Privacy Breaches: Obligations and Pending Changes to PIPEDA (Video)

March 23, 2012

Has one of your organization’s employees lost their iPhone or Blackberry recently?  How about misplaced a file?  If those devices or files contain personal information, you may have suffered a privacy breach.  To learn more about how to deal with a privacy breach please watch this short video – click here>>

Leave a Comment » | Data Protection, Legislation Update, PIPEDA, Privacy, Privacy Breach | Tagged: , , | Permalink
Posted by Brian Bowman

Fines needed to help stem growing data breaches, Privacy Commissioner says

May 4, 2011

The Privacy Commissioner of Canada has called for legislation empowering her to impose substantial fines against major corporations that fail to adequately protect Canadians’ personal information from preventable breaches.

“I am deeply troubled by the large number of major breaches we are seeing, including serious incidents in recent weeks that have affected hundreds of thousands of Canadians,’’ Jennifer Stoddart said in a speech today at the Canada 3.0 forum in Stratford, Ont. “It seems to me that it’s time to begin imposing fines – significant, attention-getting fines – on companies when poor privacy and security practices lead to breaches.” To learn more, read the complete news release.

Leave a Comment » | Data Protection, Legislation Update, Privacy, Privacy Breach, Privacy Commissioner of Canada | Tagged: , , , | Permalink
Posted by Brian Bowman

Fraud Prevention Month to focus on online fraud

March 4, 2011

The Competition Bureau announced earlier this week its participation in Fraud Prevention Month, which this year focuses on the growing problem of online fraud. Fraud Prevention Month is an annual education and awareness campaign held in Canada and around the world. The Competition Bureau’s website provides some great education and prevention information including a new interactive quiz designed to test consumers’ and businesses’ fraud awareness. I’d encourage you to take the quiz!

1 Comment | Competition Law, Data Protection, Identity Theft, Online Shopping, Phishing, Privacy, Security, Theft | Tagged: , , , , | Permalink
Posted by Brian Bowman

WikiLeaks a wakeup call

December 20, 2010

Recent news coverage about WikiLeaks has focused on the leaked documents and ethics, or lack thereof, of WikiLeaks’ founder, Julian Assange. Rightfully so.

The formerly classified documents are tantalizing and the story behind Assange and his WikiLeaks website is fascinating. But amidst the media chatter about the damage inflicted by WikiLeaks itself, the circumstances surrounding the initial release of secret documents from the U.S. government to WikiLeaks should provide a wake up call for other governments and corporations here at home.

Read more>>

Leave a Comment » | Access to Information, Data Protection, Employee Monitoring, Safeguarding, Safekeeping, Security, Security Breach, Technology | Tagged: , , , , , | Permalink
Posted by Brian Bowman

How safe is your scan? Hard drives on copy machines pose risk

October 20, 2010

Does your office have a copy machine? If so, then this post is worth reading.  CBC news has just released the results of an investigation that exposes the security risks associated with modern copy machines, specifically, the ease at which information scanned into certain copiers can be tapped. Just think about the information that gets scanned into your office copier. Personal information. Confidential corporate information such as client data. Even intellectual property. It’s a scary thought if you haven’t done your due diligence, especially considering that privacy laws can apply to certain data undoubtedly scanned into your copy machine. Check out CBC’s online story here or TV segment here. And if you’d like to learn more, you may also want to read my post from earlier this year which provided a link to a similar CBS news story.

Leave a Comment » | Data Encryption, Data Protection, Identity Theft, Privacy, Privacy Breach, Safeguarding, Safekeeping, Security, Technology | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Lessons from the Veteran Affairs Canada privacy breach

October 8, 2010

The recent headlines over the Veteran Affairs Canada privacy breach should serve as a useful reminder to all organizations – public and private sector – of the necessity to implement internal policies and procedures for the management of personal information. Much attention is paid these days by the media to privacy breaches that involve external parties, such as hackers, who foil the security safeguards of organizations. However, in my experience the bigger threat to privacy if often from within an organization.

In this recent case involving Veteran Affairs, a veteran had filed a complaint with the Office of the Privacy Commissioner of Canada (“OPC”) alleging that Veterans Affairs had violated the Privacy Act by including excessively detailed and sensitive medical information in briefing notes to the Minister of Veterans Affairs. The complainant also alleged that Veteran Affairs had transferred his medical file to a hospital administered by Veterans Affairs without his consent.

The OPC has issued the following formal recommendations to Veterans Affairs, but they should also serve as useful recommendations to other organizations:

  • “Take immediate steps to develop an enhanced privacy policy framework with adequate protections and controls to regulate access to personal information within the department.
  • Revise existing information-management practices and policies to ensure that personal information is shared within the department on a need-to-know basis only.  Personal information, including but not limited to sensitive medical information, should not be shared with programs that have no operational requirements for access to such information.
  • Provide training for employees about appropriate personal information-handling practices.
  • Review procedures to ensure that consent is obtained prior to personal information being transferred to veterans’ hospitals.”

Leave a Comment » | Access to Information, Data Protection, Due Diligence, Government, Privacy, Privacy Breach, Privacy Commissioner of Canada, Safeguarding, Safekeeping, Security Breach, Training | Tagged: , , , , , | Permalink
Posted by Brian Bowman

Laptop searches at the border…again

June 1, 2010

Over a year ago, I commented on the privacy issues related to taking a laptop, cellphone or iPod across the U.S. border.  As reported here by Computerworld, a federal court has ruled in Michigan that the U.S. government has the right to “seize and transport a computer to a secondary inspection facility”, as long as there is a reasonable suspicion. Given the proliferation of tech devices in today’s workplace, you may want to consider if your business has the necessary policies and practices in place to protect data that’s probably leaving your doors today, and possibly going over the border via laptops and other mobile devices.

Leave a Comment » | Airport Security, Data Protection, Laptops, Mobile devices | Tagged: , , | Permalink
Posted by Brian Bowman

Feds introduce amendments to PIPEDA, re-introduce Anti-Spam Bill

May 25, 2010

The federal government introduced legislation today to amend PIPEDA and re-introduce the Anti-Spam Bill. I’ve previously posted here regarding the anticipated changes to PIPEDA and here about the Anti-Spam Bill.

From today’s news release:

The Honourable Tony Clement, Minister of Industry, and the Honourable Denis Lebel, Minister of State (Economic Development Agency of Canada for the Regions of Quebec), today announced two steps that the Government of Canada is taking to enhance the safety and security of the online marketplace. Together, the tabling of amendments to the legislation protecting the personal information of Canadians (Personal Information Protection and Electronic Documents Act, or PIPEDA) and the reintroduction of anti-spam legislation in the House of Commons (the proposed Fighting Internet and Wireless Spam Act, or FISA) are important steps towards positioning Canada as a leader in the digital economy.

Here’s the full Industry Canada news release.

(Hat tip to David Fraser’s Canadian Privacy Law Blog )

Leave a Comment » | Anti-Spam Legislation, Data Protection, PIPEDA, Privacy | Tagged: , , , | Permalink
Posted by Brian Bowman

Today’s “buzz” on Google Buzz offers lesson for new service roll-outs

April 20, 2010

Canada’s Privacy Commissioner, Jennifer Stoddart, has teamed up with nine other country’s privacy watchdogs today to warn Google and other organizations to better respect people’s privacy rights. The privacy commissioners have sent a letter to Google, accusing it of overlooking privacy values and legislation in launching new online products.

The privacy commissioners’ letter states, “we are increasingly concerned that, too often, the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications. We were disturbed by your recent rollout of the Google Buzz social networking application, which betrayed a disappointing disregard for fundamental privacy norms and laws… Unfortunately, Google Buzz is not an isolated case. Google Street View was launched in some countries without due consideration of privacy and data protection laws and cultural norms. In that instance, you addressed privacy concerns related to such matters as the retention of unblurred facial images only after the fact, and there is continued concern about the adequacy of the information you provide before the images are captured… We therefore call on you, like all organizations entrusted with people’s personal information, to incorporate fundamental privacy principles directly into the design of new online services. That means, at a minimum:

  • collecting and processing only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
  • providing clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
  • creating privacy-protective default settings;
  • ensuring that privacy control settings are prominent and easy to use;
  • ensuring that all personal data is adequately protected, and
  • giving people simple procedures for deleting their accounts and honouring their requests in a timely way.”

    • The privacy commissioners’ demand that Google and other organizations better incorporate privacy into the design of new online services underscores the need for the “Privacy by Design” initiative that Ontario’s Information and Privacy Commissioner recently discussed in my “A Conversation with Dr. Ann Cavoukian” post. All organizations, regardless of their size (after all, we’re all not Google), would be well-advised to learn from today’s “buzz” about Google Buzz.

    Leave a Comment » | Data Protection, Due Diligence, Ontario's Information and Privacy Commissioner, Personal Information, Privacy, Privacy Commissioner of Canada, Social Networking Websites, Technology | Tagged: , , , , , , | Permalink
    Posted by Brian Bowman

    The top 5 mistakes of privacy awareness programs: Computerworld

    February 10, 2010

    Computerworld has just published an excellent article which highlights the top five (5) mistakes that companies often make when educating employees about data protection.

    Read the Computerworld article here!

    Leave a Comment » | Data Protection, Privacy, Training | Tagged: , , | Permalink
    Posted by Brian Bowman

    « Previous Entries
    Follow

    Get every new post delivered to your Inbox.

    Join 77 other followers