Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

ONLINE PRIVACY

Dennedy Offers Tips for Consumers (March 29, 2013)

Noting the uptick in victims of cyber attacks and the huge increase in the number of malicious smartphone applications identified last year, McAfee Chief Privacy Officer Michelle Dennedy, CIPP/US, writes for The Huffington Post about online threats to consumers. “Most consumers assume that the websites they frequent have top-notch cybersecurity and privacy controls. Rather than assume, users should do some simple investigating on the security of these sites,” Dennedy writes, offering the following tips to consumers: Change passwords often, read privacy settings and licensing agreements, avoid public or open WiFi and practice safe surfing.
Full Story

HEALTHCARE PRIVACY

Edmonton Doctor Penalized for Accessing Data (March 29, 2013)

An Edmonton doctor has been disciplined by the College of Physicians and Surgeons of Alberta after being found guilty of unprofessional conduct, reports the Edmonton Journal. Emergency Physician Deanna Watrich has been suspended for 60 days for inappropriately accessing patient records after the region’s information and privacy commissioner received complaints. Meanwhile, the Northwest Territories’ privacy commissioner has advised Yellowknife Health and Social Services to change how it handles patients’ medical records.
Full Story

PRIVACY LAW

Local Businesses Not Complying With PIPA (March 29, 2013)

Although the Personal Information Protection Act (PIPA) has been law for nine years, many businesses lack a privacy training program—as many as 50 percent, according to a survey conducted by Alberta’s information and privacy commissioner (IPC). The lack has led to data breaches and complaints to businesses and privacy authorities. The IPC’s Brian Hamilton advises businesses to restrict access to customer data to only those who need it for the business purposes for which it was originally collected.
Full Story

PRIVACY LAW—CANADA

Supreme Court: Warrant Needed for E-mails, Texts (March 28, 2013)
Canada’s Supreme Court has ruled that police need to obtain a judicial warrant prior to accessing an individual’s electronic communications, The Globe and Mail reports. In a 5-2 majority, the justices invalidated a general warrant obtained by an Ontario police investigation in 2010 that required Internet provider Telus to disclose stored text messages and future electronic communications of three suspects. The court ruled the police should have obtained a judicial wiretap authorization. “Technical differences inherent in new technology should not determine the scope of protection afforded to private communications,” said Justice Rosalie Abella. Scott Hutchison, a lawyer representing Telus, said, “The court is saying that the fact a communication takes a particular form cannot deprive it of its private nature.”

GEO PRIVACY

Report: Location Data Creates “Fundamental Constraints” on Privacy (March 26, 2013)
BBC News reports on a new study revealing that patterns of human movement are predictable enough to identify a specific smartphone user from four data points. The Scientific Reports study analyzed 15 months of human mobility data on 1.5 million users. In an age of ubiquitous mobile phone usage, aggregated datasets are coveted by advertisers, help map emergency services and fuel a new generation of social scientists. The report concludes, however, that “even coarse datasets provide little anonymity” to users. “These findings represent fundamental constraints to an individual’s privacy and have important implications for the design of frameworks and institutions dedicated to protect the privacy of individuals,” the study states.

DATA PROTECTION

Westerman: Privacy Pros Need To Be Trust Pros (March 26, 2013)

In the first in a series of blog posts for the IAPP’s Privacy Perspectives, Create With Context CEO Ilana Westerman writes, “Businesses should stop focusing on privacy and start focusing on trust” and notes that fostering trust “will create value and revenue” for companies. Privacy professionals should become trust professionals, she notes, adding, “Privacy and trust are two sides of the same coin but lie at opposite ends of the emotional spectrum.”
Full Story

BIG DATA

Opinion: Is Anonymization Possible? If Not, Then What? (March 26, 2013)

Anonymization is intended to allow businesses to collect and use huge amounts of information while minimizing risks to consumers if, for example, a developer’s database gets hacked. But some studies say true anonymization is not possible. David Meyer opines in GigaOM that this level of data collection is not going to stop, “so we need to develop workable guidelines for protecting people. Those developing data-centric products also have to start thinking responsibly—and so do the privacy brigade. Neither camp will entirely get its way: There will be greater regulation of data privacy, one way or another, but the masses will also not be rising up against the data barons anytime soon.”
Full Story

ONLINE PRIVACY

Microsoft Discloses Requests for Data (March 22, 2013)
Microsoft joined the likes of Google and Twitter yesterday in releasing a report on its response to—along with the number and type of—requests for information it has received from law enforcement bodies around the globe. The UK, France, Germany, Turkey and the U.S. accounted for 69 percent of the 70,665 requests received last year, noted a summary of the report in The New York Times, and anyone is free to peruse the data in either pdf or Excel format. Eighty percent of requests resulted in disclosure of “non-content” information, such as name and e-mail address, while 2.2 percent resulted in the handover of customer content as well. Requests affected customers using such services as Hotmail/Outlook.com, Xbox Live and Office 365.

DATA LOSS

Critics Say Feds Need To Come Clean About Breach (March 22, 2013)

The New Democrats (NDP) are asking questions about “conflicting details” released by the Human Resources and Skills Development department following a data breach that exposed the personal information of 583,000 Canada Student Loan borrowers and led to new rules forbidding portable storage devices, Postmedia News reports. While department officials didn’t report the loss until January 11—and claimed they didn’t know about the loss of an external hard drive containing names, addresses and social insurance numbers until December 6—internal e-mails show discussion of the missing external driving dating to November 28. “They need to be honest and come clean with Canadians,” said NDP digital issues critic Charmaine Borg.
Full Story

PRIVACY LAW

Commissioner Investigating E-mail Account Use (March 22, 2013)

British Columbia Privacy Commissioner Elizabeth Denham is investigating the use of personal e-mail accounts by those involved in a Liberal government plan to attract ethnic voters, citing concerns the accounts were used to “evade access to information laws” and questioning “whether personal information was inappropriately shared,” reports The Canadian Press. Her office has warned of the risks of using personal accounts for government duties and released guidelines on the freedom of information law. “A duty to document is not only in the public interest; it promotes openness and transparency, good governance and provides documentation of government’s legacy for future generations,” she stated. (Registration may be required to access this story.)
Full Story

PRIVACY LAW

Complaint Filed Against Border Services (March 22, 2013)

The BC Civil Liberties Association has filed a complaint with the Office of the Privacy Commissioner (OPC) regarding the treatment of a migrant worker “who unwittingly started in a television reality show” by the Canada Borders Services Agency, The Canadian Press reports. According to the complaint, the worker signed a consent form without being “given a thorough explanation about the uses to which the footage would be put.” Federal Public Safety Minister Vic Toews has defended the use of the reality cameras, the report states, approving a contract to allow the agency's "active engagement in, as well as oversight and control of, all film shoots."
Full Story

PRIVACY LAW—U.S.

Opinion: It’s Time for an Update (March 22, 2013)

Marvin Ammori and Luke Pelican write for POLITICO on concerns from companies outside the U.S. regarding the nation’s privacy laws. “In February, a Canadian technology company launched a new product, declaring it to be the solution for all legitimate businesses that have a ‘fear of data privacy and U.S. PATRIOT Act issues.’ European companies including Germany’s Deutsche Telekom and France’s Bull SAS similarly market themselves across the world as privacy-conscious alternatives to any American cloud company,” the authors write, suggesting these are “not exceptions but the rule.” The authors contend the time has come to update U.S. privacy legislation.
Full Story

PRIVACY

A Quick Guide to the DPI (March 21, 2013)

With three full days of programming, the IAPP’s Data Protection Intensive, happening April 23 through 25 in London, may look nigh-on-impenetrable, but members of the IAPP publications team will be gathering the news of what happens and have compiled this quick-reference guide to help focus your energies while there, whether you’re looking to better manage your risk, better understand the upcoming privacy landscape or network and get to know your fellow privacy pros better.
Full Story

ONLINE PRIVACY

Weigend: Big Data=Big Oil (March 20, 2013)

IAPP Data Protection Intensive Keynote Speaker Andreas Weigend knows Big Data. As former chief scientist at Amazon and now consultant on social and mobile technologies to global firms like Best Buy and Nokia, he’s working daily with firms to help them navigate what he calls the Social Data Revolution. “Big Data is a mindset,” he said in an interview with The Privacy Advisor. “It’s really how you think about interacting with data; it’s the questions you’re asking and the response time of getting answers and refining the questions.”
Full Story

TRAVELERS’ PRIVACY—U.S.

Court Puts Limits on Digital Search at Border (March 19, 2013)

The U.S. Court of Appeals for the Ninth Circuit has voted to put limits on electronic searches at the border, ruling that customs agents must suspect criminal activity in order to conduct a "forensic examination" of a laptop hard drive, reports The Huffington Post. While manually browsing desktop files is still permitted, the court voted 8-3 that techniques such as copying data, password cracking and recovering deleted files are in violation of the Fourth Amendment, stating a "person's digital life ought not be hijacked simply by crossing a border." The minority dissenters said the decision amounts to an unworkable rule that could jeopardize border security, the report states.
Full Story

PRIVACY LAW

Federal Gov’t Restricts Its Online Data Collection (March 15, 2013)

The government has issued new rules governing how it collects data generated from user visits to federal websites, the Canadian Press reports. The rules, however, do not cover data made available from social media sites set up by individual departments. “Canadians live in a world of data,” said the Treasury Board’s privacy assessment. “Many individuals do not realize how much information about them is collected by websites and used as a corporate asset.” In highlighting the difference between public- and private-sector data collection, Centre for Information Policy Leadership President Martin Abrams said, “The private sector doesn’t have the power to put people in jail; the private sector doesn’t have the ability to cut off people’s benefits.”
Full Story

SURVEILLANCE

Camera Proliferation Raises Concerns (March 15, 2013)

CBC News reports on the proliferation of security cameras and how the collected information is used. One security expert said his company installs approximately 900 systems in an average year, estimating the city of Saskatoon alone has between 15,000 and 20,000 such systems. Saskatchewan Privacy Commissioner Gary Dickson has expressed concerns about their use. “You’re collecting the personal information of everybody who walks that hallway or walks past the camera,” he said, adding, “And that opens up a whole set of responsibilities.” He noted one area not covered by provincial or federal privacy law is cameras in the workplace. “There are no privacy laws that apply to protect employees,” he said.
Full Story

PRIVACY LAW

Alberta Businesses Not Complying with PIPA (March 15, 2013)

Although the Personal Information Protection Act (PIPA) has been the law for nine years now, many businesses—as many as 50 percent, according to a survey conducted by Alberta’s Office of the Information and Privacy Commissioner (OIPC)—lack a privacy training program, reports CBC News. This has led to data breaches, including customers being contacted by people they do not know, and complaints to businesses and privacy offices. Brian Hamilton of the privacy commissioner’s office encourages businesses to handle complaints early, warning, “If you give somebody the brush-off, they’ll probably end up at our office.”
Full Story

SOCIAL NETWORKING

Study Indicates “Likes” Reveal Personal Data (March 13, 2013)

Research from England’s University of Cambridge indicates a person’s political leanings, age, gender and sexual orientation can be deciphered by studying their Facebook “Likes,” Forbes reports. The study is based on data from 58,000 Facebook users who volunteered. “The model correctly discriminates between homosexual and heterosexual men in 88 percent of cases, African Americans and Caucasian Americans in 95 percent of cases and between Democrat and Republic in 85 percent of cases,” the authors say, adding, the ability to predict individuals’ attributes based on behavior may have negative implications “because it can be easily applied to large numbers of people without obtaining their individual consent and without them noticing.”
Full Story

BIG DATA

Authors: The Risks and Benefits of Big Data (March 13, 2013)

Forbes chats with Viktor Mayer-Schönberger and Kenneth Cukier on the future of Big Data. The two are the authors of a new book, Big Data: A Revolution That Will Transform How We Live, Work and Think, which addresses both the risks and benefits of Big Data. Regarding privacy concerns, the authors say anonymization is not possible when it comes to Big Data. The two are more concerned with “predictive policing,” which may see the use of Big Data analysis to determine which geographic areas and groups to surveil based on the data-based likelihood a crime may be committed. The authors suggest frameworks, including data “expiration dates,” to protect against Big Data’s misuse.
Full Story

GENETIC PRIVACY

Report: DNA Samples Could ID Donors (March 12, 2013)

CSO reports on research indicating it could “be possible for anyone, even if they follow rigorous privacy and anonymity practices, to be identified by DNA data from people they do not even know.” Referencing a paper published in Science, the report discusses a process where DNA donors and their relatives could be identified “even without any demographic or personal information.” While laws barring “research institutes from releasing any demographic information about donors would protect patient privacy,” the report notes they would “eliminate the ability of researchers who have identified markers for a particular disease to also identify the ethnic or cultural background of those who might have it.”
Full Story

BEHAVIORAL TARGETING

Company Bringing Online Tracking Outside (March 11, 2013)

The New York Times reports on a three-year-old company using the same technology that has made “following people online” big business in order to track consumers “into the physical world.” Euclid Analytics uses businesses’ wireless antennas “to see how many people are coming into a store, how long they stay and even which aisles they walk,” the report states, noting the company “does this by noting each smartphone that comes near the store, feeding on every signal ping the phone sends.” In its three years, Euclid has tracked approximately “50 million devices in 4,000 locations.” (Registration may be required to access this story.)
Full Story

PERSONAL PRIVACY

Google Funds “Fashion Recognition” Research (March 11, 2013)

In late February, Google announced the funding of some 102 research projects focused on a variety of fields, from economics to policy standards and privacy. One such project, reports InformationWeek, is InSight, which could work with Google Glass and other mobile platforms to identify individuals “by their visual fingerprint, calculated through assessments of clothing colors, body structure and motion patterns.” The technology could offer an alternative to facial recognition and could be a temporary way, researchers say, to make oneself identifiable in a crowd.
Full Story

ONLINE PRIVACY

IAB “Strongly Opposes” Mozilla Move on Cookies (March 11, 2013)

Advertising Age reports on Interactive Advertising Bureau (IAB) Vice President and General Counsel Mike Zaneis’ message to IAB members on Mozilla’s plans to block third-party cookies by default. Zaneis said the IAB “strongly opposes this move,” calling it harmful to big companies, mom-and-pop small businesses dependent on digital advertising and users themselves. “Ultimately, it is bad for consumer privacy,” he wrote. “This action would break existing consumer choice mechanisms such as the Digital Advertising Alliance opt-out tool.” The message follows Zaneis’ comment last month calling the move a “nuclear first strike” against the ad industry.
Full Story

DATA LOSS

Firms To Launch Class-Action Suit Over Breach (March 8, 2013)

Law firms in Windsor and Toronto plan to launch a class-action lawsuit as early as next week against Montfort Hospital over the loss of personal data on 25,000 patients, Ottawa Citizen reports. Representatives from the law firms were to meet with 20 or so victims of the breach this week. Those affected received a letter in January indicating an employee had lost a USB stick containing the data, which included patient names, date of service, doctor and services received. The USB stick has not been recovered.
Full Story

PRIVACY

Cavoukian Orders LBCO To Stop Collecting PI (March 8, 2013)

Ontario Privacy Commissioner Ann Cavoukian has ordered the Liquor Control Board of Ontario (LCBO) to stop collecting personal information from wine club customers following a complaint from one such club, The Globe and Mail reports. The club had complained that the LCBO “required it to provide the names, addresses, phone numbers and selections of everyone taking part in its bulk orders,” while the LCBO said it needed the information for reasons including product recalls and the illegal resale of alcohol. “The LCBO has not provided my office with much more than anecdotal or hypothetical evidence to support its position,” Cavoukian said of her decision.
Full Story

SMART GRID

City Works on Privacy Policy (March 8, 2013)

Summerside is at work on a privacy disclosure policy for the data it is able to gather on electricity customers via the smart grid, CBC News reports. The report notes the ability of smart meters to monitor household energy use “and essentially talk back and forth with the Summerside Electric Utility” and quotes concerns from Joshua Hart of Stop Smart Meters. A Summerside Electric official said such information is not given out without accountholder authorization and noted the city’s privacy disclosure policy will be shared with customers.
Full Story

PRIVACY

IAPP Unveils Westin Fellowship, Welcomes Tene To New Role (March 8, 2013)

The International Association of Privacy Professionals (IAPP) has unveiled the Westin Fellowship, named for privacy pioneer Alan Westin and intended to “encourage and enable research and scholarship in the field of privacy.” Recent graduates of undergraduate and graduate programs with high academic standing and a demonstrated interest in privacy may apply for and be awarded 12-month paid residencies at the IAPP and work on privacy research projects under the IAPP’s newly named VP of Research and Education Omer Tene.
Full Story

DATA PROTECTION

IAPP Launches Privacy Manager Certification (March 8, 2013)

Yesterday at the IAPP's Global Privacy Summit, the organization launched a companion certification to its long-standing CIPP: the Certified Information Privacy Manager (CIPM).
Full Story

SOCIAL NETWORKING

Carnegie Mellon Study: Facebook Users Shared More Over Time (March 7, 2013)

The Huffington Post reports on a Carnegie Mellon University study that followed the privacy practices of 5,076 Facebook users for six years. Researchers found that “during the first four years, users steadily limited what personal data was visible to strangers...” But after Facebook's changes to its platform in 2009 and 2010, users began to share more data with the public. Additionally, “even as people sought to limit what strangers could learn about them from their Facebook profiles, they actually increased what information they shared with their friends.” The researchers said the study’s results highlight “the power of the environment in affecting individual choices.”
Full Story

PRIVACY LAW—CANADA

Stoddart Wants Review of PIPEDA (March 5, 2013)

Federal Privacy Commissioner Jennifer Stoddart is pushing for a review of the Personal Information Protection and Electronic Documents Act (PIPEDA), noting that the law requires review every five years and the last was scheduled in 2006. Financial Post reports that Stoddart would like to see changes including the way PIPEDA treats personal information in relation to corporate responsibility; better transparency when data is used by law enforcement and government; clarifying PIPEDA’s use of “lawful authority,” and the addition of mandatory breach notification. “PIPEDA’s soft approach...is, I believe, only partly effective against the quasi-monopoly of these multinational corporate giants,” Stoddart said.
Full Story

ONLINE PRIVACY

The Shift from Regulatory Requirement to Selling Point (March 4, 2013)
The New York Times reports on privacy’s shift from a regulatory focus to a competitive differentiator for companies. Noting Microsoft’s recent efforts at protecting consumer privacy via its anti-tracking signal in its latest Internet Explorer browser, Prof. Joel Reidenberg of Fordham Law School said, “You’re seeing more companies trying to do that—develop privacy-protecting services.” Additionally, companies are applying standards to the entities they do business with; for example, Apple now requires applications to acquire user permission before tracking locations. Meanwhile, CNN reports federal Do-Not-Track efforts face “an uphill road.” (Registration may be required to access this story.)

DATA LOSS

50 Million Passwords Reset After Breach (March 4, 2013)

Online personal organizer Evernote has reset the passwords for all its nearly 50 million users after “suspicious activity” was discovered on its network, PC Magazine reports. The incident “appears to have been a coordinated attempt to access secure areas,” according to a company blog post. Though the investigation is ongoing, hackers did access a database containing users’ names, e-mail addresses and passwords. Evernote says it used one-way encryption to protect the data. Meanwhile, a new study has revealed that 41 percent of more than 12,000 respondents said it can take up to a week to respond to a breach, and 28 percent said they could respond in a day.
Full Story

ONLINE PRIVACY

Web Anonymity Tensions Persist (March 1, 2013)

The Hill reports on discussions at this week’s RSA conference in support of reviving “a heated cybersecurity debate over whether to preserve anonymity and the use of pseudonyms in online chat forums and social networks” amidst ongoing tension “between free speech advocates and those who say tougher steps are needed to boost cybersecurity on the Internet.” Meanwhile a CNN report focuses on a panel discussion by industry leaders at the event, asking the question, “Will people share their personal data freely in exchange for more customized service? Or will they become fiercely protective of private information, using tools and browsers that protect their identity from advertisers and other third parties?”
Full Story

PERSONAL PRIVACY—CANADA

Clayton Investigating Ed Minister’s E-mail (March 1, 2013)

Alberta Information and Privacy Commissioner Jill Clayton is investigating a mass e-mail sent by Education Minister Jeff Johnson to determine whether it complied with the Freedom of Information and Protection of Privacy (FOIP) Act, reports Edmonton Journal. The e-mail was sent to more than 30,000 teachers. Johnson says “it’s entirely appropriate that the minister would take those contacts that are residing within his ministry to communicate with professionals about the profession that he’s responsible to regulate.” The Alberta Teachers’ Association submitted a complaint to the Office of the Information and Privacy Commissioner. Clayton said she launched her investigation on “her own motion” and will make recommendations and a public report if the minister’s actions contravened the FOIP Act.
Full Story

ONLINE PRIVACY

Opinion: The Cost of Blocking Cookies (March 1, 2013)

Joshua Koran of the cloud marketing platform Turn writes for Advertising Age about the impact that blocking cookies would have not only on digital advertising but also on small publishers and consumer choice. “Nearly everyone agrees that we each have a right to privacy embedded in our own identity. But each of us is also a consumer of advertising-subsidized content, and that advertising relies on the use of anonymous data. Transparency and choice are two fundamental principles that underlie digital privacy guidelines. But how can users make informed choices if they don't understand the implications of their decisions?” Koran writes.
Full Story

DATA LOSS

Fallout and Investigation Widen in Data Breach (March 1, 2013)

The massive data breach resulting from a missing USB stick has widened to include the Department of Justice, The Canadian Press reports. While originally thought to only involve Human Resources and Development Canada, those who filed complaints were told in a letter dated February 14 that the breach may extend to the Department of Justice and that both departments are now under investigation. Meanwhile, Postmedia News is reporting that the last person known to possess the memory stick containing the personal information of some 5,000 Canadians was a government lawyer working on employment insurance appeals.
Full Story

PRIVACY LAW

New Version of Breach Bill Presented (March 1, 2013)

At a Senate panel Tuesday, a new version of proposed data breach legislation came forward, but it is “missing some key features initially trumpeted by its authors,” the StarTribune reports. The bill, which was first announced in the wake of a recent breach of driver’s licence data at the Department of Natural Resources, focused on curbing such misuse of data through increased penalties and transparency. However, the report states, “Several provisions were eliminated in the Senate version…A provision making repeated misuse of data a ‘gross misdemeanor’ was gone,” while one to require a public report naming employees who misuse data was “scaled back” to apply only to those disciplined for such actions.
Full Story

PERSONAL PRIVACY

Privacy Commissioner Sides with Two Consumers (March 1, 2013)

Privacy Commissioner Jennifer Stoddart has sided with two consumers who both filed privacy complaints that involved their personal information being shared without their consent, QMI reports. One complaint was filed against an Ontario camp that obtained personal information about one of their applicants from a previous camp the child had attended, resulting in the child’s application being rejected. The other complaint was filed against a telecom company that did not follow its own “customer validation process” when one of its customer’s relatives was able to change a phone contract on a mall kiosk resulting in unauthorized charges.
Full Story

DATA PROTECTION

Stoddart: Digital Illiteracy Increases Online Risk (March 1, 2013)

Privacy Commissioner Jennifer Stoddart says Canadians are lacking in digital literacy, putting their personal information at risk, The Canadian Press reports. While Canadians spend an average of 45 hours a month online, many are unaware of cyber risks. “Individuals need the skills to engage in the online world without compromising their own or others’ information,” Stoddart said, adding, “I’m hoping Canadians will become increasingly active on these privacy issues” by taking such steps as reading websites’ privacy policies, installing anti-virus software and rejecting unnecessary cookies.
Full Story

DATA THEFT

Finance Minister Defends FINTRAC (March 1, 2013)

An encrypted laptop and USB key containing personal information on 777 Canadians was stolen from the locked trunk of a FINTRAC employee’s car, reports POSTMEDIA NEWS. Finance Minister Jim Flaherty has defended the agency, stating that “FINTRAC took corrective steps to ensure this never happens again, including changes to the way it stores and transports information.” He acknowledged that local police, the Privacy Commission and all affected individuals have been notified about the data loss. Still, one MP voices criticism of the federal government, as this was the third known data breach since late last year.
Full Story

INFORMATION ACCESS

Commissioner May Ask for Change in FOI (March 1, 2013)

Ontario Information and Privacy Commissioner Ann Cavoukian is considering asking for a change in the freedom of information law so city councilors are no longer exempt from it, The Star reports. Cavoukian said, “Given the recent orders dealing with councilor records and the city of Toronto, I will definitely consider approaching the government to recommend changes that increase transparency.” Right-to-know activists support such a request, saying that such transparency is necessary for the government to be held accountable.
Full Story