Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

EMPLOYEE PRIVACY

Companies Plan Social Network Monitoring Programs (May 31, 2012)

Research firm Gartner says digital surveillance in the workplace is on the rise, ZDNet reports. Companies are aiming to increase their watch on employees' social networking use, Gartner says, and about 60 percent of corporations will have programs in place to monitor accounts for security breaches and data leaks by 2015. But there are risks of going too far, the report states, such as if an employer were to visit a Facebook page to review an employee's sexuality or marriage status. Meanwhile, CBR also reports on employers' social network monitoring, citing U.S. lawmakers' proposed legislation on the matter and a lack of clarity when it comes to UK laws.
Full Story

SOCIAL NETWORKING—CANADA

Commissioner: Some Sites Disregard Privacy Laws (May 30, 2012)

CBC News reports on comments by Privacy Commissioner Jennifer Stoddart before a House of Commons committee calling for stronger sanctions when social media companies ignore privacy laws. "This is the age of big data where personal information is the currency that Canadians and others around the world freely give away," she said, adding, "I have become very concerned about the apparent disregard that some of these social media companies have shown for Canadian privacy laws." Stoddart told the committee that Canada's Personal Information Protection and Electronic Documents Act is too weak and stricter penalties are needed, the report states.
Full Story

PERSONAL PRIVACY—CANADA

VA Report Revives Potential Privacy Violations (May 29, 2012)

The Canadian Press reports that an outside investigation initiated by the Department of Veterans Affairs has revived concerns that veteran Sean Bruyea's privacy was violated. The outside report, headed by a former senior official, found no "malice" or "fault" in VA officials' actions. In a letter to the privacy commissioner, Bruyea said he was not asked for his consent. "In authorizing this investigation and releasing unprecedented large amounts of my personal information" to the investigators, "it is apparent that senior officials grossly and flagrantly broke privacy laws in order to solicit a report which would justify their breaking of those same laws in the first place," Bruyea wrote.
Full Story

PRIVACY LAW

Some Authorities Push Ahead, Others Back Off Google Inquiries (May 29, 2012)

Bloomberg reports Google may face further action from the UK Information Commissioner's Office following the U.S. Federal Communications Commission (FCC) report on Google's Street View data collection practices. Australian Privacy Commissioner Timothy Pilgrim, however, says his office will not launch a second investigation after examining the FCC report. Meanwhile, two U.S. legislators have called on the U.S. Justice Department to consider looking further into the matter. "Previous statements and testimony from Google indicated that the privacy violation was unintentional, but a recent investigation by the Federal Communications Commission casts doubt on those statements," said Reps. John Barrow (D-GA) and Frank Pallone (D-NJ).
Full Story

PRIVACY LAW

Consumer Group Launches Ad Against C-30 (May 25, 2012)

Following Public Safety Minister Vic Toews' statement last week refuting a news report that the government would halt progress on Bill C-30, a consumer group has released an online ad opposing the proposed law, CBC News reports. The ad says the bill "will let the government create profiles of Internet users and allow online use to be traced back to the user," and the information will be more vulnerable to hackers. Meanwhile, Michael Geist opines in the Ottawa Citizen that the "secrecy and backroom industry talks associated with Bill C-30 provides yet another reason to hit the reset button."
Full Story

DATA PROTECTION

Denham Discusses Accountability Program (May 25, 2012)

In a recent interview with Hunton & Williams' Marty Abrams, British Columbia Information and Privacy Commissioner Elizabeth Denham discussed the guidance she recently issued in conjunction with the Office of the Privacy Commissioner of Canada and the Office of the Information and Privacy Commissioner of Alberta. "Getting Accountability Right with a Privacy Management Program" addresses Denham's expectations for accountable privacy programs, reports Hunton & Williams' Privacy and Information Security Law Blog. Denham said the program is a "tool to help organizations comply with the law" and is "a roadmap to sound data governance."
Full Story

DATA PROTECTION

Accused Clerk Had Access to Sensitive Records (May 25, 2012)

The Ottawa Citizen reports on an accused criminal who worked on the Conservative Party's database of sensitive donor information. The data entry clerk had worked for the party since 2008. Her duties included the receipt and processing of donor financial information, including credit card numbers, before she was arrested by Ottawa police. A Conservative Party spokesman said he's confident none of the sensitive data was compromised. The revelation comes a week after a report to Canada's privacy commissioner raising concerns about data held by political parties noting "trends that are unmistakable and concerning."
Full Story

PRIVACY LAW

Bill Would Allow Paramedics To Demand Victim Blood Tests (May 25, 2012)

A Times Colonist editorial on British Columbia's Emergency Intervention and Disclosure Act says the compulsory diagnostic tests the bill would require are "a huge invasion of privacy." The bill would allow paramedics to demand blood tests from accident victims in order to protect first responders from coming into contact with infected blood. In response, Margaret MacDiarmid, the minister responsible for the proposed act, writes in The Victoria Times Colonist that "privacy protection is a major consideration when developing new legislation" and that ministries "have tools to determine the privacy impacts...and privacy analysts assist them with resolving or mitigating those impacts."
Full Story

PRIVACY LAW

International DPAs Meet on Enforcement (May 24, 2012)

A dozen privacy enforcement authorities from around the world met at a two-day event in Montreal last week to explore ways to cooperate on enforcement. In this exclusive for The Privacy Advisor, Sophie Paluck-Bastien reports on the efforts of the temporary working group formed under the Resolution on Privacy Enforcement Co-ordination at the International Level adopted at the 33rd International Conference of Data Protection and Privacy Commissioners last year. "The group agreed that there is nothing to be gained from a dozen authorities investigating the same incident in silos and everything to be gained from them using their limited resources in a concerted fashion," Paluck-Bastien writes.
Full Story

ONLINE PRIVACY

Company Keeps Data Practices Behind Closed Doors (May 23, 2012)

The New York Times reports on the data collection practices of Google. "The tale of how Google escaped a full accounting for Street View," the article states, "illustrates not only how technology companies have outstripped the regulators but also their complicated relationship with their adoring customers." Michael Copps, a former commissioner with the Federal Communications Commission, said, "The industry has gotten more powerful; the technology has gotten more pervasive, and it's getting to the point where we can't do too much about it." Meanwhile, in a Salon.com column, David Rosen writes, "Unless you have the time or the technical know-how to encrypt your digital communications, none of what you transmit--however personal...is 'private.'" (Registration may be required to access this story.)
Full Story

BIG DATA

Kaspersky: Too Much Data Is Collected (May 23, 2012)

Speaking at a conference this week, Kaspersky Lab CEO Eugene Kaspersky warned that too much data is being collected about individuals, COMPUTERWORLD reports. "We can forget about privacy," he said, adding, "There's no privacy anymore." Kaspersky said the increased use of CCTV and online tracking makes it "a national security issue," and argues that this kind of "data can be used not just against people but against nations." The IT security expert advocated for regulation. "We should make it forbidden to collect so much information about you," Kaspersky said.
Full Story

PRIVACY LAW—CANADA & U.S.

Survey Finds Lack of Preparedness for C-28 (May 22, 2012)

A new survey indicates "an overwhelming lack of preparedness" for a Canadian law aiming to regulate spam messages, according to law firm Fasken Martineau, which conducted the survey. Polling marketing executives based primarily in the U.S., the survey found 60 percent were unaware of Bill C-28, which will require recipient consent before a commercial electronic message can be sent to Canada. The survey also found that of those who were aware of the bill, 75 percent were not aware of the penalties and only 27 percent of respondents knew that compliance with U.S. do-not-call legislation does not ensure C-28 compliance.
Full Story

DATA PROTECTION

BYOD Risks Create Opportunities for Vendors (May 18, 2012)

In this era of "bring your own device" to the workplace, IT administrators are having an increasingly difficult time protecting networks from data leakages. The issue has opened up market opportunities for a wide variety of vendors, reports Network Computing. A recent study by Enterprise Strategy Group found that end users are "looking to tackle issues like data sharing, portability and access from multiple intelligent endpoint devices, creating a conundrum for IT as it needs to balance business enablement, ease of access and collaborative capacity with the need to maintain control and security of information assets," the report states.
Full Story

DATA PROTECTION

Opinion: Gov’t Data Collection Should Be Minimal (May 18, 2012)

In the last of a three-part series for Reuters on the benefits and risks of sharing personal information, Rotman School of Management Prof. Don Tapscott discusses how the vast amount of data moving online can become an attractive tool for governments and corporations, noting it's difficult to restrict the information they're able to access. "But we still need to resist attempts of governments to collect unnecessary information. We still need to fight for the basic privacy principle of 'data minimization,'" Tapscott writes, adding, when sharing data, it's important to remember that "with openness can come vulnerabilities."
Full Story

PRIVACY

Federal Budget Cuts Will Impact OPC, OIC (May 18, 2012)

Postmedia News reports that sweeping cuts mean the budgets of both the Office of the Privacy Commissioner (OPC) and the Office of the Information Commissioner (OIC) will be cut by five percent. Both offices are also planning a move to new headquarters, adding to the financial strain. An OPC spokesman commented that the office "cannot absorb this without significant impact on our core programs." An OIC spokeswoman noted a potential risk that "investigations of cases will take more time leading to potential judicial review, thus increasing the cost to taxpayers."
Full Story

PERSONAL PRIVACY

Hunters’ Data Held By U.S. Company Raises Hackles (May 18, 2012)

Hunting and fishing license applications from Ontario citizens will soon be processed and stored by a U.S.-based company, causing concern that the U.S. government will have access to Ontarians' personal information. Natural Resources Minister Michael Gravelle says the company signed a contract agreeing to uphold Ontario privacy laws, adding, "There will be no release of the information that's there as a result of the company in the states having that information." The Canadian Press reports that hunters and anglers are concerned that U.S. Homeland Security officials could override that contract using the USA PATRIOT Act and use the information during border crossings.
Full Story

EMPLOYEE PRIVACY

Dickson: Health Authority OK To Post Employee Data (May 18, 2012)

An investigation by Saskatchewan's information and privacy commissioner has found the Regina Qu'Appelle Regional Health Authority did not breach employees' privacy when it published their names and salaries online, reports the Leader-Post. The office found "there is legal authority that says the name and the salary made by an employee of a local authority--and that includes a regional health authority--is not protected personal information." However, Commissioner Gary Dickson does have concerns over the risks associated with making public this information and is encouraging implementing safeguards to protect the data from misuse.
Full Story

PRIVACY LAW

Study: Political Parties Hold “Vast Databases” of PII (May 18, 2012)

A research study commissioned by Privacy Commissioner Jennifer Stoddart has validated her concerns that the quantity of data held by Canadian political parties--and the way they use that data--amount to a "serious information and privacy issue." The Canadian Press reports that the study's authors concluded, "For the most part, individuals have no legal rights to learn what information is contained therein, to access and correct those data, to remove themselves from the systems or to restrict the collection, use and disclosure of their personal data." Stoddart has no jurisdiction to enforce privacy rules on political parties, meaning public pressure will be integral to changing practices, the report states.
Full Story

PRIVACY LAW

Teacher Pornography Case Goes Back to Court (May 18, 2012)

A case involving a teacher charged with possessing child pornography is now with the Supreme Court of Canada, reports CBC News. An Ontario Court of Justice decision on the case said the police had infringed on the teacher's "reasonable expectation of privacy." The Court of Appeal then ruled that images obtained from the teacher's personal e-mail account were not admissible because police had obtained them without a warrant, but photos on the computer were found during a routine maintenance procedure and were, therefore, admissible. Authorities said they believed they had the right to conduct the search because the computer was school board property.
Full Story

PRIVACY LAW

Opinion: Bill C-30 Is “Dead in the Water” (May 18, 2012)

According to an op-ed in The Globe and Mail, Bill C-30 is dead and any further efforts to allow police to track people online will "have to start from scratch." C-30 would have required ISPs to hand over identifying information about users and received strong objections from Canada's privacy commissioners. The article states that sources say the bill won't come to a House debate before the summer recess, effectively making it "dead in the water."
Full Story

BEHAVIOURAL TARGETING

Opt-Out Tool Coming Soon (May 18, 2012)

The nonprofit digital marketing and advertising trade association IAB Canada is partnering with the U.S.-based Digital Advertising Alliance to adopt its self-regulation program, reports The Canadian Press. The program includes an icon appearing on a computer screen when behavioural targeting is taking place. The icon links to an opt-out feature recognized by about 160 advertisers. The program is expected to be in place by the end of 2012.
Full Story

SOCIAL NETWORKING

Facebook Clarifies Changes on Updated Policy (May 18, 2012)

Forbes reports on changes being made to Facebook's data-use policy, including how it reserves the right to serve ads to users outside of Facebook and a clarification on how long it keeps user data received from advertisers and third parties. Users can provide feedback on the site. The updated policy also provides explanations on how cookies work on the site, what data developers receive when a user downloads an app and what the company does with users' data after deleting an account. Sarah A. Downey, an online privacy analyst at Abine, says users' expectations have changed. "The assumption in 2004 was that people wanted to be private and would set things to public," she said. "Now, Facebook assumes that all activity will be public."
Full Story

PRIVACY LAW

CNIL To Sit Down with Google (May 17, 2012)
French data protection authority CNIL has scheduled a meeting with Google to more closely examine changes to the company's privacy policy, BBC News reports. The company consolidated its 60 privacy policies into one in March, prompting the CNIL to ask questions on the legality of the move and on how user data would be shared. The CNIL says it was not satisfied with the company's answers and wants to "untangle the precise way that specific personal data is being used for individual services and examine what the benefit for the consumer really is," said CNIL's president.

DATA PROTECTION—CANADA

Gov’t Plans To Eliminate SIN Cards (May 16, 2012)
In an attempt to save money and protect privacy, the Canadian government has introduced plans to cut the nation's social insurance number (SIN) cards, The Globe and Mail reports. The cards--which help government track income, taxes and eligibility for various public programs--lack many of the modern security features utilized by credit cards and driver's licenses. The Office of the Privacy Commissioner (OPC) approves of the proposal. An OPC spokesman said, "If fewer people wind up carrying a SIN card with them as a result of the change, that will be a positive development for privacy."

PRIVACY LAW—CANADA

BC Commissioner Weary of Four Draft Laws (May 14, 2012)

British Columbia Information and Privacy Commissioner Elizabeth Denham has expressed concerns over four pieces of provincial legislation because of potential conflicts with personal privacy and government transparency, The Victoria Times Colonist reports. In letters sent to provincial ministers, Denham has asked the government to withdraw the Emergency Intervention Disclosure Act and is asking lawmakers to alter a law on pharmaceutical drug prices because it gives the health minister too much authority over personal information disclosures; the Coastal Ferry Act because it's a "step backward" for transparency, and the Animal Health Act because it compromises freedom of information legislation, the report states. 
Full Story

SOCIAL NETWORKING

Privacy Case Goes to Supreme Court (May 11, 2012)

A Nova Scotia teenager has brought her cyber-bullying case to the Supreme Court of Canada this week where it will be decided if she can keep her name private while bringing a defamation charge against her alleged bully. The case, known as A.B. v. Bragg Communications, pits freedom of the press against the “vulnerability of young girls subject to online sexualized bullying and the risk of harm if they're required to reveal their identity and republish comments,” reports Canada.com. Last year, the Nova Scotia Court of Appeal ruled against the teen, saying, "To be able to proceed with a defamation claim under a cloak of secrecy is contrary to the quintessential features of defamation law."
Full Story

DATA LOSS

Election Officials Mistakenly Expose Voter Data (May 11, 2012)

Premier David Alward told a legislative assembly Wednesday that Elections New Brunswick (ENB) mistakenly distributed a disc containing voters’ personal information, including phone and driver’s licence numbers, CBC News reports. Alward said, “This incident appears to be (a) case of human error on the part of the voter information systems manager” at ENB, and added, “we will expect a full investigation and report.” New Brunswick Privacy Commissioner Anne Bertrand said the incident could be the largest breach in the province’s history, but by Thursday afternoon, 43 of the 57 voter lists have been returned.
Full Story

DATA PROTECTION

Veterans Affairs Institutes New Privacy Rules (May 11, 2012)

The Veterans Affairs Department has implemented changes to improve privacy protections of veterans’ personal information, the National Post reports. The changes--which include increased privacy training, awareness and monitoring as well as limited access to personal records and tougher sanctions on those who breach the new rules--come two months after it was revealed that an ex-soldier’s personal data was disclosed in an alleged smear campaign.
Full Story

SOCIAL NETWORKING—CANADA

Lawmaker Calls for Parliamentary Investigation (May 11, 2012)

A Canadian Member of Parliament (MP) is urging a parliamentary committee to investigate whether social media sites have implemented an appropriate level of privacy protection for citizens, CBC News reports. Quebec MP Charmaine Borg is set to bring forth a motion Tuesday at a House of Commons Committee on Access to Information, Privacy and Ethics meeting calling on MPs to probe privacy measures taken by social media sites. "Times are changing, and Parliament needs to keep up," said Borg. "This is the new frontier in managing Big Data and keeping Canadians' privacy safe from the appetites of market research interests." Borg's motion includes a specific call to investigate children's privacy protection on social media sites, the report states.
Full Story

HEALTHCARE PRIVACY

Opinion: “BC Must Make A Bold Move” with Big Data (May 11, 2012)

BC has an important place in the Big Data Age, opines Miro Cernetig for The Vancouver Sun. The province has been digitizing health records for more than a generation, creating a massive trove of data capable of revealing things it would take human researchers years to discover, Cernetig writes. Despite privacy concerns that Big Data “can easily morph into Big Brother if privacy safeguards are not in place,” Cernetig says privacy is protected with existing technologies and laws. “We are at a moment when we must make a bold move. Find ways to open up BC’s healthcare records to research, unleash its benefits and make BC an epicenter of the Big Data revolution,” Cernetig writes.
Full Story

PRIVACY LAW

OIPC Releases First PHIA Report (May 11, 2012)

Newfoundland and Labrador Information and Privacy Commissioner Ed Ring has released the first report related to the province’s Personal Health Information Act (PHIA), CBC News reports. In it, a massage therapist was cited as having breached the PHIA, but Ring did not name the practitioner. “Any custodians (of health information) who are not PHIA-compliant should take immediate steps to rectify that situation,” Ring said.
Full Story

HEALTHCARE PRIVACY—CANADA

Hospital Fires Seven Over Patient Records Breach (May 11, 2012)

A Peterborough, Ontario, hospital has fired seven employees for breaching patients' privacy, CTV.ca reports. Officials at Peterborough Regional Health Centre say curiosity was the impetus for the breach of at least one of the confidential medical records involved. Hospital Vice President Jane Parr says the facility is working to prevent future breaches.
Full Story

PERSONAL PRIVACY

Police Officer Reprimanded for Illegal Database Access (May 11, 2012)

An Ottawa constable has been disciplined after pleading guilty to accessing a police database to “track his ex-girlfriend,” the Ottawa Citizen reports. The constable, who accessed the database three times over a six-month period, contravened the Police Services Act, according to the report. The ruling comes a week after a Calgary police officer allegedly accessed and sold personal information taken from police databases.
Full Story

DATA PROTECTION

OPC Survey: Many Businesses Need To Improve Practices (May 11, 2012)

A blog post released by the Office of the Privacy Commissioner (OPC) reports on a survey of 1,066 Canadian businesses, revealing that many “are not employing recommended technological tools or practices to protect” personal information. The survey also shows nearly 50 percent of those storing data on portable devices do not use encryption. In a separate post, the OPC writes that a recent report by Verizon “highlights some extremely troubling trends about the types of data breaches occurring around the globe” and “how organizations of all sizes are failing to adequately respond to new threats.”
Full Story

EMPLOYEE PRIVACY

The Grey Area Between Employer Rights, Employee Privacy (May 11, 2012)

Postmedia News reports on employers legal rights over workplace computers and mobile devices. One expert said that employees working in Alberta should not have an expectation of electronic privacy in the workplace. “My advice is to do work at work…Whether it’s an e-mail saying you’ll be home late or something more intimate, you’re far safer using your own device,” he added. The expert’s statements come after Alberta’s privacy commissioner found that the Calgary Police Service broke the Freedom of Information and Protection of Privacy Act.
Full Story

DATA PROTECTION

Opinion: CIMS Raises PIPEDA Issues (May 11, 2012)

In a column for The Telegram, Russell Wangersky writes about data collection and use concerns with the Constituent Information Management System (CIMS). Used by a political party to track supporters and raise campaign funds, the CIMS collects individuals’ names, addresses, phone numbers, e-mail addresses, birth dates, voting intentions and religious preferences. A recent robocall incident highlights a concern about how the data is used. The incident revealed that party “officials also collected information on individuals who did not support” the party and who “may have not been informed about the purposes the information was being used for,” Wangersky writes, which “raises a number of PIPEDA issues.”
Full Story

HEALTHCARE PRIVACY

Opinion: Assessing EHR Privacy (May 11, 2012)

A column in Global TV Edmonton queries the security of electronic health records (EHRs) in light of a recent story involving inappropriate access of a patient’s records. “Right now, medical personnel can access the records of any Albertan through a province-wide database called Netcare,” the report states, adding, “But what if the personnel accessing your file is a curious neighbor, a stalker or an ex-spouse?”
Full Story

PRIVACY—U.S.

Google Facing FTC Fine (May 7, 2012)
Bloomberg reports Google is negotiating with the Federal Trade Commission (FTC) over the fine it will face following its breach of Apple's Safari Internet browser. The fine could cost $10 million, the report states, and would be the FTC's first fine for Internet privacy violations. Reps. Ed Markey (D-MA) and Joe Barton (R-TX) earlier this year asked FTC Chairman Jon Leibowitz to open an investigation into whether Google violated its 2011 settlement with the commission after a privacy researcher disclosed that a loophole allowed advertisers to place temporary cookies on Safari users' iPhones and iPads without consent. A Google spokesman said the company "will of course cooperate with any officials who have questions."

SOCIAL NETWORKING

Facebook Privacy Back in the News (May 7, 2012)

As Facebook prepares to take its stock public this month, "user privacy will have to be a major consideration for potential investors," The Washington Post reports. The company said in its recent U.S. Securities and Exchange Commission filing that changes in user sentiment about its "privacy and sharing," could have a negative impact. POLITICO reports on actions the company has taken in order to navigate through privacy issues. Meanwhile, a survey recently found that users are concerned with the site's "Timeline" feature, which automatically opts users in, and privacy concerns have been raised about the newest version of Facebook Messenger. (Registration may be required to access this story.)
Full Story

PRIVACY LAW

Bill 35 Comes Under Scrutiny (May 4, 2012)

The Vancouver Sun reports on a bill introduced last week that intends to make it easier for researchers to access personal health information stored by the provincial government. Former health minister and Liberal MLA Colin Hansen says by giving medical researchers access to the data, Bill 35 will ultimately help cut costs and improve treatment. BC Information and Privacy Commissioner Elizabeth Denham has expressed concern "about the broad and unfocused authority for the minister to collect and share personal health information." Denham also said privacy safeguards and information-sharing limits should have been written into the legislation.
Full Story

DATA PROTECTION

OPC Survey: Businesses Not Doing Enough To Protect Data (May 4, 2012)

A new survey has found that Canadian businesses are not doing enough to protect digitally stored personal information. The Office of the Privacy Commissioner of Canada recently surveyed 1,006 Canadian companies and found that they are storing information on digital devices including desktop computers, servers and portable devices, and nearly three-fourths are using some kind of technology to prevent unauthorized access. Passwords were found to be the most popular method of data protection, but 39 percent of businesses do not have controls to ensure they are difficult to guess. Of those using portable devices to store data, 48 percent do not encrypt it. The survey also found that 32 percent of business have trained staff on appropriate information practices under Canadian privacy law.
Full Story

PRIVACY LAW

Pharmacists Lose Bid To Prevent Patient File Transfers (May 4, 2012)

The group of Ontario pharmacists seeking an injunction to prevent Zellers from selling patient records as part of a sales agreement has lost its bid, the Brandon Sun reports. A judge ruled that Zellers owns the records and has the right to sell them, adding that the retailer says it will honour patient-file transfer requests. The judge said patient confidentiality is not at risk of being compromised, the report states.
Full Story

DATA LOSS

Police Officer Suspended for Selling Personal Details (May 4, 2012)

The Vancouver Sun reports on a Calgary police officer accused of using police databases to obtain personal details on at least 10 individuals in exchange for cash. Det. Gerard Brand, a 21-year veteran, was arrested this week and charged with breach of trust and unauthorized use of a computer. Police spokesman Kevin Brookwell said the case is rare. "Every member of our service knows that accessing databases is for police use only. Every member knows that use is monitored and audited." Earlier this week, an Office of the Privacy Commissioner adjudicator found that police breached an employee's privacy during an unrelated investigation.
Full Story

PRIVACY LAW

Adjudicator: Police Breached Employee Privacy (May 4, 2012)

Calgary Police Service (CPS) has violated Alberta's Freedom of Information and Protection of Privacy Act, an adjudicator has found, after it accessed a woman's personal e-mail account during a workplace investigation, CTV News reports. During CPS's monitoring of the woman's computer activities following complaints about her behavior, an IT manager found login and password information to the woman's personal e-mail account, revealing evidence of misconduct and leading to the woman's termination. An Office of the Information and Privacy Commissioner adjudicator ruled that the evidence was not "necessary" to the investigation because it was obtained via unauthorized use of the woman's personal information. CPS has been ordered to stop the practice and provide employee training on data collection and use during investigations. A Calgary attorney says employees shouldn't expect on-the-job privacy.
Full Story

SOCIAL NETWORKING

Cavoukian Releases Social Media Tips (May 4, 2012)

In light of recent news of employers requesting social media passwords, Ontario Information and Privacy Commissioner Ann Cavoukian has released a paper to provide citizens with practical advice on how best to protect their online privacy when using social media, Digital Journal reports. The paper, "Reference Check: Is Your Boss Watching? The New World of Social Media: Privacy and Your Facebook Profile" provides examples of improper employer practices, among others. "Passwords are meant to be kept private, and I want to be clear that the practice of employers requesting personal passwords from their current or potential future staff is fundamentally wrong," said Cavoukian.
Full Story

DATA PROTECTION

Council Wants Opt Out for Smart Meters (May 4, 2012)

Vancouver city council wants BC Hydro to allow customers to opt out of smart meter installation at their homes, The Vancouver Sun reports. The city also wants the utility to research alternatives to smart meters and ways to increase security when it comes to protecting data on household energy use. Joining 40 other BC municipalities, the council has adopted a motion that aims to pressure BC Hydro to amend its smart meter program. A BC Hydro spokeswoman said the program is necessary, and another said the company has safeguards in place to protect against hacking.
Full Story

PRIVACY LAW

Article 29 Working Party May Reopen Inquiries (May 4, 2012)

European regulators say they may reopen inquiries into Google's Street View project following the release of a U.S. Federal Communications Commission (FCC) report, The New York Times reports. Regulators in the UK, Germany and France may take action. Johannes Caspar, Hamburg's data protection commissioner, says the FCC report's revelations will have a big impact. "This is apparently a totally different situation than what we thought initially," he said, adding that it's time for data protection authorities worldwide to hold the company accountable. The Article 29 Working Party says it plans to meet next week to discuss the allegations. Questions have recently been raised about the role of data privacy within data-driven organisations. (Registration may be required to access this story.)
Full Story

PRIVACY—CANADA

OPC Awards $500,000 for Privacy Research (May 3, 2012)

The Office of the Privacy Commissioner of Canada (OPC) announced Wednesday the recipients of its 2012-2013 Contributions Program, which awarded $500,000 for 11 independent research and awareness projects. The program hits upon all four of the OPC's policy priorities, including identity integrity and privacy; information technology and privacy; genetic information and privacy, and public safety and privacy, according to an OPC press release. Privacy Commissioner Jennifer Stoddart said, "By supporting privacy research, my office is encouraging the exploration of complex privacy issues as well as the development of information and tools to help Canadians make informed decisions about protecting their personal information."
Full Story