Canada Dashboard Digest

Many will have already heard the relatively big news this week: A new bill, S-4, was introduced in the Senate that will amend PIPEDA if it passes. I'm surprised it didn't actually get more news considering the fanfare when the government tabled it.

There is some skepticism about whether or not the government is serious this time around because it has introduced somewhat similar bills in the past only to let them die a slow and painful death. This new bill was introduced in the Senate, and some are speculating that this may have been done to try and get the bill passed quickly.

For sure, these amendments are a long time coming. Many of them are what I call “common-sense fixes." For example, getting the English and French versions of the law to jive with one another a bit better. Other more meaningful fixes are those that mirror the Alberta and British Columbia provisions dealing with employee personal information and business transactions.

The folks at the OPC are probably happy with the proposed amendments that will allow them to enter into compliance agreements with organizations. Essentially, these agreements will allow the OPC to monitor organizations for up to a year after the completion of an investigation to ensure that all recommendations are satisfactorily implemented.

Lastly, I think the codification of a breach notification scheme is a good thing, too. I don’t think this new scheme will have a significant impact because previous guidance from the federal commissioner has been clear that they expect notification to take place even without the codification in the law. So, I think most organizations have already been operating with this scheme in mind. But, getting clarity in any law is always a good thing, so I suppose it is in this case, too.

As far as the “new penalties” go, I again don’t think there’s too much to worry about. Before any penalty could be levied, a matter would have to be referred for criminal prosecution—something that probably won’t happen except in the most egregious cases. This is a far cry from the administrative monetary penalties that can be levied in some European jurisdictions directly by the data protection authority.

So, all in all, pretty good news for privacy in Canada—for some—this week. And when we also read that CRA employees were fired for privacy violations, perhaps privacy is something this government is realizing is a priority issue that people care about.

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

ONLINE PRIVACY

YouTube Developing Tool To Blur Faces (March 30, 2012)

YouTube is developing a tool that will allow faces in videos uploaded to the site to be blurred, addressing "privacy complaints from people featured without permission in other people's videos," InformationWeek reports. Victoria Grand, YouTube's director of global communications and policy, said currently, when such complaints are received, videos must be removed. "Once the blur tool is made available, video creators will have the option to edit the video in question so the complainant's face is blurred. This will allow the video to remain on YouTube," the report states. YouTube expects to have the technology available for use in online videos within a few months.
Full Story

PRIVACY LAW

Commissioner: School Breached Privacy Act (March 30, 2012)

After an investigation into the theft of an unencrypted flash drive containing the personal information of nearly 12,000 individuals, British Columbia Information and Privacy Commissioner Elizabeth Denham found that the University of Victoria did not meet its legal obligations to protect the sensitive data, The Victoria Times Colonist reports. Saying the incident is part of an "epidemic," Denham noted, "We've investigated over 500 data breaches in the last few years...I would say a good 30 percent of those data breaches involved unencrypted mobile devices." Denham also said that though the university did have privacy and security policies, "the institution failed to implement reasonable safeguards to protect data stored on the USB drive." University President David Turpin said the school accepts Denham's "thorough and thoughtful" findings.
Full Story

DATA LOSS

Organization Investigates Computers’ Disposal (March 30, 2012)

After it was discovered that 44 computers were recycled prior to their hard drives' removal, eHealth Saskatchewan is investigating the incident and reviewing its internal policies, The Regina Leader-Post reports. Thus far, 32 of the hard drives have been recovered, and it does not appear that sensitive data was accessed, according to the report. eHealth Saskatchewan CEO Susan Antosh does not believe the hard drives contained sensitive personal data. "We are sending them away for forensic analysis," she said, "just to ensure that there was nothing on there, and if there was, that will of course inform how we change our policies and procedures in the future." Saskatchewan Information and Privacy Commissioner Gary Dickson said, so far, he is "satisfied that they're taking the appropriate steps to investigate."
Full Story

PRIVACY LAW

OPC Revises Investigative Finding Language (March 30, 2012)

According to a press release, the Office of the Privacy Commissioner (OPC) has revised its investigative dispositions under the Personal Information Protection and Electronic Documents Act (PIPEDA). The alterations particularly concern the OPC's considerations of whether an investigation is resolved. "Well-founded and resolved" will now be "well-founded and conditionally resolved" for cases involving an organization that has breached PIPEDA and has committed to implement the OPC's recommendations "within a specified period of time." The OPC has also updated "resolved" findings to now read "well-founded and resolved," which, according to the report, "will help to ensure clarity...and will be reserved for cases where an organization has demonstrated that it has taken corrective action before a finding is issued."
Full Story

PRIVACY

Toews Speaks About Anonymous Videos (March 30, 2012)

Public Safety Minister Vic Toews was set to speak publicly this week about videos allegedly posted online about him from hacktivist group Anonymous, reports Canada.com. The backlash stems from Toews' support of Bill C-30 and has included videos of "sordid details of Toews' past and threatened revelations about those closest to him," according to the report. House of Commons Speaker Andrew Scheer agrees the videos could be considered "a breach of his privileges as a parliamentarian."
Full Story

PRIVACY

OPC Announces National Youth Privacy Video Contest Winners (March 30, 2012)

The Office of the Privacy Commissioner (OPC) has announced the winners of its fourth national video contest, myprivacy & me, which encourages youth between the ages of 12 and 18 to produce public service announcements on privacy issues related to social networking, mobile devices, online gaming or cybersecurity. The winning entries may be viewed on the OPC's youth website. Winners of this year's contest were selected by participants in the weeklong Encounters with Canada national youth forum.
Full Story

DATA LOSS

Business Advice for Data Breaches (March 30, 2012)

In light of recent large-scale breaches and the 2012 Verizon Data Breach Investigations Report, a column in The Montreal Gazette offers businesses advice for mitigating data breach risk and implementing breach response policies and best practices. In the House of Commons, Bill C-12 would require businesses to disclose data breaches to the Office of the Privacy Commissioner and to affected individuals, while businesses subject to PIPEDA would be required to appropriately respond to a breach. "We can anticipate that Quebec will introduce a similar obligation" in the near future, the report states, and businesses can take heed from guidance issued by the U.S. Securities and Exchange Commission to account for cybersecurity obligations.
Full Story

MOBILE PRIVACY

Report: Our Phones Are Ourselves (March 30, 2012)

A recent report by marketing communications firm JWT "suggests people's identities are becoming so tied to their phones that surrendering them soon will be akin to ceding financial, personal and professional control." Postmedia News reports on comments from JWT Planning Director for International Business Development Alex Pallete, who notes, "For the first time, all your identity is going to be in one item. That's an extremely powerful notion...But we'll do it because this will make our lives easier." Marc Choma of the Canadian Wireless Telecommunications Association suggests, "It's not just your phone anymore...People want to be able to access their entire lives with their phone."
Full Story

PRIVACY LAW—CANADA

Final Spam Regulations Released (March 29, 2012)

The Canadian Radio-television and Telecommunications Commission (CRTC) has released the final regulations to be enforced under Canada's Anti-Spam Legislation (CASL), which was passed into law more than a year ago, reports ITBusiness.ca. The CRTC received comments on the legislation from about 60 groups and 10 individuals, resulting in changes to the amount of contact information necessary in marketing e-mails and eliminating the two-click opt-out requirement. The law now reads, "any unsubscribe mechanism should be accessed without difficulty or delay and should be simple, quick and easy for the consumer to use." The law applies to all electronic messages, including instant messages and telephone accounts--and is expected to be enforced imminently, according to the report.
Full Story

INFORMATION ACCESS

Dickson: Police Salaries Not Public Information (March 23, 2012)

Saskatchewan Information and Privacy Commissioner Gary Dickson has stated that the City of Moose Jaw "exceeded its legal authority" when it included police employee salaries in its annual public accounts, recommending the Legislative Assembly make police services subject to the Local Authority Freedom of Information and Protection of Privacy Act. But the city solicitor says because the city had been publishing them before the enactment of the province's access and privacy law, they must continue to do so. Dickson says the larger issue is the "two-tiered system" that holds municipal police agencies to different standards, reports The Star Phoenix.
Full Story

DATA LOSS

Sensitive Documents Sent to Couple’s Home (March 23, 2012)

The Globe and Mail reports on a Toronto couple that received an envelope with three bundles of sensitive documents not intended for them. The envelope had the couples' address on it, but not their names, and was marked "internal" from Service Canada. The couple returned the private documents in person but said they don't understand how a package intended for a government building was delivered to their home. The error appears to have been a mistaken postal code. This is the second Service Canada breach this year. A spokesman said the department is reviewing the most recent error to determine how to prevent similar incidents in the future.
Full Story

DATA LOSS

Students E-mailed Detailed Spreadsheet (March 23, 2012)

The Certified General Accountants (CGA) Association of BC is assuring thousands of students that their personal information is safe after a breach, The Vancouver Sun reports. An e-mail was sent to 2,300 CGA students Tuesday that accidently included an Excel spreadsheet with 4,600 students' personal information, including names, gender, mailing and shipping addresses, birth dates, citizenship status and student ID numbers. Students were asked via a second e-mail to delete the e-mail containing the spreadsheet, and the student ID numbers have since been changed, said a spokesman. "The information can't be used for anything without any other authenticating material that wasn't included in that file," he added.
Full Story

EMPLOYEE PRIVACY

Advocates: Requiring Social Media Passwords Is Violation (March 23, 2012)

Providing the example of an interviewer at a law enforcement office requiring a job applicant's Facebook password to screen the applicant's photos on the site, a PostMedia News report explores the question of whether this practice violates personal privacy. There is no specific provision on collecting social media information within Canada's employment privacy laws, the report states, and according to one business lawyer, it is legal. However, one privacy lawyer notes that collected information must be "reasonable," adding, "If a person interviewing you asked for your diary or photo album, would that be reasonable?" Meanwhile, legislators in two U.S. states recently proposed laws that would make this practice illegal.
Full Story

HEALTHCARE PRIVACY

Medical Waste Spill Exposes Patient Data (March 23, 2012)

After medical waste--including patient information stickers--was found on a St. John's street, Information and Privacy Commissioner for Newfoundland and Labrador Ed Ring said that if any of the eight people affected would like to file a complaint, they should contact his office. VOCM reports that the waste, including fluid samples, involved Eastern Health, which has briefed the commissioner on the incident and its follow-up process and is conducting an investigation. Ring says whether his office will take further action is dependent on Eastern Health's response.
Full Story

DATA PROTECTION

Opinion: “Big Data” Brings About Greater Good (March 23, 2012)

The world of "Big Data" is upon us, and we can't escape it, reports The Calgary Herald. "The minute we turn on our phones, make payments online, post a comment on Facebook or rate a restaurant on Yelp, we feed this Big Data," the report states, pointing out how large data sets work to power movie selection, political campaigns and health research. But with health research, most information "is locked away." The article predicts, "if the greater good were at stake, government and consumers alike will learn how to use...data properly--aggregating information without identifying personal information."
Full Story 

SOCIAL NETWORKING

Facebook Delays Policy Changes (March 23, 2012)

Facebook has received enough comments about planned changes to its privacy policy that is has delayed its implementation, ZDNet reports. Approximately 526 comments were made in English, while 36,878 comments were made in German, according to the report. German officials have been critical of the proposed changes, claiming they violate German and EU privacy laws. In a press release, data protection authorities in Hamburg and Schleswig-Holstein said the changes place more of the privacy responsibilities on the users rather than the company. Mortiz Karg, a spokesman for Hamburg's data protection authority, said, "It's the user's right to decide what happens to their data." Officials are also skeptical of the company's use of facial recognition technology, PCWorld reports. Karg added, "We are actually working on an order to change that."
Full Story

ONLINE PRIVACY

HTTPS By Default Headed Toward Users (March 22, 2012)

A Firefox bug that allowed users' search queries to be easily observed has been fixed, according to Mozilla. The bug was discovered by privacy researcher Christopher Soghoian last year, who reported to Mozilla that anyone with Deep Packet Inspection tools--namely ISPs and governments--could easily view a users' HTTP connections. Mozilla has since enabled HTTPS by default, "thereby making privacy protection available to all users of its browser," the report states. A Mozilla spokesperson said it is testing the change and it may be a few months before Firefox users see it. The Electronic Frontier Foundation has been encouraging such changes via its HTTPS Everywhere campaign, InformationWeek reports.
Full Story

DATA PROTECTION

Malicious Breaches Rising, Recovery Costs Falling (March 21, 2012)

Ars Technica reports on a new study of data breaches that found criminal activity and malicious attacks are increasingly behind data breaches. The Ponemon Institute survey--which was sponsored by Symantec and followed 49 organizations with more than 400 IT, compliance and security professionals--found that such attacks accounted for 37 percent of data breaches last year, up six percent from the year before. More than two-thirds of the attacks were electronic. Twenty-eight percent involved physical theft. Additionally, 33 percent of malicious attacks involved company insiders. Meanwhile, a second study found that the cost of breaches is falling for the first time in seven years.
Full Story

PRIVACY LAW—EU & U.S.

Officials Discuss the Future of Privacy, Cooperation (March 20, 2012)
At the High Level Conference on Privacy and Protection of Personal Data, held simultaneously in Brussels and Washington, DC, on Monday, European and U.S. leaders discussed the development of online privacy rules on both sides of the Atlantic and opined on what must happen between the two to protect online users and facilitate innovation and trade critical to the world economy, The Hill reports. EU Justice Commissioner Viviane Reding and U.S. Commerce Secretary John Bryson issued a joint statement pledging to work together, but some experts say that may be tricky. U.S. FTC Commissioner Julie Brill said, however, that the U.S. and EU share common principles on privacy. Reding said an EU-U.S. agreement is "the missing piece."

INFORMATION ACCESS

Supreme Court Hears Appeal on Jury Vetting (March 16, 2012)

The Supreme Court this week heard arguments in a case that seeks to overturn fraud and murder convictions based on the Ontario Crown's use of juror vetting, Postmedia News reports. The Ontario Court of Appeals dismissed earlier appeals claiming that police and prosecutors conducted secret background checks on jurors, affecting certain trials. The cases prompted an investigation by Ontario Privacy Commissioner Ann Cavoukian, who determined the background checks had violated privacy legislation and ordered an end to the practice. A decision by the Supreme Court "isn't expected for several months," according to the report.
Full Story

PRIVACY LAW

Supreme Court Exempts Gov’t From Releasing Docs (March 16, 2012)

A Newfoundland and Labrador Supreme Court ruling says a wide range of government documents are "beyond the reach of the province's information and privacy watchdog," CBC News reports. Information and Privacy Commissioner Ed Ring had filed a lawsuit over the government's refusal to release documents pertaining to e-mails, allegedly threatening in nature, sent from a cabinet minister's aide to a political candidate. Meanwhile, Russell Wangersky opines in The Telegram about a separate case, also involving the government's refusal to release political documents to Ring, that the Access to Information Legislation in Newfoundland and Labrador is "clearly a law of convenience."
Full Story

PERSONAL PRIVACY

Utility Allows for Smart Meter Opt Out (March 16, 2012)

In a modification to its original proposal, Hydro-Quebec will now allow for an opt-out clause in its rollout of smart meters, the Montreal Gazette reports. Customers choosing to opt out would pay an additional $200 per year, according to the proposal. Meanwhile, San Diego Gas & Electric has announced a partnership with the Ontario Information and Privacy Commission as it implements smart meters in its electrical grid, the Toronto Star reports. The partnership is the first in the U.S. and sees the utility incorporating privacy by design. Ontario Information and Privacy Commissioner Ann Cavoukian said utilities should be concerned about the drastic effects a privacy breach can have on a utility's public relations. "Utilities shouldn't be asking how much money it costs, they should be asking how much money it will save," she said.
Full Story

DATA PROTECTION

Study: Like Your Privacy? Don’t Lose Your Phone (March 16, 2012)

A recent study in which a researcher dropped 50 phones in five major cities found that smartphone users should expect that their privacy will not be protected if they should ever lose their device, The Globe and Mail reports. Researcher Scott Wright and security software company Symantec's study found that after Wright dropped the phones in Los Angeles, New York, Ottawa, San Francisco and Washington, DC, 96 percent of the phones were accessed and their contents--including pictures, e-mail and online banking statements--attempted to be thumbed through, though the phones were rigged to deny access. The photo app was most frequently tried for access.
Full Story 

HEALTHCARE PRIVACY

Opinion: Unlock the Treasure Trove of Health Data (March 16, 2012)

In The Vancouver Sun, a former health minister says British Columbia should "unlock the treasures hiding in our data and use them to save lives." Colin Hansen, Liberal MLA for Vancouver-Quilchena, says that BC has one of the best collections of health data on the globe and "if we allowed people we trust to open it" and analyze it, thousands of lives and billions of dollars could be saved. "This is one of those rare opportunities where there are no downsides, only remarkable potential benefits," Hansen writes. "The protection of individuals' privacy must be paramount. And it is. BC has the safeguard to guarantee privacy is protected."
Full Story

ONLINE PRIVACY

Opinion: The Cyber Panopticon Has Arrived (March 16, 2012)

Almost 40 years after Foucault's comparison of society to the panopticon, "a terrifying, circular prison pierced in the centre by a single watchtower," Shannon Gormley writes for the Ottawa Citizen that we now live in the age of "the cyber panopticon...in which our every move--our every test score, growth spurt and parking ticket--is documented, analyzed and, sometimes, used against us by educational, medical and police bureaucracies." Gormley suggests that in this time of social networking and online sharing, "now we face a prisoner's dilemma...do we give up our information freely, or keep it private and hope that our friends and enemies will do the same?"
Full Story

TRAVELLERS’ PRIVACY

Airport Security Plan Raises Privacy Concerns (March 9, 2012)

The federal privacy commissioner's office has sent a letter to Canada's air security agency expressing privacy concerns over a new airport security plan, The Globe and Mail reports. "We believe that the information collected is adequate to identify an individual," the letter states, "and may be easily linked to other sources of identifiable information." The commissioner's office has also asked the agency to provide "empirical evidence" that its passenger behaviour observation program effectively locates potential terrorists. The agency says its database is secure with limited access and identifiable information is not shared. Speaking for the Office of the Privacy Commissioner, Anne-Marie Hayden said the air security authority has assured the commissioner that security officers will not collect personal information, but, "That said, we have not yet had the opportunity to view samples of information collected to evaluate."
Full Story

PERSONAL PRIVACY

Smart Grid “Privacy by Design” Paper Released (March 9, 2012)

Ontario's Office of the Information and Privacy Commissioner and San Diego Gas & Electric (SDG&E) have released a paper documenting "the incorporation of Privacy by Design into SDG&E's smart grid initiative," marking a first-of-its-kind partnership in the U.S., PR Newswire reports. "Privacy is a fundamental right of every one of our customers and a priority of the company," said Caroline Winn of SDG&E, who authored the paper with Ontario Information and Privacy Commissioner Ann Cavoukian. "I am very pleased to be working with SDG&E to ensure that our innovative privacy framework is an integral part of the smart grid deployment," Cavoukian said.
Full Story

FINANCIAL PRIVACY

Stoddart Concerned About Anti-Money Laundering Plan (March 9, 2012)

The Canadian Press reports on Privacy Commissioner Jennifer Stoddart's comments before a Senate committee regarding concerns with the government's plan to expand the anti-money laundering agency Fintrac. "We shouldn't strengthen this regime--because of its impact on Canadians--until we have done some more research on its effects," she said. Stoddart is concerned that the expansion would result in Fintrac "examining large numbers of harmless transactions, such as money transferred by parents to children studying abroad, or remittances sent by naturalized Canadians to family members overseas," the report states. If Fintrac's powers are expanded, she said, more oversight should be put in place.
Full Story

ONLINE PRIVACY

Opinion: Individual Privacy “A Modern Invention” (March 9, 2012)

In a column for The Ottawa Citizen, David Warren looks at the push and pull between Internet use, communication and calls for privacy protections. He suggests that when it comes to privacy, "A lot of things in life are extremely simple, but ever so difficult, in the same way." He suggests, "Privacy for 'the individual' is largely a modern invention: a 'right.' which in fact requires wealth." He contends that it is not possible to have "a completely open medium of communication, in which privacy is assured...nothing can be simultaneously open and closed."
Full Story

SURVEILLANCE

Opinion: Bill C-30 Goes Too Far (March 9, 2012)

In a column for The Intelligencer, Anne Rector writes that Bill C-30 will easily connect "innocent online activity with personal identity" without a judicial check and balance. "Bill C-30 goes too far," she opines. "Judges are society's sober second thought--let's hope the Senate rises to political sobriety. Those appointed to the bench must be legally convinced before authorities can proceed to delve more deeply into our lives." Rector adds that she would rather have a "learned judge to have last say protecting my privacy from power."
Full Story

DATA PROTECTION

Survey: InfoSec Increasingly Important (March 8, 2012)

Consumers are growing more aware and concerned about how companies protect their data, according to a survey released this week. Edelman Global Chair of Technology Pete Pedersen says companies should exercise transparency and be proactive if a breach occurs. The survey, conducted on behalf of Edelman by StrategyOne, sampled 4,050 adult consumers in seven countries and found that 90 percent of consumers are concerned about data security and 80 percent said they know more today about data protection than they did five years ago. Pedersen said one of the most surprising discoveries was that 84 percent of respondents said security was important to them, but only 33 percent said they expected companies to adequately protect their data.
Full Story

PRIVACY

Privacy Pro Garners All Five CIPP Certifications (March 8, 2012)

Shortly after the unveiling of the IAPP's newest certification--the CIPP/E--Accenture North American Director of Legal Services and Data Privacy Compliance Benjamin Hayes, CIPP/US, CIPP/G, CIPP/C, CIPP/IT, CIPP/E, became the first IAPP member to achieve all five certifications. In this exclusive for The Privacy Advisor, Hayes discusses what the certifications mean not only for his job but for aspiring privacy professionals and what achieving a "blackbelt" in privacy might mean.
Full Story

PRIVACY

2012 Salary Survey Examines Trends (March 7, 2012)

The IAPP's 2012 Privacy Professionals Role, Function and Salary Survey, which is being released at the Global Privacy Summit, examines compensation levels and key trends as reported by respondents from the organization's diverse membership. This year's survey includes data and comparisons on issues including how privacy professionals allocate their time across different responsibilities, what career paths they are pursuing and their placement within their organizations. Other information included in the survey includes which industry sectors are most represented by privacy professionals; the size of organizations with in-house privacy staff, and what privacy professionals report as the most time-consuming tasks they oversee in their work.
Full Story

ONLINE PRIVACY

Philosophical Questions at the Heart of OBA Issues (March 5, 2012)

In The Atlantic, Alexis Madrigal explores the relationship between our "digital and physical selves," which he says is at the heart of consumers' concerns about online data collection. Currently, data collectors do not connect your online tracking data to your name, but "If and when that wall breaks down, the numbers may overwhelm the name. The unconsciously created profile may mean more than the examined self I've sought to build," Madrigal writes. In an interview with The Inquirer, Jeffrey Rosen says this version of the future is not inevitable, but "Privacy is not for the passive...This is an area where civic engagement and protest work." For marketers, he says, "It's a constant tug-of-war. There is huge economic pressure to see how much tracking people will accept."
Full Story

ONLINE PRIVACY

Stoddart: Clearer Google Privacy Policy Needed (March 2, 2012)

In light of yesterday's implementation of Google's new consolidated privacy policy, Canada Privacy Commissioner Jennifer Stoddart has sent a letter to the company expressing privacy concerns, The Chronicle Herald reports. Noting the policy was "a step in the right direction," Stoddart added, "We strongly encourage you to make it clearer to users that if they are uncomfortable with these new uses of information, they can create separate accounts. This is not clearly stated in your privacy policy." Regulators and privacy advocates from around the globe are expressing similar concerns. EU Justice Commissioner Viviane Reding says the changes do not comply with EU data protection rules, and Privacy International's Alexander Hanff has filed a monetary claim against the company. Google Director of Privacy Alma Whitten has defended the company's changes.
Full Story

PRIVACY

Think Before Publicizing Privacy Policy Updates (March 2, 2012)

The privacy news of late has been rife with reports about privacy policies. In the March edition of The Privacy Advisor newsletter, IAPP members offer up advice to consider before publicizing privacy policy updates. "We recommend that you think about...five considerations when making changes to your privacy policy," say Mehmet Munur, CIPP, Sarah Branam and Matt Mrkobrad, CIPP/US/G, adding the considerations should "help you educate your users; be transparent and accurate in disclosing your practices, and steer clear of regulatory scrutiny." (IAPP member login required.)
Full Story

SOCIAL MEDIA

Tweet Sales: A Game-Changer? (March 2, 2012)

The Financial Post reports on Twitter's plans to sell archived tweets to two data mining companies. One company, DataSift, will "release Twitter data in packages that will encompass the last two years of activity for its customers to mine," the report states, while the company Gnip will offer a "short-term data package." While one advocate described the harvesting as "game-changing," another expert said, "The only privacy risk is marketers being able to do more with the data, faster." DataSift CEO Rob Bailey said, "The only information that we make available is what's public. We do not sell data for targeting advertising."
Full Story

PRIVACY LAW

Opinion: Debate, If Misguided, Continues Over C-30 (March 2, 2012)

The debate over the Protecting Children from Internet Predators Act (C-30) is somewhat off the mark, opines Jordon Cooper for The Star Phoenix. "If privacy is what we are concerned about, we are years too late. That information is bought, sold and commercialized daily, and it's only going to get worse in the future," he writes. Meanwhile, Alan Shanoof opines for the Toronto Sun that anyone concerned about the effects Bill C-30 would have on privacy "should be concerned about the "actual erosion of privacy rights in existing federal law known as the Personal Information Protection and Electronic Documents Act."
Full Story

HEALTHCARE PRIVACY

Opinion: Residents Should Carefully Consider e-Health Option (March 2, 2012)

The Quebec government "has not done a stellar job of informing the population of digitization or what it could mean in terms of public privacy" when it comes to the transition to electronic health records, states an editorial in The Montreal Gazette. The system will automatically opt in every Montreal resident registered with Quebec's health insurance plan unless they fill out a refusal form by March 30. Despite the government's best intentions, there are concerns to be considered, the report states, including data that shows there was a 97-percent increase in healthcare breaches in the U.S. from 2010 to 2011.
Full Story

PRIVACY LAW—CANADA

Commissioner: Kids’ Networking Site Breached Law (March 1, 2012)
Privacy Commissioner Jennifer Stoddart says her office's first investigation into a social networking site for youngsters has highlighted flaws that must be addressed in order to bring Nexopia into compliance with Canadian privacy law. "Our investigation found Nexopia has inappropriate default privacy settings; provided inadequate information about a number of privacy practices, and keeps personal information indefinitely--even after people select a 'Delete Account' option," Stoddart says.

DATA PROTECTION

Experts: C-Suite Realizing Breaches’ Effect on Bottom Line (March 1, 2012)

C-suite officers are now understanding the impact on earnings that cyber threats and breaches can have and are asking about the state of preparedness. That's according to a panel of experts at the RSA Conference in California on Wednesday, including Computer Sciences Corp.'s David McCue, who said security pros "must understand how to communicate effectively with their bosses to not only explain the threats but also to make the case for budget," reports SC Magazine. Discussions with head management need to be more business-oriented and less jargon-filled, said another expert.
Full Story

ONLINE PRIVACY

Mozilla Offers New Web-Tracking Tool (March 1, 2012)

In Forbes, Kashmir Hill describes a new tool released by Firefox browser provider Mozilla. Called Collusion, the tool lets a user view how he or she is being tracked online. Mozilla CEO Gary Kovacs said, "We are being watched. It's now time for us to watch the watchers." Though the new tool does not describe what each tracker does, Hill breaks down various tracking tools and widgets that are found on the Forbes site when a user visits to read her articles. Editor's Note: The IAPP will host the web conference Online Behavioral Advertising--The Current Global Landscape on Thursday, March 22.
Full Story