Businesses don’t have privacy rights

March 9, 2009

If you’re a privacy professional you will know that Canada’s privacy laws are in place to protect the privacy rights of individuals, not businesses.

Despite this fact and that Canada’s federal privacy law, PIPEDA, has been in force since 2001, it’s surprising how many others are confused on this point.

For instance, I recently had a client make an information request to an organization for access to corporate information. When the organization responded, they denied access to the requested information and claimed that PIPEDA required that they do so in order to protect the privacy interests of a business.

There may be circumstances where organizations have other legitimate reasons for denying access to certain information. There may also be circumstances where privacy laws such as PIPEDA should be cited in denying access to certain business records where releasing the information could unlawfully disclose the personal information of another individual. Organizations should not, however, cite Canada’s privacy laws as a justification to deny access to information requests on account of the privacy rights of a business.

If you encounter this scenario you may be dealing with someone who either doesn’t understand privacy laws or who is perhaps being disingenuous. After all, the general thrust of Canada’s privacy laws is to encourage organizations to create a culture of privacy in order to protect the privacy of individuals whose personal information is collected, used, retained or disclosed by such organizations.

2 Comments | Access to Information, Due Diligence, PIPEDA, Privacy | Tagged: , , , , | Permalink
Posted by Brian Bowman

Practical tips for dealing with metadata

March 5, 2009

How is your business dealing with metadata? If you’re scratching your head and asking “what the heck is metadata?” or if you’re drawing a blank about what your business may (or may not) be doing to manage its metadata, then you should definitely read on.

For the basics on metadata, read here. As you’ll learn in more detail, “metadata” is data about data. It’s detailed information that is automatically created about an electronic document when you use Microsoft Word, PowerPoint or Excel. It can include the name of the person or organization that created a document, the date that it was created, the identities of people who modified a document, including the time and day they did so, the name of the computer that was used to create a document and detailed revisions to a document, including past modifications and deleted text not visible on your computer screen. If not properly managed, metadata can help other businesses steal your intellectual property, learn about your business processes and view personal information that you’re legally required to protect under privacy laws.

One practical way to deal with metadata is to use metadata scrubber software. Some are costly but well worth it, including Payne Metadata Assistant and Workshare Protect. There are also free tools available including a Microsoft one (but it is only for Office 2007) and one offered by Javacool Software. Of course, I’d recommend that you work with technology professionals to determine the best metadata scrubber software for your business. Regardless of whether you use one of these or other tools, it’s important that you deal with metadata in some fashion. I hope these links help provide you with a good place to start!  Feel free to Leave a Comment below if you know of other metadata scrubber software worth recommending.

Leave a Comment » | Attorney-Client Privilege, Intellectual Property, Metadata, Privacy, Safeguarding, Technology | Tagged: , , , , , , , , , , , , | Permalink
Posted by Brian Bowman

Help fight cyber-terrorism

February 27, 2009

protect-secureDo you ever wish you were Jack Bauer from the TV show 24? Here’s your chance!

There are a growing number of articles that are highlighting the threat of “cyber-terrorism”.  It’s a scary topic that is surely consuming the time of government technology infrastructure professionals in the U.S. and Canada.  Some of these articles discuss the remote possibility that terrorists may perpetrate cyber-attacks against critical online government and corporate infrastructure.  Other articles discuss the very real possibility that terrorists may simply use the Internet (and the information contained online) to plan attacks in the real world. Don Cavender, a special agent and instructor with the FBI’s Computer Training Unit at Quantico, Virginia, is quoted in an excellent ZDNet article and says that “the worry right now is not so much a cyberterrorism event…but when the terrorists use the Internet to facilitate the planning of these attacks.” 

We all know that the Internet is filling up with vast amounts of data including people’s personal information, as well as corporate and government data.  The lesson that I take from all of these “cyber-terrorism” related articles is that businesses should make sure that they are working with technology professionals to secure their databases and limit the amount of personal information and corporate data available online.  Of course, there are many reasons for businesses to secure their databases and to limit what information is available online.  For example, privacy laws such as Canada’s PIPEDA regulate the safeguarding of personal information.  And, there are good business reasons to limit the availability of proprietary corporate data online.  But, if you ever wished you were Jack Bauer, then here’s your chance to fight terrorism…one corporate move at a time.

Leave a Comment » | Internet, Online Reputation Management, Safeguarding, Security, Technology | Tagged: , , , , , , , , , | Permalink
Posted by Brian Bowman

Mobile devices prone to ID theft

February 6, 2009

security1Mobile devices prone to I.D. theft

My August 1, 2007 column in the Winnipeg Free Press points out the security risks inherent with mobile data holders such as USB drives, laptops and portable hard drives.

Leave a Comment » | Identity Theft, Privacy, Safeguarding, Security, Technology | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Don’t expose your metadata

February 6, 2009

hanging-3Don’t expose your metadata – it might be embarrassing

My December 6, 2006 column in the Winnipeg Free Press defines metadata and why businesses need to know how to eliminate it.

Leave a Comment » | Metadata, Safeguarding, Security | Tagged: , , , | Permalink
Posted by Brian Bowman

Information requires safekeeping

February 5, 2009

workInformation requires safekeeping

In today’s economy, information is the most valuable corporate asset. And for this reason, businesses of all sizes should take steps to protect corporate information regardless of whether it is stored online or off-line. Whether it’s customer or supplier lists, intellectual property or employees’ personal information, it’s information that needs safekeeping. My September 6, 2006 column for the Winnipeg Free Press discusses the importance of protecting corporate information.

2 Comments | Access to Information, Privacy, Safekeeping, Security, Security Breach | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Next Entries »
Follow

Get every new post delivered to your Inbox.

Join 77 other followers