Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

PRIVACY LAW

Stoddart Finds Monitoring Went Too Far (May 31, 2013)

The Canadian Press reports that Privacy Commissioner Jennifer Stoddart has determined two government departments “went too far in their monitoring of a First Nations children’s advocate and her personal Facebook page” in her review of a complaint from activist Cindy Blackstock. “The commissioner found that Aboriginal Affairs and the Department of Justice seemed to violate the spirit of the Privacy Act when they compiled reams of information from Blackstock’s personal Facebook page,” the report states. Stoddart noted, “The lack of transparency surrounding the collection of personal information by the respondents from the complainant’s Facebook page would seem to violate the spirit, if not the letter of the act.”
Full Story

HEALTHCARE PRIVACY

Ontario Introduces EHR Legislation (May 31, 2013)

The Ontario government is introducing legislation aiming to protect patient privacy and enable electronic health records (EHRs) to be shared by healthcare providers in a patient’s circle of care, according to a press release. The legislation would establish requirements for EHRs, allow patients to mask their personal health information from certain providers and clarify the rules for providers’ data collection use and disclosure of EHRs, among other provisions.
Full Story

PERSONAL PRIVACY

Clayton Has Concerns About Open Data Portal (May 31, 2013)

The Alberta government is offering increasing government transparency by giving the public access to provincial data through a new Open Data Portal. The portal includes data on everything from Albertans’ drinking habits to birth statistics, Beacon News reports. But critics, including Alberta Privacy Commissioner Jill Clayton, are voicing concerns about individuals’ privacy. Clayton, who wasn’t consulted before it was unveiled, noted, “It’s a very good thing, but we do need to be mindful of those privacy considerations and make sure privacy is being built into the design. There could be some unforeseen consequences.”
Full Story

PRIVACY LAW

Will Canada Ever See Meaningful Privacy Reform? (May 31, 2013)

Computing Canada discusses reactions to the government’s introduction of proposed legislation featuring security breach disclosure notification. It appears “legislators are nowhere near coming up with a meaningful reform of the country’s online privacy law,” despite the introduction two years ago. Bill C-475, which was similar to Bill C-12 was introduced by a member of the New Democratic Party, but conservative MPs opposed it. “The opposition to meaningful privacy reform is particularly discouraging given the thousands of breaches that have occurred in recent years from within the government itself and its claim to be concerned with the privacy of Canadians,” Michael Geist notes.
Full Story

PRIVACY LAW

Dickson: No Privacy Right for Corporations (May 31, 2013)

Saskatchewan Information and Privacy Commissioner Gary Dickson says he remains concerned about a bill passed this spring by the provincial government that creates a right of privacy for corporations, The StarPhoenix reports. Discussing the Securities Amendment Act 2012, Dickson said, “There’s a very conspicuous error, and the error is the suggestion that corporations have a right of privacy.” He added that privacy is “uniquely the right of an individual.” His office was not consulted about the bill, he said, and he worries corporations may exploit the right. Saskatchewan Justice Minister Gordon Wyant said the bill doesn’t create a new right for corporations but simply recognizes corporations have confidential information.
Full Story

PRIVACY LAW

Entertainment Company Denies Allegations (May 31, 2013)

The Vancouver Sun reports on the response from a Vancouver-based entertainment company to the BC Civil Liberties Association’s allegations of privacy violations. The president of Force Four Entertainment, which makes a reality show for the Canadian Border Services Agency, denied any violations, saying, “With the exception of one convicted sex offender and two convicted drug traffickers, everyone featured in an identifiable manner in Border Security has given their verbal permission at the beginning of filming and their written permission at the end of filming.” The BC Civil Liberties Association filed a complaint with the privacy commissioner about the show in March.
Full Story

PERSONAL PRIVACY

A Networked World Calls for Brave New Thinking (May 30, 2013)

With increased distribution of wearable computing devices, Field Fisher Waterhouse Partner Phil Lee, CIPM, CIPP/E, writes that the “depth of relationship” individuals will have “with their device...far exceeds any previous relationship between man and computer.” In this latest Privacy Perspectives post, Lee examines what effect these wearable devices and the oncoming Internet of Things will have on individuals’ and business’ privacy expectations—from consent mechanisms to Privacy by Design initiatives.
Full Story

BIG DATA

From Beavers to Smart Cars to Ivory Coast with Sandy Pentland (May 29, 2013)

Alex “Sandy” Pentland has worked using data to solve any number of problems--enough to realize that privacy issues can be overcome when working with Big Data. The MIT and World Economic Forum researcher addressed the Center for Geographic Analysis annual conference recently to discuss “data commons” and the power they may hold for public good. Editor’s Note: Pentland will address the audience at Navigate, June 21, as part of a cast of provocative thinkers.
Full Story

TRAVELERS’ PRIVACY—CANADA & U.S.

Border Data-Sharing Plan To Expand (May 29, 2013)

Postmedia News reports on privacy advocates’ concerns over data sharing between the U.S. and Canada. Since the 2011 Canada-U.S. Beyond the Border action plan, the two countries have shared biometric data on 756,000 border crossers considered third-country nationals and permanent residents. Next year, the data shared will expand to include all travelers. Advocates are concerned the data could be used for secondary purposes. “We have provided questions to Canada Border Services Agency seeking information on how personal information collected may be used and by what other federal organizations and for what possible secondary uses outside of monitoring travel and immigration,” said a spokesman for Canada’s privacy commissioner.
Full Story

MOBILE PRIVACY

Website Shows Just How Private Snapchat Really Is (May 29, 2013)

If recent stories showing the permanence of Snapchat’s supposedly ephemeral photo sharing didn’t convince you, perhaps the launch of the new SnapchatLeaked.com will. As Beta Beat reports, the startup website allows users to upload photos that have been sent to them, despite the senders’ assumption that they would be deleted after only 10 seconds of viewing. While the site covers up “naughty bits” and doesn’t display a Snapchat ID, there is still some speculation as to whether the site will lead to lawsuits. “All images are user-submitted,” the site’s creators told UK tabloid Metro, “if the person asks to take them down, we do. Most see it as fun and getting ‘Facebook famous’.” Editor’s Note: Jed Bracy, CIPP/US, CIPP/E, wrote about how Snapchat plays into cyberstalking and cyberbullying recently for Privacy Perspectives.
Full Story

ONLINE PRIVACY

Estate Planning for Digital Assets (May 28, 2013)

The New York Times reports on the issue of end-of-life planning for online data. “Digital assets have value, sometimes sentimental and sometimes commercial, just like a boxful of jewelry,” one lawyer notes, suggesting they can result in “painful legal and emotional issues for relatives unless you decide how to handle your electronic possessions in your estate planning.” The report highlights options available to online users—including Google’s Inactive Account Manager, which allows users to “decide exactly how they want to deal with the data they’ve stored online with the company”—as well as expert recommendations for getting “your Internet house in order.” (Registration may be required to access this story.)
Full Story

PERSONAL PRIVACY

Opinion: What About Those Who Don’t Want To Be Recorded? (May 28, 2013)

In an opinion piece for The New York Times, Nick Bilton discusses a recent experience with Google Glass, the wearable computer capable of recording everything occurring in its view with a click or a wink. “But what about people who don’t want to be recorded?” Bilton asks. At a recent social gathering, Bilton notes, “I was startled by how much Glass invades people’s privacy, leaving them two choices: Stare at a camera that is constantly staring back at them, or leave the room.” Meanwhile, a startup is preparing to launch a facial recognition API for developers of Google Glass apps, to be available within a week. (Registration may be required to access this story.)
Full Story

DATA PROTECTION—CANADA & U.S.

Fredland on Social Media and Healthcare (May 24, 2013)

Valita Fredland, CIPP/US, associate general counsel and chief privacy officer at Indiana University Health, detailed the types of social networking breaches faced by healthcare institutions for the crowd at the IAPP Canada Privacy Symposium. This feature for The Privacy Advisor highlights Fredland’s insights, including that education and training should be part of the privacy team’s operations not only to avoid embarrassing breaches but also the social engineering scams that could lead employees to voluntarily give information to nefarious actors without realizing it.
Full Story

GENETIC PRIVACY

Cops Want Suspects’ DNA Upon Booking (May 24, 2013)

The Alberta Federation of Police Associations recently went before federal MPs to request changes to its DNA collection procedures, among others, reports Metro News. The group is pushing to change the point of DNA collection to the time of arrest as opposed to the time of conviction and expand the offenses for which DNA collection is allowed to any indictable offense, the report states. According to the federation’s director, this will allow for faster solving of other cases and reduce the red tape surrounding getting a warrant for DNA collection. One Calgary defense lawyer has raised concerns about the practice, noting, “We have a constitutional presumption of innocence in this country.”
Full Story

EMPLOYEE PRIVACY

Trucking Company Sells Employee’s Work History (May 24, 2013)

A Calgary-area trucking company sold an employee’s work history to an industry-specific employee-screening company without her consent, contravening the region’s privacy law, reports The Calgary Herald. The Alberta privacy commissioner has ordered the company to expunge the woman’s records, but the Teamsters want the commissioner to investigate whether the company is allowed to keep the database it claims to have on 160,000 other truck drivers across the country. “This is much bigger than one driver, and the province needs to step in now and ensure personal information isn’t being peddled without permission,” said a Teamsters representative.
Full Story

DATA PROTECTION

Breaches Illustrate Need for Data Strategy (May 24, 2013)

In a feature for The Globe and Mail, Jonathon Stoller references last month’s Investment Industry Regulatory Organization of Canada (IIROC) breach incident involving the loss of a laptop with the financial data of more than 50,000 individuals, noting, “The breach is a reminder that, as organizations gather more and more data in the digital age, information is getting harder to track and manage.” Stoller suggests key tips for creating a data security strategy, including providing leadership, educating employees, encrypting critical data and having a data retention and destruction policy in place. “Most data breaches are the result of human error: lax passwords, lost mobile devices or unwitting disclosure to a data thief. Even the best technology is no match for a well-educated work force,” he writes.
Full Story

PRIVACY LAW—CANADA

Stoddart: PIPEDA Reform, Enforcement Powers Needed (May 23, 2013)
Privacy Commissioner Jennifer Stoddart, wrapping up 10 years in her office this year, used her keynote address at the IAPP Canada Privacy Symposium this morning in Toronto to lay out her recommendations for reforming the Personal Information Protection and Electronic Documents Act. In short, amendments should include stronger enforcement powers, mandatory data breach reporting, teeth behind accountability and increased transparency measures.

BIG DATA

Privacy Hampers Research Outcomes (May 23, 2013)

Professors at the Massachusetts Institute of Technology say privacy remains a “big stumbling block” to effectively using Big Data, The Wall Street Journal reports. MIT’s Andrew Lo, Dimitris Bertsimas and Alex “Sandy” Pentland are building Big Data models to predict financial market shifts and crime and improve healthcare outcomes, the report states, but run into privacy issues when it comes time to analyze the data. There are also concerns about individuals being profiled based on Big Data findings. Meanwhile, Amsterdam’s ZyLAB has published a whitepaper warning IT decision-makers about “the dark side of Big Data.” (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—CANADA

Report: Gov’t Plan Would Have Been “Digital Key” (May 23, 2013)

The Canadian Press reports on a new study by the Office of Privacy Commissioner Jennifer Stoddart indicating that a bill that would have given police more information about Internet users would have “unlocked numerous revealing personal details.” The report found that the online surveillance bill would have acted as “a digital key” to an individual's details, Stoddart said, adding, “In general, the findings lead to the conclusion that, unlike simple phonebook information, the elements examined can be used to develop very detailed portraits of individuals, providing insight into one’s activities, tastes, leanings and lives.” The government dropped the bill earlier this year following widespread criticism.
Full Story

SOCIAL NETWORKING

Facebook Joins Advocacy Group (May 23, 2013)

Facebook announced on Wednesday that it has joined the online privacy and freedom advocacy group Global Network Initiative (GNI), reports The Wall Street Journal. The affiliation may help to show users that Facebook is taking privacy concerns seriously and also help it navigate expansion in developing countries, the report states. GNI provides guidance on protecting online privacy against government intrusions and reviews members’ practices to ensure they are in line with GNI’s goals. Meanwhile, Facebook CEO Mark Zuckerberg was in Poland on Wednesday meeting with Polish Minister for Administrative Affairs and Digitisation Michal Boni about the global significance of the Polish IT industry. (Registration may be required to access this story.)
Full Story

BIG DATA

Service Would Sell Phone Data on Consumers (May 22, 2013)

European software firm SAP has announced a new service that will pull data from its “extensive partner network”—which includes “over 990 mobile operators”—collect and analyze it “without drilling down into user-specific information,” CNET News reports, and disclose the results to subscribers via web portal. SAP said of its Consumer Insight 365 mobile service that “this market intelligence will ultimately allow brands to strengthen relationships with consumers through more targeted and context-specific marketing efforts.” The Wall Street Journal reports on the potential privacy concerns from a service that will “broaden the range of data about individuals’ habits and movements that law enforcement could subpoena.”
Full Story

BIG DATA

Creating a Data Empire (with Uncle Enzo and Steve Sneak) (May 22, 2013)

With gamification making its way further and further into mainstream marketing and corporate efforts, it only makes sense that privacy-awareness advocates would get into the game. Privacy professionals should get a kick out of Data Dealer, a new browser-based game, which will eventually be integrated into Facebook like the popular Zynga games (et al) and takes a satirical and ironic approach to the world of data collection and sale. The Privacy Advisor gives it a spin and gives you a full review.
Full Story

DATA LOSS—CANADA

When Your USB Goes Missing (May 21, 2013)

Recent data breaches have rocked Canadian-based public-sector institutions with hundreds of thousands of compromised personal files. “How did this happen?” Daniel Horovitz asks in this latest installment of the IAPP’s Privacy Perspectives. An expert in privacy and records management, Horovitz points out that both incidents were not a problem of cybersecurity but were under scrutiny for “a much dumber, simpler reason.”
Full Story

RFID

Chips Pose ID Theft and Privacy Concerns (May 21, 2013)

The Washington Post reports on rising identity theft of travelers stemming from access to RFID chips in passports and credit cards. Criminals can also access personal data from smartphones via WiFi networks. To help curb such attacks, some luggage companies are inserting RFID-blocking compartments in luggage. Meanwhile, Bruce Schneier, a security expert, writes about the rise of the Internet of Things and surveillance in his latest blog post, noting that “any illusion of privacy we maintain” is “about to get worse.” (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Firefox Cookie Blocking By Default on Pause (May 17, 2013)

Mozilla has postponed default cookie-blocking in its Beta version of Firefox 22 “to collect and analyze data on the effect of blocking some third-party cookies,” PC World reports. The default setting has been criticized by the online advertisement industry. The nonprofit is currently testing a patch created by Jonathan Mayer. In a blog post, Mozilla Chief Technology Officer Brendan Eich wrote, “Our next engineering task is to add privacy-preserving code to measure how the patch affects real websites,” adding, “We will also ask some of our Aurora and Beta users to opt in to a study with deeper data collection.”
Full Story

GENETIC PRIVACY

Making Art of the DNA We Leave Behind (May 17, 2013)

What if someone could take your mundane, discarded items—chewing gum, a stray hair and other things with traces of DNA—and turn them into a portrait of you? Heather Dewey-Hagborg has already started doing just that. This Privacy Perspectives blog post explores her work and the broader implications, both creepy and courageous, for our fledgling personal privacy in light of advancing DNA capabilities.
Full Story

DATA LOSS

NDP Seeking Commons Probe of “Massive Problem” (May 17, 2013)

The New Democratic Party (NDP) is expected to ask a House of Commons committee “to widen the scope of its investigation into identity fraud and probe the reasons behind thousands of data breaches that have plagued the federal government over the past 10 years,” Postmedia News reports. The NDP has indicated the study is necessary to determine what steps are being taken to remedy “this massive problem,” the report states. “We have no idea how many cases of data loss or breach or hacking have resulted in Canadians having their personal information or financial information stolen,” NDP MP Charlie Angus said, adding, “We need to find that out.”
Full Story

ONLINE PRIVACY

Law Will Not Prevent E-Mail Search (May 17, 2013)

Provincial privacy law will not preclude a search of Oshawa City Council e-mails “in an effort to find out who leaked a confidential missive from the city manager,” Metroland Media reports. Ontario Privacy Commissioner Ann Cavoukian has said that the information she has received so far indicates “the Municipal Freedom of Information and Protection of Privacy Act does not apply in this matter,” the report states. In an e-mail statement, Cavoukian wrote, “We will be reaching out to the City of Oshawa to offer guidance on how to deal with this issue, in a privacy-protective manner.”
Full Story

FINANCIAL PRIVACY

Privacy Prevents Outing of Tax Evaders (May 17, 2013)

The Canadian Press reports on the extension of an international tax evasion investigation into Canada, where the Canada Revenue Agency (CRA) has said it has convicted “44 individuals of offshore tax cheating since 2006” but cited privacy rules in its decision not to disclose further information. The 44 individuals “were collectively sentenced to 337 months in jail” and ordered to pay fines of up $1.1 million. “The conviction details related to monies or assets located offshore are, in most of the cases noted, not part of the public record and not detailed in the court records,” the CRA has said, indicating that to publicize names and such information “would break privacy rules.”
Full Story

STUDENT PRIVACY

Education Minister Apologizes for Score’s Release (May 17, 2013)

Education Minister Jody Carr has apologized for a privacy breach inside his department, though not to the satisfaction of Liberal MLA Chris Collins, CBC News reports. The incident involved an Education Ministry assistant releasing a high school student’s exam score before the school released it, the report states. While Collins has called for Carr’s resignation over the incident, Carr has said, “I have mentioned that I have regretted that this is an unfortunate situation…it’s been referred to the independent privacy commissioner," adding, “We will certainly look forward to further recommendations from the privacy commissioner in dealing with this issue in a prudent and responsible manner.”
Full Story

DATA PROTECTION

Opinion: Media Coverage Can Increase Consumer Threat (May 17, 2013)

As the black market for personal information continues to grow, the media has begun covering more and more data breaches, in some cases making things worse for the consumers whose data has been lost, reports The Huffington Post. When a device is lost or stolen and reports come out detailing the type of device, nature of the data it contains and where the device came from, it can “set-off a criminal treasure hunt,” Larry Keating writes. Alerting consumers to potential threats is important, and that is sometimes only possible through large media outlets, says Keating. “But the trade-off in alerting the criminal elements to a device or cache of data that may or may not be in their hands needs to be carefully considered.”
Full Story

PERSONAL PRIVACY

Consumer Filing Complaint Against Power Company (May 17, 2013)

A Nova Scotia Power customer is filing a privacy complaint after the utility shared his personal information without his permission, reports CBC. The company shared 90,000 of its customers’ data with Efficiency Nova Scotia, which then shared it with OPower to conduct an energy audit. While lawyers have assured the company its program is in line with all applicable privacy laws, one law professor notes that companies are allowed to use customer data only for the purposes they agreed to—even if these alternate uses stem from good intentions. An Efficiency Nova Scotia representative said privacy was “top of mind” while developing the program, adding, OPower is very “proactive” in protecting customer data.
Full Story

PRIVACY

When Buying Cyberinsurance, Semantics Matter (May 16, 2013)

At yesterday’s Pre-Breach Preparedness IAPP KnowledgeNet in Dedham, MA, Joe Burgoyne of Osram Sylvania, opened the “privacy panel” with a somewhat startling prompt: Raise your hand if you know where all of your company’s data is. Of the 100-plus attendees, maybe two hands went up—hesitantly. In this exclusive for The Privacy Advisor, Burgoyne offers advice on how to prepare for a data breach and attorney Nancy Kelly discusses the importance of negotiating when it comes to buying standalone cyber insurance.
Full Story

PRIVACY LAW—CANADA

Did We Get the Right Privacy Tort? (May 16, 2013)

With last year’s Ontario Court of Appeals decision on Jones v. Tsige, Michael Power, a Toronto-based lawyer, consultant and author, writes, “2012 saw a significant development in Canadian tort law with respect to privacy.” In this Privacy Perspectives post, Power questions whether the “intrusion upon seclusion” tort is enough in a world “where ‘surreptitious genetic testing’ and ‘revenge porn’ are not TV plotlines and where the latest thing to be hyped is Big Data.”
Full Story

DATA LOSS

Experts Discuss Bloomberg Privacy Implications (May 15, 2013)

As Bloomberg News continues to answer questions about the actions of reporters who appear to have, on more than one occasion, used the company’s desktop data terminals to monitor activity at financial institutions, privacy experts are weighing in on the long-term implications. This exclusive for The Privacy Advisor examines the most recent developments and the reactions from experts like Lisa Sotto, CIPP/US, who told GovInfoSecurity Bloomberg must “toughen its IT security and privacy governance process…It is critically important to have a stringent set of access controls, but the integrity and ethics issues really go beyond privacy and data security."
Full Story

PRIVACY IN POP CULTURE

Going Gaga for Google Glass (May 15, 2013)

While it’s unquestionably true that the advent of Google Glass has created all manner of interesting privacy discussions, Glass may end up being as much a boon to comedy writers as to privacy professionals. In this exclusive for The Privacy Advisor, we round-up all of the best send-ups and look at the way being creepy may keep Glass users from being creepy.
Full Story

DATA LOSS—CANADA & U.S.

Victims Suing for $40M; Other Breaches Announced (May 14, 2013)
Montfort Hospital patients whose personal information was lost have filed a $40 million lawsuit, Toronto Sun reports. The breach involved the loss of a USB stick containing data on 25,000 patients back in November. Although it was eventually recovered, plaintiffs are accusing the hospital of “breach of contract, negligence, breach of privacy and violating its own bylaws and the Personal Health Information and Protection Act” in connection with the loss of the memory stick, the report states. Meanwhile, in the U.S., Indiana University Health has notified 10,300 patients of a health data breach; Presbyterian Anesthesia reports a data breach affecting nearly 10,000, and Memphis Regional Medical Center has reported a breach involving three e-mails.

MOBILE PRIVACY

In-App Advertisers Beware: Lookout Announces Deadline (May 14, 2013)

With adware targeting the Android operating system up 61 percent over last year, by Bitdefender’s estimate, mobile security firm Lookout has decided to take a firmer stance with in-app advertisers. The company has announced “rules and standards for acceptable advertising practices that promote good user experience and privacy best practices” and has given advertisers 45 days from May 10 to comply or be otherwise classified as adware. If advertisers don’t get explicit user consent for display advertising outside the normal in-app experience, harvesting PII or performing unexpected actions in response to ad clicks, Lookout’s product will block them from users.
Full Story

ONLINE PRIVACY

LinkedIn Revises Policy for User Clarity (May 13, 2013)

LinkedIn is updating its privacy policy within the next week, the company reports in its blog. The updates will clarify and simplify language to make it easier for members to read and understand. The policy will be located on a page that will become the company’s “Privacy Portal” where users can access all of their LinkedIn data.
Full Story

CYBERSECURITY

A Global View of Integrating Privacy and Security (May 10, 2013)

“From Maryland to Ireland, Slovakia to Florida, privacy professionals and their industry colleagues are working on integrating Privacy by Design into business models and functionality,” writes Jenner & Block’s Mary Ellen Callahan, CIPP/US, in this latest Privacy Perspectives post. Amidst her “whirlwind tour” across continents and industry sectors—from marketing to security to government—Callahan assesses a growing effort to implement privacy into business and national security strategies.
Full Story

PRIVACY LAW

Bill 25 Moving Forward Despite Concerns (May 10, 2013)

Despite reports of privacy concerns from Alberta Privacy Commissioner Jill Clayton earlier this week, Human Services Minister Dave Hancock has said he hopes to pass proposed child protection legislation in the current legislature, The Globe and Mail reports. Earlier this week, Clayton said, “I support the principle of promoting the ‘well-being, safety, security, education and health of children,’ and I recognize that information sharing is vital to providing the programs and services that will benefit children. But I am very concerned about the privacy implications.” In moving forward with Bill 25, Hancock said, “We’ll have to have a respectful disagreement on some of these points.”
Full Story

DATA PROTECTION

Agriculture Canada Strives To Meet Guidelines (May 10, 2013)

According to a report in The Montreal Gazette, Agriculture and Agri-Foods Canada (AAFC) has had the third-highest number of people affected by data breaches among federal departments over the last decade. A total of 92,422 people had their personal information inappropriately lost or shared, the report states. After top officials were told there was a “need for cultural changes,” the department took initial steps in forming an information-management practice and intends to be fully compliant with the government’s security of information policy no later than mid-2014.
Full Story

HEALTHCARE PRIVACY

Researcher Suing BC Over Breach Handling (May 10, 2013)

Researcher William Warburton is suing British Columbia and Health Minister Margaret MacDiarmid for defamation, according to CBC News. Warburton was hired to study “the effects of atypical anti-psychotic medications on patient outcomes.” During this research, the BC Ministry of Health says information on at least 38,486 residents was improperly shared by researchers in both October 2010 and June 2012. Warburton alleges he was defamed by the province both in statements made after the data breach and in reputational damage suffered due to the termination of his contract.
Full Story

PRIVACY

New Kit Helps Prepare for Emergencies (May 10, 2013)

The Office of the Privacy Commissioner (OPC) has released a new privacy emergency kit, developed in consultation with several provincial and territorial privacy offices, to help organizations prepare for crisis situations. The kit, which the OPC released as part of Emergency Preparedness Week, will help organizations subject to federal privacy laws enhance the timeliness and content of communications during an emergency and handle personal information appropriately. “Our new guidance emphasizes that it is critical for both private- and public-sector organizations to consider privacy issues in advance of an emergency situation in order to avoid problems in the event of a crisis,” noted Privacy Commissioner Jennifer Stoddart.
Full Story

PRIVACY COMMUNITY

Privacy Commissioner Receives Honorary Doctorate (May 10, 2013)

The University of Ottawa recently announced nine people to receive honorary doctorates at its spring convocation, Ottawa Citizen reports. Privacy Commissioner Jennifer Stoddart was among the nine honored. The university praised Stoddart for her “contribution to the advancement of women in the legal profession,” the report states.
Full Story

BIG DATA

Opinion: Tolerate the Silly, Tame the Scary (May 10, 2013)

In an opinion piece for The Globe and Mail, Konrad Yakabuski writes, “Our lives are being 'datafied' in ways that range from the plain silly to the sheer scary.” He notes that with Big Data come new insights in the realms of commerce, science and medicine that are used to “justify intrusions on our privacy." Yakabuski suggests, “If we can tolerate the silly and tame the scary, we could be on the cusp of major progress.”
Full Story

ONLINE PRIVACY

Google Chairman: Lack of Internet Delete Button Is “Significant Issue” (May 8, 2013)

Google Executive Chairman Eric Schmidt believes the “lack of a delete button on the Internet is in fact a significant issue.” That’s according to a Fast Company report on Schmidt’s comments to economist Nouriel Roubini at New York University’s Stern Business School this week. The discussion focused in part on the privacy implications of the “endless troves of personal user data” being amassed by online companies. Schmidt said, “Let me be very clear that Google is not tracking you,” adding that in terms of that lack of an online delete button, “There are times when erasure is the right thing...and there are times when it is inappropriate. How do we decide? We have to have that debate now."
Full Story

ONLINE PRIVACY

Internet of Things and Privacy a “Cat-and-Mouse Game” (May 8, 2013)

Wireless technology company Qualcomm is working on enabling the impending “Internet of Things” while maintaining user privacy. That’s according to CEO Paul Jacobs, who said in a recent speech that technology will certainly make it possible for “nearly everything people interact with” to be connected to the Internet in time, but companies must work to make such capabilities less intrusive, CNET reports. “Privacy is something that’s going to be a little bit like a cat-and-mouse game,” he said.
Full Story

ONLINE PRIVACY

GPEN Launches First Internet Privacy Sweep (May 7, 2013)
A total of 19 privacy enforcement authorities are participating in the Global Privacy Enforcement Network’s first Internet Privacy Sweep initiative. In announcing the launch of the weeklong initiative, the Office of the Privacy Commissioner of Canada said participating authorities will dedicate individuals to search the Internet in a coordinated effort to assess privacy issues related to the theme, Privacy Practice Transparency. “Privacy issues have become global and they require a global response,” noted Canadian Privacy Commissioner Jennifer Stoddart. “It is critical that privacy enforcement authorities work together to help protect the privacy rights of people around the world.” This exclusive for The Privacy Advisor takes a closer look at the new initiative.

SOCIAL NETWORKING—CANADA

OPC Survey and Demise of Data Farm Deal Highlight Privacy Issues (May 7, 2013)

Winnipeg Free Press reports on the end of a deal that would have resulted in a Facebook “data farm…full of high-powered servers necessary to store information from billions of users worldwide” being built in Manitoba. Facebook considered the province due to such factors as land prices and renewable energy but ultimately “cited concerns about Canadian privacy laws in making its decision to pull out of Manitoba,” the report states. In other news, an Office of the Privacy Commissioner survey indicates, “Privacy concerns are driving Canadians away from smartphone apps and online services,” SC Magazine reports.
Full Story

ONLINE PRIVACY

The Struggling Do-Not-Track Negotiations (May 6, 2013)
The New York Times reports on the friction between industry and privacy advocates leading up to what will be the final face-to-face negotiations within the World Wide Web Consortium (W3C) on establishing a Do-Not-Track (DNT) standard. On Friday, Mozilla posted a new report on the “State of Do Not Track in Firefox.” Yet, if the W3C cannot come to an agreement this week, the proposed standard may go the way of the dodo. Two main sticking points revolve around default settings and what data may be collected after a DNT signal is activated. Jonathan Mayer, a Stanford University graduate student and participant in the W3C talks, said, “I think it’s right to think about shutting down the process and saying we just can’t agree,” adding, “We gave it the old college try. But sometimes you can’t reach a negotiated deal.” Editor’s Note: Mercatus Center Senior Research Fellow Adam Thierer recently wrote about Do Not Track in the first installment of a point-counterpoint with the Center for Democracy & Technology’s Justin Brookman for the IAPP’s Privacy Perspectives. (Registration may be required to access this story.)

GEO-LOCATION

What’s the Equivalent of Shouting “Fire!” in a Crowded Theater? (May 6, 2013)

The Center for Geographic Analysis held its annual conference at Harvard’s Tsai Auditorium last week, focusing on the challenges and thoughts surrounding policy-making for a location-enabled society. The benefits of location technology are hard to deny—identifying influenza outbreaks, getting necessary transportation to people in remote locations, providing emergency services to people who call 911 from cell phones, heck, even just figuring out how to get home without being stuck in rush-hour traffic—but the collection, analysis and use of this data bring risks, too.
Full Story

PERSONAL PRIVACY

Did Andy Warhol Get It Wrong? (May 6, 2013)

In 1968, Andy Warhol famously quipped, “In the future, everyone will be world-famous for 15 minutes.” But what if the opposite is becoming true? In his recent Privacy Perspectives blog post, IAPP Associate Editor Jedidiah Bracy, CIPP/US, CIPP/E, writes, “We could also say it this way, ‘In the future, everyone will have anonymity for 15 minutes.’” A recent TED Talk, given by Juan Enriquez, further illustrates this point by looking at “the obvious combination of Big Data, tattoos, immortality, the Ancient Greeks…and, of course, Jorge Luis Borges.”
Full Story

PRIVACY LAW

Former Health Employees Charged for Breaches (May 3, 2013)

Newfoundland and Labrador Privacy Commissioner Ed Ring has used section 88(1)(a) of the Personal Health Information Act for the first time to charge two former employees of Western Health and Eastern Health in connection with accessing patient files inappropriately in two separate occurrences. The Western Star reports that Ring announced the development this past week in a press release and further stated that while there had been similar breaches in the past, charging the employees was warranted and “the act is written as it is with section 88 in there to add this other level of deterrence.”
Full Story

DATA LOSS

NDP Calls for Investigation Into Lack of Breach Reporting (May 3, 2013)

The New Democrat Party (NDP) is asking for an investigation into the estimated 3,000 federal department data breaches that have gone unreported to Privacy Commissioner Jennifer Stoddart’s office since 2002. According to The Province, the request comes after the recent admission that over the past 10 years, only 13 percent of federal departments’ data breaches have been reported. The NDP is also asking that the departments be required to report such breaches, a recommendation Stoddart has made in the past. Prof. Michael Geist calls for privacy law reform, writing that “the latest revelations indicate that the failure to live up to (public) trust is spread across virtually all government departments and to the political leaders that have failed to introduce much-needed legislative privacy safeguards.”
Full Story

PERSONAL PRIVACY

Advocacy Group: Homeless Have Privacy Rights, Too (May 3, 2013)

The Vancouver Sun reports on the Lookout Society’s concern that a request from Frasier Health for homeless individuals’ names and other details violates the Privacy and Information Protection Act (PIPA). Frasier Health, which sponsors the Lookout Society’s transition house, says the request is within the scope of PIPA and the information is needed to monitor the progress of those living there. However, Lookout Executive Director Karen O’Shannacery says, “Sending all of this really personal information to government, which hasn’t got a really good track record of holding this information private, is not in the clients’ best interest.”
Full Story

ONLINE PRIVACY

Reddit Rewrites Policy for Usability (May 2, 2013)

Reddit has rewritten its privacy policy “from the ground up” in order to be clearer and more accessible to the average user, WebProNews reports. The policy goes into effect May 15. “For some time now, the reddit privacy policy has been a bit of legal boilerplate,” said the announcement. “This new policy is a clear and direct description of how we handle your data on reddit and the steps we take to ensure your privacy.”
Full Story

ONLINE PRIVACY

Doc Causes Stir Before W3C Meeting (May 1, 2013)
There are rumblings within the World Wide Web Consortium (W3C) leading up to next week’s Do-Not-Track (DNT) meeting after a document was distributed among members “rendering the meeting practically moot,” AdWeek reports. The “Draft Framework for DNT Discussions Leading Up to Face-to-Face” has been called a “framework,” but privacy groups have called it a “proposal” from the Digital Advertising Alliance (DAA). In the document, DNT would be off by default. W3C Co-Chair Peter Swire, CIPP/US, said, “As the name states, it is a framework for discussion, to help frame a possible agenda for next week’s face-to-face meeting in California.” DAA Counsel Stu Ingis said the document is the result of input from the DAA, consumer groups and other stakeholders. “It’s hard for stuff to happen if there’s no agenda,” said Ingis, adding, “There are a lot of cats to herd.”