Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

PRIVACY IN CONTEXT

Tell the Authors: What Should We Expect? (July 31, 2013)

In response to The New York Times’ story describing the arrival of our “contextualized” existence—brought forth by predictive search apps—IAPP President and CEO Trevor Hughes, CIPP, asks how we can manage such contextualized environments. At the IAPP Privacy Academy, Robert Scoble and Shel Israel will provide a keynote on their upcoming book on our contextual future and are asking for input on what we should expect with regard to privacy. You are invited to share comments on privacy in context in our Privacy Perspectives discussion to help Scoble and Israel finish their book.
Full Story

HEALTH PRIVACY

The Digital Health Revolution: Promises and Privacy Concerns (July 31, 2013)

The move to electronic health records has been underway for years but has picked up considerable steam of late. Accompanying this sea change are technologies that bring both the promise of increased efficiency and quality of healthcare as well as concerns about the protection and appropriate use of sensitive and personal information. Join Proteus Digital Health Co-Founder and CMO George Savage, Field Fisher Waterhouse Partner Phil Lee, CIPP/E, CIPM, and CDT Health Privacy Project Director Deven McGraw in an IAPP web conference exploring the benefits and risks involved in processing data with a fascinating new technology and its creators’ preemptive moves to address privacy issues.
Full Story

INTERNET OF THINGS

Privacy and the Quantified Self (July 31, 2013)

Deutsche Welle reports on the Quantified Self Movement, noting that many users in Europe log and upload their personal information to the cloud, which raises privacy and data protection concerns. One developer said, “You have to distinguish between a fitness tracking application and wearable sensors and health sensors,” adding, “These fitness tracking apps, and their data, are not as sensitive as diabetes data, and they are also treated differently by the regulatory bodies.” Meanwhile, Venture Beat reports on Saga, a “life-blogging app,” used to passively capture data about users’ daily activities “to learn about your habits and preferences and track your behavior over time.”
Full Story

PRIVACY ENGINEERING

PbD Being “Widely Adopted” in IT (July 29, 2013)

IT Business writes this week about the growing acceptance among software developers and others in IT of Privacy by Design (PbD) as an industry standard. The article uses by way of example the increasingly powerful G2 software from IBM, which analyzes data and is adding a “data anonymizer” module in its latest iteration. Similarly, even smaller firms like Toronto’s Route1, Inc., are beginning to view security and privacy as equally valuable and building their products accordingly. All of this is leading up to an expected PbD guidebook for software engineers, to be released in the next eight to 10 months by the Organization for the Advancement of Structured Information Standards and penned by PbD’s chief advocate, Ontario Information and Privacy Commissioner Ann Cavoukian. Meanwhile, Cavoukian’s involvement in the “scrapped gas plants” controversy is leading to partisan bickering in Canada.
Full Story

ONLINE PRIVACY

Mozilla Unveils Personalization Project, Catches Flak (July 26, 2013)

Mozilla yesterday announced on its Labs blog it has begun testing a new personalized browsing experience with Firefox, whereby users choose with which Web sites to share which PII in exchange for personalized content. Elsewhere, the company explained how this fits with its philosophy of “Personalization with Respect.” However, while TechCrunch noted this is still just in the testing stages, AdWeek called the announcement “ironic” in light of the company’s Do Not Track stance, and lined up advertising representatives to say worse: "So the takeaway is that it's OK for Mozilla to track, but not third parties?" asked Alan Chapell, CIPP/US, of Chapell & Associates, co-chair of the Mobile Marketing Association's privacy committee.
Full Story

ONLINE PRIVACY

Cavoukian: You Can’t Just Ban Passwords (July 26, 2013)

Information and Privacy Commissioner of Ontario Ann Cavoukian is cautioning that a petition against passwords by a group of Silicon Valley startups sends a dangerous message, ITWorld Canada reports. While Cavoukian supports technological innovation, she fears the message will cause consumers to think they no longer need passwords: “We want to ramp up security, not ramp it down." The startups argue user-created passwords are weak and policies aren’t enforced, risking security. But Cavoukian says it’s not an either-or situation, “You've got to make this user-centric. You can't just have a ban on passwords."
Full Story

DATA PROTECTION

Drivers Unaware of Disclosure Opt-Out (July 26, 2013)

Nova Scotia’s privacy commissioner has said that Service Nova Scotia is violating drivers’ privacy rights by not providing a data-sharing opt-out notification, The Chronicle Herald reports. The program, which shares drivers’ names and addresses with the War Amps key tag program, is supported by the commissioner. “However,” she said, “Service Nova Scotia is legally bound to abide by provisions of our privacy laws.”
Full Story

SURVEILLANCE

Cavoukian: Cameras Not Curbing Crime (July 26, 2013)

Ontario Information and Privacy Commissioner Ann Cavoukian has said that surveillance cameras are not the “silver bullet” solution for stopping crime, Cornwall Seaway News reports. Cornwall police, who are using the IPC guidelines, are doubling the number of cameras in the city. Cornwall’s police chief said, “We’re seeing marginal decreases in areas we expected to go down,” and added, “The police are not interested in snooping, we’re interested in deterring crime.” Cavoukian has expressed concern about police access to collected images, which “could lead to potentially privacy invasive activities and improper surveillance.”
Full Story

MOBILE PRIVACY

DAA, NAI Each Release Mobile Privacy Rules (July 25, 2013)

The Digital Advertising Alliance (DAA) has unveiled its long-anticipated mobile privacy code. The rules state that ad networks and other related third parties should provide notification for online behavioral advertising—also known as cross-app advertising—with a provided opt-out. Additionally, ad networks and app developers must obtain opt-in consent from users for geolocation and address-book data collection, MediaPost News reports. The grace period for implementation is expected to be nine to 12 months, potentially longer. The DAA is also working on an AdChoices opt-out icon for mobile apps. DAA counsel Stu Ingis said, “We envision that there will be an app that has the AdChoices icon in it, that consumers can download…Through the app, consumers can exercise choice with respect to all of the third parties.” The Network Advertising Initiative has released its final version of mobile privacy rules as well.
Full Story

PRIVACY RESOURCES

Help with Privacy Impact Assessments (July 25, 2013)

The IAPP online Resource Center has templates, checklists, samples, long forms, short forms, event presentations, guidance—even an evaluation of guidance documents…pretty much anything you need to get going on your own privacy impact assessment. Check out the IAPP member-only resource Close-Up: Conducting a Privacy Impact Assessment. (IAPP member login required.)
Read Now

PRIVACY IN POPULAR CULTURE

Dressing To Beat Big Brother (July 24, 2013)

Sitting in the closing “Quiz Show” session at the IAPP Canada Privacy Symposium a couple of months back, Ontario Privacy Commissioner Ann Cavoukian got a bit of a laugh with her call for “privacy glasses” or other “Star Trek”-like privacy technology to defeat Google Glass and other wearable computing technologies that might make covert surveillance omnipresent. But wearable privacy technology is already here and hardly a joke (though it is sort of funny).
Full Story

ONLINE PRIVACY

Germany Wants UN Privacy Charter (July 24, 2013)

In response to the NSA disclosures, senior German government officials are lobbying for expansion of the 1966 UN human rights treaty to cover modern forms of communication such as e-mail and social networks, the Associated Press reports. German foreign and justice ministers sent a letter—which was released more broadly on Wednesday—to their European Union counterparts last week: “We want to use the current debate to launch an initiative that would outline the inalienable privacy rights under current conditions.” The letter also suggests convening all 167 parties to the International Covenant on Civil and Political Rights. German data protection authorities have also called for suspension of a key data-sharing agreement between the EU and U.S.
Full Story

INTERNET OF THINGS

Researchers Hack Into Car Computer (July 24, 2013)

Forbes reports on the work of two security experts who have demonstrated how they can hack into an automobile’s computer network to control essential functions, including shutting off the brakes. Charlie Miller, a security engineer at Twitter, and Chris Valasek, an intelligence security director at IOActive, have received a grant from the Pentagon to discover security vulnerabilities in automobiles. “When you lose faith that a car will do what you tell it to do,” Miller said, “it really changes your whole view of how the thing works.” Miller and Valasek plan to share their finding at next month’s Defcon hacker meeting in Las Vegas. A representative from Toyota said the real concern isn’t physically hacking into a car, as the duo have done, but wirelessly hacking into a car. “We believe our systems are robust and secure,” the representative said.
Full Story

PRIVACY ENGINEERING

Communicating Data Collection to Brick-and-Mortar Consumers (July 23, 2013)

In this Privacy Perspectives post, Ilana Westerman and Gabriela Aschenberger, both of Create with Context, explore consumer perceptions of how their data is collected while shopping in brick-and-mortar retail stores. According to their research, only 33 percent of consumers surveyed realized their location data was being collected in participating stores. “The resulting design challenge,” they write, “is to communicate to consumers that data is being collected, provide controls if consumers care to opt out and showcase how data collection can create value for the consumer.”
Full Story

PRIVACY COMMUNITY

Should We Be Thinking of Data as the New Oil? (July 22, 2013)

Big Data is driving the information economy, giving it the increasingly common moniker of "the new oil.” For data artist Jer Thorpe, such a comparison may not be such a good thing. Thorpe was among several artists who presented new ways of visualizing data at the IAPP’s “un-conference,” Navigate. This Privacy Perspectives post, which includes video of his presentation, explores Thorpe’s call for changing the conversation around data.
Full Story

ONLINE PRIVACY

W3C To Miss July Deadline for DNT (July 22, 2013)

The World Wide Web Consortium (W3C) will not meet its “last call” deadline for putting out a Do-Not-Track proposal for public comment, MediaPost News reports. W3C Co-Chair Peter Swire, CIPP/US, said, “There is not a way to get to last call by the end of July,” adding, “Next Wednesday, we will have a discussion about where we are and next steps.” According to the report, the group still has the opportunity to work on the proposals, but “the talks have turned so acrimonious that it seems unlikely the group will ever agree” on a Do-Not-Track standard for headers sent to browsers.
Full Story

ONLINE PRIVACY

Are Consumers Changing Their Browsing Habits? (July 22, 2013)

The Associated Press reports on the changing browsing habits of consumers in light of the recent NSA disclosures. Meanwhile, a new browser add-on has been introduced on Monday that aims to shield consumers from data mining by preventing users from disclosing contact information, CNET News reports. MaskMe, created by Abine, creates and manages “dummy” accounts for a user’s e-mail, phone number, credit card and website logins. According to the company, consumers tend to lose out in the “data-for-service exchange,” while companies win. Abine’s Sarah Downey said, “The real lesson is, 'Stop: Don’t give out your personal information.'”
Full Story

SURVEILLANCE

Cavoukian Discusses Dangers of Metadata (July 19, 2013)

In an opinion piece for the Toronto Star, Ontario Information and Privacy Commissioner Ann Cavoukian discusses the term “metadata,” frequently used since revelations of the U.S. National Security Agency’s surveillance program. While government officials defend the use of metadata, claiming it isn’t privacy invasive because it doesn’t access telecommunications content, Cavoukian says this is “fanciful thinking–perpetuating a myth that is highly misleading. The truth is that collecting metadata can actually be more revealing than accessing the content of our communications.” Cavoukian has also published a white paper on the topic.
Full Story

DATA LOSS

Officials Considered Hiring Dumpster Divers to Mitigate Risk (July 19, 2013)

Senior officials in two federal departments considered hiring professional dumpster divers in efforts to find a missing USB stick containing sensitive information on more than 5,000 Canadians, Montreal Gazette reports. Human Resources and Skills Development Canada managers also considered burning the garbage in order to destroy the USB key if it was inside, according to e-mails revealed via access-to-information laws. Both ideas were abandoned, in the end. The USB stick contained data on pension applicants’ claims, and though employees are required to encrypt sensitive information stored on portable devices, the data was not encrypted.
Full Story

ONLINE PRIVACY

Commissioner Recognized For Educating Youth (July 19, 2013)

Ontario Information and Privacy Commissioner Ann Cavoukian is being recognized for her efforts to raise awareness about online safety among youth and families. Cavoukian is the latest recipient of a KnowledgeFlow CyberSafety Champion award for raising the bar “across a number of important domains. Her efforts to curb the victimization of the most vulnerable members of our society is something we are proud to recognize,” said the founder of the KnoweldgeFlow.ca Initiative. The initiative was enacted due to “the cyberbullying epidemic.”
Full Story

BYOD

Survey: Employees Mistrust Policies; Some Orgs Don’t Have Them At All (July 18, 2013)
An online survey of almost 3,000 employees in the U.S., UK and Germany showed that when it comes to “bring your own device (BYOD),” only 30 percent said they trust their employer to keep personal information private and not use it against them, The Telegraph reports. The survey indicated a level of confusion over what constitutes personal information. Meanwhile, ZDNet cites Acronis' 2013 Data Protection Trends Research report indicating the majority of Australian organizations don’t have a BYOD policy and 33 percent don’t allow personal devices into the corporate network.

CLOUD COMPUTING

Get Some Guidance in the Resource Center (July 18, 2013)

“Businesses continue to be responsible for protecting their customers’ data, regardless of the cloud services they may engage,” write Megan Brister and Alain Rocan, CIPP/C, in their exclusive for The Privacy Advisor. If you’re considering using—or you’re already using—cloud computing, take a look at the tools, guidance and articles in the IAPP’s Close-Up: Cloud Computing to make sure you’re covering your bases. With guidance from organizations including the UK ICO, NIST, PCI DSS and the Cloud Security Alliance, as well as IAPP exclusive content, you’ll find the information you need to make the best choices for your data. (IAPP member login required.)
Read More

ONLINE PRIVACY

What Thriving Cities Can Teach Us About Online Privacy (July 17, 2013)

Pointing to Edward Glaeser’s book, Triumph of the City: How our Greatest Invention Makes Us Richer, Smarter, Greener, Healthier and Happier, David Hoffman, CIPP/US, equates the Internet to “myriad ‘virtual cities'” in its need for policies that protect individuals but also foster collaboration and innovation. “Given the close connection between our online and physical interactions, there is much we can learn about encouraging successful online collaboration and innovation from the policies that have supported growth of the world’s great cities,” Hoffman writes for Privacy Perspectives.
Full Story

GENETIC PRIVACY

Debate Lacking in Nascent DNA Collection (July 16, 2013)

The Associated Press reports on the flourishing collection of DNA by governments around the world and the lack of public debate about the privacy and ethical issues raised by such collection. Yaniv Erlich of MIT’s Whitehead Institute for Biomedical Research said there is a lot of upside to having DNA databases, but said, “our work shows there are privacy limitations.” Others have warned of “mission creep” where law enforcement use DNA to gather data on racial origins, medical history and psychological profiles. A University of Baltimore forensics professor said, “There’s got to be a debate… Do we want to have a society where 5 percent of the crime is unsolved, or do we want to have a society where 100 percent of the crime is solved" but privacy goes extinct? "What's the trade-off?"
Full Story

ONLINE PRIVACY

Industry’s Proposed DNT Solution Stirs Controversy (July 15, 2013)

AdAge reports on a recent proposal from the ad industry on the Worldwide Web Consortium’s Do-Not-Track signal that would allow firms to continue collecting data on users even after a user opted out of tracking. The tradeoff is that the firms would agree to strip the data of certain information. One expert says such a proposal “ignores the fact that if you collect multiple data points about a unique identifier, you can eventually determine…personal characteristics.” Mike Zaneis of the Interactive Advertising Bureau (IAB) said IAB publishers have seen the number of users sending Do-Not-Track signals “creeping up” to about 20 percent “because anybody could send a DNT flag.” But Mozilla Chief Privacy Officer Alex Fowler has asked for proof on those numbers.
Full Story

PRIVACY LAW

Regulating Technology or Behavior? (July 12, 2013)

“An absolute certainty on which everybody seems to agree is that legislating takes longer than programing,” writes Eduardo Ustaran, CIPP/E, in this Privacy Perspectives blog post. According to one survey, the average time it takes to develop a mobile app is less than five months. “However you look at it, it is difficult to imagine a law being devised, crafted and passed at the same speed at which software developers and engineers do their work,” Ustaran writes, adding, “but whilst technology is always changing, there is something that has not really changed that much for thousands of years: human behavior.”
Full Story

PRIVACY LAW

Supreme Court To Hear Cellphone Privacy Case (July 12, 2013)

The Supreme Court of Canada is set to hear a case involving the privacy of a suspect’s cellphone and whether law enforcement can access a cellphone that is not password-protected without a warrant, The Canadian Press reports. In an earlier ruling, the Ontario Court of Appeal ruled that police could search the phone in a cursory manner to see if there was evidence related to the alleged crime, but if the phone was password-protected, “it would not have been appropriate” to access the phone’s contents without a warrant.
Full Story

DATA PROTECTION

Chambers Push For Free-Trade Data Standards (July 12, 2013)

The Canadian Chamber of Commerce is joining the U.S. Chamber of Commerce to push for new data standards in future free-trade deals, The Globe and Mail reports. The groups aim to limit government ability to block cross-border data flows. “What we’re seeing increasingly is that governments are trying to impose controls on the flow of data in a variety of ways,” said the Canadian chamber’s president and CEO, adding that the issue isn’t whether there’s “good privacy legislation, it’s one of coherence.”
Full Story

DATA LOSS

Breaches Abound in the U.S., UK and Online (July 11, 2013)

Across the U.S. and the UK, data breach incidents, investigations and litigation have been making headlines, and, globally, a videogame maker has reported a breach that may have affected four million of its users. The Privacy Advisor highlights some of the top data breach stories from the past week and includes links to insights on breach trends and how to address a breach if it happens.
Full Story

ONLINE PRIVACY

Expert: Kids Revel in Online World Because It Feels More Private Than Offline (July 10, 2013)

In an interview with The Guardian, Microsoft researcher danah boyd discusses some of her work. Boyd says she’s frustrated when people assert that kids don’t care about privacy. “It's just that their notions of privacy look very different than adult notions," she says. "Kids don't have the kind of privacy that we assume they do. As adults...we think of the home as a very private space...The thing is, for young people it's not a private space—they have no control. They have no control over who comes in and out of their room, or who comes in and out of their house…the online world feels more private because it feels like it has more control."
Full Story

PRIVACY COMMUNITY

IAPP Resource Center Gets an Upgrade (July 9, 2013)

Check out the latest iteration of the IAPP’s online Resource Center. In our efforts to “define, promote and improve the privacy profession globally,” we are working hard to improve usability and expand our offerings to help you do your job more efficiently. We now have “Close-up” pages that offer tools and research to tackle big issues like BYOD, creating organizational privacy policies and programs, conducting privacy impact assessments and more. The new look is already getting great feedback; let us know what you think—or if there’s something you need, tell us and we’ll do our best to get it. We add new resources all the time, so check back often and stay tuned, there are more changes to come.
IAPP Resource Center

SOCIAL NETWORKING

Facebook Rolls Out Graph Search to Millions (July 8, 2013)

Several hundreds of millions of people will have access to Facebook’s Graph Search beginning this week, six months after its beta testing. Tech Crunch reports on the tool, which is “designed to take any open-ended query and give you links that might have answers,” according to Facebook CEO Mark Zuckerberg. Upon its initial release, the tool prompted concerns that it would compromise the privacy rights of minors. It “makes paying attention to privacy settings much more important if you don’t want embarrassing photos from years ago dredged up or your public contact information scraped,” the report states.
Full Story

PRIVACY PROFESSION—CANADA & U.S.

Privacy Audits: Practical Tools for Accountability (July 8, 2013)

The IAPP has announced its latest web conference, set for July 17, and focusing on privacy audits. Chartered Professional Accountants of Canada CPO Nicholas Cheung, CIPP/C, and KPMG National Privacy Service Leader Doron Rotman, CIPP/US, will discuss what “audit” really means, how to decide whether to do an audit internally or with a third party and what are the key pieces of a privacy audit done right.
Full Story

BEHAVIORAL TARGETING

A Tracking Method That Privacy Advocates Like? (July 5, 2013)

Twitter will begin using cookies to track users and deliver advertising, but because its program abides by Do-Not-Track settings and has a clear opt-out, privacy advocates are praising it, PC Pro reports. An Electronic Frontier Foundation activist said in a blog post, “We think Twitter is setting an important example for the Internet: It is possible to exist in an ecosystem of tailored advertisements and online tracking while also giving users an easy and meaningful opt-out choice." Meanwhile, Vine, a video-sharing site owned by Twitter, has added privacy settings to its services—including the ability to make Vines private.
Full Story

PRIVACY COMMUNITY

With One Year Left As Commissioner, Cavoukian Shares Insights (July 5, 2013)

The Toronto Star shares an up-close-and-personal conversation with Ontario Information and Privacy Commissioner (OIPC) Ann Cavoukian as she completes “a third term as commissioner and, in about a year, will leave the office in which she’s spent a quarter-century and which she’s built into the best of its kind in the world.” Cavoukian shares her insights on privacy and her work. And although she will be completing a third and final term as OIPC, the report states, “she has no intention of retiring. Apparently, it isn’t in her family DNA.” As Cavoukian put it of her work in the privacy field, “This is what I do for my parents; this is what I do for everyone. Freedom is so essential.”
Full Story

HEALTHCARE PRIVACY

BC Court Rules on Patient Privacy Case (July 5, 2013)

The British Columbia Court of Appeal has ruled in Logan v. Hong that patients’ privacy rights mean doctors are not required to provide the plaintiff’s counsel with the names of people who had used the defendant’s product, reports Mondaq. Class counsel argued that in order to inform prospective participants of the suit, they needed to know who had been injected with the product. The court, however, ruled that "absent serious concerns relating to health or safety, or express legislative provisions compelling release of the information in the public interest," patient privacy trumped the class’ right to access.
Full Story

EMPLOYEE PRIVACY

Report Examines Alcohol, Drug Testing Ruling (July 5, 2013)

The Vancouver Sun reports on a recent decision by the Supreme Court of Canada that drug and alcohol testing at the workplace is only lawful under certain circumstances. In the case, six justices said random workplace tests at a New Brunswick mill were unreasonable and “an employer must establish a substance-abuse problem in a safety-sensitive work environment before such random screening can occur,” the report states. One employment law attorney said, “Privacy rights don’t trump the employers’ rights, but the court has placed a high value on them.”
Full Story

INFORMATION ACCESS

City Hires Privacy Commissioner (July 5, 2013)

Saskatoon has hired a privacy commissioner who will be in charge of all formal access-to-information requests related to city councilors and the mayor, The StarPhoenix reports. In the 2012 mayoral election, the city received 34 requests for information, many related to city councilors’ expenses and private e-mails, and the number of requests has been climbing within the last three years. Former Lieutenant-Governor of Saskatchewan Gordon Barnhart will fill the post.
Full Story

DATA PROTECTION

Opinion: Government Has a Duty To Protect Privacy (July 5, 2013)

MP Carol Hughes writes in a Wawa News op-ed of the government’s obligation to protect Canadians’ privacy. “We live in an era where privacy is an important concern for people,” Hughes writes, adding, “With that in mind it seems only natural that the government should lead by example and set the bar by which other efforts can be compared against. Sadly that bar has not been set that high.” Hughes cites government data losses and Privacy Commissioner Jennifer Stoddart’s recent report indicating government could do more to protect sensitive personal data.
Full Story

ONLINE PRIVACY

Do-Not-Track Continues To Spark Fires (July 3, 2013)

Microsoft’s newest version of Internet Explorer (IE) allows users to grant permission for specific websites to log their movements, IT Pro reports. IE11 was debuted in the Windows 8.1 preview last week and features a default Do-Not-Track setting with a “user-granted exceptions” option. Meanwhile, following criticism over its plans to move forward with a project to block third-party cookies in the Firefox browser, Mozilla’s Harvey Anderson said  there’s “no constitutional right that allows people to modify my computer.” The Digital Advertising Alliance has called the proposal “draconian.”
Full Story

DATA PROTECTION

Security Company Releases Privacy Product (July 3, 2013)

Symantec has released a new privacy product capable of scanning a mobile device for data an application may be leaking about the user. Norton Mobile Security for Android devices checks for “malicious applications, privacy risks and potentially risky behavior.” While Norton’s suite of mobile security products have typically focused on malicious threats, Michael Lin, vice president of Symantec Mobility Solutions, told the IAPP that this latest solution reacts to the fact that “now we are seeing threats impact mobile applications and data being shared without the user’s knowledge or consent.” This latest product aims to “protect users from these types of privacy threats as well.”
Full Story

PRIVACY

What Is Privacy in the Digital Age? (July 2, 2013)

In his most recent Privacy Perspectives installment, Phil Lee, CIPP/E, CIPM, describes his path to the privacy profession. “With privacy, I get to advise on matters that affect people, that concern right or wrong, that are guided by lofty ethical principles about respecting people’s fundamental rights,” he writes. With the growing dichotomy between regulatory mandates and “what, in practice, actually delivers the best protection for people’s personal information,” Lee challenges the privacy profession to “debate and encourage an informed consensus about what privacy really is, and what it should be, in this digital age.” Editor’s Note: For expert insights into the privacy career track and a high-level review of basic privacy laws, register for the IAPP’s web conference, Legal Privacy Primer—First Steps in a Career, to be held July 11.
Full Story

FINANCIAL PRIVACY—CANADA & U.S.

Data-Sharing Deal Will “Depend on the Details” (July 2, 2013)

Canada finds itself grappling between thwarting tax evasion and protecting privacy as it nears the announcement of a deal with the U.S. to share banking information, reports The Globe and Mail. The Foreign Account Tax Compliance Act, which will go into effect January 1, requires financial institutions in other countries to inform the U.S. Internal Revenue Service about Americans’ offshore back accounts storing more than $50,000, the report states. Whether Ottawa or financial institutions themselves will hand over the data is up for debate, with many arguing having the banks do it will ensure compliance with privacy laws. A spokesperson for Canadian Privacy Commissioner Jennifer Stoddart said the privacy implications will “depend on the details.”
Full Story

STUDENT PRIVACY

Task Force Tackles Innovation-Privacy Balance in Education (July 2, 2013)

Researchers, innovators and thought leaders all over the world are thinking about education. From danah boyd to Sugata Mitra to the Aspen Institute, they’re discussing ways the Internet, social networks, mobile media and gaming technology are affecting our youth and the way they learn. In this Privacy Advisor exclusive, Microsoft CPO and IAPP Chairman Brendon Lynch, CIPP/US, talks about the Aspen Institute’s new Task Force on Learning and the Internet--of which he’s a member. Noting the group is just beginning its exploration, Lynch says, “as schools are experimenting with their online capabilities, and as they utilize those technologies and solutions, they need to make sure they’re addressing privacy concerns that parents and children may have.”
Full Story

BIG DATA

Opinion: The Few Are Benefitting From the Many (July 1, 2013)

In an opinion piece for Financial News, Ben Wright discusses the rise of Big Data and questions who owns it. To this point, such a determination has not been made, resulting in the few benefitting “at the expense of the many,” Wright opines. “The financial industry clearly needs to have an open debate about all the data it is generating and amassing. It needs to decide who owns this information, how it should be used and shared and where the balance lies between privacy and the public good.” (Registration may be required to access this story.)
Full Story