Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

MOBILE PRIVACY

Loophole Exposes Access to Photos (February 29, 2012)

The New York Times reports on a loophole in Apple's mobile devices that allows developers to copy a user's photo library without warning or notification after a user consents to allowing access to location information in photos. Though it is not clear if the company illicitly copies user photos, one app developer said, "Conceivably, an app with access to location data could put together a history of where the user has been based on photo location." The data could then be uploaded to a server and, "Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use." A representative from the Electronic Privacy Information Center said the company "has a tremendous responsibility as the gatekeeper to the app store...Apple and app makers should be making sure people understand what they are consenting to." (Registration may be required to access this story.)
Full Story

DATA PROTECTION

Suspected Hacktivists Arrested Worldwide (February 29, 2012)

In a sweep conducted by Interpol's Latin American Working Group of Experts on Information Technology Crime, 25 suspected members of the hacker group Anonymous were arrested in Argentina, Columbia and Spain, reports The Telegraph. The arrestees are suspected of planning attacks against Columbia's Defense Ministry, Chile's Endesa electricity company and others. Interpol began its investigation in mid-February and has seized 250 pieces of IT equipment from 40 locations in 15 cities, the report states.
Full Story

PRIVACY LAW

Warrantless Access Bill Brings Lively Debate (February 24, 2012)

Opponents of the Protecting Children from Internet Predators Act are declaring the bill a violation of their privacy rights--warning against the dangers of new surveillance and misuse of information--but police and Minister of Public Safety Vic Toews say it will help solve crimes. Recent comments by Toews suggesting he was unclear about the scope of the bill have him seeking clarification and opponents calling for the bill's withdrawal, and other remarks by Toews, implying that opponents of the bill are siding with criminals, are also causing a backlash. Meanwhile, others opine that privacy is a "dying memory," saying it is "foolish" to believe our data "would or even could ever be truly private." But Michael Geist writes for the Ottawa Citizen that in order to pass any online privacy bill, the "us-versus-them rhetoric" must end.
Full Story

ONLINE PRIVACY—U.S.

White House Releases “Consumer Privacy Bill of Rights” (February 23, 2012)
The Obama administration has today issued a set of guidelines to improve online consumer privacy while also ensuring the Internet remains a forum for economic growth, according to a White House press release. The administration has asked the Department of Commerce to work with industry, privacy advocates and other stakeholders to create and implement enforceable codes of conduct based on the White House guidelines. President Barack Obama said, "American consumers can't wait any longer for clear rules of the road that ensure their personal information is safe online," adding, "As the Internet evolves, consumer trust is essential for the continued growth of the digital economy. That's why an online privacy Bill of Rights is so important."

DATA PROTECTION

Wyckoff: Privacy Needs Elevating in Governments (February 22, 2012)

During remarks at an event in Mexico City last fall, the Organisation for Economic Co-operation and Development's (OECD) director of science, technology and industry, Andrew Wyckoff, said the matter of data privacy needs to be elevated within governments. The OECD event, "Current Developments in Privacy Frameworks: Towards Global Interoperability," was held in conjunction with the 33rd International Conference of Data Protection and Privacy Commissioners. In this IAPP exclusive, The Privacy Advisor asks Wyckoff to answer some follow up questions.
Full Story

BEHAVIORAL TARGETING

Predictive Analytics Fueling OBA (February 21, 2012)

In an article for The New York Times, Charles Duhigg takes an in-depth look at how companies collect vast amounts of personal information and use predictive analytics to advertise products to individuals before they know they want them. "A retailer's holy grail" comes when an individual's buying habits are in flux the most--the time around the birth of a child. An analyst working for one retailer told Duhigg, "We knew if we could identify them in the second trimester, there's a good chance we could capture them for years." Habit formation has become a large field of research in medical centers and universities, the report states. "We're living through a golden age of behavioral research," said a representative from Predictive Analytics World. "It's amazing how much we can figure out about how people think now." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Advertisers Able To Track Users Despite Settings (February 17, 2012)

Across the globe, online privacy has become the center of debate. Lawmakers have introduced more than a dozen privacy bills in Congress, reports The Wall Street Journal, and the White House has indicated it will present a Privacy Bill of Rights. Additionally, calls for do-not-track mechanisms online have led to many major browsers implementing such tools. This article explains how advertising companies have been able to track users on one browser despite contrary settings. Loopholes in the browser's policy on cookies allowed advertisers to place temporary cookies without users' knowledge, one report states. A spokesperson said the company is aware and is "working to put a stop to it." (Registration may be required to access this story.)
Full Story

FINANCIAL PRIVACY

Researchers Point to Flaw in Online Transaction Encryption (February 17, 2012)
Researchers have found a flaw in the algorithm used to encrypt transactions during online banking and shopping, AFP reports. While a team of U.S. and European researchers noted, "We found that the vast majority of public keys work as intended," their report cautions, "A more disconcerting finding is that two out of every one thousand RSA moduli that we collected offer no security."

HEALTHCARE PRIVACY

Surveys: 91 Percent of Healthcare Practices Breached, Patients Concerned (February 17, 2012)

Ninety-one percent of small healthcare practices in North America say they have suffered a data breach in the past 12 months according to a Ponemon Institute survey. The survey--which questioned more than 700 IT and administrative personnel at healthcare organizations with 250 employees or less--also found that 31 percent say "management considers data security and privacy a top priority, and 29 percent say their breaches resulted in medical identity theft," Dark Reading reports. Meanwhile, a recent survey by Harris Interactive found that though most consumers want electronic health records, they also fear the system is not currently well protected by state and federal laws.
Full Story

PRIVACY LAW

Government Open to Bill C-30 Changes (February 17, 2012)

The Globe and Mail reports on the backlash incited from the tabling of Bill C-30, the Protecting Children from Internet Predators Act, and the announcement by the Harper government to allow lawmakers to make changes to the legislation. Government House Leader Peter Van Loan said, "What that is a signal of is that the government is open to a broad range of amendments in order to get the right balance." Federal and provincial privacy commissioners have expressed concern over the bill. While Lorna Dueck applauds the protection the bill will give to children, Margaret Wente opines, "Isn't this the same government that whipped up moral panic over the gun registry and the long-form census?...The state has no business knowing how many bathrooms you have--but if it wants access to your online activities, hey, that's totally okay."
Full Story

BIOMETRICS

Police Need Court Order To Use ICBC Facial Recognition (February 17, 2012)

British Columbia Information and Privacy Commissioner Elizabeth Denham has ruled police cannot use Insurance Corporation of British Columbia (ICBC) facial recognition technology to identify suspected Stanley Cup rioters without a court order, CBC News reports. Denham initiated the investigation after the ICBC offered Vancouver police access to the biometric software and driver's licence photographs in its database. Denham said, "While Vancouver police did not respond to ICBC's offer in this particular instance, the case raised important questions about the legality of biometric databases compiled by public agencies." The commissioner also ruled the ICBC failed to notify consumers that it uses facial recognition technology and is recommending proper notification, no warrantless sharing of information with law enforcement and a review of its privacy policies, the report states.
Full Story

HEALTHCARE PRIVACY

Former Employee Breached Medical Records (February 17, 2012)

A former employee of Capital District Health Authority has admitted to accessing medical files of patients without authorization, CBC News reports. Between 2005 and 2011, as many as 120 patient files may have been accessed by the former employee, the report states. Capital Health is notifying at least 105 affected patients. A hospital spokesman said, "We have a number of protections in place...If someone is going to disregard policy and access records inappropriately, we can't block that in the end."
Full Story

PERSONAL PRIVACY

Former Board Member Says His Privacy Was Violated (February 17, 2012)

A member of the Veterans Review and Appeal Board alleges his privacy was breached when his health information was used against him, The Winnipeg Free Press reports. The Canadian Human Rights Commission has asked that the board pay the former officer $4,000, plus legal expenses. A 2011 investigation mistakenly included the officer's medical records, which were accessed after an information request by his rivals. The board has since apologized for the incident, saying that a clerical error led to inclusion of the medical information, the report states.
Full Story

SOCIAL NETWORKING

Company Retains Contact List, Congressmen Write to Cook (February 16, 2012)

Twitter has confirmed that it stores contact list data for 18 months though the social network's privacy policy does not explicitly state that the data is uploaded and stored, ZDNet reports. Law enforcement has expressed interest in Twitter data on a number of occasions and are more interested in who users are contacting than what they tweet. It's also unclear for how long deleted tweets are retained, the report states. The company said the policy will be clarified. Meanwhile, Reps. Henry Waxman (D-CA) and G.K. Butterfield (D-NC) wrote to Apple CEO Tim Cook on Wednesday asking whether "Apple's policies ensure developers can't share or collect user data--such as iPhone contact lists--without permission."
Full Story

ONLINE PRIVACY

Experts: Big Data Means Big Decisions (February 15, 2012)

"We live in an age of 'big data,'" which brings with it "immense economic and social value" but also concerns about privacy, write two privacy experts in the Stanford Law Review. Associate Professor at the College of Management School of Law Omer Tene and Future of Privacy Forum Director Jules Polonetsky, CIPP/US, describe the many benefits of big data, while acknowledging a "data deluge" could foment a "regulatory backlash" capable of "dampening the data economy and stifling innovation." Tene and Polonetsky write, "In order to craft a balance between beneficial uses of data and the protection of individual privacy, policymakers must address some of the most fundamental concepts of privacy law, including the definition of 'personally identifiable information,' the role of consent and the principles of purpose limitation and data minimization." Editor's Note: Omer Tene and Jules Polonetsky will both present at next month's Global Privacy Summit.  
Full Story

BEHAVIORAL TARGETING

NAI Releases 2011 Compliance Report (February 14, 2012)

The Network Advertising Initiative (NAI) has released an annual compliance report of its more than 80 member companies. The report includes a review of its members' online behavioral advertising practices and an analysis of members' compliance with the NAI's self-regulatory code of conduct--"a set of fair information practice principles tailored specifically to today's rapidly evolving advertising landscape," NAI Managing Director Marc Groman, CIPP/US, notes in his introduction to the report. The report found a "high level of member compliance," an increase in consumer interest and detailed plans for the 2012 compliance program, which "must continue to adapt and expand." Groman said, "This year's report once again demonstrates that NAI members take seriously their obligations to provide transparency and choice for online behavioral advertising."
Full Story

ONLINE PRIVACY

New Tool Scores Site Privacy (February 14, 2012)

Using an algorithm that gives points for various data-handling activities, a new online tool has analyzed more than 1,000 websites and rated them on how they use personal data--including how third parties track users through the websites, reports Wired. PrivacyChoice Founder Jim Brock says the tool works for site owners and consumers alike. "We show this to websites, and the first question they ask is how do I get my score up," Brock said, adding, "We're hoping this whole feedback loop between the websites and the tracking companies will cause these scores to go up." The company also offers a browser plug-in that gives real-time privacy scores for websites that users can choose to share with PrivacyChoice to expand its algorithm, the report states.
Full Story

SOCIAL NETWORKING

Online Dating Sites Contain Risks, Even Afterward (February 14, 2012)

Posting personal data to online dating sites has its risks, even once a user is no longer active on the site, PCWorld reports. Holes in security practices mean that users' privacy and potentially financial security are at risk, according to the Electronic Frontier Foundation (EFF). Dating profiles "remain online for months or years after a member has let a subscription lapse," the EFF says. A recent EFF survey found some sites' HTTPS implementations--which protects a user's browsing history--worked only partially or not at all.
Full Story

PRIVACY LAW

Stoddart Speaks About Bill C-10 (February 13, 2012)

Privacy Commissioner Jennifer Stoddart appeared before the Senate Standing Committee on Legal and Constitutional Affairs on Thursday to share her comments on the Safe Streets and Communities Act, Bill C-10. In her opening statement, Stoddart noted that "fear of public exposure can lead to a chill factor that may persuade victims not to report and witnesses to remain silent." Stoddart went on to raise concerns "that if clause 185 were to pass as is, Canadians as young as 12 could be identified and potentially stigmatized for life by the public." In conclusion, "I would urge Parliamentarians to consider Bill C-10 carefully in light of the potential privacy implications," she said.
Full Story

HEALTHCARE PRIVACY

Concerns Surround Transition to E-Records (February 13, 2012)

CTV reports on the computerization of Montreal's three million medical records this spring and its accompanying privacy implications. One physician says timely access to comprehensive patient information is the key to efficient healthcare, while another proponent of the transition notes the amount of sensitive information that will exist online. The health ministry said there are safeguards, including restricted access, automatic lock-outs and an electronic fingerprint left by anyone who accesses the records.
Full Story

PRIVACY

Voluntary Census Data Released (February 13, 2012)

Statistics Canada released the initial results of the voluntary 2011 census on Wednesday. The previous census drew criticism over privacy concerns, prompting an announcement in 2010 that the long-form census would become optional, though the National Statistics Council expressed concerns about the change and proposed that the 2011 census remain mandatory. It isn't immediately clear whether the voluntary census resulted in an erosion in the quality of information gathered by census takers, reports the Ottawa Citizen. Lorne Gunter opines in the National Post that the government has no right to demand information from its citizens and that a voluntary census should produce just as valuable information. 
Full Story

PRIVACY

Commissioner Looks Ahead at New Job (February 13, 2012)

There will be challenges to fostering openness and transparency in government, but it's a priority of hers, says Alberta's new Information and Privacy Commissioner Jill Clayton. "It's not as simple as flipping a switch, and all of a sudden, all the information that wasn't previously available is there," Clayton said in the Calgary Herald. "There needs to be planning and coordination. How do you push information out and protect privacy at the same time?" Clayton says she's excited about her new job and expects that one of the challenges will be ensuring timely and proper responses to requests for information.
Full Story

ONLINE PRIVACY

Protecting and Pricing Personal Data on the Web (February 13, 2012)
The New York Times explores the view of personal data as "the oil of the digital age" and the push to use such data "as a kind of online currency, to be cashed in directly or exchanged for other items of value." The report looks at startups aimed at giving online users control of their information while potentially profiting from it. "Many of the new ideas center on a concept known as the personal data locker," the report states, where users have "a single account with information about themselves.

SOCIAL NETWORKING

Opinion: Date-Rating Site Blurs Online Privacy (February 10, 2012)

In a column for The Guardian, Tom Scott analyzes a date-rating site to uncover where data from Facebook can eventually end up. Called Luluvise, this "social network for women" allows women to share personal information about the men they are dating without their consent. One feature, called WikiDate, allows users to "rate" the men. To do so, a user must sign in using their Facebook account. Scott points to Facebook's privacy page, which says, "People who can see your info can bring it with them when they use apps," meaning, Scott argues, "that when your friend signs into an application, they don't just share their own data--they can share some of your data as well." For Scott, the essential lesson is, "if you use Facebook, and your friends sign up for social applications, your name and details could appear in unexpected places."
Full Story

ONLINE PRIVACY

Pay-for-Data Panel Already Full (February 10, 2012)

In a Forbes feature, Kashmir Hill writes about the recent announcement that Google will begin paying Chrome users who sign up to participate in a panel allowing the company to track their web activities. Users will receive up to $25 in gift card codes per year, the report states. "So your online privacy over a yearlong period is worth a little bit less than a six-pack of Marshmallow Fluff--$26.75," Hill writes. The panel is already full, the report states, noting Google has announced, "We appreciate and are overwhelmed by your interest at the moment. Please come back later for more details."
Full Story

MOBILE PRIVACY

App Maker Apologizes for Lack of Transparency (February 9, 2012)

Mobile app maker Path apologized after it was discovered that its software automatically uploaded address books to company servers without user consent, PC Magazine reports. The issue was discovered and disseminated by a developer who noticed the default operation uploaded contacts' full names and e-mail addresses. Path Chief Executive Dave Morin said the company made a mistake but the transmission was done over an encrypted connection and stored securely on company servers. Path has also released a new version of the software that allows users to opt in or out of sharing the data. A report by The Washington Post notes, "Path is learning what several app and social networking companies have learned about user privacy: transparency is key."
Full Story

SOCIAL NETWORKING

Facebook To Unveil New Advertising Format (February 9, 2012)

Financial Times reports on Facebook's new Timeline advertising feature and its new privacy implications. Users who opt in to use features from companies such as some music, movie and news providers will not be able to opt out of their activity being used for paid advertising, the report states. An analyst from the Altimeter Group said, "There will be a user hue and cry. There will be further reminders that Facebook is using information about users and using their data to sell them to advertisers," but added, "People care more about getting free media than they do about their privacy." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—U.S. & CANADA

Lawsuit Raises Workplace Privacy Questions (February 9, 2012)

A Toronto attorney reacts to the employee privacy suit filed against the U.S. Food and Drug Administration after employees discovered the agency had been monitoring their personal, password-protected e-mail accounts for two years. ITWorldCanada reports that, according to Canadian employment law expert Christine Thomlinson, Canada's Personal Information Protection and Electronics Documents Act has statutes requiring that employers obtain consent to monitor employee e-mails, so, in this case, employees would have an expectation of privacy. An attorney with the U.S.-based Electronic Frontier Foundation says that while many organizations in the U.S. have clear guidelines surrounding activity on workplace computers, the issue of monitoring private e-mail accounts has been "largely untested" in courts, the report states.  
Full Story

SOCIAL NETWORKING

Activist: Facebook Will Release Data (February 8, 2012)

An Austrian privacy activist group has said Facebook will release more information about the data it collects from users, Reuters reports. The comment came following a six-hour meeting on Monday between Europe V. Facebook and executives from the social network. "We have a fixed commitment that we will finally know what Facebook stores in the background," said Max Schrems, who heads up the activist group, adding, "that means a list of all categories of data that are clicked on by users." While Facebook has declined to comment specifically on Schrems' statements, the company has said it was "a very constructive meeting," the report states.
Full Story

DATA LOSS

Study: Third Parties, Food and Beverage Hit Hardest (February 8, 2012)

The 2012 Global Security Report by Trustwave SpiderLabs shows that the food and beverage industry is the hardest hit by breach incidents--making up 44 percent of breaches investigated by SpiderLabs in 2011--and that third-party remote-access applications are the most common point of entry for hackers, reports Infosecurity. According to the report, criminals target the food and beverage industry because of its high transaction rate and low barrier, as well as a lower security awareness. CIO reports that in 76 percent of breaches analyzed, a "third-party responsible for system support, development and/or maintenance introduced the security deficiencies exploited by attackers." Other prime targets for hackers are franchise and chain stores, because they often use the same IT systems and hackers may be able to easily duplicate the attack.
Full Story

PERSONAL PRIVACY—CANADA

New Citizens’ Data Potentially Mishandled (February 7, 2012)

In efforts to put together a televised citizenship ceremony, communications staff of Citizenship and Immigration Canada were provided lists of newly naturalized Canadians so they could seek participants to retake their oaths. The Canadian Press reports that some say this represents a breach of the Privacy Act because the government used the information for a purpose other than that for which it was obtained. The staffers who contacted the new citizens were not those who processed citizenship applications, and an access to information request by The Canadian Press turned up no record of discussions surrounding the legality of accessing the citizenship database.
Full Story

DATA LOSS—CANADA

Customers Say Bank Breached Their Privacy (February 6, 2012)

Two customers of the Bank of Montreal (BMO) say the bank gave their personal banking information to unauthorized third parties, reports CBC News. One woman says a bank teller mistakenly handed over her credit card information to her mother without consent, and another's bank statement was sent to her ex-husband's address. The woman says her address was changed to that of her ex-husband in the BMO system without her knowledge. While BMO acknowledges that the woman's address was changed, it responded to her lawsuit by assigning blame to the ex-husband, stating that he breached her privacy by opening her mail.
Full Story

PRIVACY

Alberta’s New Commissioner Encouraging Open Government (February 3, 2012)

Jill Clayton has been sworn in as Alberta's first female information and privacy commissioner, the Calgary Herald reports. Looking to the work ahead of her, Clayton spoke of some of the challenges inherent in moving toward more open government and implementing legislation that was called "Swiss cheese" by her predecessor, Information and Privacy Commissioner Frank Work. "I think there are some real concerns," Clayton said of encouraging increased transparency, adding, "I don't think it is an easy thing to do. I would like to see the office work with lots of consultation, lots of proactive guidance to help public bodies move in that direction." Meanwhile, an Edmonton Journal editorial voices support for a more open government.
Full Story

INFORMATION ACCESS

PIN Messages Highlight Technology Challenges to FOI (February 3, 2012)

With new technology and devices come new challenges to ensuring accountability and transparency in government. Highlighting this is the question of how to manage messages transmitted through the Blackberry private messaging service known as "PINs," reports the Ottawa Citizen. After being questioned on the matter by the Citizen, Ottawa's city clerk and solicitor said staff "have not specifically considered them in the course of processing and responding to access requests because they are not used to dealing with PIN messages as responsive records for the purpose of access to information requests" and that staff dealing with such requests are to review PIN messages. Brian Beamish, Ontario's assistant information and privacy commissioner, says if the messages relate to city business, they are covered under the Privacy Act, but "It's not an issue we've dealt with."
Full Story

DATA PROTECTION

Experts Say Consumers Should Be Wary of Changes (February 3, 2012)

Consumers probably should be very concerned about their privacy on the Internet. That's according to a Calgary Herald report that discusses recent changes to online business practices, citing Google's recent announcement that it will begin combining the information it collects on an individual user and Facebook's rollout of its Timeline interface. Security analysts say richer behavioural data, "more readily available to advertisers...tend to aid and abet more unsavory uses," the report states.
Full Story

PRIVACY LAW

Opinion: BC Not Likely To Follow Ontario’s Lead (February 3, 2012)

The Ontario Court of Appeal recently created a right to sue for "deliberate and significant" invasions of privacy, causing speculation on how other provinces will treat privacy infractions going forward. Eileen Vanderburgh writes for the Insurance Law Blog that the BC Privacy Act creates a statutory tort for privacy violations that encompasses invasions such as that in the Ontario case, adding that recent court cases have "confirmed that there was no free-standing tort of invasion of privacy." Based on this and "the existence of the statutory rights of action...for damages," Vanderburgh writes, "it is not likely" BC courts will recognize a similar common law tort for "intrusion upon seclusion."
Full Story

ONLINE PRIVACY—FRANCE & U.S.

CNIL Asks Google To Halt Changes, U.S. Lawmakers Question Company (February 3, 2012)
France's data protection agency, CNIL, has asked Google to halt changes to its privacy policy, Bloomberg reports. The agency will "check the possible consequences for the protection of personal data" of Europeans given the changes, said Jacob Kohnstamm, chairman of the Article 29 Working Party. "We call for a pause in the interests of ensuring that there can be no misunderstanding about Google's commitments to information rights of their users and EU citizens until we have completed our analysis," said Kohnstamm in a letter to Google's CEO.

SOCIAL NETWORKING

Privacy Laws, Hacking Are “Risk Factors” in Facebook IPO (February 2, 2012)
In its IPO filing, Facebook said that potential privacy legislation, evolving attitudes around user privacy and cyberattacks, among others, contribute to "risk factors" for its business, The Wall Street Journal reports. The filing mentions privacy 35 times and includes "privacy and sharing settings" as one way the company creates value for users. Facebook expects "to continue to be subject" to future investigations but added that it has "a dedicated team of privacy professionals who are involved in new product and feature development from design through launch; ongoing review and monitoring of the way data is handled by existing features and apps, and rigorous data security practices." Stanford Law School's Ryan Calo said, "It just struck me about how aware they are of the vulnerabilities...They have a narrow path to walk, and their risk factors really dramatize that in a way we hadn't seen before." (Registration may be required to access this story.)

FINANCIAL PRIVACY

This Will Go Down on Your Permanent Record (February 1, 2012)

The New York Times explores one woman's efforts to delete her credit card information from a closed account at an online retailer--finding that, in effect, it is impossible. After hearing of large-scale breaches across the Internet, the woman decided that deleting the information from her closed Blockbuster account would be a safe thing to do; however, a response from customer service informed her that the company keeps her information "for accounting purposes" and it "cannot be removed." The woman's credit card company advised her to change her account number, which she did. (Registration may be required to access this story.)
Full Story