September 16, 2010
PriceWaterhouseCoopers (PWC) has just released its Global State of Information Security Survey, which says that corporate spending on data security will increase sharply in the coming years. ComputerWeekly.com reports that more than half of respondents to the PWC survey say that their companies plan to spend more on technological defences against security breaches, an increase of 14% from last year. The survey also reveals that the impact of security breaches is growing. According to ComputerWeekly.com ”the number of companies reporting financial losses from data breaches increased 6% in the past year to 20%, up from only 8% in 2008. Intellectual property theft has increased to effect 15% of companies reporting data breaches, up from just 5% in 2008. An increase in the number of sophisticated attacks aimed at stealing information from specific companies is also driving increased security spending according to the Financial Times.”
The PWC survey demonstrates that spending is shifting to monitoring of company networks, at a time when more employees are bringing their own PDA’s and computers into the workplace. But as PWC states, businesses should be making employees the first line of defence against data leaks.
The PWC survey and commentary serves as a reminder of the need to focus resources for data security (and privacy law compliance) strategically. This means investing in technological safeguards but it should mean investing in privacy training for your staff. It’s an important point because so many of the privacy breaches these days result from mistakes, or human error, by one’s own employees. I’d suggest that you compare your organization’s line item for network monitoring with your line item (if it exists) for privacy training. Are your privacy risk mitigation efforts as strategic as they could be?
Leave a Comment » | 
Due Diligence, Intellectual Property, Privacy, Privacy Breach, Safeguarding, Security, Security Breach, Technology, Theft, Training | Tagged: Due Diligence, Employees, Information Technology, Intellectual Property, Safeguarding, Security, Technology | 
Permalink
Posted by Brian Bowman
July 9, 2010
Have you ever wondered if an electronic document like an e-mail or a scanned image can be used instead of a paper document to meet a legal requirement? How about using an electronic signature as opposed to a written signature?
Unfortunately, the provincial government’s dithering over the past decade will not help you answer these important questions.
Manitoba’s e-commerce legislation, called The Electronic Commerce and Information Act, was passed in the Manitoba Legislature in 2000. It was then billed as a cutting edge law that would help Manitobans to prosper in the online world.
Read more>>
Leave a Comment » | Government, Internet, Online Shopping, Sale Transactions, Technology | Tagged: E-mail, Government, Internet, Technology | Permalink
Posted by Brian Bowman
May 11, 2010
CBS News has an excellent investigative report here (on YouTube) about the security risks associated with copy machines. Members of the Privacy Forum will already know about this issue because we’ve previously highlighted it and relevant risk mitigation steps in the Canadian privacy law context. However, if you’re not aware of the issue then this report is a “must-see”.
1 Comment | Data Encryption, Due Diligence, Identity Theft, Privacy, Safeguarding, Safekeeping, Security, Technology | Tagged: Due Diligence, Identity Theft, Information Technology, Privacy, Safeguarding, Security | Permalink
Posted by Brian Bowman
April 27, 2010
I’m pleased to let you know that I’ll be teaming up with three of my colleagues to offer a complimentary Social Media and the Workplace webinar on May 19th from 2:00 – 3:15 PM CST. Here’s some details…
Canadian employees – in ever increasing numbers – are blogging, tweeting and accessing social networking websites. These forms of social media are increasing the legal risks for Canadian businesses. These risks include disgruntled employees intentionally revealing trade secrets, defaming supervisors, harassing co-workers, or posting negative information about their employers’ business. There are even additional threats resulting from loyal employees who inadvertently disclose information online that runs afoul of security, privacy and competition laws. Join us for this 75 minute webinar during which we will discuss:
- The legal do’s and don’ts of monitoring employee social media activities during and after work hours;
- Tips for creating meaningful social media policies;
- Tips for dealing with privacy and competition law, and securities regulatory risks; and
- How to deal with potential civil liability resulting from employee social media activities.
Space is limited so please register here soon.
Other presenters (in addition to yours truly):
Leave a Comment » | Competition Law, Employee Monitoring, Privacy, Social Networking Websites, Technology | Tagged: Competition Law, Employee Monitoring, Privacy, Social Networking Websites, Technology | Permalink
Posted by Brian Bowman
April 20, 2010
Canada’s Privacy Commissioner, Jennifer Stoddart, has teamed up with nine other country’s privacy watchdogs today to warn Google and other organizations to better respect people’s privacy rights. The privacy commissioners have sent a letter to Google, accusing it of overlooking privacy values and legislation in launching new online products.
The privacy commissioners’ letter states, “we are increasingly concerned that, too often, the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications. We were disturbed by your recent rollout of the Google Buzz social networking application, which betrayed a disappointing disregard for fundamental privacy norms and laws… Unfortunately, Google Buzz is not an isolated case. Google Street View was launched in some countries without due consideration of privacy and data protection laws and cultural norms. In that instance, you addressed privacy concerns related to such matters as the retention of unblurred facial images only after the fact, and there is continued concern about the adequacy of the information you provide before the images are captured… We therefore call on you, like all organizations entrusted with people’s personal information, to incorporate fundamental privacy principles directly into the design of new online services. That means, at a minimum:
collecting and processing only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
providing clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
creating privacy-protective default settings;
ensuring that privacy control settings are prominent and easy to use;
ensuring that all personal data is adequately protected, and
giving people simple procedures for deleting their accounts and honouring their requests in a timely way.”
The privacy commissioners’ demand that Google and other organizations better incorporate privacy into the design of new online services underscores the need for the “Privacy by Design” initiative that Ontario’s Information and Privacy Commissioner recently discussed in my “A Conversation with Dr. Ann Cavoukian” post. All organizations, regardless of their size (after all, we’re all not Google), would be well-advised to learn from today’s “buzz” about Google Buzz.
Leave a Comment » | Data Protection, Due Diligence, Ontario's Information and Privacy Commissioner, Personal Information, Privacy, Privacy Commissioner of Canada, Social Networking Websites, Technology | Tagged: Due Diligence, Google, Internet, Personal Information, Privacy, Privacy Commissioner, Privacy Compliance | Permalink
Posted by Brian Bowman
April 5, 2010
Are website operators presumed to have “published” defamatory materials that they deliberately link to from their websites? If not, what are the circumstances where it can be inferred that a website operator has “published” hyperlinked defamatory materials? We may be about to find out. The Supreme Court of Canada has just granted leave to appeal of Crookes v. Newton, the B.C. decision that I summarized in a previous post last October.
There’s still plenty of “grey areas” in Internet law. Hopefully, the Supreme Court of Canada will provide more definitive guidance for legal practitioners and website operators in the growing area of online reputation management. In the meantime, website operators should seek legal advice prior to hyperlinking to any potentially defamatory materials on the Internet.
Leave a Comment » | Blogs, Defamation, Internet, Online Reputation Management, Technology | Tagged: Blogs, Defamation, Internet, Online Reputation Management | Permalink
Posted by Brian Bowman
March 25, 2010
Last week’s widely reported ruling by Judge Tim Preston that cameras will not be permitted into the Brian Sinclair inquest hinged largely on a desire to protect the privacy rights of witnesses.
But what if some individual witnesses don’t have privacy concerns and actually want their testimony broadcast to the world?
Read More>>
Leave a Comment » | Media, Personal Information, Privacy, Technology, Video Surveillance | Tagged: Court, Media, Personal Information, Privacy, Technology, Video Surveillance | Permalink
Posted by Brian Bowman
February 16, 2010
The 2010 Olympics are finally here! So too are the reportedly pervasive crowd surveillance cameras that are monitoring spectators’ every move.
Privacy advocates are already voicing concern. But unlike previous public debates regarding privacy and surveillance cameras, I expect that the concerns that’ll be raised during and after the 2010 Olympics will be more comprehensive than the traditional “privacy vs security” debate. For instance, Jennifer Stoddart, Canada’s Privacy Commissioner, recently commented on this blog that “one of the big issues will revolve around the pervasive crowd surveillance measures, and what will happen with all of the cameras and recordings after the flame is extinguished.”
Of course, there are legal tests that governments (and businesses) should use to determine the appropriateness of installing surveillance cameras in the first place. But once any organization has decided to install surveillance cameras there’s a corresponding requirement to appropriately manage the data that’s collected. For instance, organizations must ensure that they have security, retention and destruction policies in place. This is the “devil in the detail” that’s often overlooked.
I expect public scrutiny of the surveillance cameras being used during the 2010 Olympics. And such scrutiny will increase public expectations on businesses to properly manage data that they too collect by surveillance cameras.
2 Comments | Monitoring, Privacy, Privacy Commissioner of Canada, Safeguarding, Security, Technology, Video Surveillance | Tagged: Olympics, Privacy, Privacy Commissioner, Safeguards, Security, Video Surveillance | Permalink
Posted by Brian Bowman
February 10, 2010
Jennifer Stoddart, Canada’s Privacy Commissioner, delivered a landmark speech today at the 11th Annual Privacy and Security Conference in Victoria, B.C.
In her remarks, Stoddart discussed the challenge of technology, globalized data flows and social change. While reflecting on her years as Canada’s “village elder” in the privacy community, Stoddart commented:
“When I took over as Privacy Commissioner, Facebook didn’t exist. Neither did Twitter, Flickr, YouTube, Google Street View, Foursquare, iPods and all the many novel ways in which people now routinely connect with the rest of the world. And it’s not just technology that’s different; it’s other drivers of change as well. Like real-time globalization, for instance, and the instantaneous worldwide flow of data. It’s the way people embrace and respond to technology. Their expectations of what the technology can do for them, and at what cost. Is it desirable, for example, to buy greater convenience at the cost of less privacy? In light of these colossal changes over the past decade alone, it would be foolish to try to predict what the next decade will hold. But what we can say for certain is that the regulatory framework we have in place now for the protection of privacy and personal information is already being sorely tested.”
Read the Privacy Commissioner’s full remarks here.
Leave a Comment » | Internet, Privacy, Privacy Commissioner of Canada, Technology | Tagged: Information Technology, Privacy, Privacy Commissioner, Technology | Permalink
Posted by Brian Bowman
January 21, 2010
I attended the 2010 Deloitte Technology, Media & Telecommunications Predictions seminar today with my colleagues Adam Herstein and Bruce King. The seminar was designed to highlight the top trends expected to impact businesses this year. Of particular interest to me was the Technology Predictions 2010, in which speaker Duncan Stewart listed seven predictions, including one that cloud computing is “likely to grow much faster than most other technology verticals…”. Deloitte further predicted that “we also expect to see [cloud computing] grow the fastest in the consumer and smaller medium enterprises (SME) market, rather than in the large enterprise and government markets”.
As I previously posted last July, cloud computing is certainly on the rise. The privacy issues are profound and, as a result, we’re spending more time these days working on cloud computing related agreements. In any event, I’d encourage you to review the Technology Predictions 2010 as it provides some great insight that might help your business.
1 Comment | Cloud Computing, Privacy, Technology | Tagged: Cloud Computing, Privacy, Technology | Permalink
Posted by Brian Bowman
PriceWaterhouseCoopers (PWC) has just released its Global State of Information Security Survey, which says that corporate spending on data security will increase sharply in the coming years. ComputerWeekly.com reports that more than half of respondents to the PWC survey say that their companies plan to spend more on technological defences against security breaches, an increase of 14% from last year. The survey also reveals that the impact of security breaches is growing. According to ComputerWeekly.com ”the number of companies reporting financial losses from data breaches increased 6% in the past year to 20%, up from only 8% in 2008. Intellectual property theft has increased to effect 15% of companies reporting data breaches, up from just 5% in 2008. An increase in the number of sophisticated attacks aimed at stealing information from specific companies is also driving increased security spending according to the Financial Times.” 
