March 18, 2010
In what should serve as a valuable reminder of the need to educate employees about what constitutes acceptable postings on social networking websites, BBC is reporting that “the Israeli military cancelled a planned raid on a Palestinian village after one of its soldiers posted details of the operation on Facebook. The unnamed soldier revealed the time and place of the raid and the name of his unit on the social networking site.”
I’ve previously commented on social networking websites and employer-employee relationships. This BBC report is just one more example of a situation which may have been prevented with better employee training and a clear social networking policy. Common sense should, and typically does, guide employees in determining what to post online. Yet, if an Israeli soldier can’t think twice before posting the details of a planned operation it’s easy to see how some employees of Canadian businesses – perhaps yours - unintentionally post valuable corporate information online.
Leave a Comment » | 
Facebook, Internet, MySpace, Online Reputation Management, Social Networking Websites | Tagged: Online Reputation Management, Employees, Corporate Information, Facebook, Social Networking | 
Permalink
Posted by Brian Bowman
November 28, 2009
According to a Cyber-Ark survey entitled “The Global Recession and its effect on Work Ethics” (link below), 58% of U.S. employees surveyed said that if they thought their job was at risk they would, as a pre-emptive move, be prepared to download company/competitive data. Fifty two per cent (52%) said that if they were fired tomorrow they’d take their employer’s customer and contacts data.
More disturbingly, 51% said it’s “easy” to take sensitive information out of their company and, as reported by Out-Law.com, 85% were aware that it’s illegal to download corporate information. The favoured medium for stealing corporate information is a USB memory stick followed by e-mail.
As I’ve mentioned in previous posts rogue employees pose a risk to privacy compliance and, as a result, corporate information requires safekeeping. In today’s economy, information is the most valuable corporate asset. For this reason, businesses of all sizes should take proactive steps to protect corporate data. Whether it’s customer or supplier lists, intellectual property or employee personal information, it’s information that needs safekeeping, especially when we see statistics like those reported above.
The Global Recession and its effect on Work Ethics
Leave a Comment » | Data Protection, Due Diligence, Mobile devices, Privacy, Safeguarding, Safekeeping | Tagged: Corporate Information, Due Diligence, Employees, Privacy Compliance, Safeguarding, Security | Permalink
Posted by Brian Bowman
November 18, 2009
The U.K.’s Huffington Post is reporting that a rogue employee of a major mobile phone company has illegally sold millions of customer records to rival companies. Apparently, customers’ personal information (including contract expiry dates) was sold to several rivals, which then used the material to cold-call customers to offer them an alternative deal.
As I’ve previously written, information really is the most valuable corporate asset. And for this reason, businesses of all sizes should take steps to protect corporate information regardless of whether it is stored online or off-line. Whether it’s customer or supplier lists, intellectual property or employees’ personal information, it’s information that needs safekeeping.
This case should serve as a reminder that corporate safekeeping practices must include protecting data from rogue employees.
3 Comments | Data Protection, Due Diligence, PIPA, PIPEDA, Personal Information, Privacy, Privacy Breach, Safeguarding, Safekeeping, Security | Tagged: Businesses, Corporate Information, Due Diligence, Employees, Personal Information, PIPEDA, Privacy, Privacy Breach, Privacy Compliance, Safeguarding, Security | Permalink
Posted by Brian Bowman
July 27, 2009
Have you heard the term “cloud computing“, but aren’t really clear what it means?
Cloud computing is an umbrella term that refers to the use of Internet-hosted computer services. Think of your server — instead of having one in-house server located on company premises, an organization might opt to buy space on a third-party provider’s server. Other options include software hosting and data storage. By purchasing computing services from a variety of Internet-based providers, your computer needs are housed within a larger “cloud” of computer services.
Some organizations are opting for ”Software as a service” (SaaS), and allowing their data to reside on other company’s servers, or “the cloud“. Users only have to buy the space they need, which allows organizations to save money on their technology costs. Other benefits include access to people with technological know-how, flexibility and reduced maintenance costs.
Cloud computing is not new, but is now embedded into the fabric of modern business operations. In fact, the Los Angeles Times has reported that the city of Los Angeles is considering using Google applications for all of its software needs.
Privacy issues related to cloud computing, however, are profound. For example, many of the security questions that relate to traditional third-party data hosting were raised when a hacker broke into a Twitter employee’s work e-mail account and stole confidential company documents. The World Privacy Forum, meanwhile, has released a 28-page report on some of the privacy issues that relate to cloud computing. The report concludes that sharing information may expose some business users to liability, and emphasizes the importance of checking a cloud provider’s terms of service, privacy policy, and location.
Canadian businesses that engage in cloud computing should be reminded that they must do so in compliance with applicable privacy laws. For example, the Personal Information and Protection of Electronic Documents Act obliges organizations that transfer personal information to third parties to ensure appropriate security safeguards are in place.
They should also be mindful of the raging debate about the perils of cloud computing that has been underway now for some time. While cloud computing has the potential to provide benefits, organizations should ask themselves whether it is worth the risks it poses. You might save money in the short run, but is it worth the potential of a massive privacy breach?
2 Comments | Internet, PIPEDA, Privacy, Technology | Tagged: Businesses, Corporate Information, Information Technology, Internet, Outsourcing, Personal Information, PIPEDA, Privacy, Privacy Compliance, Technology | Permalink
Posted by Brian Bowman
May 29, 2009
It’s been a thrilling week for my colleagues at Pitblado LLP as it was announced earlier this week that we were to be the 1st Canadian law firm to be a guest blogger on the must-read slaw.ca. Yours truly, three of my colleagues from our firm’s Information & Ideas Practice Group as well as our firm’s librarian each contributed one post a day this week to slaw.ca on cutting edge legal topics. Here’s what we covered…
On Monday, I posted “What Would Happen If One of your Employees Posted a Video of an Irate Customer on YouTube?”, which I cross posted on my blog earlier this week. The post highlights a YouTube video of an irrate customer as a reminder to Canadian businesses of the powers of new technologies such as YouTube and the corresponding need to protect against the dissemination of this type of video through employee privacy training and the adoption and enforcement of privacy and procedures.
On Tuesday, Carol Lynn Schafer posted “Do TOS Have the Final Word on our Fundamental Rights and Freedoms?”, which discusses the controversial effects of Terms of Service on popular websites such as Facebook and Twitter. As Carol Lynn notes, Terms of Service should be drafted with the bigger picture in mind and can no longer be seen as standard agreements that can be treated with a one size fits all approach.
On Wednesday, Jolin Spencer posted “Whose Property Is It, Anyway?”, which discusses the questions that come into play when employees leave their positions. For example, what can an employee take, and what must they leave, when they vacate their position? As Jolin points out, no business wants its intellectual property assets walking out the door with a former employee.
On Thursday, our firm’s librarian, Karen Sawatsky, posted “Legal Research Bootcamp – Winnipeg Style”, which discusses her experience collaborating with members of the Manitoba Bar Association and the Law Society of Manitoba to create a CLE for articling students on legal research. The Legal Research Bootcamp is a first for Manitoba students, and aims to bridge the gap between when students start their articles and when CPLED begins in the fall.
And last but not least, today Adam Herstein posted “Manitoba: Innovative Fighter of Child Sexual Exploitation”, which focuses on Manitoba’s recent enactment of The Child and Family Services Amendment Act (Child Pornography Reporting) (Manitoba) and how Manitoba is the first province in Canada to enact legislation that makes it mandatory for a person who encounters child pornography to report it to authorities. Adam also notes that Canada has a national tipline called Cybertip.ca for reporting the sexual exploitation of children.
Thanks to slaw.ca for the opportunity to contribute!
1 Comment | Blogs, Copyright, Facebook, Government, Intellectual Property, PIPEDA, Privacy, Social Networking Websites, Technology, Training | Tagged: Businesses, Copyright, Corporate Information, Employees, Facebook, Information Technology, Intellectual Property, Internet, Inventions, Manitoba, Mobile devices, Personal Information, PIPEDA, Privacy, Privacy Breach, Privacy Compliance, Safeguarding, Social Networking, Technology | Permalink
Posted by Brian Bowman
March 9, 2009
If you’re a privacy professional you will know that Canada’s privacy laws are in place to protect the privacy rights of individuals, not businesses.
Despite this fact and that Canada’s federal privacy law, PIPEDA, has been in force since 2001, it’s surprising how many others are confused on this point.
For instance, I recently had a client make an information request to an organization for access to corporate information. When the organization responded, they denied access to the requested information and claimed that PIPEDA required that they do so in order to protect the privacy interests of a business.
There may be circumstances where organizations have other legitimate reasons for denying access to certain information. There may also be circumstances where privacy laws such as PIPEDA should be cited in denying access to certain business records where releasing the information could unlawfully disclose the personal information of another individual. Organizations should not, however, cite Canada’s privacy laws as a justification to deny access to information requests on account of the privacy rights of a business.
If you encounter this scenario you may be dealing with someone who either doesn’t understand privacy laws or who is perhaps being disingenuous. After all, the general thrust of Canada’s privacy laws is to encourage organizations to create a culture of privacy in order to protect the privacy of individuals whose personal information is collected, used, retained or disclosed by such organizations.
2 Comments | Access to Information, Due Diligence, PIPEDA, Privacy | Tagged: Access to Information, Businesses, Corporate Information, PIPEDA, Privacy | Permalink
Posted by Brian Bowman
March 5, 2009
How is your business dealing with metadata? If you’re scratching your head and asking “what the heck is metadata?” or if you’re drawing a blank about what your business may (or may not) be doing to manage its metadata, then you should definitely read on.
For the basics on metadata, read here. As you’ll learn in more detail, “metadata” is data about data. It’s detailed information that is automatically created about an electronic document when you use Microsoft Word, PowerPoint or Excel. It can include the name of the person or organization that created a document, the date that it was created, the identities of people who modified a document, including the time and day they did so, the name of the computer that was used to create a document and detailed revisions to a document, including past modifications and deleted text not visible on your computer screen. If not properly managed, metadata can help other businesses steal your intellectual property, learn about your business processes and view personal information that you’re legally required to protect under privacy laws.
One practical way to deal with metadata is to use metadata scrubber software. Some are costly but well worth it, including Payne Metadata Assistant and Workshare Protect. There are also free tools available including a Microsoft one (but it is only for Office 2007) and one offered by Javacool Software. Of course, I’d recommend that you work with technology professionals to determine the best metadata scrubber software for your business. Regardless of whether you use one of these or other tools, it’s important that you deal with metadata in some fashion. I hope these links help provide you with a good place to start! Feel free to Leave a Comment below if you know of other metadata scrubber software worth recommending.
Leave a Comment » | Attorney-Client Privilege, Intellectual Property, Metadata, Privacy, Safeguarding, Technology | Tagged: Attorney-Client Privilege, Copyright, Corporate Information, Due Diligence, Information Technology, Intellectual Property, Metadata, Personal Information, PIPEDA, Privacy, Privacy Compliance, Safeguarding, Technology | Permalink
Posted by Brian Bowman
February 27, 2009
Do you ever wish you were Jack Bauer from the TV show 24? Here’s your chance!
There are a growing number of articles that are highlighting the threat of “cyber-terrorism”. It’s a scary topic that is surely consuming the time of government technology infrastructure professionals in the U.S. and Canada. Some of these articles discuss the remote possibility that terrorists may perpetrate cyber-attacks against critical online government and corporate infrastructure. Other articles discuss the very real possibility that terrorists may simply use the Internet (and the information contained online) to plan attacks in the real world. Don Cavender, a special agent and instructor with the FBI’s Computer Training Unit at Quantico, Virginia, is quoted in an excellent ZDNet article and says that “the worry right now is not so much a cyberterrorism event…but when the terrorists use the Internet to facilitate the planning of these attacks.”
We all know that the Internet is filling up with vast amounts of data including people’s personal information, as well as corporate and government data. The lesson that I take from all of these “cyber-terrorism” related articles is that businesses should make sure that they are working with technology professionals to secure their databases and limit the amount of personal information and corporate data available online. Of course, there are many reasons for businesses to secure their databases and to limit what information is available online. For example, privacy laws such as Canada’s PIPEDA regulate the safeguarding of personal information. And, there are good business reasons to limit the availability of proprietary corporate data online. But, if you ever wished you were Jack Bauer, then here’s your chance to fight terrorism…one corporate move at a time.
Leave a Comment » | Internet, Online Reputation Management, Safeguarding, Security, Technology | Tagged: Corporate Information, Information Technology, Internet, Online Reputation Management, Personal Information, PIPEDA, Safeguarding, Security, Terrorism, U.S. Patriot Act | Permalink
Posted by Brian Bowman
February 6, 2009
Leave a Comment » | Identity Theft, Privacy, Safeguarding, Security, Technology | Tagged: Corporate Information, Identity Theft, Laptops, Mobile devices, Personal Information, Privacy, Safeguarding, Security | Permalink
Posted by Brian Bowman
February 5, 2009
Information requires safekeeping
In today’s economy, information is the most valuable corporate asset. And for this reason, businesses of all sizes should take steps to protect corporate information regardless of whether it is stored online or off-line. Whether it’s customer or supplier lists, intellectual property or employees’ personal information, it’s information that needs safekeeping. My September 6, 2006 column for the Winnipeg Free Press discusses the importance of protecting corporate information.
2 Comments | Access to Information, Privacy, Safekeeping, Security, Security Breach | Tagged: Access to Information, Corporate Information, Online Reputation Management, Personal Information, Privacy, Safeguarding, Security, Security Breach | Permalink
Posted by Brian Bowman
In what should serve as a valuable reminder of the need to educate employees about what constitutes acceptable postings on social networking websites, BBC is reporting that “the Israeli military cancelled a planned raid on a Palestinian village after one of its soldiers posted details of the operation on Facebook. The unnamed soldier revealed the time and place of the raid and the name of his unit on the social networking site.”
Mobile devices prone to I.D. theft
Don’t expose your metadata – it might be embarrassing 
