Are you a spammer? What you need to know about Canada’s new anti-spam law

July 7, 2011

Tired of reading? How about a video to help you learn about Canada’s new anti-spam law?

I’m delighted to let you know about a cool feature on Pitblado’s new website called the “Whiteboard Sessions”, which are vlogs (or video blogs). We’ve just posted a 3 minute vlog of mine entitled “Are you a spammer?“, wherein I discuss:  

  • highlights of the new law
  • why you should care 
  • an overview of the rules  
  • penalties for non-compliance; and
  • proactive tips to help comply with the law

To watch “Are you a spammer?” please click here>>

Leave a Comment » | Anti-Spam Legislation, E-mail, Facebook, Internet, Marketing, Online Marketing, Privacy, Social Networking Websites, Technology | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Privacy Commissioner releases report on online tracking, profiling and targeting, and cloud computing

May 6, 2011

Canada’s Privacy Commissioner has just released the final report of her Office’s consultations on the online tracking, profiling and targeting of consumers by marketers and other businesses. “Most people have no idea about the rich trail of data they leave behind when they browse the Internet, use social networking sites, or engage the geo-location functions of their mobile devices,” the Commissioner observed.  Organizations that track the online activities of Canadians must be more upfront about their practices, Privacy Commissioner Jennifer Stoddart has concluded… “it comes down to meaningful consent, which entails informed consent”.

Leave a Comment » | Privacy, Technology, Marketing, Social Networking Websites, Facebook, Device Fingerprinting, Monitoring, Privacy Commissioner of Canada | Tagged: , , , , , | Permalink
Posted by Brian Bowman

Privacy and compliance in digital market research

March 24, 2011

David Stark of GfK has penned an excellent article about how technology is affecting the marketing research industry. In his article, David highlights broad trends, notably in quantitative research, and the increase in observational research and passive data collection. Among other things, he also discusses cookies, device identification and web scraping. This is a ”must read” for marketing researchers and a valuable read for others. I hope you check it out.

Leave a Comment » | Device Fingerprinting, Internet, Marketing, Privacy, Social Networking Websites, Technology | Tagged: , , | Permalink
Posted by Brian Bowman

When Barbie invades your privacy

November 19, 2010

Mattel’s Barbie doll is now wired. Literally.

The new Barbie Video Girl, which retails for just over $100, has a built-in camera in the doll’s necklace and an LCD screen on her back. The doll also comes equipped with a USB cable that enables you to transfer video recordings to your home computer and then online to YouTube or Facebook.

Not surprisingly, some are calling for a ban on Barbie Video Girl because of the potential that children will post online videos which infringe their privacy. Should we ban Barbie Video Girl? If so, should we ban all children’s toys with cameras? Read more>>

Leave a Comment » | Internet, Monitoring, Privacy, Technology | Tagged: , , | Permalink
Posted by Brian Bowman

How to monitor your reputation on social networks

November 15, 2010

CTV News has an excellent article that discusses important issue of how to monitor your reputation on social networks. While including some practical tips, the article discusses the importance of being proactive with your online reputation and privacy in what is described as “this Wild West world”.

Leave a Comment » | Defamation, Due Diligence, Facebook, Internet, Monitoring, Social Networking Websites | Tagged: , , , , , | Permalink
Posted by Brian Bowman

What is device fingerprinting, or machine ID?

November 4, 2010

Some online banks, e-commerce merchants and Internet-based market research firms are turning to a new technology called device fingerprinting (or machine ID as it’s often called) for online verification and fraud detection. Unlike cookies, however, which can be blocked, filtered and deleted, device fingerprinting is invisible to consumers. For website owners that use the technology, adequate disclosures, consent and safeguards are required, at minimum, to comply with privacy laws.  

In fact, device fingerprinting works so well that many businesses that use it might not even be aware that they’re doing so. Is your organization using the technology? If so, it’s vital that your organization’s use of device fingerprinting complies with applicable privacy laws.

To learn more about device fingerprinting click here to view a presentation that I recently delivered alongside Steven Johnston (Senior Security and Technology Advisor, Office of the Privacy Commissioner of Canada) and David Stark (CIPP, Vice President, Compliance and Privacy Officer, GFK Group) to the International Association of Privacy Professionals in Baltimore, Maryland. As you’ll see, the presentation includes an overview of device fingerprinting, identifies relevant privacy law issues (my contribution to the presentation), the OPC’s perspective and provides practical examples.   

Thanks to the IAPP for the opportunity to present and compliments to Steven Johnston and David Stark for excellent remarks.

Leave a Comment » | Device Fingerprinting, PIPEDA, Privacy, Technology | Tagged: , , , , | Permalink
Posted by Brian Bowman

A Conversation with Elizabeth Denham, British Columbia’s Information and Privacy Commissioner

October 12, 2010

Continuing a series of blog posts that I’m calling “A Conversation with…”, I’m delighted to post the following conversation with British Columbia’s new Information and Privacy Commissioner, Elizabeth Denham

Canada’s privacy community will know that Commissioner Denham brings to her new role a wealth of experience and accomplishment. Her resume includes Assistant Privacy Commissioner of Canada and Director, Private Sector, for the Office of the Information and Privacy Commissioner of Alberta. I’ve had the pleasure of knowing Commissioner Denham for some time and have always appreciated her practicality and great sense of humour. B.C. will undoubtedly be well-served.

Of course, I’d like to thank Commissioner Denham for agreeing to engage in this online conversation.  If you’d like to learn more about Elizabeth Denhem or B.C.’s Information and Privacy Commissioner’s Office (“OIPC”), I’d encourage you to visit the OIPC’s website (www.oipc.bc.ca).

Q – You served as Assistant Privacy Commissioner of Canada until being appointed BC’s Information and Privacy Commissioner in July 2010. How are things going in your new role?

A – It is a good thing that I am a recreational runner, because I have certainly hit the ground running! This is an extremely busy office, due to the scope and nature of the work and to the fact that I have inherited one of the leanest oversight agencies in the country. I am very lucky to have a team of hardworking, enthusiastic and seasoned professionals to support me.

While I do have “in the trenches” FOI experience, that was more than 10 years ago, forcing a quick re-immersion into the duties of ensuring accountable and transparent government. Since my appointment I have issued a report on the timeliness of government responses to access requests, worked on a strategy for government-wide proactive disclosure and executed our annual tribute to open government, Right to Know Week.

However, in my view the biggest challenge facing me in this term is public sector privacy issues. The government has ambitious plans for data sharing across ministries, to create linked electronic databases. It is my immediate priority to ensure that privacy is baked into BC’s e-government programs, including e-health.

Q – I’ve long considered BC one of the most progressive privacy jurisdictions in Canada. How has this happened and what can other provinces/territories learn from BC’s privacy community?

A – I think there are a number of factors that has put BC out in front with respect to privacy. My two predecessors, David Flaherty and David Loukidelis, are without a doubt two of the top privacy experts, and their ability to break trail has benefited all of BC. The former Commissioners were very skilled at making privacy a common topic of discussion and spreading the word about privacy rights and obligations. BC also has active and engaged civil society pushing hard for access and privacy rights, and I am referring to the BC Freedom of Information and Privacy Association as well as the BC Civil Liberties Association as key thought leaders. Finally, the citizens of BC have a reputation for being politically aware and engaged, and unafraid to bring burning issues to the forefront. I think the key learning outcome for other jurisdictions is work hard at capacity building and public outreach, and encourage other groups to actively enter the policy debates around access and privacy. We need other voices. Regulators cannot do it alone.

Q – Given that BC has a provincial privacy law (PIPA) that is “substantially similar” to PIPEDA, and considering that many readers of this blog are from outside BC (and Canada), can you briefly highlight the most important things that businesses should know about BC’s private sector regime?

I think the three most important points are these:

First, make sure you have a legitimate operational need to collect any personal information. This requires ongoing monitoring to ensure the operational requirement still exists, and routinely and safely purging personal information no longer required. Personal information is both an asset and a liability, and collecting and retaining personal information when no reason exists is a huge business risk.

Second, be transparent about what you are doing with the personal information you collect in the course of your operations, and ensure that anyone that you hire on your behalf behaves in the same manner.

Finally, data safeguards, or rather the lack thereof, remain the primary source of privacy breaches and a threat to your business brand. Safeguards are much more than passwords and locked cabinets—they include proper and ongoing staff training, privacy audits and assessing the privacy impacts of new policies, programs or services. Safeguarding personal information requires ongoing attention, and a willingness and ability to adjust the safeguard strategy when needed.

Q – Your work in the area of social networking as been outstanding, which in the case of Facebook resulted in a number of changes to the social networking site—changes that were implemented on a global basis. Some readers may presume that a privacy commissioner such as you wouldn’t use social networking sites. In my case, I’m active on LinkedIn. How about you?

A – I have several accounts with social networks, including Facebook and LinkedIn. I first joined the networks because I wanted to deeply understand the services, and their functionality; this was critical to my work. But Facebook also helps me keep track of my far-flung 20-something children who live their lives on-line! But I am a savvy consumer of these services, and obviously avail myself to all of the privacy controls they offer. I do not post anything on either of those sites that is not already publicly available or any information that I would not hesitate to make public. I am very careful before downloading any third party application—carefully scrutinizing their privacy policies beforehand.

Q - In your view, what kind of privacy developments should we watch for in the coming year in British Columbia?

A – On the government side, I think the primary issues will be an increase in the development of linked data networks containing personal information bringing risks to transparency, appropriate access, use and disclosure and a heightened risk of transmission of inaccurate and incomplete information.

On the private sector side, I know we will see more collaboration and cooperative oversight between the federal and provincial commissioners. New technologies and business models challenge the ability of any office to “go it alone”. Canada is a leading voice on privacy and new technologies. I look forward to working with my colleagues on smart, relevant and timely oversight.

1 Comment | Facebook, Internet, Personal Information, PIPA, Privacy, Privacy Commissioner, Social Networking Websites | Tagged: , , , , | Permalink
Posted by Brian Bowman

The NDP’s decade of dithering on e-commerce

July 9, 2010

Have you ever wondered if an electronic document like an e-mail or a scanned image can be used instead of a paper document to meet a legal requirement? How about using an electronic signature as opposed to a written signature?

Unfortunately, the provincial government’s dithering over the past decade will not help you answer these important questions.

Manitoba’s e-commerce legislation, called The Electronic Commerce and Information Act, was passed in the Manitoba Legislature in 2000. It was then billed as a cutting edge law that would help Manitobans to prosper in the online world.

Read more>>

Leave a Comment » | Government, Internet, Online Shopping, Sale Transactions, Technology | Tagged: , , , | Permalink
Posted by Brian Bowman

Must departing employees “de-friend” connections on LinkedIn?

June 16, 2010

Can the act of connecting with other professionals on social networking websites such as LinkedIn constitute a violation of a non-compete or non-solicitation contractual undertaking? Are departing employees that are subject to such restricted covenants required to disconnect and “de-friend” colleagues and customers of their former employer until the contractual undertaking have expired?

ComputerWorld is reporting today that an IT staffing firm has accused one of its former employees of violating her non-compete undertaking through her conduct on LinkedIn. I’m not aware of any similar lawsuit to date in Canada so it’ll be interesting to see how this particular case evolves in the U.S. This case and others that I’ve previously noted highlight the blurring line between online and offline worlds. Businesses should consider whether or not, and to what extent, they should try to enforce such restrictive covenants in the social networking world. Stay tuned…

Leave a Comment » | Employee Monitoring, Internet, Monitoring, Online Reputation Management, Social Networking Websites | Tagged: , , , , , | Permalink
Posted by Brian Bowman

Today’s “buzz” on Google Buzz offers lesson for new service roll-outs

April 20, 2010

Canada’s Privacy Commissioner, Jennifer Stoddart, has teamed up with nine other country’s privacy watchdogs today to warn Google and other organizations to better respect people’s privacy rights. The privacy commissioners have sent a letter to Google, accusing it of overlooking privacy values and legislation in launching new online products.

The privacy commissioners’ letter states, “we are increasingly concerned that, too often, the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications. We were disturbed by your recent rollout of the Google Buzz social networking application, which betrayed a disappointing disregard for fundamental privacy norms and laws… Unfortunately, Google Buzz is not an isolated case. Google Street View was launched in some countries without due consideration of privacy and data protection laws and cultural norms. In that instance, you addressed privacy concerns related to such matters as the retention of unblurred facial images only after the fact, and there is continued concern about the adequacy of the information you provide before the images are captured… We therefore call on you, like all organizations entrusted with people’s personal information, to incorporate fundamental privacy principles directly into the design of new online services. That means, at a minimum:

  • collecting and processing only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
  • providing clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
  • creating privacy-protective default settings;
  • ensuring that privacy control settings are prominent and easy to use;
  • ensuring that all personal data is adequately protected, and
  • giving people simple procedures for deleting their accounts and honouring their requests in a timely way.”

    • The privacy commissioners’ demand that Google and other organizations better incorporate privacy into the design of new online services underscores the need for the “Privacy by Design” initiative that Ontario’s Information and Privacy Commissioner recently discussed in my “A Conversation with Dr. Ann Cavoukian” post. All organizations, regardless of their size (after all, we’re all not Google), would be well-advised to learn from today’s “buzz” about Google Buzz.

    Leave a Comment » | Data Protection, Due Diligence, Ontario's Information and Privacy Commissioner, Personal Information, Privacy, Privacy Commissioner of Canada, Social Networking Websites, Technology | Tagged: , , , , , , | Permalink
    Posted by Brian Bowman

    « Previous Entries
    Follow

    Get every new post delivered to your Inbox.

    Join 73 other followers