Do you ever wish you were Jack Bauer from the TV show 24? Here’s your chance!
There are a growing number of articles that are highlighting the threat of “cyber-terrorism”. It’s a scary topic that is surely consuming the time of government technology infrastructure professionals in the U.S. and Canada.Some of these articles discuss the remote possibility that terrorists may perpetrate cyber-attacks against critical online government and corporate infrastructure.Other articles discuss the very real possibility that terrorists may simply use the Internet (and the information contained online) to plan attacks in the real world. Don Cavender, a special agent and instructor with the FBI’s Computer Training Unit at Quantico, Virginia, is quoted in an excellent ZDNet article and says that “the worry right now is not so much a cyberterrorism event…but when the terrorists use the Internet to facilitate the planning of these attacks.”
We all know that the Internet is filling up with vast amounts of data including people’s personal information, as well as corporate and government data.The lesson that I take from all of these “cyber-terrorism” related articles is that businesses should make sure that they are working with technology professionals to secure their databases and limit the amount of personal information and corporate data available online.Of course, there are many reasons for businesses to secure their databases and to limit what information is available online.For example, privacy laws such as Canada’s PIPEDA regulate the safeguarding of personal information.And, there are good business reasons to limit the availability of proprietary corporate data online.But, if you ever wished you were Jack Bauer, then here’s your chance to fight terrorism…one corporate move at a time.
I chaired a lively Privacy Forum member meeting yesterday, which included a great discussion on how to get staff “buy-in” on privacy compliance. It’s an important topic because an organization can have comprehensive privacy policies and procedures, but if employees don’t “buy-in” they won’t implement the policies and procedures properly.
The important thing is to develop a culture of privacy within the workplace. Fostering a workplace culture where privacy is valued and respected contributes to good employee morale and mutual trust. It also helps employees to identify privacy issues before they become privacy complaints (which can result in costly grievances, lawsuits or settlements). After all, it’s employees that are on the front line with customers and how employees respond to privacy related questions or concerns can make a big difference.
When I conduct privacy training sessions for clients, I always remind employees that while privacy compliance is the law, it’s also important because good privacy practices can improve customer relations, increase efficiencies and mitigate time-consuming and costly privacy complaints. I also try to make privacy compliance fun! No, this is not a misprint…I said “fun”. Privacy Forum members had some great suggestions on how to make privacy compliance fun and, in doing so, help to get staff “buy-in” on privacy compliance.
Please post a Comment below on ways that you or your organization tries to get staff “buy-in” on privacy.
Last week’s headlines regarding Facebook (see post below) really seemed to raise the awareness of Facebook users about its Terms of Use. The troubling reality that many Facebook users haven’t read its Terms of Use illustrates the all too common practice of website users not reading the Terms of Use of websites they visit.
Website Terms of Use are important to read, especially if you’re then going to post information on or through the website. If you’re a Facebook user, read its Terms of Use to determine if you actually agree to them. If not, you may want to reconsider continuing to be a Facebook user or you may want to simply refrain from posting content that you don’t want to fall under the scope of its Terms of Use.
If your business has a website, check to see if it has a comprehensive Terms of Use document that’s been customized accordingly. Terms of Use are vital documents for websites because they set out the ground rules regarding – among other things – the ownership of content, licence rights, use of the website by minors, user submissions/postings and intellectual property rights. They are intended to serve as legally binding contracts between website operators and users, so they’re pretty important!
Facebook may have suffered a public relations setback last week, but for a commercial enterprise it was on the right path when it reviewed and tried to customize its Terms of Use to meet its business objectives. All businesses that have websites should review and, if necessary, modify their Terms of Use on a regular basis.
Are you new to social media? If so, you probably feel like people are talking in a whole different language. Blogs, wikis, RSS, Twitter – this is English? Or is it Venusian?
After mentioning to a few colleagues that I’d like them to subscribe to this blog using RSS, I realized that I was probably talking to them in “Venusian”. So for all the newbies, here’s a brief explanation of RSS.
RSS stands for “really simple syndication” (or “rich site summary”, depending on which explanation you read). It’s a method of alerting the subscriber to new content. Instead of receiving an email when there’s a new post on a blog, you check your feed reader.
Now, I can hear some people thinking, why would I want to check another site when I’m checking my email a couple of times a day? To that, I say, how much email do you receive? How many newsletters that you get by email do you actually read? The beauty of RSS technology is it lets you do your reading when you’re ready to do it.
As I mentioned, there is one more step you have to take, and that is to set up a feed reader. Fortunately, at least two browsers (IE7 and Firefox) offer built-in readers. Select the “Subscribe via RSS” button
and follow the directions.
If that still doesn’t make sense, here’s what Wikipedia says. For those of you who like a visual explanation, check out RSS in Plain English from the folks at the Common Craft store. I’m now subscribing to other blogs using RSS. If RSS isn’t your thing, you can always subscribe to this blog by e-mail. RSS or e-mail subscription options are provided on the right hand side of the page – I hope you subscribe!
Privacy professionals will know first hand the importance of conducting regular staff privacy training, which can mitigate customer privacy complaints and (as a result) the overall costs of privacy compliance.I certainly know from my practice that the costs to businesses can be quite significant when having to deal with serious privacy complaints.These costs can include settlements, legal fees and lost productivity.Obviously, it’s better to be proactive and reduce the chances of having to deal with privacy complaints.That’s where regular staff privacy training comes in! Businesses really should conduct staff privacy training on a regular basis – in my view, at least on an annual basis.
In a recent speech to the 10th Annual Privacy and Security Conference in Victoria, B.C., Privacy Commissioner Jennifer Stoddart commented, “Polling for my Office in 2007 found that only a third of all businesses reported having trained staff about their responsibilities under Canada’s privacy laws. This is a huge concern! We recently conducted an analysis of 86 breaches reported to my Office and found that employee awareness and training was the most important contributing factor. It was an issue in more than half of the spills we examined! We found that very basic mistakes – human errors – often lead to breaches. Breaches are caused mostly by employee misconduct and human error, not technological weaknesses.”The full speech is entitled, “A Privacy Check Up For Canadians: Is the Glass Half Empty or Half Full?” and is definitely worth reading.
After several days of intense media scrutiny, Facebook has backed down on controversial changes to its Terms of Service (TOS). Both CTV Winnipeg and the Winnipeg Free Press asked me to comment on this timely story, which provides a lesson for other businesses that operate websites to be mindful that TOS (and privacy policies) must be able to withstand legal scrutiny but also user expectations.
British Columbia’s Supreme Court has awarded a record-setting judgment of over $1 million to a B.C. businessman for invasion of privacy as reported by Canwest News Service.
In 2005, Hal Neumann’s home was searched by the Canada Revenue Agency, who were looking for records and documents he’d already given to the government. The CRA is studying the decision to determine if they will appeal.
This judgement is significant because it demonstrates that Canadian courts are now willing to award substantial damages for an invasion of privacy. Public bodies or private sector organizations in Canada that think privacy rights don’t have teeth should reconsider after seeing this groundbreaking decision.
If you’re from Winnipeg, you’re well aware of the terrible tragedy of Brian Sinclair, who passed away in the emergency department of the Health Sciences Centre after waiting to see a doctor for 34 hours. Manitoba’s NDP government and the Winnipeg Regional Health Authority (WRHA) have been dealing with the political and legal consequences since Mr. Sinclair’s death last fall.
I was asked yesterday to provide comment to the Winnipeg Sun on the validity of the government’s recent claim that it could not release the first administrative review into the tragedy because of privacy concerns. The story serves as a reminder to government bodies and businesses of the challenges (and need for expert legal counsel) when dealing with access to information and related privacy matters.
A separate story reported at TechCrunch demonstrates the risks when releasing redacted documents to the public. Canadian privacy laws typically require organizations to blackout, or redact, portions of documents that contain someone else’s personal information unless that person consents to its disclosure. It’s a time-consuming, but important, step that organizations need to take before disclosing documents under access to information legislation. But, as this story points out, organizations need to be very careful about how they redact!
My September 3, 2008 column in the Winnipeg Free Press reports on the findings of the Privacy Commissioner of Canada regarding canada.com’s outsourcing to a U.S. based service provider. The finding highlights the complexities of Canadian and U.S. laws as they relate to the personal information of customers and reminds Canadian businesses of the need to have legal agreements with third party service providers, especially those located in the U.S.
My November 5, 2008 column in the Winnipeg Free Press provides some tips on how to be a savvy online shopper and the benefits to online retailers of having sercure websites and comprehensive online privacy policies.
This blog provides practical assistance to Canadian businesses so they can better deal with issues related to privacy, access to information and social media law. I hope you subscribe to this blog via RSS (below) or via e-mail (below) so that you can receive timely updates to new posts. Thanks, Brian
This blog is presented for informational purposes only. Content does not constitute legal advice or solicitation and does not create solicitor-client relationship. Views expressed are solely the author's and should not be attributed to any other party, including Pitblado LLP or its clients. The author makes no guarantees regarding the accuracy or adequacy of the information contained herein or linked to via this blog. The author is not able to provide free legal advice. If you are seeking advice on specific matters, please contact Brian Bowman at (204) 956.3520 or bowman@pitblado.com, but please be aware that any unsolicited information sent to the author cannot be considered to be solicitor-client privileged. Comments published on this blog do not reflect the views of Brian Bowman, Pitblado LLP or its clients.
Do you ever wish you were Jack Bauer from the TV show 24? Here’s your chance!
Posted by Brian Bowman 
I chaired a lively 
Last week’s 
Are you new to social media? If so, you probably feel like people are talking in a whole different language. Blogs, wikis, RSS, Twitter – this is English? Or is it 
and follow the directions.
Privacy professionals will know first hand the importance of conducting regular staff privacy training, which can mitigate customer privacy complaints and (as a result) the overall costs of privacy compliance.
After several days of intense media scrutiny, 
British Columbia’s Supreme Court has awarded a record-setting judgment of over $1 million to a B.C. businessman for invasion of privacy as 
If you’re from Winnipeg, you’re well aware of the terrible tragedy of Brian Sinclair, who passed away in the emergency department of the Health Sciences Centre after waiting to see a doctor for 34 hours. Manitoba’s 
Canada, U.S. laws on privacy complex
Online shopping a risky transaction: Protect yourself from identity thieves
