

Expert: Global Harmonization Needed for Cloud (November 2, 2011)

In an interview with BankInfoSecurity, Internet security expert Alastair MacWillson says that inconsistent data protection laws in various markets are proving to be a difficult challenge for large organizations using cloud-based services. "Much like any innovation," he says, "it takes a lot of people to talk about the opportunities and also the risks, and it takes a little bit longer for the technology guys to catch up." MacWillson discusses the interstate and international challenges organizations face, advantages provided by the cloud for cross-border security risk management and finding a balance between the risks and advantages of using the cloud.
Full Story

PRIVACY LAW—CANADA

Opinion: “Lawful Access” Legislation Is Surveillance (October 31, 2011)

In a National Post op-ed, Ontario Information and Privacy Commissioner Ann Cavoukian contends that the re-introduction of three federal lawful access bills, C-50, C-51 and C-52, would create "a system of expanded surveillance," adding, "I have no doubt that, collectively, the legislation will substantially diminish the privacy rights of Ontarians and Canadians as a whole." She warns that Canadians "must be extremely careful not to allow the admitted investigative needs of police forces to interfere with or violate our constitutional right to be secure from unreasonable state surveillance." Cavoukian urges the government to redraft the bills. "The government needs to step back and consider all of these implications." 
Full Story

DATA PROTECTION

Browser Found To Have Privacy Flaw (October 31, 2011)

Recent versions of a third-party Web browser reportedly have been found to have a privacy flaw, reports Ars Technica. The Android Police blog has reported that a breach of privacy occurs when every URL loaded in Dolphin HD is relayed as plain text to a remote server, the report states. Dolphin HD has released a statement explaining that when the URL is relayed, data is not collected or retained and says it has updated the browser to disable the feature and that it will be opt-in in the future.
Full Story