Canada Dashboard Digest

Are you sick of hearing about Heartbleed? If you are, you may want to skip some of the stories profiled in this week’s Dashboard Digest. If, however, you are like me, you might still be confused by the array of stories about the technical vulnerability, how it works and what damage it might have caused. I had to do a fair amount of self-study this week to prepare for an on-air interview with the CBC, and I must admit that the more I read about it, the more questions I had.

One thing is for sure: We work in an increasingly dynamic industry where things change faster than ever. What was once considered secure is actually not. Safeguards that you thought were good enough, aren't. I suppose that’s all the more reason the privacy professional needs tools like the Dashboard Digest—to try and stay on top of what’s going on.

With respect to the Heartbleed saga, we felt that you deserved even more opportunity to learn about it, so we have added a session to this year’s Symposium that promises to educate privacy professionals on exactly what they need to know about the vulnerability. I hope you can make it to Toronto if you're keen to learn more.

Somewhat overshadowed by Heartbleed were two rather significant decisions from Commissioners Denham and Cavoukian. Read on to learn more because these, too, are important events. 

Have a great weekend, and happy (Easter egg) hunting!

Kris Klein
Managing Director
IAPP Canada

Top Canadian Privacy News

ONLINE PRIVACY

Time To Rethink E-mail Privacy? (December 20, 2013)

The Globe and Mail reports on the changing world of e-mail privacy, including a recent change to the terms of service for Rogers Communications, a service managed by Yahoo. The new terms include the notice that Yahoo “identifies words, links, people and subjects from your e-mail messages and other messages archived” in order for the company to better deliver relevant ads, among others. One journalist, according to the report, thinks the changes ask him to give up too much privacy, and a Canadian-based regulatory group has joined a global effort to urge advertisers to disclose to users when ads are derived from such e-mail tracking.
Full Story

PRIVACY

Cavoukian Discusses Privacy by Design on U.S. Public Radio (December 20, 2013)

In an interview with All Things Considered host Audie Cornish on U.S. public broadcaster NPR, Ontario Information and Privacy Commissioner Ann Cavoukian discusses the importance of privacy, her belief that the expectation of privacy remains reasonable and her Privacy-by-Design (PbD) approach to ensuring privacy is included in products right from the start. “It's all about thinking preventatively, preventing the privacy harm from arising," Cavoukian explains, "as opposed to offering some system of redress after the fact.” The interview features insights from Cavoukian including why privacy is important, reasons for businesses to adopt PbD and ways surveillance programs could be improved through PbD.
Full Story

SOCIAL NETWORKING

Commissioner: Pharmacy Employee Broke Province’s Rules (December 20, 2013)

Alberta Privacy Commissioner Jill Clayton has said a “casual employee at a pharmacy inside a southeast Calgary Shoppers Drug Mart contravened the province’s Health Information Act last year when he phoned and tried to Facebook ‘friend’ a woman who had filed a prescription,” CBC News reports. “Employers have a responsibility to inform and train their staff on the appropriate use of health information,” Clayton said, adding, “Health information systems are for healthcare, not matchmaking.” Clayton’s investigation found the employee, who is no longer employed at the pharmacy, misused health information while the pharmacy’s manager did not implement appropriate safeguards.
Full Story

PRIVACY LAW

Opinion: Bill C-13 Is Unnecessary (December 20, 2013)

In a National Post op-ed, George Jonas examines the Protecting Canadians from Online Crime Act, often referred to us Bill C-13 or the anti-cyberbullying law, noting that while he “wasn’t unduly concerned about it when it was being attacked by its critics,” his perspective has shifted “when the government started defending it.” He writes that the critics did little to persuade him that Bill C-13 was a bad law, but “the defenders have convinced me that the law is worse than bad: It’s unnecessary. What it outlaws for a good reason is already against the law; the rest is just the state trying to enter the nation’s computer rooms.”
Full Story

PRIVACY EDUCATION

IAPP Offers New Suite of Web Conferences (December 18, 2013)

The IAPP has announced an integrated suite of web conferences to allow members to access far more of this valuable content while providing an opportunity for certified members to acquire up to 14 free Continuing Privacy Education hours in 2014. This feature for The Privacy Advisor details the full schedule of programs, which includes the Insight Series, Access Series and Innovation Series. We hope you will take advantage of these new opportunities for education to help you with your day-to-day operations and to further augment the body of knowledge developed through CIPP or CIPM certification.
Full Story

PERSONAL PRIVACY

The Privacy Implications of Data-Driven Dating (December 17, 2013)

“When we talk about Big Data, we mostly refer to large-scale conglomerations of information about our collective behavior, aggregated by governments and big corporations,” writes Karen Levy of Princeton University. “But there’s another way data have become big: Our interpersonal connections are being infiltrated by data to an unprecedented degree, changing how we relate to one another,” she adds. This post for Privacy Perspectives looks into the range of apps and technology that allow individuals to gather, interpret and deploy data and not only be “passive data points about whom data is collected and aggregated.”
Full Story

PRIVACY ART

The Privacy Messages Sent Through Art (December 16, 2013)

Last year, approximately 4.7 million passwords were stolen from LinkedIn and leaked online. To many, it was a concerning development, but for one person, the event provided an opportunity to make art. Conceptual artist Aram Bartholl has unveiled “Forgot Your Password,” an exhibit featuring eight books containing all the passwords arranged in alphabetical order, now on display in Germany. This is just one of countless artistic creations riffing on privacy in the modern world. This Privacy Perspectives post looks into a variety of artistic expressions of privacy, including a look at the IAPP’s Art Gallery.
Full Story

PRIVACY LAW

U.S. and French Laws, EU Retention Directive Under Fire (December 16, 2013)

France is receiving criticism for a new law expanding government agencies’ access to Internet data; a European Court of Justice advocate has deemed the retention directive in violation of citizens’ fundamental privacy rights, and in the U.S., a petition to update the Electronic Communications Privacy Act has received more than 100,000 signatures. This week, Privacy Tracker reports on these developments as well as new administrative measures for Chinese credit reference agencies, U.S. states’ challenges to NSA surveillance and new fining powers for the Dutch data protection authority. (IAPP member login required.)
Full Story

ONLINE PRIVACY

Bilton: “Anyone Who Can Watch You Will” (December 16, 2013)

In a feature for The New York Times, Nick Bilton writes that amidst reports of online tracking, “outfits like Snapchat have exploded onto the scene … holding out the promise that all those selfies, texts and e-mails will simply vanish … But the fact is, many services that claim to offer that rarest of digital commodities—privacy—don’t really deliver.” Princeton Prof. Edward Felten weighs in, cautioning, “Just because information is unavailable to you and you don’t see it doesn’t mean that it is not being captured, stored or even seen by someone else in transit.” The ACLU’s Ben Wizner suggests “change can happen” if “technologists that are disillusioned by the incessant tracking will use their skills to make surveillance more costly.” (Registration may be required to access this story.)
Full Story

DATA PROTECTION

The EU and APEC: A Roadmap for Global Interoperability? (December 13, 2013)

The steady stream of media reports on the privacy differences between the EU and the U.S. would have you believe that cross-border data sharing is nothing but storm clouds over the Atlantic. There is, however, a bright spot for cross-border information flows if we turn our attention to the Pacific. In this exclusive for The Privacy Advisor, John Kropf, CIPP/US, CIPP/G, and Malcom Crompton, CIPP/US, look at data transfers in the APEC region, suggesting other regions take heed.
Full Story

ONLINE PRIVACY

Google To Cache All Gmail Images, To Some Confusion (December 13, 2013)

Google announced it will now cache all e-mail images by default to improve user experience and security as well as load-speed. The move has apparently caused a little confusion as to whether it affects user privacy. Ars Technica initially reported that e-mail marketers will no longer be able to receive information directly from Gmail users. ClickZ lists the six data points collected by marketers from e-mail display images. Ron Amadeo of Ars Technica wrote, “While this means improved privacy from e-mail marketers, Google will now be digging deeper than ever into your e-mails and literally modifying the contents.” However, Wired reports the move will make it easier for senders to know if an e-mail has been opened. According to an updated Ars Technica report, senders who embed a code into the e-mail will know more about which ones are viewed. MailChimp has also blogged about the changes and what they mean for users.
Full Story

SURVEILLANCE

As NSA Revelations Continue, Privacy Experts Weigh In (December 13, 2013)

The Washington Post reports on leaked U.S. National Security Agency (NSA) slides that reveal the agency is “piggybacking” on tools used by Internet advertisers to locate potential targets for government hacking and surveillance. According to documents leaked by Edward Snowden, the NSA and the UK’s GCHQ use cookies to identify individuals. Specifically, they have used Google’s PREF cookies, which generally do not contain personal information but do include users’ e-mail addresses and numeric codes to identify their browsers, the report states. Additionally, the documents reveal that the NSA is using commercially collected data to help it locate mobile devices around the world. Meanwhile, in Canada, Jean-Pierre Plouffe has indicated “recent leaks about the Five Eyes intelligence network are being taken out of context by the media,” The Canadian Press reports, while several Canadian privacy experts have written an op-ed contending, “Surveillance with such lax privacy protections is fundamentally inconsistent with the values of a free and democratic society.” (Registration may be required to access this story.)
Full Story

HEALTHCARE PRIVACY

Case of Medical Data at U.S. Border Prompts Calls for Investigation (December 13, 2013)

Ontario Information and Privacy Commissioner Ann Cavoukian says she will get to the bottom of how a Toronto woman’s personal data reached U.S. Customs and Border Protection (CBP), resulting in the denial of entry to the U.S., SC Magazine reports. Cavoukian plans to form a committee to “ensure it is not the default position that information like calls for medical assistance reach the hands of the RCMP.” Privacy expert David Fraser suggests the issues may stem from “incredibly wide latitude” law enforcement agencies have in sharing such data with foreign authorities. Cavoukian “is working with mental health and civil rights advocates to recommend changes to the health information entered and retained in a national police database,” CMAJ reports.
Full Story

DATA LOSS

NDP Calls for CRA Investigation (December 13, 2013)

The Opposition New Democrats (NDP) are seeking an investigation into Canada Revenue Agency (CRA) “after the agency was unable to tell the NDP just how many privacy breaches it had sustained in the last 10 years,” Postmedia News reports. The NDP asked for that number “only to be told both times that the CRA couldn’t provide any details because a search of records would be too cumbersome and time-consuming,” the report states. The NDP’s Charlie Angus, who has written to the privacy commissioner and the minister in charge of the CRA, suggested the CRA’s responses indicate it lacks “a proper system of quality control or checks in place” to protect personal information.
Full Story

PRIVACY LAW

Report: Ruling Suggests All Data Is Not Equal (December 13, 2013)

In a complex ruling, the Supreme Court of Canada has found that data stored on a hard drive “is not equal to the same material stored in a filing cabinet,” SC Magazine reports. The case, which involved a man’s conviction for growing marijuana, is what the Canadian Bar Association's called “a marker (in the ground) for digital privacy law in Canada,” the report states, noting the man’s lawyer “succeeded in convincing the justices that computers are ‘stand-alone places’ that require specific search warrants.”
Full Story

PRIVACY LAW

Bertrand Denies Support of Data-Sharing Bill (December 13, 2013)

New Brunswick Privacy Commissioner Anne Bertrand has said she did not give the government input or support for a proposed government data sharing bill, CBC News reports. Earlier this week, the education minister said Bertrand had supported Bill 23—a bill that would make it easier for government agencies to share personal information. In a letter to Speaker Dale Graham, Bertrand wrote, “With respect, I was surprised to hear the minister’s comments to this effect, as her comments do not accurately reflect the nature of the discussions that took place between our office and department officials on this matter.”
Full Story

DATA LOSS

Dickson: After Breaches, School Must Make Changes (December 13, 2013)

Saskatchewan Privacy Commissioner Gary Dickson is calling for changes at Horizon School Division following two privacy breaches involving students’ information, CBC reports. One incident occurred when recycled paper that included confidential information on the back was used to send a note, and the second involved a teacher sharing private information. Dickson found staff knew of the breaches but did nothing about them, the report states, noting he “blames the breaches on lack of training and written policies” and is recommending Horizon School Division’s Board of Education “develop written policies and procedures and train all staff that manage personal information accordingly” and put safeguards in place.
Full Story

INFORMATION ACCESS

Ombudsman Posts FIPPA Investigation Reports (December 13, 2013)

Manitoba Acting Ombudsman Mel Holley has posted new investigation reports on the ombudsman’s websites—including 10 under The Freedom of Information and Protection of Privacy Act (FIPPA), Winnipeg Free Press reports, noting six of the FIPPA reports posted are about Winnipeg and four relate to rural municipalities. The report includes details of each of the investigations, and Holley explained they should provide members of the public—as well as those entities governed by FIPPA—better insight into how the ombudsman “interprets and applies the legislation and resolves complaints in situations where recommendations are not needed.”
Full Story

BIG DATA

At DPC: Out with Notice and Consent, In with Data Use Regulation (December 12, 2013)
While there are few privacy principles more generally ingrained than that of notice and choice, Viktor Mayer-Schönberger suggests, “The naked truth is that informational self-determination has turned into a formality devoid of meaning and import.” During his IAPP Europe Data Protection Congress keynote, Mayer-Schönberger called for “a new protection mechanism. A paradigm adjustment to ensure privacy in the age of Big Data” rather than giving up on privacy. “It’s not that the data is problematic,” he said, “but how it’s being used, especially in the context of complex data analysis.” This exclusive for The Privacy Advisor examines this idea of holding users accountable, whether they have persuaded a consumer to provide consent by clicking a button or not.

CLOUD COMPUTING

Snowden Leaks “Gumming Up” Cloud Industry (December 12, 2013)

Hightail CEO Brad Garlinghouse has said that the recent Edward Snowden revelations about government surveillance are “gumming up” the cloud computing industry, CNET News reports. Hightail offers businesses cloud storage and document tracking services, but new difficulties have shaken the cloud business, he said. “The Snowden effect has extended the sales cycle for non-U.S. companies looking at doing business with U.S. companies,” Garlinghouse said, adding, “There are more questions about data security, encryption and (security) key management.”
Full Story

GEO PRIVACY

Twitter Partnership Aims To Bolster Location Services (December 11, 2013)

According to MediaPost News, Twitter has reached a multi-year licensing agreement with Pitney Bowes in order to tap into its location data for mobile services. Twitter will use Pitney Bowes’ Location Intelligence to bolster location-sharing and possibly improve ad targeting, tweets and map locations. The technology can help combine “location data for tweets with buying patterns, behaviors, preferences and influencers,” the report states, as well as cross-reference tweets with nearby retailers and users.
Full Story

PRIVACY COMMUNITY

Looking for Love? Try a Privacy Conference (December 11, 2013)

It was winter of 2011, and Rob Gratchner just had to get to the IAPP's Data Protection Congress. His then-girlfriend, now Amanda Gratchner, was attending, and where better to ask her to marry him? But there was a hiccup. A big one. The Paris event was sold out. Despite his pleas to the powers that be at the IAPP, he couldn't get in. "I went to Paris by myself," Amanda says with a bit of a playful tone. But two months later, in Seattle, WA, at the spot where they first kissed, Rob proposed. In this feature, IAPP Associate Editor Angelique Carson, CIPP/US, talks with three couples who found their work in the privacy field—and their spouses, too.
Full Story

PERSONAL PRIVACY

World’s Leading Writers Demand “Digital Bill of Rights” (December 10, 2013)

More than 500 of the world’s top writers have banded together to condemn the scale of government surveillance around the globe, The Guardian reports. The signatories, including five Nobel Prize winners and authors from 81 different nations, are urging the United Nations to create an international, digital bill of rights. The move comes just a day after eight of the globe’s largest tech companies called for limits to state surveillance. The recent revelations about the extent to which governments spy on individuals has undermined the human right to “remain unobserved and unmolested … This human right has been rendered null and void through abuse of technological developments by states and corporations for mass surveillance purposes,” the statement says. “A person under surveillance is no longer free; a society under surveillance is no longer a democracy,” it adds.
Full Story

PRIVACY

Ten Steps to a Quality Privacy Program, Part Five: Building an Audit Plan (December 10, 2013)

In part five of the series "Ten Steps to a Quality Privacy Program," Deidre Rodriguez, CIPP/US, explores building an audit plan, which she says is essential. A few basic steps can help you to prepare and simplify the process, she says. "Writing down all of the details will solidify your plan. You may not be audited right away, and people tend to forget everything that you have told them and panic when they hear the word 'audit.' Having this information written down will help keep everyone focused and moving the same direction," she writes.
Full Story

GEO PRIVACY

AVG Unveils WiFi Do-Not-Track App for Mobile (December 10, 2013)

With an influx of in-store mobile WiFi tracking, AVG Technologies has developed and rolled out a free smartphone app designed to block WiFi location tracking, Forbes reports. The new “DNT” feature is an add-on to AVG’s PrivacyFix app for Android. When downloaded, the technology prevents the mobile device from transmitting its MAC address. AVG Vice President of Privacy Products Jim Brock said that until retailers adopt “meaningful standards,” including transparency, or provide consumers with an opt-out mechanism, “consumers are better off shutting out this kind of tracking.” In October, Daily Dashboard reported on an initiative by the Wireless Registry and the Future of Privacy Forum to offer a brick-and-mortar Do-Not-Track registry for MAC addresses.
Full Story

SURVEILLANCE

Tech Giants Urge Global Surveillance Reform (December 9, 2013)
A group of top technology companies has presented a plan and published an open letter to U.S. President Barack Obama and members of Congress urging global government surveillance reform. Aol, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo together have rolled out the website reformgovernmentsurveillance.com to express their collected belief “that it is time for the world’s governments to address the practices and laws regulating government surveillance of individuals and access to their information.” This exclusive for The Privacy Advisor looks at the five principles presented by the group and rounds up the latest coverage of this issue as well as reports on increased local law enforcement requests of cellphone data.

PRIVACY LAW

Regulators Across the Globe Taking Action (December 9, 2013)

From the U.S. Federal Trade Commission (FTC) to the Dutch Data Protection Authority (DPA), regulators are asserting themselves in consumer privacy issues. This Privacy Tracker weekly legislative roundup offers information on the FTC’s settlement with a flashlight app developer, as well as its plans for the upcoming year, and the Dutch DPA’s findings in its investigation of Google’s privacy policy. Meanwhile, the UK Information Commissioner’s Office announced that pending new pan-Europe legislation will result in significant budget losses, causing it to restructure; some are calling U.S. state attorneys general the most important privacy regulators in the country, and BC Information and Privacy Commissioner Elizabeth Denham is recommending the government amend the Freedom of Information and Protection of Privacy Act. (IAPP member login required.)
Full Story

PRIVACY PROFESSION

What Makes a Good Privacy Pro? (December 6, 2013)

“For companies striving to maintain compliance with myriad global data protection and privacy rules, and keeping up with future developments, the privacy professional is key,” writes Reed Elsevier Senior Director of Privacy and Data Protection Emma Butler. “Increasingly,” she points out, “companies seem to think that they have to hire qualified lawyers to fulfil this role, but is that really the case?” This Privacy Perspectives post looks into this question and asks if a business wants “a lawyer who just advises on the interpretation of the law and leaves decision-making on privacy and subsequent implementation to the business? Or do you want a practitioner who can drive the privacy program from the ground up, making key decisions and delivering privacy effectively across the business?”
Full Story

DATA LOSS

Breach May Hit 465,000 Cardholders; 2M Passwords Stolen (December 6, 2013)

Financial services giant JP Morgan Chase is alerting at least 465,000 holders of prepaid cash cards issued by the bank that their personal information may have been accessed by cybertheives, Reuters reports. The cards were used by corporations to pay employees and for government agencies to issue tax refunds, unemployment compensation and other benefits, the report states. The company has located and fixed the vulnerability and has alerted law enforcement. CNN reports, in a separate incident, keylogging software that has been installed on countless computers around the world may have captured the login credentials of about two million users of 93,000 websites, including popular sites such as Google, Facebook, Twitter and Yahoo.
Full Story

TARGETING ADVERTISING

Twitter Starts Ad Targeting; Automaker Tracks from Showroom (December 6, 2013)

Social network Twitter is set to begin rolling out cookie-based targeted advertising to show users ads based on their browsing history, Reuters reports. Twitter now joins other large online businesses including Google, Facebook and Amazon in using cookies to help with targeted ads. Meanwhile, AdAge reports on one automaker’s attempt to better understand the shopping behavior of customers, not only in its showroom but in its competitors’ as well. By using the services of PlaceIQ, Mazda can target ads based on highly specific consumer data—including location. A Mazda representative said that PlaceIQ helps “us define behaviors based on real-world location … The value of this to us is we’re actually getting real-world (indicators).”
Full Story

HEALTHCARE PRIVACY

Cavoukian Investigating Report of Data-Sharing with Border Services (December 6, 2013)

Ontario Information and Privacy Commissioner Ann Cavoukian will investigate reports of private health information “being shared with U.S. border services, saying it's a matter ‘of grave concern’ to her,” The Canadian Press reports. In an e-mail to the provinces’ New Democrats (NDP), who sought her help, Cavoukian noted her office “will investigate the matter and ensure that the personal health information of Ontarians is not being compromised by any organizations under my jurisdiction,” the report states, noting the NDP’s France Gélinas indicated being “contacted by three people who have been denied entry” into the U.S. based on personal health reasons. “All Ontarians need to be assured that their personal information is never shared without their consent,” Gélinas said.
Full Story

DATA LOSS

Commissioner Calls on Ministry To Take Action After Breach (December 6, 2013)

Saskatchewan Privacy Commissioner Gary Dickson says the Ministry of Highways must take further action after a worker snooped on a driver, the Times Colonist reports. Following a traffic incident between a transport compliance branch employee and another driver, the employee looked up the driver’s personal details via the Saskatchewan Government Insurance (SGI) database and then contacted the driver, the report states. The driver then complained to SGI and the Royal Canadian Mounted Police. Employees of the transport compliance branch are permitted to use the SGI database only for certain purposes. The employee has been suspended for 20 days without pay, according to the highways minister, but the privacy commissioner wants stronger action.
Full Story

INFORMATION ACCESS

Denham Calls for Amendment To Law; Ring Voices Concerns (December 6, 2013)

Citing concerns that public entities are not doing enough to raise awareness of possible health, safety and environmental concerns, BC Information and Privacy Commissioner Elizabeth Denham is recommending the government amend the Freedom of Information and Protection of Privacy Act, Times Colonist reports. In a report released this week, Denham raises concerns that public bodies are not aware of or trained in their duty to inform residents of potential dangers. Separately, the CEO of a health research firm is cautioning that privacy concerns in BC limit researcher access to data for healthcare innovations. And in Newfoundland and Labrador, Information and Privacy Commissioner Ed Ring is concerned the province’s premier’s office “improperly withheld” documents related to search and rescue efforts.
Full Story

PRIVACY LAW

Theft Victim: Privacy Law Helps Criminals (December 6, 2013)

Ottawa Citizen examines the case of Kirk Darch, whose new iPhone was stolen from his mailbox, and his “frustration over Canada’s privacy laws, which, in his case, have so far done a good job of protecting the crook and ignoring the victim.” According to the report, the phone could be easily found: Darch learned from Telus it was being operated with a new SIM card by a new accountholder. However, due to federal privacy law, Telus told police a court order was necessary “before it could provide the name and address of the person,” the report states, noting, “police decided a stolen cellphone wasn’t worth the effort as the process of acquiring a court order alone would tie up the investigating officer for several hours.”
Full Story

DATA LOSS

Breach-Related E-mails Were Not Deleted (December 6, 2013)

Global News reports e-mails belonging to a special advisor to the prime minister that were “once believed deleted were actually ‘frozen’ in relation to legal action dealing with a privacy breach” involving the loss of a hard drive containing personal information on 583,000 Canada Student Loan borrowers. While it is not believed the advisor was involved in the breach, the report states, the Privy Council Office wrote to the Royal Canadian Mounted Police that “it was mistaken when it said the e-mails had been deleted, as is standard procedure” and they had, instead, been retained due to a legal case.
Full Story

INFORMATION SECURITY

Researchers Create Malware Able To Jump Non-Connected Devices (December 4, 2013)

Ars Technica reports on newly developed malware capable of communicating between devices not connected to any active networks. The malware now threatens the “air gap” often used to protect data, the report states. Researchers were able to use the built-in microphones and speakers within PCs to establish communication via inaudible audio signals within a distance of 65 feet. The proof-of-concept software has been outlined in the Journal of Communications. In the report, the researchers said, “The concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered.”
Full Story

ONLINE PRIVACY

Social Media Guru Deletes Facebook Account, Citing Need To “Take a Stand” (December 3, 2013)

Danny Brown, co-author of Influence Marketing: How To Create, Manage and Measure Brand Influencers in Social Media Marketing and author of HubSpot’s “#1 marketing blog in the world,” announced yesterday he has deleted his personal Facebook account because “at some point, we need to take a stand for our privacy.” Admitting he understands the irony of a marketer who uses social media data as a key part of strategic planning complaining about Facebook privacy, Brown says he simply can’t trust the product any longer and, as a marketer, no longer even trusts that the user data is being created by the users themselves. He understands the concept of “being the product” but now feels “it’s essentially a target on your data forehead, and hunting season is always open.”
Full Story

ONLINE PRIVACY

New Study Uses Bots To Track the Trackers (December 3, 2013)

Forbes reports on a new study led by researchers at Princeton University and Belgium’s KU Leuven to discover patterns of discrimination based on traits such as affluence levels. Advertising and marketing firms often keep their tracking methods obscure, making it difficult for privacy advocates to demonstrate how the commercialization of online data can isolate consumers into their own “filter bubbles.” To circumvent that, the researchers have released bots that mimic real consumers—including fake profile traits such as age, gender, affluence level, location and interests—to come to a better understanding of how online businesses track, categorize and possibly discriminate against individuals. The research is being led by Princeton Prof. Arvind Narayanan—one of the early progenitors of Do Not Track. A spokesman for the U.S. Federal Trade Commission said, “We welcome research into privacy and technology issues, and we look forward to reviewing the research results.”
Full Story

PRIVACY LAW

Safe Harbor Revelations and Global Developments (December 2, 2013)
This week’s Privacy Tracker legislative roundup includes the IAPP’s coverage of the European Commission’s report critiquing the EU-U.S. Safe Harbor agreement and offering the U.S. 13 ways to save it, and insight from Eduardo Ustaran, CIPP/E, on the report. You’ll also find information on the United Nation’s approval of an unlawful surveillance resolution, why India may have to wait a little longer for a privacy law and South Africa’s new law. In the U.S., more regions are considering social media laws and DNA databases, and courts have decided cases relating to COPPA and consumer privacy.

PRIVACY COMMUNITY—CANADA

Stoddart Departing Commissioner’s Post (December 2, 2013)

Postmedia News reports on Privacy Commissioner Jennifer Stoddart’s departure from office and the work she did while there, including taking on big companies like Google and Facebook in defense of Canada’s privacy laws. She’s also been an “outspoken critic” of how the federal government handles and protects Canadians’ personal information and has called for an update to the Privacy Act and the Personal Information Protection and Electronic Documents Act. Stoddart recently gave an exit interview in which she discussed the problems Canada faces, including protecting privacy rights in the face of new technologies such as drones and facial recognition. Assistant Privacy Commissioner Chantal Bernier will step up as interim privacy commissioner until Stoddart is replaced.
Full Story

BIOMETRICS

Advancements in Facial Recognition Raise Privacy Questions (December 2, 2013)

Facial recognition technology is rapidly evolving, “using frame-by-frame video analysis to read subtle muscular changes that flash across our faces in milliseconds, signaling emotions like happiness, sadness and disgust,” The New York Times reports. While there may be benefits to such face-reading software—such as recognizing confusion on the face of an online student and offering tutoring options—one U.S. privacy attorney notes such technology raises concerns. “The unguarded expressions that flit across our faces aren’t always the ones we want other people to readily identify,” Ginger McCall said, adding, “Private companies are developing this technology now. But you can be sure government agencies, especially in security, are taking an interest, too.” (Registration may be required to access this story.)
Full Story