Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

DATA PROTECTION

Industry Group Set To Fight Phishing E-mails (January 31, 2012)

In an attempt to reduce the amount of phishing scams, several e-mail providers and financial organizations, among others, are banding together to create an environment where consumers can feel secure about whether a message is authentic, The Wall Street Journal reports. Companies such as Yahoo, Google, Microsoft, Paypal and Bank of America have joined a group of 15 businesses to form DMARC.org. The goal is to promote technology standards that will help secure e-mails, the report states, and would include digital signatures and policies guiding e-mail providers to detect authentic messages. One representative from the messaging industry said, "If you are a big bank or a retailer, you have a very strong interest in making sure people trust your messages" and added that DMARC "has a lot of promise." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Alternative to the Privacy Policy, An Avatar? (January 30, 2012)

The problem with privacy policies, say many experts, is that people don't read them, and while the broad privacy policy is important--forcing companies to think about how they treat information and providing accountability, notes director of the Future of Privacy Forum Jules Polonetsky--a San Francisco Chronicle report explores other options, including restricting the collection and sharing of personal information and the privacy icon. Ryan Calo of Stanford's Center for Internet and Society suggests the appearance of an avatar when Internet users are being tracked or monitored might be an appropriate solution, citing studies that show people are more likely to pay for coffee on the honor system when a picture of eyes is nearby. "Experience as a form of privacy disclosure is worthy of further study before we give in to calls to abandon notice," he says.
Full Story

EMPLOYEE PRIVACY

Expectation of Privacy Case Goes to Supreme Court (January 27, 2012)

The Supreme Court will hear a case involving a teacher whose computer contained explicit images of an underaged student, Employment Law Today reports. The Ontario Court of Justice found that the teacher's laptop should be discounted as evidence because police did not obtain a warrant--infringing on the teacher's expectation of privacy--prior to searching the computer. Subsequently, the Ontario Superior Court overturned the decision, only to have the Court of Appeal reverse the findings. The Court of Appeal found that authorities compromised the teacher's privacy by searching the browsing history on the computer without a warrant, but the court also found the images themselves were acceptable as evidence because they were found by a technician performing routine maintenance. The Supreme Court is expected to issue a decision by 2013.
Full Story

PRIVACY LAW

Police Group Suggests Privacy Rules Compromise Cases (January 27, 2012)

A Vancouver-based advocacy group recently published an e-mail from the Canadian Association of Chiefs of Police (CACP) asking the police community to share instances where current privacy legislation compromises investigations, according to The Wire Report. A spokesman for the CACP said that lawful access helps police counter serious crime. "It is not," he said, "as some would like us to believe, being used to target the surfing habits of Canadians...It is based on highly controlled usage to respond to criminal activities which today operate in a safe haven of anonymity." The advocacy group, OpenMedia.ca, said, "The CACP is attempting to counter what they call 'ill-informed criticism' from the public in regards to the proposed legislation--known as 'Lawful Access' or 'online spying' bills." Meanwhile, The Globe and Mail reports that the Harper government will soon introduce new lawful access legislation that would allow authorities to acquire mobile numbers and IP addresses, among other data, without a warrant. The potential move has privacy commissioners across the country expressing concerns, the report states.
Full Story

DATA THEFT

Former Commissioner To Head UVic Investigation (January 27, 2012)

Officials at the University of Victoria have announced that former British Columbia Privacy Commissioner David Flaherty will lead a probe into last year's security breach, The Victoria Times Colonist reports. Flaherty will look at how thieves accessed the data, analyze the university's response and determine whether it employed enough data protection measures. University President David Turpin said, "We wanted to make sure we got an outstanding expert to lead this review, and David Flaherty's the guy to do it." According to the report, the investigation could take up to four months and the findings will be made public.
Full Story

DATA LOSS

School Breaches Policy, Missing Stick Unencrypted (January 27, 2012)

An investigation by the Alberta Office of the Information and Privacy Commissioner has found that a lost memory stick containing the personal information of more than 7,500 school district employees was not encrypted or password protected, CBC reports, despite Edmonton Public School District's policies, guidelines and training practices. The missing stick, lost by an IT staff member, included personal information such as Social Insurance numbers and banking information on some. For others, information included resumes, transcripts and criminal records checks, the report states. The district notified the commissioner's office and employees of the missing stick last March and has since taken steps to prevent similar incidents from occurring, the commissioner said.
Full Story

HEALTHCARE PRIVACY

Fundraising Plans Raise Privacy Concerns (January 27, 2012)

Plans by the Saskatoon Health Region to generate donations from former patients are drawing criticism from government agents, CBC News reports. MLA Cam Broten says the organization's Grateful Patient Program, which is slated to commence in March, does not follow the tenets of a publically funded healthcare system. "If individuals choose to make donations, that's great, to support the system," he said. "But it should be on an opt-in basis." Saskatchewan Privacy Commissioner Gary Dickson wrote similar concerns in a 2010 report when he recommended that patients should be provided with an opt-in for cases of healthcare patient fundraising.
Full Story

PERSONAL PRIVACY

Lawyer Sheds Light on New Tort (January 27, 2012)

An Ontario Court of Appeal judgment created the right to sue for "intrusion upon seclusion" to be used for "deliberate and significant invasions of personal privacy" earlier this month. In this Q&A from The Globe and Mail, Toronto lawyer Scott Hutchison advises citizens on how the new legal tort will work. To successfully sue under the tort, plaintiffs will need to prove that the offense was caused by an intentional act that "physically or otherwise intrudes upon the seclusion of another or his or her private affairs or concerns in a way that would be highly offensive to a reasonable person." Hutchison notes the tort covers any kind of "snooping," not just computer files.
Full Story

CHILDREN’S PRIVACY

Stoddart Tells Students: Think Before You Share (January 27, 2012)

Privacy Commissioner Jennifer Stoddart is telling students and young Canadians to be careful about what information they decide to share online, the Toronto Star reports. "The less personal information about you that's floating around the web," says Stoddart, "the less it can do you harm." Stoddart's office has launched a series of tools for seventh- and eighth-grade students to help parents, students and teachers become familiar with the risks that come with sharing personal information online. Additionally, her office has released a tip sheet for parents who are concerned about their children's online behavior. Meanwhile, Stoddart is hosting Data Privacy Day events today to help increase awareness about online safety.
Full Story

ONLINE PRIVACY

Cavoukian Warns Data Anonymization Rare (January 27, 2012)

Ontario Information and Privacy Commissioner Ann Cavoukian has warned citizens to consider what types of information they decide to share because evolving technology and advanced algorithms are making it more difficult to keep disparate bits of personal information anonymous, the Winnipeg Free Press reports. "We have reached a point where information--not only strongly identifiable Social Insurance numbers, but also IP addresses, licence plate numbers and mobile devices--serve as pointers to personally identifiable information," Cavoukian said. "This bears little resemblance to anonymous information." Meanwhile, Cavoukian is holding a public event today to discuss the implications of proposed lawful access legislation.
Full Story

MOBILE PRIVACY

Opinion: With Apps, Where’s the Privacy? (January 27, 2012)

In a column for The Globe and Mail, John Villasenor peers into the "mobile ecosystem" and finds that opting in to acquiring mobile apps "increasingly means opting out of privacy." A point of departure for Villasenor resides in mobile app privacy policies, which, he argues, "are designed, in part, to enable companies, in what the industry calls the 'mobile marketing value chain,' to extract as much information about you as possible in order to deliver targeted marketing and advertising." Villasenor cites "various linguistic sleights of hand" that enable marketers to sidestep consumer privacy--including privacy policies that consider unique device identifiers, usage patterns and location information as nonpersonal data. "Legal gymnastics aside," he writes, "it's hard to make a straight-faced argument that this information is not personal."
Full Story

HEALTHCARE PRIVACY

Survey: Three Percent of Patients Experienced Breach (January 27, 2012)

A new survey of more than 1,000 Canadian patients reveals that approximately three percent have experienced a breach of their sensitive personal information by a hospital employee, healthcare provider or family member, The Globe and Mail reports. The breaches often led to gossip, a lawsuit or required personal recovery time, according to FairWarning, Inc.,--a software company providing breach detection for the healthcare industry. FairWarning's chief executive officer said the breaches cause "a loss of trust...We are moving towards a digital era, where more and more things are electronic, more so than ever before, so the healthcare provider needs to know everything about it."
Full Story

ONLINE PRIVACY

Google Revises Privacy Policy, Regulators Take Note (January 27, 2012)

The Wall Street Journal reports on Google's revisions to its privacy policy, suggesting the changes could make it more difficult for online users to remain anonymous. The new policy indicates Google's decision to start combining the information it collects on an individual user to provide better services to customers, according to the company. "We'll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience," said Alma Whitten, director of privacy. The changes take effect March 1. Regulators in Ireland, France and elsewhere have taken note, Bloomberg reports. Deputy Data Protection Commissioner of Ireland, Gary Davis, said his agency will further assess "the implications of the changes." (Registration may be required to access this story).
Full Story

ONLINE PRIVACY

Davos Delves Into Big Data, Privacy (January 26, 2012)
At the World Economic Forum in Davos, Switzerland, the big topic is "lots of data," reports Nick Bilton of The New York Times. "Chancellors, bankers and educators meeting at the conference are being asked to discuss what the forum calls a growing data deluge and how to manage it," Bilton writes, adding "the discussion of privacy is not far behind."

GENETIC PRIVACY

Report: Legal Reforms, Discussion Needed (January 20, 2012)

The B.C. Civil Liberties Association (BCCLA) says more needs to be done to protect the privacy of Canadians' genetic data, The Vancouver Sun reports. In the report "Genetic Privacy and Discrimination," the group says technological improvements and the expanded use of DNA by law enforcement means policy reforms and discussions are needed. "Genetic information can, or could one day, limit opportunities in employment, schooling and insurance matters, and even in decisions about reproductive choices" said BCCLA Policy Director Micheal Vonn. The Law Foundation of British Columbia funded the report.
Full Story

INFORMATION ACCESS

Morgan May Send Dickson, Saskatoon to Mediator (January 20, 2012)

An ongoing struggle over freedom of information (FOI) requests has Saskatchewan Minister of Justice Don Morgan saying that if Privacy Commissioner Gary Dickson and the city of Saskatoon can't resolve their issues, he will bring in an independent mediator. The Star Phoenix reports that Dickson has published critical reports about the city's denial of FOI requests that have been appealed to his office dating back to 2004, while the city says it complies with the "spirit and intent" of the FOI Act. Morgan says he has no intention of overruling Dickson, but the conversation may include ways to make the appeals process more efficient.
Full Story

PERSONAL PRIVACY

Opinion: Defining Privacy in the Digital Age (January 20, 2012)

In a column for The Huffington Post, 15-year-old high school freshman Susannah Meyer explores the implications of privacy in the digital age. "Now, as rapid technological advances are being made," she writes, "the right to privacy is questionable, in my opinion." An individual's personal record is now much more permanent, yet, "Every day, people all over willingly write down personal information on a website, just for convenience, discounts and other benefits, even though those benefits may later be outweighed," she says, adding, "In this way, online data presents itself as a privacy minefield." Beyond the Internet, location-based services, digital parking meters and security cameras are constantly recording people's movements, prompting Meyer to query, "is it fair that, as technology improves, our rights to privacy dissipate?"
Full Story

PRIVACY LAW—CANADA

Ontario Court Creates Privacy Tort (January 19, 2012)
The Ontario Court of Appeals has recognized a common law tort for invasion of privacy, which allows individuals to sue others that invade their privacy, reports The Globe and Mail. The three judge panel unanimously agreed that the case--in which a bank employee snooped on the financial records of her common-law spouse's ex-wife to find out how much child support she was receiving--was in need of a "legal remedy." Justice Robert Sharpe wrote, "it is appropriate for this court to confirm the existence of a right of action for intrusion upon seclusion.

ONLINE PRIVACY

If You Love Me, You’ll Give Me Your Password (January 19, 2012)

The New York Times reports on a new trend among young people as a way to express affection: sharing passwords. Young boyfriends and girlfriends are increasingly sharing them--at the risk of harm following a breakup such as the dissemination of private e-mails or scorned exes sending messages under each others' identities. A 2011 survey by the Pew Internet and American Life Project found that 30 percent of teenagers who regularly use the Internet had shared a password with a friend, boyfriend or girlfriend, and girls were almost twice as likely as boys to share, the report states. "It's a sign of trust," one teen said of sharing with her boyfriend. "I have nothing to hide from him, and he has nothing to hide from me." (Registration may be required to access this story.)
Full Story

DATA LOSS

Analysts React to Zappos Breach Response (January 18, 2012)

PCWorld reports on Zappos' response to its recent breach affecting 24 million customers. The online shoe retailer notified affected customers via e-mail and has asked them to change passwords after discovering a hacker had gained unauthorized access to company servers containing names, e-mail addresses and billing addresses. But some analysts say that the company's response was the wrong one, and that deleting 24 million customer passwords makes the company look like it's in panic mode. Another expert and Zappos customer, however, says data encryption should have been more broadly applied because the "definition of what is sensitive is changing. It's not just card numbers anymore..."
Full Story

PRIVACY

Google Launches Educational Campaign (January 17, 2012)

Google will launch a new ad campaign designed to alleviate privacy concerns, reports the Los Angeles Times. The Good to Know campaign will encourage individuals to protect their personal information online and will appear in two dozen U.S. newspapers and magazines as well as in subways in New York and Washington, DC. "Given who we are, we have a strong incentive to make the Internet a place that people feel safe to do interesting things," said Alma Whitten, Google's director of privacy. The company launched the campaign in Britain in October. (Registration may be required to access this story.)
Full Story

BIOMETRICS

Gov’t Turns to Fingerprinting and Photographs (January 13, 2012)

The Canadian government's introduction of biometrics programs has elicited concerns that proper safeguards are not being implemented to protect privacy, Embassy reports. The government aims to keep Canadians safe by preventing identity fraud, theft and stopping deportees and others from reentering the country with fake documents. Starting next year, people in some countries will have to give a fingerprint and be photographed when applying for temporary Canadian residency, the report states. Scott Hutchinson of the Office of the Privacy Commissioner said it is "satisfied that CIC (Citizenship and Immigration Canada) is taking its privacy responsibilities as part of the protocol seriously."
Full Story

PRIVACY LAW

Defence Department Says Rights Extend to Detainees (January 13, 2012)

The Defence Department has confirmed that it has extended provisions of Canada's privacy law to detainees captured by Canadian troops and is prepared to go to court to protect those rights, the Ottawa Citizen reports. The confirmation follows two Ottawa lawyers' attempts to have records released to determine if Afghan detainees had been beaten. The defense department refused, citing privacy law. The decision differs from past department policies, however, which Prof. Michael Byers says is inconsistent "and therefore suggests the privacy argument is not being invoked for the benefit of the detainees as much as it is to cover up access to information."
Full Story

SURVEILLANCE

Commissioner Warns About Body Cameras (January 13, 2012)

Ontario's privacy commissioner is raising concerns about the use of police body cameras, Metro reports. The Ottawa Police Association recently called for equipping police with the cameras, which often help with police behaviour or impaired driving charges. But Ontario Information and Privacy Commissioner Ann Cavoukian said the cameras could mean "broad surveillance of the state on its citizens without just cause," adding she "wants to ensure that if this goes forward, that there is a very sharp justification of the scenarios in which it is contemplated." If the cameras are used, it should be under limited circumstances like protests or major public events, she said.
Full Story 

DATA LOSS

FOI Request Reveals More Than Necessary (January 13, 2012)

A law student says Prince Edward Island's Department of Agriculture released too much personal information about an individual upon a Freedom of Information request. Elizabeth Schoales requested information about an online pet store owner who had been convicted of animal cruelty, CBC News reports. After the information and privacy commissioner ordered the records released, Schoales received the names of individuals who had lodged complaints about the pet store owner, which she says is a violation of their privacy. The commissioner is looking into the matter, the report states.
Full Story

PRIVACY LAW

Cavoukian Building Awareness About Bills (January 13, 2012)

Ontario Information and Privacy Commissioner Ann Cavoukian has launched a website and organized a symposium to spur awareness about federal lawful access bills that are expected to be reintroduced in Parliament and their impact on Canadians' privacy. "In my view, this legislation represents a looming system of 'Surveillance by Design' that should concern us all in a free and democratic society," Cavoukian said, adding that taken together, "these 'lawful access' bills will provide the police with much greater ability to access and track information on us all via the communications technologies that we use every day." The website includes a "Write My MP" tool. The symposium will take place on Friday, January 27, in Toronto.
Full Story

DATA PROTECTION

Tips For Companies on How To Do it Right (January 13, 2012)

The Globe and Mail offers tips to help small companies protect personal data online, which, done wisely, "can create customer goodwill and even lift sales, while reducing business and legal risks." The first step is understanding what customer data your business needs and is currently collecting and storing. Next, it's important to minimize that collection, secure the collected data and post a privacy policy informing customers of your practices. Communication with customers is also key, as is giving them a choice of whether they want their data shared. Jules Polonetsky, CIPP/US, of the Future of Privacy Forum says trouble can be avoided simply by having someone in charge of data protection.
Full Story

DATA PROTECTION

How Safe Is Encryption? (January 13, 2012)

Smartphone and Internet users should beware, according to a report in The Montreal Gazette. It's relatively easy for anyone with some skill to decrypt BlackBerry Messaging service, the report states. Security experts say companies should be investing in technology that would prevent attacks on phones via malicious software labeled as an application such as a video game. Meanwhile, one activist says Canadians should be concerned with a forthcoming bill that would enable law enforcement to access their personal information with technology capable of intercepting Internet communications. The lawful access bill would allow service providers to hand over identifying information about their customers, as well. Privacy Commissioner Jennifer Stoddart has voiced concerns.
Full Story

PRIVACY LAW

EPIC Asks FTC To Investigate Search Engine (January 13, 2012)

The Electronic Privacy Information Center (EPIC) is asking the U.S. Federal Trade Commission (FTC) to investigate whether Google's new Search Plus function violates antitrust rules, CNET News reports. EPIC Executive Director Marc Rotenberg said, "We asked the FTC, as part of its current investigation of possible antitrust violations, to assess whether the changes in Google Search violate the consent order Google recently signed" with the FTC. Rotenberg says the new function should be opt-in for users, not opt-out as it's currently set up. Meanwhile, itbusiness.ca has reported on four ways to control the new search mechanism, including tips for users to personalize their privacy settings.
Full Story

CONSUMER PRIVACY

Polonetsky: Consumers Need To Think About Data (January 12, 2012)

In an interview with The Washington Post, Jules Polonetsky, CIPP/US, director of the Future of Privacy Forum, discusses the privacy challenges that come with the new breed of "smart" devices and appliances. Tech companies are collecting behavioral data on users to offer better services, create efficiencies and target advertising, among other uses, and while tech companies say they are committed to protecting that data, some are concerned about the lack of regulation requiring it. "Consumers need to think more about how their data is being sent outside the home in more ways than ever and not get caught off guard when that data lands in the hands of unintended third parties," Polonetsky says. (Registration may be required to access this story.) Editor's Note: Polonetsky will present in the breakout session, "ABCs of OBA," at this year's IAPP Global Privacy Summit.
Full Story

PERSONAL PRIVACY

Searls: Goodbye Data Collection, Hello Intention Economy (January 12, 2012)

In the Harvard Business Review, tech guru Doc Searls says the age of collecting data on customers is over. The intention economy will soon arrive, he says, and it will render unnecessary the mining and amassing techniques companies have used to get to know their customers better. "Businesses soon will no longer own the data...customers will." Searls says when this happens, vendors will realize greater benefits than they do now because when customers own and control their data, "demand will drive supply more efficiently than supply currently drives demand. Customers not only will collect and manage their own data but will be equipped with tools for declaring their intentions directly to the whole marketplace."
Full Story

DATA THEFT—CANADA

Stolen Devices Contained Unencrypted PII (January 11, 2012)

The theft of laptops and mobile devices containing sensitive information of approximately 11,700 University of Victoria employees has prompted an investigation by British Columbia's Office of the Information and Privacy Commission to determine whether the school had appropriate levels of data security in place when the incident occurred, The Victoria Times Colonist reports. Some of the devices contained employee names, payroll information and social insurance numbers dating back to January 2010. A police officer familiar with the incident said the stolen electronic devices were not encrypted. "In terms of British Columbia," said Privacy Commissioner Elizabeth Denham, "this is a large breach of sensitive information."
Full Story

PRIVACY LAW—CANADA

Advocates: Stronger Law, Fining Powers Needed (January 11, 2012)

A public interest advocacy group says proposed changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) don't go far enough in requiring organizations to report breaches, reports the Financial Post. The Public Interest Advocacy Centre says PIPEDA--even with the proposed changes--gives organizations the ability to unilaterally deem a breach not harmful to consumers, adding, "The result is likely to be a vast underreporting of serious data breaches." The group is calling for all breaches to be reported to the "relevant privacy commissioner," who would then decide whether the public should be notified. Echoing Privacy Commissioner Jennifer Stoddart's calls, the group would also like to see fines assessed to organizations that don't report breaches.
Full Story

DATA PROTECTION

Opinion: How To Handle a Third-Party Breach (January 10, 2012)

The key to mitigating risk when it comes to using third-party vendors and contractors is a close working relationship, opines Adam Ely for Dark Reading. When a breach does occur, it is essential to understand the incident, assess damage and establish a plan of action, he writes. Within the working contract, there should be language on an organization's rights. "The trickiest part is timing. Disclose too early and you risk communicating bad or incomplete information. Wait too long and the public will balk at you for waiting so long," he writes, adding that, typically, earlier is better when it comes to breach reports.
Full Story

ONLINE PRIVACY

Gov’t To Launch Spam Reporting Center (January 6, 2012)

The federal government is planning to launch a spam reporting center to crack down on unsolicited calls, texts and e-mails made to Canadians' cellphones and inboxes, The Montreal Gazette reports. Industry Canada is developing a division for identifying and analyzing trends in spam and threats to e-commerce, and private-sector bids closed this week on plans to help the government with the initiative. Dubbed "The Freezer," the center will accept unsoliciated electronic messages forwarded by their Canadian recipients, including spam, malware and misleading representations, the report states. Three agencies--the Canadian Radio-television and Telecomunications Commission, the Competition Bureau and the Office of the Privacy Commissioner--will analyze the collected messages.
Full Story

PERSONAL PRIVACY

BlackBerry Texts May Have Secured Arrest (January 6, 2012)

The Ottawa Citizen reports on law enforcement's use of a murder suspect's BlackBerry text messages in his arrest. The suspect's defense attorney is now working to determine whether the police had the proper warrants to obtain the incriminating BlackBerry messages. A judge's ruling on the request to unseal the warrants is expected January 11. Police need to show "investigative necessity and reasonable and probable grounds," said one lawyer. BlackBerry maker Research in Motion (RIM) said that it receives requests from legal authorities for lawful access from time to time, but it balances those requests "against our priority of maintaining the privacy rights of our users." RIM said the same about a similar case in Pakistan this week.
Full Story

MOBILE PRIVACY

Mobile Phones Viewed As Top Threat (January 6, 2012)

The Globe and Mail reports on the privacy concerns associated with mobile phones, which have become "an increasing worry for corporate IT departments," the report states. A Deloitte study published late last year revealed that 40 percent of 138 global organizations polled consider mobile devices to be their top security threat. One security firm chief said, "Employees should be made aware that using a personal device to access corporate data may also have personal implications. For example, if the device is lost, stolen or clandestinely taken over, the organization may decide to wipe data." Editor's note: The IAPP will host the Web conference "Managing Privacy for a Mobile and Remote Workforce" on Thursday, January 12.
Full Story

SURVEILLANCE

Forensics Software Tracks, Sorts IMs (January 6, 2012)

The Globe and Mail reports on digital forensics software used by more than 1,100 corporate clients and security organizations. The Internet Evidence Finder tool, created by former police officer Jad Saliba, can trace and sort instant messaging logs to glean potential digital evidence against a suspect. National security agencies--including the Royal Canadian Mounted Police, the FBI and Scotland Yard--use the software because, the report states, a high percentage of crimes now have a digital footprint. In discussing the efficiency of the software, Saliba said, "Especially with the size of hard drives these days, there's so much information left behind. It can work to help the person accused or against them." Some fear the privacy implications of the software, noting that Saliba's website recommends the software to parents to help them "watch their children's activity" online.
Full Story

ONLINE PRIVACY

Expert Advises Making End-of-Digital-Life Arrangements (January 6, 2012)

The Montreal Gazette reports on the "new frontier" of managing your online legacy, highlighting a recommendation by Nancy Cleman of Sternthal Katznelson Montigny LLP "to make provisions for your digital life when you are taking stock of all your other life and death arrangements." Cleman uses specific examples of unexpected deaths of social network users who had not made provisions for the profiles, explaining, "People were taking advantage of the fact that someone had died and using a network that they set up to promote their own thing." Cleman recommends steps to take now to protect digital assets, and encourages online users to "think about how you want to preserve and protect them." Editor's Note: This Inside 1to1: Privacy feature examines some of the questions around the value of online data.
Full Story

ONLINE PRIVACY

Half of Study Respondents Willing To Be Tracked (January 6, 2012)

KPMG's "Consumer and Convergence Report of 2011" has found that between 47 and 50 percent of Canadians surveyed are willing to have their online practices tracked "if it provided a value or a payoff," Techvibes reports. Internationally, 62 percent of respondents indicated they would be willing to be tracked, the report states. A smaller margin of Canadians indicated concern about information security than their global counterparts, with response rates of 84 percent and 90 percent, respectively. More Canadians trust their financial institutions with their personal information than their international counterparts, but a smaller percentage trust online payment sites, the study showed.
Full Story

PRIVACY LAW

Opinion: Columnists Look Toward 2012 (January 6, 2012)

Noting that Internet technology law and policy can be "notoriously unpredictable," Michael Geist asserts in the Toronto Star that 2012 "promises to be a busy year." Among a host of potential issues, Geist makes predictions on the introduction of lawful access legislation, anti-spam regulations, Bill C-11 and the testing of the constitutionality of PIPEDA. In the Dominion, Kimberly Croswell writes, "It won't be long before Canadian privacy laws regarding telecommunications come under attack again," adding that "the federal government is likely to soon change them in a push towards facilitating online surveillance of individuals' lives." The recent border pact between Canada and the U.S. now precipitates hard work "on determining what it means for Canadians," writes Peter McKenna. Meanwhile, a column in The Windsor Star claims that the "verdict is still out" on the effectiveness of smart meters.
Full Story

DATA PROTECTION

Survey Respondents Focused on Data Security (January 5, 2012)

SC Magazine reports on its fifth annual "Guarding Against a Data Breach" survey, which found that 63 percent of 488 respondents "are confident that their company's IT security departments have the power, executive support and budget/resources necessary to safeguard customer, client and other critical corporate data." That share is up from 58 percent of last year's respondents. The report also highlights concerns that 2012 "promises still more of the advanced cyber attacks" that occurred in 2011, as well as increases in regulatory audit "and a continuation of end-users and consumers relying on an array of vulnerable technologies to conduct business."
Full Story

ONLINE PRIVACY

User Authentication Goes High-Tech (January 3, 2012)

Studies show that sophisticated technologies are making it easier for hackers to crack the current system of user authentication--passwords--meaning some tech firms are looking at other ways of identifying users, reports The New York Times. A recent blog post predicted that users may no longer need passwords, pointing to biometrics as the wave of the future, but one Web researcher says a problem with biometric authentication is "once your digital biometric signature is compromised, you cannot even replace it." A security expert warns all authentication has drawbacks, and using more than one is always best. One tech giant recently launched a behavioral password system using gestures in addition to a password and facial recognition. (Registration may be required to access this story.)
Full Story

DATA LOSS

Hackers Dump Security Company Data (January 2, 2012)

The hacker collective Anonymous has exposed the usernames, e-mail addresses and passwords of 860,000 users of the security think tank Stratfor--including the credit card information of 75,000 of them, reports VentureBeat. Stratfor has consequently shut down its website pending the completion of a "thorough review and adjustment by outside experts." Anonymous reportedly broke into Stratfor's Web servers and downloaded 200 gigabytes of data. A New York Times report notes this breach could be "especially embarrassing" if hackers can prove the company--"which markets its security expertise"--did not encrypt its sensitive data. One security expert says requisite credit card fraud has already been "well documented," and advises Stratfor customers to contact their credit card companies.
Full Story