Privacy Commissioner releases report on online tracking, profiling and targeting, and cloud computing

May 6, 2011

Canada’s Privacy Commissioner has just released the final report of her Office’s consultations on the online tracking, profiling and targeting of consumers by marketers and other businesses. “Most people have no idea about the rich trail of data they leave behind when they browse the Internet, use social networking sites, or engage the geo-location functions of their mobile devices,” the Commissioner observed.  Organizations that track the online activities of Canadians must be more upfront about their practices, Privacy Commissioner Jennifer Stoddart has concluded… “it comes down to meaningful consent, which entails informed consent”.

Leave a Comment » | Privacy, Technology, Marketing, Social Networking Websites, Facebook, Device Fingerprinting, Monitoring, Privacy Commissioner of Canada | Tagged: , , , , , | Permalink
Posted by Brian Bowman

Fines needed to help stem growing data breaches, Privacy Commissioner says

May 4, 2011

The Privacy Commissioner of Canada has called for legislation empowering her to impose substantial fines against major corporations that fail to adequately protect Canadians’ personal information from preventable breaches.

“I am deeply troubled by the large number of major breaches we are seeing, including serious incidents in recent weeks that have affected hundreds of thousands of Canadians,’’ Jennifer Stoddart said in a speech today at the Canada 3.0 forum in Stratford, Ont. “It seems to me that it’s time to begin imposing fines – significant, attention-getting fines – on companies when poor privacy and security practices lead to breaches.” To learn more, read the complete news release.

Leave a Comment » | Privacy, Privacy Breach, Data Protection, Privacy Commissioner of Canada, Legislation Update | Tagged: , , , | Permalink
Posted by Brian Bowman

Canada’s Privacy Commissioner releases latest Privacy Perspectives e-newsletter

March 16, 2011

Canada’s Privacy Commissioner has just released her latest e-newletter, Privacy Perspectives. Today’s installment includes:

  • Raising awareness about youth privacy
  • Does Canada have the privacy legislation it needs?
  • New guidance document on biometrics and privacy
  • OPC news 

Leave a Comment » | Privacy, Privacy Commissioner of Canada, Youth | Tagged: | Permalink
Posted by Brian Bowman

Lessons from the Veteran Affairs Canada privacy breach

October 8, 2010

The recent headlines over the Veteran Affairs Canada privacy breach should serve as a useful reminder to all organizations – public and private sector – of the necessity to implement internal policies and procedures for the management of personal information. Much attention is paid these days by the media to privacy breaches that involve external parties, such as hackers, who foil the security safeguards of organizations. However, in my experience the bigger threat to privacy if often from within an organization.

In this recent case involving Veteran Affairs, a veteran had filed a complaint with the Office of the Privacy Commissioner of Canada (“OPC”) alleging that Veterans Affairs had violated the Privacy Act by including excessively detailed and sensitive medical information in briefing notes to the Minister of Veterans Affairs. The complainant also alleged that Veteran Affairs had transferred his medical file to a hospital administered by Veterans Affairs without his consent.

The OPC has issued the following formal recommendations to Veterans Affairs, but they should also serve as useful recommendations to other organizations:

  • “Take immediate steps to develop an enhanced privacy policy framework with adequate protections and controls to regulate access to personal information within the department.
  • Revise existing information-management practices and policies to ensure that personal information is shared within the department on a need-to-know basis only.  Personal information, including but not limited to sensitive medical information, should not be shared with programs that have no operational requirements for access to such information.
  • Provide training for employees about appropriate personal information-handling practices.
  • Review procedures to ensure that consent is obtained prior to personal information being transferred to veterans’ hospitals.”

Leave a Comment » | Privacy, Access to Information, Privacy Breach, Security Breach, Safekeeping, Government, Safeguarding, Due Diligence, Training, Data Protection, Privacy Commissioner of Canada | Tagged: , , , , , | Permalink
Posted by Brian Bowman

Privacy Commissioner of Canada releases Annual Report on Privacy Act

October 5, 2010

Canada’s Privacy Commissioner, Jennifer Stoddart, released her 2009 – 2010 Annual Report to Parliament on the Privacy Act today. In her Annual Report, Stoddart says that “[t]he federal government’s use of handheld communications devices and its practices for disposing of unneeded paper documents and surplus computers could expose the personal information of Canadians to unauthorized disclosure”.

Key lessons for the private sector from today’s Annual Report include, among other things, (1) a reminder of the need to assess the threats/risks inherent in wireless communications and to fill any gaps in policies and/or practices related to smart phones, Wi-Fi networks and data stored on mobile devices and (2) ensuring that policies and procedures are in place for paper shredding and the disposal of surplus computer equipment.

Read the full Annual Report here>>.

Leave a Comment » | Privacy, Government, Mobile devices, Privacy Commissioner of Canada | Tagged: , | Permalink
Posted by Brian Bowman

Privacy Commissioner tables Annual Report on PIPEDA

June 8, 2010

Earlier today, Canada’s Privacy Commissioner, Jennifer Stoddart, submitted to Parliament the OPC’s Annual Report on PIPEDA for the period from January 1 to December 31, 2009. 

As the Commissioner notes, “the dominant theme of [the OPC's] work in 2009 was the protection of privacy in an increasingly online, borderless world. A case in point was the investigation that resulted in more public attention than any other in [the OPC's] history: Facebook.”  The Commissioner notes two key issues, namely, Data without borders and Risks remaining in the wake of mortgage broker breaches.

Leave a Comment » | PIPEDA, Privacy, Privacy Commissioner of Canada | Tagged: , | Permalink
Posted by Brian Bowman

Today’s “buzz” on Google Buzz offers lesson for new service roll-outs

April 20, 2010

Canada’s Privacy Commissioner, Jennifer Stoddart, has teamed up with nine other country’s privacy watchdogs today to warn Google and other organizations to better respect people’s privacy rights. The privacy commissioners have sent a letter to Google, accusing it of overlooking privacy values and legislation in launching new online products.

The privacy commissioners’ letter states, “we are increasingly concerned that, too often, the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications. We were disturbed by your recent rollout of the Google Buzz social networking application, which betrayed a disappointing disregard for fundamental privacy norms and laws… Unfortunately, Google Buzz is not an isolated case. Google Street View was launched in some countries without due consideration of privacy and data protection laws and cultural norms. In that instance, you addressed privacy concerns related to such matters as the retention of unblurred facial images only after the fact, and there is continued concern about the adequacy of the information you provide before the images are captured… We therefore call on you, like all organizations entrusted with people’s personal information, to incorporate fundamental privacy principles directly into the design of new online services. That means, at a minimum:

  • collecting and processing only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
  • providing clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
  • creating privacy-protective default settings;
  • ensuring that privacy control settings are prominent and easy to use;
  • ensuring that all personal data is adequately protected, and
  • giving people simple procedures for deleting their accounts and honouring their requests in a timely way.”

    • The privacy commissioners’ demand that Google and other organizations better incorporate privacy into the design of new online services underscores the need for the “Privacy by Design” initiative that Ontario’s Information and Privacy Commissioner recently discussed in my “A Conversation with Dr. Ann Cavoukian” post. All organizations, regardless of their size (after all, we’re all not Google), would be well-advised to learn from today’s “buzz” about Google Buzz.

    Leave a Comment » | Data Protection, Due Diligence, Ontario's Information and Privacy Commissioner, Personal Information, Privacy, Privacy Commissioner of Canada, Social Networking Websites, Technology | Tagged: , , , , , , | Permalink
    Posted by Brian Bowman

    OPC asks “how many unused profiles do you have online?”

    March 12, 2010

    The Office of the Privacy Commissioner of Canada has just posted this excellent article about the dangers of forgetting about personal information submitted to create online profiles.

    This really is the kind of personal information that identity thieves love so the OPC article is a useful read. In fact, businesses whose employees create accounts on their behalf would be well-advised to have employees read the OPC article.

    Leave a Comment » | Identity Theft, Privacy, Privacy Commissioner of Canada | Tagged: , , , , | Permalink
    Posted by Brian Bowman

    Businesses should learn from 2010 Olympics surveillance camera debate

    February 16, 2010

    The 2010 Olympics are finally here! So too are the reportedly pervasive crowd surveillance cameras that are monitoring spectators’ every move.

    Privacy advocates are already voicing concern.  But unlike previous public debates regarding privacy and surveillance cameras, I expect that the concerns that’ll be raised during and after the 2010 Olympics will be more comprehensive than the traditional “privacy vs security” debate. For instance,  Jennifer Stoddart, Canada’s Privacy Commissioner, recently commented on this blog that “one of the big issues will revolve around the pervasive crowd surveillance measures, and what will happen with all of the cameras and recordings after the flame is extinguished.”

    Of course, there are legal tests that governments (and businesses) should use to determine the appropriateness of installing surveillance cameras in the first place. But once any organization has decided to install surveillance cameras there’s a corresponding requirement to appropriately manage the data that’s collected. For instance, organizations must ensure that they have security, retention and destruction policies in place. This is the “devil in the detail” that’s often overlooked.

    I expect public scrutiny of the surveillance cameras being used during the 2010 Olympics. And such scrutiny will increase public expectations on businesses to properly manage data that they too collect by surveillance cameras.

    2 Comments | Monitoring, Privacy, Privacy Commissioner of Canada, Safeguarding, Security, Technology, Video Surveillance | Tagged: , , , , , | Permalink
    Posted by Brian Bowman

    Canada’s Privacy Commissioner delivers landmark speech on the future of privacy regulation

    February 10, 2010

    Jennifer Stoddart, Canada’s Privacy Commissioner, delivered a landmark speech today at the 11th Annual Privacy and Security Conference in Victoria, B.C. 

    In her remarks, Stoddart discussed the challenge of technology, globalized data flows and social change. While reflecting on her years as Canada’s “village elder” in the privacy community, Stoddart commented:

    “When I took over as Privacy Commissioner, Facebook didn’t exist. Neither did Twitter, Flickr, YouTube, Google Street View, Foursquare, iPods and all the many novel ways in which people now routinely connect with the rest of the world. And it’s not just technology that’s different; it’s other drivers of change as well. Like real-time globalization, for instance, and the instantaneous worldwide flow of data. It’s the way people embrace and respond to technology. Their expectations of what the technology can do for them, and at what cost. Is it desirable, for example, to buy greater convenience at the cost of less privacy? In light of these colossal changes over the past decade alone, it would be foolish to try to predict what the next decade will hold. But what we can say for certain is that the regulatory framework we have in place now for the protection of privacy and personal information is already being sorely tested.”

    Read the Privacy Commissioner’s full remarks here.

    Leave a Comment » | Privacy, Technology, Internet, Privacy Commissioner of Canada | Tagged: , , , | Permalink
    Posted by Brian Bowman

    « Previous Entries
    Follow

    Get every new post delivered to your Inbox.

    Join 73 other followers