Canada Dashboard Digest

Many will have already heard the relatively big news this week: A new bill, S-4, was introduced in the Senate that will amend PIPEDA if it passes. I'm surprised it didn't actually get more news considering the fanfare when the government tabled it.

There is some skepticism about whether or not the government is serious this time around because it has introduced somewhat similar bills in the past only to let them die a slow and painful death. This new bill was introduced in the Senate, and some are speculating that this may have been done to try and get the bill passed quickly.

For sure, these amendments are a long time coming. Many of them are what I call “common-sense fixes." For example, getting the English and French versions of the law to jive with one another a bit better. Other more meaningful fixes are those that mirror the Alberta and British Columbia provisions dealing with employee personal information and business transactions.

The folks at the OPC are probably happy with the proposed amendments that will allow them to enter into compliance agreements with organizations. Essentially, these agreements will allow the OPC to monitor organizations for up to a year after the completion of an investigation to ensure that all recommendations are satisfactorily implemented.

Lastly, I think the codification of a breach notification scheme is a good thing, too. I don’t think this new scheme will have a significant impact because previous guidance from the federal commissioner has been clear that they expect notification to take place even without the codification in the law. So, I think most organizations have already been operating with this scheme in mind. But, getting clarity in any law is always a good thing, so I suppose it is in this case, too.

As far as the “new penalties” go, I again don’t think there’s too much to worry about. Before any penalty could be levied, a matter would have to be referred for criminal prosecution—something that probably won’t happen except in the most egregious cases. This is a far cry from the administrative monetary penalties that can be levied in some European jurisdictions directly by the data protection authority.

So, all in all, pretty good news for privacy in Canada—for some—this week. And when we also read that CRA employees were fired for privacy violations, perhaps privacy is something this government is realizing is a priority issue that people care about.

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

IDENTITY THEFT

Support Centre Launched To Combat Crime (June 29, 2012)

The Canadian Identity Theft Support Centre launched in Vancouver yesterday to combat the nation’s fastest-growing crime, reports the Toronto Sun. The centre provides a help line, employing four people to provide phone support, and a step-by-step manual to use if you suspect your identity has been stolen. Privacy Commissioner Jennifer Stoddart lauds the creation of the centre but says, “The responsibility for stopping identity theft is a shared one. Individuals must learn how to best protect themselves. Businesses big and small must improve their security safeguards, constantly. Responsibility also rests with law enforcement agencies and with governments.” Stoddart would also like to see passage of key privacy legislation such as an anti-spam bill.
Full Story

TRAVELER’S PRIVACY

Canada, U.S. Release Border Deal Privacy Charter (June 29, 2012)

Canadian and U.S. officials on Thursday jointly released a 12-point statement of privacy principles to help flesh out the border deal both nations agreed upon last year, The Globe and Mail reports. The principles cover issues such as data sharing and quality, information security, effective oversight and redress for aggrieved citizens. Public Safety Minister Vic Toews and U.S. Homeland Security Secretary Janet Napolitano both applauded the privacy principles. The federal privacy commissioner’s office said it will “take some time to read these in order to see how any suggestions we provided may have been reflected.”
Full Story

EMPLOYEE PRIVACY

Dickson: Province Needs To Protect Whistleblowers (June 29, 2012)

Saskatchewan Privacy Commissioner Gary Dickson says the province needs protection for employees reporting breaches to his office and has recommended including a whistleblower provision in privacy legislation--similar to those in British Columbia, Alberta and Prince Edward Island, reports The Canadian Press. While noting it’s not common for public-sector employees to report breaches, Dickson believes, “if they're not able to do that in a safe fashion, they're not going to raise it and that may mean that there are breaches of Saskatchewan law that go unaddressed.”
Full Story

HEALTHCARE PRIVACY

Outsourcing Medical Transcription Risky or Beneficial? (June 29, 2012)

CBC News reports on differing opinions on plans to outsource all transcription of medical reports dictated by Lower Mainland, BC, hospital physicians. While some raise concerns about the accuracy and security of this work being done “in someone’s living room or kitchen or den,” the head of the outsourcing project for the Lower Mainland says the plan will save the hospitals $3 million, noting, “That money goes back into care and delivery.” Yoel Robens-Paradise also says the health authorities will have the ability to monitor record access on private computers in real time, adding, “We’ve had millions of minutes of dictation transcribed over the past six years from home and not had a (privacy) breach.”
Full Story

ONLINE PRIVACY

Poll: Privacy Concerns Slow Adoption of e-Gov Services (June 29, 2012)

A PWC Canada survey has found that privacy concerns are a barrier to the adoption of government e-services. More than half of the 3,147 online poll respondents indicated that “rock-solid” privacy protections would have to be in place for them to consider adopting such services, The Ottawa Citizen reports.
Full Story

SURVEILLANCE

Opinion: Gov’t Should Defend Privacy Like Borders (June 29, 2012)

With technology making surveillance techniques such as facial recognition faster, easier and cheaper, Dan Leger outlines some of the “creepy” ways big tech companies and the government are--and could--use them to erode privacy. In a Chronicle Herald op-ed, Leger points to Facebook’s recent acquisition of Face.com to improve its facial recognition features and Canada Border Services Agency's recently axed plans to record audio of people in airports as “intrusive” uses of technology. “Privacy is part of security and maybe it’s not Facebook’s job to protect it. However, it is our national government’s job to defend all the rights of citizens, including privacy rights, as forcefully as it defends the borders,” says Leger.
Full Story

FINANCIAL PRIVACY

Authorities Arrest Two Dozen for Computer Crimes (June 27, 2012)

The New York Times reports that authorities in 13 countries have arrested two dozen people accused of committing fraud involving computer crime. "Operation Card Shop" was a two-year effort, authorities said, and prevented potential losses of more than $200 million by notifying credit card providers of more than 400,000 compromised credit and debit cards. Janice Fedarcyk, assistant director of the U.S. Federal Bureau of Investigation, said the arrests would cause "significant disruption to the underground economy." Arrests took place in countries such as the U.S., UK, Bosnia, Bulgaria, Norway and Germany. (Registration may be required to access this story.)
Full Story

 

PRIVACY

Hong Kong DPA Releases APPA Forum Highlights (June 27, 2012)

Hong Kong Office of the Privacy Commissioner for Personal Data has released a communiqué featuring highlights from the 37th Asia Pacific Privacy Authorities (APPA) forum. Participants, including government representatives from Australia, Canada, Korea, New Zealand and the U.S., discussed topics such as global privacy enforcement, Google's new privacy policy, information on public registers, smartphone apps, legal assistance to aggrieved data subjects and direct marketing regulation. Government representatives from Japan, Macao and Portugal joined the meeting as observers. Editor's note: The Privacy Advisor recently caught up with Hong Kong Privacy Commissioner for Personal Data Allan Chiang for a Q&A.
Full Story

 

PRIVACY LAW—CANADA

Case Illustrates Privacy Questions (June 25, 2012)

The Canadian Press reports on privacy concerns raised in a case where a questionable post appeared on the Facebook page “of a man whose name matches that of the primary suspect” two weeks before his coworkers were shot. “In the days following his arrest…the long-simmering debate over online privacy reached its boiling point,” the report states, referencing questions over employee privacy and content “locked down under privacy settings” on social media sites. While one legal expert suggests employers who see such posts “have a positive obligation to act…regardless of the privacy settings," privacy advocates are concerned that such an interpretation could “lead Canadians down a slippery slope,” the report states.
Full Story

TRAVELLERS’ PRIVACY

Privacy Concerns About Audio Surveillance Persist (June 22, 2012)

Public Safety Minister Vic Toews has directed the Canada Border Services Agency (CBSA) to halt plans for airport audio recording "until a privacy impact assessment can be submitted and recommendations from the privacy commissioner can be reviewed by the government," a public safety spokesperson has said. The order came one day after Toews voiced support for the plan in the Commons and after vociferous opposition from both the federal and Ontario privacy commissioners. Meanwhile, a QMI Agency op-ed suggests, "All Canadians want this country to be safe, but few think our privacy should fall victim so easily.”
Full Story

ONLINE PRIVACY

Stoddart: Getting and Enforcing the Right Laws Is Key (June 22, 2012)

A recent poll by the Office of the Privacy Commissioner showed that two-thirds of respondents “think protecting their personal information will be one of the most important issues over the next few years.” Financial Post reports that the study supports the belief held by some leading privacy experts that privacy is more important to people than ever. “We have a culture of revelation…that really hasn’t been available to us before. A lot of people mistakenly take that point and say, ‘Oh, people no longer care about privacy…’ That’s not really what’s going on,” says Ian Kerr of the University of Ottawa. Privacy Commissioner Jennifer Stoddart says “privacy values are alive and well.” The key is getting the right laws in place and getting service providers to respect them, the report states.
Full Story

PRIVACY LAW

Ring Defends Bill 29 Amendments (June 22, 2012)

CBC News reports on comments by Newfoundland and Labrador Information and Privacy Commissioner Ed Ring on amendments to Bill 29. Though critics say the bill will allow politicians to keep secrets, Ring says it doesn’t stop the Access to Information and Protection of Privacy Act from being effective. “I still maintain, based on my review, that the legislation remains robust and that people’s right to access information will be protected,” Ring said earlier this week. The amendment to Bill 29 would increase the ways the cabinet can prevent the release of information and would allow ministers to deny requests for information by deeming them “frivolous or vexatious,” the report states.
Full Story 

HEALTHCARE PRIVACY

Lawyer: Medical Records More Accessible Than Ever (June 22, 2012)

Last week’s announcement of the firing of a Nova Scotia hospital employee marks the latest in what is becoming a more common occurrence--hospital employees inappropriately accessing patient records, reports The Chronicle Herald.  With increased technology, “Private medical records are now much more readily accessible to those persons within the hospital who don’t have permission or authority to access the records,” said Mike Dull of Wagners Law Firm, which is representing plaintiffs in a class action lawsuit involving inappropriate employee access. “The reality of the computer age really puts a great onus, in our view, on health authorities to ensure proper systems are in place to protect the privacy of patients,” said Dull.
Full Story

INFORMATION ACCESS

Three Decisions Handed Down This Week (June 22, 2012)

Three information access decisions were handed down this week. In BC, Supreme Court Justice J. Keith Bracken agreed with a decision by the provincial information and privacy commissioner for the BC government to hand over documents related to a large computing contract. In Ontario, the information and privacy commissioner rejected Carleton University’s request for an extension on its deadline to supply an explanation about its failure to produce information to The Canadian Press. In Saskatchewan, Information and Privacy Commissioner Gary Dickson issued a report disagreeing with an Executive Council decision to block access to Cabinet briefing material.
Full Story

PRIVACY

Ring Reappointed (June 22, 2012)

Newfoundland and Labrador Information and Privacy Commissioner Ed Ring has been appointed to another two-year term, CBC News reports. It is a role Ring has held since 2007.
Full Story

PRIVACY

Opinion: When We Overshare, Do We Degrade Relationships? (June 22, 2012)

In the most recent installment of his series on privacy in the Toronto Star, Don Tapscott discusses the tension between the human desire to share and to maintain privacy. Despite our need to feel connected to others, most psychologists say personal secrecy is a crucial aspect of human development, he writes. It’s also important in building strong relationships, Tapscott says, adding, “So what happens when we begin sharing our secrets with everyone? Could this not degrade the value of truly personal information in building intimate relationships? Part of being intimate is the revealing of secrets and being with that person who knows things that others do not.”
Full Story

ONLINE PRIVACY

Apple Obtains Online “Cloning” Patent (June 21, 2012)

Apple has been awarded a patent for a method of generating fake online identities, or "clone" identities, to thwart the online profiling of Internet users, reports InformationWeek. Apple received U.S. Department of Justice approval for the patent on Tuesday. Known as "Techniques to pollute electronic profiling," the patent describes how the clone identity "appears to be the principal to others that interact (with) or monitor the clone over the network," performing activities that would not reflect the interests of the real user. The patent calls automated online monitoring programs "little brothers" and says, "Even the most cautious Internet users are still being profiled over the Internet via dataveillance techniques from automated (little) brothers." Apple has not confirmed the acquisition.
Full Story  

SOCIAL NETWORKING

Facial Recognition Acquisition Spurs Privacy Concerns (June 19, 2012)

Facebook has announced the acquisition of its long-time vendor Face.com, the company that provides the technology for its photo tagging suggestion feature, reports Daily Mail. A Facebook spokesman said, "Face.com's technology has helped to provide the best photo experience. This transaction simply brings a world-class team and a long-time technology vendor in house." But the company's use of facial-recognition technology "has spurred concerns about user privacy," the report states. The deal means Facebook will acquire the technology and the 11 employees of the Israeli company.
Full Story 

PRIVACY LAW—U.S.

Facebook Settles Suit for $10 Million (June 18, 2012)
Facebook has agreed to pay $10 million to charity to settle a lawsuit that alleged the company violated user privacy with its "Sponsored Stories" feature and its lack of an opt-out provision. The suit was filed by five Facebook members and was settled last month with U.S. District Court Judge Lucy Koh agreeing the plaintiffs had proven economic injury could occur through Facebook's use of their names, photos and "likenesses" within the feature, Reuters reports.

SOCIAL NETWORKING

Experts: Privacy Is the Hitch with Age Verification (June 18, 2012)

The New York Times outlines the difficulties of identifying the ages of Internet users, noting "everyone--not only sex offenders--has an incentive to lie." Recent cases of adults masquerading as children on a social network aimed at 13- to 17-year-olds has the site looking for a better way to vet users, but those who've studied age verification technologies are not optimistic. In 2008, a task force was convened to examine ways to verify age, but danah boyd, co-director of the task force and Microsoft researcher, says the technologies "would not address any of the major safety issues we identified." Others note that the available options--such as a national identity database--are considered by many to be privacy violations. (Registration may be required to access this story.) 
Full Story 

DATA LOSS

Hospital Employee Fired for Accessing Records (June 15, 2012)

A Nova Scotia hospital employee has been fired for inappropriately accessing hundreds of patient records, CBC News reports. Roseway Hospital in Shelburne is notifying 707 patients about the breach. “We became aware of some suspicious activity through the normal course of daily business,” South West Health spokesman Fraser Mooney said. “That greatly concerned us, so we conducted a thorough and very careful investigation, which included an audit of electronic records.” Mooney said South West Health is taking measures to prevent a future such incident.
Full Story

PRIVACY LAW

Bill 201 Exasperates MLA (June 15, 2012)

Liberal MLA Laurie Blakeman is incensed by a bill intended to prevent copper thefts because of its data collection requirements, the Edmonton Journal reports. “It’s about collecting information from every single person that goes in there…and I really have a problem with government that continues to collect information and allows others to collect information on our citizens in that way,” Blakeman said, adding that Bill 201 could have a burdensome effect on businesses that would be required to safeguard the data collected under the requirements of the Personal Information Protection Act. Alberta’s privacy commissioner is expected to evaluate the bill this summer, according to the report.
Full Story

PRIVACY LAW

CASL and Consent (June 15, 2012)

While express consent campaigns have been touted as the silver bullet for the consent framework under Canada’s Anti-Spam Law (CASL), gaining express consent has its own set of challenges. With CASL’s penalties as high as $10 million per violation for organizations, this exclusive for The Privacy Advisor examines the legislation with special attention to the scenarios under which organizations may rely on implied consent, the grandfathering provisions for implied consent and the processes for seeking express consent, to name a few. Editor’s Note: The upcoming Ottawa KnowledgeNet “Implementing Canada’s Anti-Spam Legislation” on June 21 will provide insights and a legislative update on CASL from Bill Abbott of Bell Canada, Andy Kaplan-Myrth of Industry Canada and Kelly-Anne Smith of Canadian Radio-Television Telecommunications Commission.
Full Story

CLOUD COMPUTING

Commissioners Publish Cloud Guidance for SMEs (June 15, 2012)

The privacy commissioners of Canada, Alberta and British Columbia have published guidance to help small- and medium-sized enterprises (SMEs) understand the benefits and risks of using cloud-based services. “In general, the smaller a business, the less likely it is to have the budget to keep a dedicated, full-time chief privacy officer on staff,” said federal Privacy Commissioner Jennifer Stoddart. “This guidance is designed to help SMEs understand their responsibilities and how to help safeguard their reputations when considering and using cloud services.” The guidance includes insight on contracts and third-party disclosures, applicable laws, customer consent and data protection.
Full Story

PRIVACY LAW

Commissioner Rules Professor’s Expense Report Is Protected (June 15, 2012)

Ontario’s information and privacy commissioner has ruled that a University of Ottawa professor’s expense reports are protected, following requests for the information by an unnamed individual, reports the Ottawa Citizen. In a ruling made public last week, Commissioner Ann Cavoukian upheld the university’s decision that Prof. Amir Attaran’s expense report is protected by academic freedom, a principle that “ensures universities can engage in research without interference by a disapproving government or public,” the report states.
Full Story

INFORMATION ACCESS

Amendment Would Overturn Court Ruling (June 15, 2012)

CBC News reports on proposed changes to Newfoundland and Labrador’s information access laws that would reverse a “Court of Appeal decision that gave the province's information and privacy commissioner access to government documents.” In November, the court overturned an earlier decision and allowed Information and Privacy Commissioner Ed Ring access to documents “a government body claimed only a lawyer and client should see,” the report states. The amendment to Bill 29 would rescind the commissioner’s right to review such documents. Ring said he is reluctant to comment “until the appropriate study and analytical work by my office is completed.”
Full Story

BIG DATA

Commissioner, Scientist Release Report (June 15, 2012)

Ontario Information and Privacy Commissioner Ann Cavoukian and IBM Chief Scientist and Fellow Jeff Jonas have released a report on how big data and privacy can “successfully coexist.” The report, Privacy by Design in the Age of Big Data, details key recommendations for organizations to “address the privacy risks associated with big data, and the analytics technologies used to make sense of these vast data sets, before such risks become realities.” In announcing the report, Cavoukian noted, “We believe it is imperative that with game-changing advances in analytics, one should step back and ponder design decisions that will enhance overall security and privacy.”
Full Story

HEALTHCARE PRIVACY

BC Supports Greater Access to Patient Data (June 15, 2012)

News1130 reports on a recent survey indicating that British Columbians support healthcare professionals and researchers having better access to their healthcare information. The Angus Reid study surveyed 800 individuals. A spokesman from the law firm says it is “very rare, especially in the last year and a half, to find 80 percent of British Columbians agreeing on something, and this is something that they believe should be done.”
Full Story

DATA PROTECTION

Survey: 60 Percent Take Company Information When They Go (June 15, 2012)

A new study indicates nearly 60 percent of employees take company information when they are fired or leave an organization, The Globe and Mail reports. The Ponemon Institute study also found that 67 percent bring company information to a new job. Only 15 percent of the survey’s respondents said their employers performed a review of digital or paper documents employees took with them when they left. Employers can take steps to ensure data protection when employees depart, including setting expectations, putting technology controls in place, monitoring employees before they depart and terminating information access soon after an employee is set to depart, the report states.
Full Story

PERSONAL PRIVACY

Opinion: Our Default on Sharing Should Lean Toward Privacy (June 15, 2012)

In the latest installment of his series on privacy in the Toronto Star, Don Tapscott discusses how the ubiquity of gadgets, sensors and social media have led to a shift in privacy from a social norm to an outmoded concept. Individuals are increasingly sharing intimate details of their lives online, which are then used by various entities including marketers, government personnel and, sometimes, criminals. But the “fundamental problem with the case of radical personal openness is that we are a long way from a world where being open will not hurt us,” Tapscott writes, adding we need “a personal privacy strategy governing what information we release and to whom.”
Full Story

BEHAVIORAL TARGETING

Online Ads To Match Your Emotions (June 13, 2012)

Microsoft has filed patents for tracking systems "to match online advertisements to moods," the Toronto Star reports. The systems would track emotions "including facial expressions captured in video conversations and Facebook status updates," the report states, and could result in, for example, "weight-loss ads matched with unhappy people--who are more likely to want to change their lifestyle--and electronic ads with happy people--who are more likely to spend." Privacy advocates are questioning such mood-tracking technology. "Definitely when you're talking about people's emotional states, you're getting closer to sensitive data that relates to their identity," said Tamir Israel of the Canadian Internet Policy & Public Interest Clinic.
Full Story

MOBILE PRIVACY

Report: Apple To Release New Tracking Tool (June 11, 2012)
In what The Wall Street Journal reports is "the company's latest attempt to balance developers' appetite for targeting data with consumers' unease over how it is used," Apple will reportedly release a new tracking tool for mobile app developers. While Apple declined to comment, individuals briefed about the plan have indicated the tool aims to better protect user privacy. "How Apple's new technology works and what it will allow developers to track remains unclear," the report states. "One of the people briefed said that the new anonymous identifier is likely to rely on a sequence of numbers that isn't tied to a specific device." (Registration may be required to access this story.)

PRIVACY LAW

Clayton Goes to Supreme Court To Defend Law (June 8, 2012)

Alberta Information and Privacy Commissioner Jill Clayton will go to the Supreme Court of Canada to apply for leave to challenge a Court of Appeal ruling calling the province’s privacy laws unconstitutional, reports the Edmonton Journal. The case stems from a 2006 incident that saw a workers’ union threaten to publish video of picket-line crossers. Clayton ruled that their privacy had been compromised, but the Alberta Court of Appeal decided the laws contravene the Charter of Rights and Freedoms. One Court of Appeal justice said the laws significantly stifle expression and encouraged lawmakers to amend Alberta’s Personal Information Protection Act.
Full Story

PERSONAL PRIVACY

Stoddart Investigating VA Investigation (June 8, 2012)

Information and Privacy Commissioner Jennifer Stoddart is conducting an audit of Veterans Affairs Canada (VA) after multiple claims of misuse of ex-soldiers files, reports The Canadian Press. Veteran Sean Bruyea has made claims that his data was breached when the VA offered approximately 4,000 documents about him to outside investigators to look into how an earlier breach of his medical records occurred.  Veterans groups are calling for a judicial inquiry, and a VA spokesperson has announced, “Minister Blaney has instructed his departmental officials to fully cooperate with the privacy commissioner during her investigation.”
Full Story

BIOMETRICS

Report Calls for Appeal in Fingerprinting Plan (June 8, 2012)

The government is pushing for a plan that would require all applicants for visitor visas, study permits or work permits to submit fingerprints and a photo prior to entry into Canada, reports The Canadian Press. The Canada Border Services Agency would then use the data to verify the identity of the visitor upon entry. A privacy impact assessment was conducted, outlining concerns such as unauthorized use, discrimination and unnecessary retention of the data, and highlighting the need for an appeals process, among others. The agencies involved say they will continue to involve the privacy commissioner in the process, adding that the plan will reduce the chance for fraud and strengthen border security. Editor's Note: An upcoming IAPP web conference will explore the privacy considerations related to biometrics.
Full Story

DATA LOSS

Health Contractor Employee Fired for Inappropriate Access (June 8, 2012)

The BC Health Ministry has notified 26 people that their data and that of their dependents was inappropriately accessed by an employee of the contractor running its Victoria-based Health Insurance BC office, reports The Victoria Times Colonist. The Maximus Canada employee was fired after an investigation, and while a Ministry spokesman called the risk level “really low,” those affected are being encouraged to sign up for free credit check services. One NDP health critic is questioning the reliability of the company’s data protection practices, and a privacy advocate notes that the incident “highlights the danger of having too much information lying around.”
Full Story

DATA LOSS

Bertrand: Elections Breach Contained (June 8, 2012)

An Elections New Brunswick breach that affected up to 553,000 voters has been contained, according to New Brunswick Privacy Commissioner Anne Bertrand. CBC News reports that the 57 discs have been returned with affadavits stating that any copies that were made have been destroyed. While acknowledging that there’s no guarantee, Bertrand credits the “publicity and quick response by all of those who did have the CDs in their possession” for containing the breach. New measures for security of voter data have been implemented.
Full Story

DATA LOSS

Ontario Shuts Down Kiosks After Breach Attempt (June 8, 2012)

The Globe and Mail reports the Ontario government has temporarily shut down ServiceOntario kiosks across the province after debit card companies reported attempts by individuals to copy credit and debit card information at kiosks in four Toronto-area shopping malls. The kiosks allow users to renew their driver's licenses and obtain birth certificates. Government Services Minister Harinder Takhar referenced police reports of such methods of "skimming" information, noting, "It's happening everywhere...We just wanted to make sure the information is protected." Ontario Information and Privacy Commissioner Ann Cavoukian praised the government for closing the kiosks upon learning of the problem, the report states.
Full Story

SOCIAL NETWORKING

Geist To Government: Finish What You Started (June 8, 2012)

The House of Commons Committee on Ethics, Accountability and Privacy has launched a study into privacy concerns raised by social media and whether current laws provide users enough privacy protection. Michael Geist outlines his speech to the committee for The Ottawa Citizen, detailing four areas “in need of action.” Geist writes, “First the government should finish what it started,” pointing to legislation he says has “stalled short of the finish line.” Geist’s other recommendations include working on addressing social media defaults, putting restrictions on authorities’ access to social media data and creating stronger measures to “ensure that user choice is respected.”
Full Story

DATA PROTECTION

Flaherty: UVic Has More Work To Do (June 8, 2012)

The University of Victoria commissioned former privacy commissioner David Flaherty to produce a report on its data handling practices after a January breach compromised the sensitive information of approximately 11,700 current and former faculty, staff and students. According to The Victoria Times Colonist, Flaherty’s report said the university needs a cultural change in its information handling. Flaherty praised the school for its swift response to the breach but noted the breach would not have occurred had the university followed its established policies. University Communications Manager Denise Helm says the incident has prompted the school to make positive changes, adding, “Sometimes it's not until there's an unprecedented challenge that those opportunities are identified."
Full Story

PERSONAL PRIVACY

Growth in Positive Feelings About Sharing (June 8, 2012)

Don Tapscott writes for the Toronto Star about the growing view that sharing “intimate, personal information…would benefit us all individually and society as a whole.” Citing examples such as Jeff Jarvis’s book Private Parts and Facebook’s company mission to “make the world more open,” Tapscott says, “The proponents of this view are some of the smartest and most influential thinkers and practitioners of the digital revolution.” Still other influencers say the question is not what to share but “how to ensure the information is used appropriately.” Advances in technology continue to make data collection more prevalent and companies are creating ways to make sense of it, which can benefit consumers, but Tapscott wonders about a possible dark side.
Full Story

PRIVACY LAW—CANADA

OPC Releases Annual Report (June 6, 2012)
The Canadian federal privacy commissioner has released an annual report to Parliament on private-sector privacy law, Postmedia News reports. The Office of the Privacy Commissioner's report highlights the growing privacy risks children face and calls on Parliament to review Canada's federal privacy law and grant the privacy commissioner additional powers. Privacy Commissioner Jennifer Stoddart said, "I am very, very disappointed that we're not moving ahead with privacy reform issues," adding, "They're long overdue." A proposal tabled last fall would have mandated breach reporting to the commissioner but has not moved beyond its first reading. "We have to have powers that will be respected by these huge multinational corporations that are doing business online," Stoddart said, "and you need a strong voice to be heard by them."

PRIVACY—CANADA

Commissioner: Record Number of Complaints in 2011 (June 5, 2012)

Ontario Information and Privacy Commissioner Ann Cavoukian says a record number of complaints and freedom of information requests were made to her office last year. Releasing her annual report on Monday, the commissioner said 277 privacy complaints in 2011 set a new record, ITBusiness.ca reports. Calling the theme of the report "ever vigilant," the commissioner called for privacy activists to keep an eye out for legislation--or lack thereof--that could impact privacy. She also criticized Bill C-30 for the access it would give police to track data without a warrant. "This so-called 'lawful access' legislation represented one of the most invasive threats to or privacy and freedom that I have ever encountered in my 25 years," she said.
Full Story

PRIVACY LAW

Ken Anderson Receives OBA Privacy Law Award (June 1, 2012)

Ontario Assistant Commissioner of Privacy Ken Anderson has been honored by the Ontario Bar Association (OBA) with its Karen Spector Memorial Award for Excellence in Privacy Law, which was established to recognize, honor and celebrate the outstanding achievements of OBA members working in the privacy field. Anderson received the award Thursday at an OBA event in Toronto. OBA Privacy Law Selection Chair Laura Davison, CIPP/C, CIPP/US, said that Anderson "is an outstanding privacy leader and professional," adding, "This award represents the respect and affection Ken commands across the privacy bar."
Full Story

PRIVACY LAW

Settlement Proposed in Health Region Breach (June 1, 2012)

The Toronto Star reports on a proposed settlement in a class-action lawsuit against Durham Region Health. The suit was filed in April 2011 after one of the region's nurses lost a thumb drive containing the personal information of nearly 84,000 people. It claims the region was negligent, breached its fiduciary duty and violated patients' privacy as well as the Canadian Charter of Rights and Freedoms. Pending a judge's approval, the region will pay $500,000, which amounts to at least $5.99 for each patient's lost data. The settlement allows victims to file compensation claims while also allowing the region to take steps to "mitigate the harm" first.
Full Story

PRIVACY LAW—CANADA & U.S.

OPC Provides Feedback on Border Agreement (June 1, 2012)

The Office of the Privacy Commissioner (OPC) has reviewed and provided feedback on the border agreement between Canada and the U.S., Embassy reports. The privacy statement is expected to be released soon, but details about the OPC's feedback will not be revealed until after the government releases the statement, the report states. Canadian Civil Liberties Association National Security Program Director Sukanya Pillay said the statement's privacy principles "must be made public," adding, "the issues are so crucial to our legal obligations in both countries, and particularly in Canada, to ensuring that any information collection-sharing, use, dissemination and storage complies with our charter." (Registration may be required to access this story.)
Full Story

PRIVACY LAW

BC Gov’t Alters Animal Health Act, Privacy Remains a Concern (June 1, 2012)

The British Columbia provincial government has clarified a provision in the Animal Health Act but has not implemented BC Information and Privacy Commissioner Elizabeth Denham's privacy recommendations, The Victoria Times Colonist reports. In an opinion column, Mark Hume writes that the bill will impose silence on public officials if there is an animal disease outbreak and will ultimately "undermine public confidence." Meanwhile, hunters and anglers in Ontario are concerned that the outsourcing of the provinces' electronic licencing program to a U.S.-based company will allow the U.S. Department of Homeland Security access to their personal information. Ontario's office of the information and privacy commissioner is looking into the issue.
Full Story

PRIVACY LAW—EU

Committees Vote Down ACTA (June 1, 2012)

The European Parliament's civil liberties, legal and industry committees all voted against the international anti-piracy agreement ACTA on Thursday, reports PC World . The civil liberties committee cited concerns over Internet providers policing the web and a lack of protection for sensitive information, while the industry committee said ACTA fails to balance intellectual property and privacy rights with freedom of information. ACTA was signed by the European Commission (EC) and 22 member states in January, but most have suspended ratification after civil protests and Europe's Data Protection Supervisor warned the agreement may violate privacy law. The EC has asked Parliament to wait for an opinion from the European Court of Justice, but according to the report, that is unlikely.
Full Story