Read more, click here>>

What are Internet cached webpages? 

When search engines such as Google, Yahoo, and Bing crawl a website, they take a snapshot of what the site looks like at that time. This “snapshot” is known as a cached webpage and it’s stored by the search engine. The cached webpage is what the search engine then uses to determine whether the site matches a user’s specific query.

When a user clicks on the cached webpage, they will be taken to the version of the webpage that was online when the site was last crawled and not the current version. The cached webpage can be accessed when the current version of the site is unavailable due to Internet congestion, a slow website, or the webpage has recently been removed.

How can you deal with Internet cached webpages?

It is very difficult to remove a cached webpage from a search engine if you’re not the webmaster of the website. If you’re not the webmaster and you’d like a cached page removed from Google, Yahoo or Bing, you have three options:

1. You can contact the site administrator and ask them to take the steps necessary to have the cached webpage removed from the search engine in question. Google typically responds to such requests from webmasters within 2-3 hours and Yahoo typically responds in 5 hours;
2. You can seek a court order or other legal document to have certain content removed from the website/cached webpage; or
3. You can just wait until the search engine crawls the site again and updates its cached webpages. This option can take the longest amount of time to see results since it might be 1-2 months before the site is crawled again.

Google offers an additional tool to have a cached webpage removed by a party who does not own the webpage in question. My understanding is that this process will only work for HTML pages and will not work for PDFs or .doc files):

1. The webpage must be have been updated since the cached version;
2. Go to (http://support.google.com/webmasters/bin/answer.py?hl=en&answer=1663691) and click on Google Public URL Removal Tool;
3. Sign in to Google;
4. Then it will prompt you for the URL you’d like removed;
5. Click Continue;
6. Type a word that appears on the out-of-date cached version of the page but not anywhere on the live version. Its better to use single words and not phrases; and
7. Click Remove cache.

Given the technical nature of this topic, and fact that I’m not a techie, I’d recommend that you work with a technology professional and not rely on this post. That being said I hope this helps and at least provides you with some general information to get you started.

More to follow on this important Bill.

In 2008, Toyota Matrix advertised the “Your Other You” campaign which targeted young males. It encouraged individuals to provide someone else’s personal information, who would then receive an invitation to a fake personality test.  What really happened was, the “victim” ended up receiving numerous disturbing emails from an imaginary soccer hooligan with a pitbull named Trigger.  This impersonator claimed to be on their way to the victim’s house, who had no idea it was a hoax. In order to promote the advertising campaign, a fake social networking account for the stalker was even set up.

How would a similar case play out here in Canada? Under the PIPEDA framework , there would possibly be a violation of the law because of the alleged collection, use and disclosure of personal information without consent. Further, PIPEDA’s requirement that the “identified purposes” of any collection, use or disclosure of personal information would not likely met. Finally, the reasonableness test, enshrined in PIPEDA, would probably be violated. In short, the facts pertaining to the case could put the relevant parties in the crosshairs of the Office of the Privacy Commissioner of Canada and courts. As a result, the case should serve as a warning to advertising agencies to ensure that privacy law considerations are thoroughly canvassed with legal counsel before initiating campaigns involving personal information – especially where people are submitting friends’ data.

Some things you may not know… Under the default settings, when a person tags you in a status update this will appear on your profile. Therefore you may want to consider using the new tag/post review features in order to allow you to choose whether it makes it onto your wall or not. The default settings are set to “off”. When someone tags you in a post, it will be that person’s privacy settings that have final say over what is visible unless you specifically adjust the settings pertaining to posts you are tagged in. So make sure you personalize your privacy settings individually, because a “one size fits all” approach may not be in your best interests.

Do these changes require you to revisit your privacy settings? Your privacy settings should not have changed from what they were before, however some simplifications have been made. Therefore it is important that you check your settings to see what settings are now controlled “inline” (again, meaning adjustable for each separate post whether it be a picture, post or other information) and make sure that these inline controls are by default set to what you want.

What should you be doing moving forward? It is important to remember that Facebook is continually updating its layout, and this includes its privacy templates. While users should not fear that their settings will completely reset each time such changes occur, they should keep a close eye on new features that may (1) replace an existing feature; (2) remove an existing feature entirely; or (3) introduce something entirely different, which might require some tweaking from its default settings.

I’m delighted to let you know about a cool feature on Pitblado’s new website called the “Whiteboard Sessions”, which are vlogs (or video blogs). We’ve just posted a 3 minute vlog of mine entitled “Are you a spammer?“, wherein I discuss:  

• highlights of the new law
• why you should care 
• an overview of the rules  
• penalties for non-compliance; and
• proactive tips to help comply with the law

To watch “Are you a spammer?” please click here>>

Thanks to Geoff Currier and CJOB|680 for the invitation to participate in the program.

“I am deeply troubled by the large number of major breaches we are seeing, including serious incidents in recent weeks that have affected hundreds of thousands of Canadians,’’ Jennifer Stoddart said in a speech today at the Canada 3.0 forum in Stratford, Ont. “It seems to me that it’s time to begin imposing fines – significant, attention-getting fines – on companies when poor privacy and security practices lead to breaches.” To learn more, read the complete news release.

Other related blog posts include Employee monitoring in today’s workplace and Social media: Is your organization’s head in the sand?

You see Canada’s private-sector privacy legislation (PIPEDA) requires organizations to retain personal information only “as long as necessary”, regardless of the format in which such information is held. So emails and paper records alike should only be retained as long as necessary.

I know that many organizations across Canada are struggling to develop business-friendly retention schedules that comply with the law. In some cases, these businesses are outsourcing their efforts. Do you work with such a company? Does your company offer these services? If so, I know that readers of this blog would welcome any positive recommendations. Feel free to post a “Comment” below with your thoughts.

• Raising awareness about youth privacy
• Does Canada have the privacy legislation it needs?
• New guidance document on biometrics and privacy
• OPC news 

If you know of other similar articles that can help business professionals to better manage their social media activities, please share by posting a Comment below. Thanks! And thanks to my colleague, Mark Wallace, for the head’s up about the Accountingweb article.

Doing the presentation made me think that it might help your organization to highlight the following previous posts… Hope they help!

• Social media: Is your organization’s head in the sand?
• Social Media and the Workplace webinar: Watch now!
• Employee monitoring in today’s workplace
• Adam Herstein’s excellent post called That’s Just Not Acceptable – Acceptable Use Policies in the Workplace

• Overview of access to information 101: the basics
• The 3 vantage points: public bodies, applicants & third parties
• Review of recent cases/headlines
• Identifying key legal and PR landmines
• Discussion of trends in access to information
• Practical tips for managing requests in a cost-effective manner 

Yet in recent days, privacy issues have impacted school buses, casinos and garbage bins. This may seem odd when most privacy news stories these days deal with Facebook and other websites. But the world of privacy is increasingly affecting just about every segment of society. Read more>>

The formerly classified documents are tantalizing and the story behind Assange and his WikiLeaks website is fascinating. But amidst the media chatter about the damage inflicted by WikiLeaks itself, the circumstances surrounding the initial release of secret documents from the U.S. government to WikiLeaks should provide a wake up call for other governments and corporations here at home.

Read more>>

What topics will be covered?

• Overview of access to information 101: the basics
• The 3 vantage points: public bodies, applicants & third parties
• Review of recent cases/headlines
• Identifying key legal and PR landmines
• Discussion of trends in access to information
• Practical tips for managing requests in a cost-effective manner

Who should attend?

Public bodies who are subject to access to information laws, private-sector organizations who regularly deal with public bodies and individuals/organizations who routinely initiate access to information requests under public sector access to information laws. 

When is the webinar? 

Wednesday, January 26th, 2011 from 1 – 2 PM (CST)

Please register <here> (space is limited)

The police had asked a local utility company to attach a digital recording ammeter (DRA) to the electric meter on a home in order to monitor electrical usage. The data gleaned from the DRA and from other sources was then used to obtain a warrant to search the home. The search resulted in exposing a marijuana grow op. The defence argued that the installation of the DRA infringed the privacy rights of the accused to be secure against unreasonable search contained in Canada’s Charter of Rights and Freedoms.

A critical factual consideration, on which much of the disagreement in the case turned, was the degree to which the use of DRA technology reveals private information. The SCC ultimately decided that DRA technology merely indicates electricity use, not what the electricity was used for, so it was a reasonable loss of privacy.

Here’s an excerpt from the decision:

The central issue in this case is thus whether the DRA discloses intimate details of the lifestyle and personal choices of the individual that form part of the biographical core data protected by the Charter’s guarantee of informational privacy.  The evidence available on the record offers no foundation for concluding that the information disclosed by the utility company yielded any useful information at all about household activities of an intimate or private nature that form part of the inhabitants’ biographical core data.  The DRA’s capabilities depend of course on the state of the technology at the time of its use.  As DRA technology now stands, it is not capable of giving access to the occupants’ personal information.  Instead, the DRA data merely yield an additional piece of information to evaluate suspicions — based on an independent evidentiary foundation — police already have about a particular activity taking place in the home.

A final factor affecting the informational privacy analysis is the fact that G’s interest in the electricity use data was not exclusive.  G’s electricity consumption history was not confidential or private information which he had entrusted to the utility company.  As the supplier of electricity, the utility company had a legitimate interest of its own in the quantity of electricity its customers consumed.  Consequently, it is beyond dispute that the utility company was within its rights to install a DRA on a customer’s line on its own initiative to measure the electricity being consumed.  The utility company was not an interloper exploiting its access to private information to circumvent the Charter at the behest of the state; rather, its role is limited to the wholly voluntary cooperation of a potential crime victim.

While a territorial privacy interest involving the home is a relevant aspect of the totality of the circumstances informing the reasonable expectation of privacy determination, the Charter’s protection of territorial privacy in the home is not absolute.  Where, as in the case at bar, there was no direct search of the home itself, the informational privacy interest should be the focal point of the analysis.  The fact that the home was the focus of an otherwise non-invasive and unintrusive search should be subsidiary to what the investigative technique was capable of revealing about the home and what information was actually disclosed.  The fact that the search includes a territorial privacy aspect involving the home should not be allowed to inflate the actual impact of the search to a point where it bears disproportionately on the expectation of privacy analysis.

The new Barbie Video Girl, which retails for just over $100, has a built-in camera in the doll’s necklace and an LCD screen on her back. The doll also comes equipped with a USB cable that enables you to transfer video recordings to your home computer and then online to YouTube or Facebook.

Not surprisingly, some are calling for a ban on Barbie Video Girl because of the potential that children will post online videos which infringe their privacy. Should we ban Barbie Video Girl? If so, should we ban all children’s toys with cameras? Read more>>

In fact, device fingerprinting works so well that many businesses that use it might not even be aware that they’re doing so. Is your organization using the technology? If so, it’s vital that your organization’s use of device fingerprinting complies with applicable privacy laws.

To learn more about device fingerprinting click here to view a presentation that I recently delivered alongside Steven Johnston (Senior Security and Technology Advisor, Office of the Privacy Commissioner of Canada) and David Stark (CIPP, Vice President, Compliance and Privacy Officer, GFK Group) to the International Association of Privacy Professionals in Baltimore, Maryland. As you’ll see, the presentation includes an overview of device fingerprinting, identifies relevant privacy law issues (my contribution to the presentation), the OPC’s perspective and provides practical examples.   

Thanks to the IAPP for the opportunity to present and compliments to Steven Johnston and David Stark for excellent remarks.

Anticipated amendments to PIPEDA include:

• a mandatory breach notification regime that would require organizations to promptly notify affected individuals and to report major data breaches to the Privacy Commissioner of Canada; 
• amendments to account for the unique circumstances regarding consent in employer/employee relationships; and
• modifications to allow organizations to collect, use and disclose personal information as necessary for the conduct of business transactions, such as mergers and acquisitions.

Stay tuned…

Some of my previous posts regarding the anti-spam law can be viewed here. You can find detailed information on this bill, and any other, through LegisInfo, a “collaborative effort of the Parliamentary Information and Research Service and the Information and Document Resource Service of the Library of Parliament”. Stay tuned…

If your answer is “no” you’re wrong. Sorry, but it was a trick question. Whether your organization admits it or not, it is in the social media world.  Clients, prospective clients, employees and even competitors are almost certainly engaging in conversations about your organization on Facebook and LinkedIn. The question is whether you’re a part (or even aware) of those conversations. The second question is what are you going to do to shape those conversations, to the extent that you can?

The reality is that Canadian employees, for example, are blogging, tweeting and accessing social networking websites with increasing frequency. And the result is increased legal risks for Canadian businesses. These risks include disgruntled employees intentionally revealing trade secrets, defaming supervisors, harassing co-workers, or posting negative information about their employers’ business. There are even additional threats resulting from loyal employees who inadvertently disclose information online that runs afoul of privacy and competition laws. These threats won’t go away if your company has its head in the sand regarding social media.

One important step to dealing with and leveraging social media is to implement a social media policy within your organization. Doing so won’t address every potential headache related to social media, but it will help to manage online discussions that are occurring during and after work hours by your own employees. And since some of the greatest risks I’ve mentioned above stem from your employees, my best advice is to implement a social media policy. Key components in a social media policy should include:

• defining the scope of prohibited activities;
• clarifying to whom the policy applies;
• addressing how infringing content should be removed from social media sites;
• spelling out who, when and how monitoring of social media sites occurs; and
• advising of penalties and enforcement of the policy.

In B.C., landlords and property managers acting on their behalf must comply with B.C.’s Personal Information Protection Act (“B.C.’s PIPA”). The guidelines are intended to assist landlords and property managers in discharging their duties under B.C.’s Residential Tenancy Act in a manner that respects the privacy of tenants and promotes transparency in the operation of landlord and tenant relationships.

Despite the B.C. focus, landlords and property managers in other jurisdictions would be well-served by reading the guidelines – especially given that B.C.’s PIPA is “substantially similar” to PIPEDA.

No one knows more detailed personal information about you than your Facebook friends. So do we need new privacy laws to protect you from violations perpetrated by other individuals? Read more>>

One of the big issues in the case related to whether or not the Charter applies to universities.  The University argued that the Charter only applies to government institutions and did not apply in this particular case because the University is not part of the government and was engaged in regulating its own internal affairs when disciplining the students.  Earlier court decisions have left open the possibility that the Charter might apply to subordinate bodies created and supported by the government, including “many forms of delegated legislation, regulations, orders in council, possibly municipal by-laws, and by-laws and regulations of other creatures of Parliament and the legislatures”.  In this particular case, the court declared that “the University is not a Charter free zone”.  As a result, and considering the particular facts of this case, the court ruled that the students’ Charter rights were infringed by the manner in which they were sanctioned for their online behavior.  A University spokesman has indicated that its legal staff will review the decision to determine whether there will be an appeal.

Canada’s privacy community will know that Commissioner Denham brings to her new role a wealth of experience and accomplishment. Her resume includes Assistant Privacy Commissioner of Canada and Director, Private Sector, for the Office of the Information and Privacy Commissioner of Alberta. I’ve had the pleasure of knowing Commissioner Denham for some time and have always appreciated her practicality and great sense of humour. B.C. will undoubtedly be well-served.

Of course, I’d like to thank Commissioner Denham for agreeing to engage in this online conversation.  If you’d like to learn more about Elizabeth Denhem or B.C.’s Information and Privacy Commissioner’s Office (“OIPC”), I’d encourage you to visit the OIPC’s website (www.oipc.bc.ca).

Q – You served as Assistant Privacy Commissioner of Canada until being appointed BC’s Information and Privacy Commissioner in July 2010. How are things going in your new role?

A – It is a good thing that I am a recreational runner, because I have certainly hit the ground running! This is an extremely busy office, due to the scope and nature of the work and to the fact that I have inherited one of the leanest oversight agencies in the country. I am very lucky to have a team of hardworking, enthusiastic and seasoned professionals to support me.

While I do have “in the trenches” FOI experience, that was more than 10 years ago, forcing a quick re-immersion into the duties of ensuring accountable and transparent government. Since my appointment I have issued a report on the timeliness of government responses to access requests, worked on a strategy for government-wide proactive disclosure and executed our annual tribute to open government, Right to Know Week.

However, in my view the biggest challenge facing me in this term is public sector privacy issues. The government has ambitious plans for data sharing across ministries, to create linked electronic databases. It is my immediate priority to ensure that privacy is baked into BC’s e-government programs, including e-health.

Q – I’ve long considered BC one of the most progressive privacy jurisdictions in Canada. How has this happened and what can other provinces/territories learn from BC’s privacy community?

A – I think there are a number of factors that has put BC out in front with respect to privacy. My two predecessors, David Flaherty and David Loukidelis, are without a doubt two of the top privacy experts, and their ability to break trail has benefited all of BC. The former Commissioners were very skilled at making privacy a common topic of discussion and spreading the word about privacy rights and obligations. BC also has active and engaged civil society pushing hard for access and privacy rights, and I am referring to the BC Freedom of Information and Privacy Association as well as the BC Civil Liberties Association as key thought leaders. Finally, the citizens of BC have a reputation for being politically aware and engaged, and unafraid to bring burning issues to the forefront. I think the key learning outcome for other jurisdictions is work hard at capacity building and public outreach, and encourage other groups to actively enter the policy debates around access and privacy. We need other voices. Regulators cannot do it alone.

Q – Given that BC has a provincial privacy law (PIPA) that is “substantially similar” to PIPEDA, and considering that many readers of this blog are from outside BC (and Canada), can you briefly highlight the most important things that businesses should know about BC’s private sector regime?

I think the three most important points are these:

First, make sure you have a legitimate operational need to collect any personal information. This requires ongoing monitoring to ensure the operational requirement still exists, and routinely and safely purging personal information no longer required. Personal information is both an asset and a liability, and collecting and retaining personal information when no reason exists is a huge business risk.

Second, be transparent about what you are doing with the personal information you collect in the course of your operations, and ensure that anyone that you hire on your behalf behaves in the same manner.

Finally, data safeguards, or rather the lack thereof, remain the primary source of privacy breaches and a threat to your business brand. Safeguards are much more than passwords and locked cabinets—they include proper and ongoing staff training, privacy audits and assessing the privacy impacts of new policies, programs or services. Safeguarding personal information requires ongoing attention, and a willingness and ability to adjust the safeguard strategy when needed.

Q – Your work in the area of social networking as been outstanding, which in the case of Facebook resulted in a number of changes to the social networking site—changes that were implemented on a global basis. Some readers may presume that a privacy commissioner such as you wouldn’t use social networking sites. In my case, I’m active on LinkedIn. How about you?

A – I have several accounts with social networks, including Facebook and LinkedIn. I first joined the networks because I wanted to deeply understand the services, and their functionality; this was critical to my work. But Facebook also helps me keep track of my far-flung 20-something children who live their lives on-line! But I am a savvy consumer of these services, and obviously avail myself to all of the privacy controls they offer. I do not post anything on either of those sites that is not already publicly available or any information that I would not hesitate to make public. I am very careful before downloading any third party application—carefully scrutinizing their privacy policies beforehand.

Q - In your view, what kind of privacy developments should we watch for in the coming year in British Columbia?

A – On the government side, I think the primary issues will be an increase in the development of linked data networks containing personal information bringing risks to transparency, appropriate access, use and disclosure and a heightened risk of transmission of inaccurate and incomplete information.

On the private sector side, I know we will see more collaboration and cooperative oversight between the federal and provincial commissioners. New technologies and business models challenge the ability of any office to “go it alone”. Canada is a leading voice on privacy and new technologies. I look forward to working with my colleagues on smart, relevant and timely oversight.

In this recent case involving Veteran Affairs, a veteran had filed a complaint with the Office of the Privacy Commissioner of Canada (“OPC”) alleging that Veterans Affairs had violated the Privacy Act by including excessively detailed and sensitive medical information in briefing notes to the Minister of Veterans Affairs. The complainant also alleged that Veteran Affairs had transferred his medical file to a hospital administered by Veterans Affairs without his consent.

The OPC has issued the following formal recommendations to Veterans Affairs, but they should also serve as useful recommendations to other organizations:

• “Take immediate steps to develop an enhanced privacy policy framework with adequate protections and controls to regulate access to personal information within the department.
• Revise existing information-management practices and policies to ensure that personal information is shared within the department on a need-to-know basis only.  Personal information, including but not limited to sensitive medical information, should not be shared with programs that have no operational requirements for access to such information.
• Provide training for employees about appropriate personal information-handling practices.
• Review procedures to ensure that consent is obtained prior to personal information being transferred to veterans’ hospitals.”

This and other similar news stories should serve as a reminder that PIPEDA requires organizations to exercise care in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information (for example, don’t dispose of sensitive tax information records in a back lane). Other provincial laws, such as Alberta’s PIPA and B.C.’s PIPA, have similar requirements. Disposal or destruction policies and procedures should focus on physical, organizational and technological measures.

Key lessons for the private sector from today’s Annual Report include, among other things, (1) a reminder of the need to assess the threats/risks inherent in wireless communications and to fill any gaps in policies and/or practices related to smart phones, Wi-Fi networks and data stored on mobile devices and (2) ensuring that policies and procedures are in place for paper shredding and the disposal of surplus computer equipment.

Read the full Annual Report here>>.

Thanks to Geoff Currier and CJOB|680 for the invitation to participate in the program.

The PWC survey demonstrates that spending is shifting to monitoring of company networks, at a time when more employees are bringing their own PDA’s and computers into the workplace.  But as PWC states, businesses should be making employees the first line of defence against data leaks. 

The PWC survey and commentary serves as a reminder of the need to focus resources for data security (and privacy law compliance) strategically. This means investing in technological safeguards but it should mean investing in privacy training for your staff.  It’s an important point because so many of the privacy breaches these days result from mistakes, or human error, by one’s own employees.  I’d suggest that you compare your organization’s line item for network monitoring with your line item (if it exists) for privacy training. Are your privacy risk mitigation efforts as strategic as they could be?