CBC (Canada): Voters list privacy breach occurred, Alward says

CBC reports on a privacy breach in New Brunswick, Canada, concerning voters: A serious privacy breach has been discovered with the New Brunswick voters list, Premier David Alward informed the legislative assembly on Wednesday morning. Alward referred to the privacy breach as a “serious incident.” He called it a “human error.” Alward told the legislature [...]
Privacy Lives

International data breach report flags alarming trends

http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

A report by Verizon highlights some extremely troubling trends about the types of data breaches occurring around the globe and also how organizations of all sizes are failing to adequately respond to new threats.

Verizon studied 855 breaches in 2011 involving organizations in 36 countries and compromising over 174 million records. Those figures are alarming in themselves.  But just as concerning are some of the statistics drawn from an analysis of these incidents.  Consider:

  • 98 percent of breaches examined in the report stemmed from external agents, notably organized criminals, but also an increasing number of activist groups.  Meanwhile, only 4 percent of breaches involved internal employees.
  • Hacking was linked to the vast majority of incidents – 81 percent.  As well, increasingly invasive malware was used in 69 percent of the breaches.
  • Most breaches were avoidable, with Verizon’s experts concluding that 96 percent of the attacks were not highly sophisticated.
  • Almost all of the firms involved – 96 percent – were non-compliant with the Payment Card Industry Data Security Standard.
  • Organizations also seemingly had trouble detecting breaches – 92 percent of incidents were discovered by a third party; and typically only weeks or months after the breach occurred.

The report is eminently readable and even occasionally funny (who knew there was a “Sesame Street” method of detecting data breaches).

It also includes a point-of-sale security tip sheet that anyone can cut out and distribute to the stores, restaurants and other businesses they frequent. There are more detailed mitigation strategies at the end of the report.

The report raises some fundamental questions about whether organizations – despite all the warnings and growing evidence of the risks – are taking data protection responsibilities and security standards seriously.

Office of the Privacy Commissioner

Free speech? Not when a newspaper sets a private eye on a journalist

Brian Cathcart: Free speech? Not when a newspaper sets a private eye on a journalist
THE FREE SPEECH BLOG

Privacy Awareness Week 2012: Privacy Resources for Young People

Young people today are sophisticated users of the Internet, using this medium with ease and enthusiasm. It is important that they understand the impact that these technologies can have on their privacy, and that they have the tools and information they need to make smart decisions.

That’s why the Asia Pacific Privacy Authorities (APPA) forum, which includes the Office of the Privacy Commissioner of Canada, has made Privacy Resources for Young People the theme of Privacy Awareness Week 2012, April 29 – May 5. 

Since 2008 our Office has been developing a variety of tools designed to teach young people about the relevance and importance of privacy when using modern technologies. The OPC has a Privacy Awareness Week 2012 web page with links to all of our privacy resources for youth, parents and educators, as well as links to privacy resources for youth developed by members of the APPA forum, at: www.priv.gc.ca/resource/paw/2012/index_e.asp.

If you would like more information on youth privacy, or to stay informed regarding our tips and tools for parents, educators and youth, visit the Office’s youth website at: www.youthprivacy.ca/.

You can also visit http://www.privacyawarenessweek.org for links to a wide variety of international privacy guidance including tips, animations, brochures, discussion topics and interactive website materials.

We also encourage you to follow us on twitter: @privacyprivee, Privacy Awareness Week: #2012PAW.

Office of the Privacy Commissioner

New York Times: How to Muddy Your Tracks on the Internet

The New York Times gives tips on how to make it more difficult to track your Internet activities. Here’s the context of why you’d want to cloak your Internet trail: There are no secrets online. That emotional e-mail you sent to your ex, the illness you searched for in a fit of hypochondria, those hours [...]
Privacy Lives

Accountability and the Importance of Effective Privacy Management Programs for Businesses

Accountability matters when it comes to privacy. As a business, though, you may not always find it clear what accountability really means when it comes to personal information protection.  

Accountability is the first fair information principle in the federal Personal Information Protection and Electronic Documents Act (PIPEDA). This reflects its importance—it is the bedrock of the Act. It’s also implicit in Alberta and British Columbia’s respective privacy laws, the Personal Information Protection Act (PIPA).  The principle outlines the things organizations need to do to have a compliant and accountable privacy program in place.  But what does that mean in practice?

To help businesses “get accountability right”, Alberta, BC and our Office have released new guidelines —Getting Accountability Right with a Privacy Management Program. These new guidelines outline the elements of an effective privacy management program and offer scalable strategies that can be implemented by any size business.

Why should you care? 

These new guidelines outline how our offices view effective privacy management.  Big or small, an accountable business should be able to demonstrate to Privacy Commissioners that they have an effective, up-to-date privacy management program in place in the event of a complaint investigation or audit.  

Compliance, of course, is essential.  But we think there are a number of other benefits to having a privacy management program in place:

  • An organization that has a strong privacy management program may enjoy an enhanced reputation that gives it a competitive edge.
  • A privacy management program helps foster a culture of privacy throughout an organization and offers reassurance to customers and clients
  • Proper use of risk assessment tools can help prevent problems. Fixing a privacy problem after the fact can be costly so careful consideration of the purposes for a particular initiative, product or service, and an assessment that minimizes any privacy impacts beforehand is vital.
  • With a privacy management program, organizations will be able to demonstrate to customers, employees, partners, shareholders, and privacy commissioners that they have in place a robust privacy program that shows only compliance with privacy laws in Canada, but also that they are taking protection of personal information seriously.

Related Documents:

Guidelines: Getting Accountability Right with a Privacy Management Program

Interpretations: “Accountability”

Announcement: Commissioners Outline Building Blocks for Effective Privacy Management

Office of the Privacy Commissioner

Update: European Data Privacy Officials May Reopen Investigations Into Google Street View

To recap: In 2010, Google came under fire for its Street View product, where the online services giant photographed homes and other buildings in numerous countries as part of its online mapping service, as individuals said the photos invaded their privacy. Then, in 2010, Google announced that, for more than three years — in more than 30 countries — it had been [...]
Privacy Lives

Remarks by Secretary of Homeland Security Janet Napolitano: Achieving Security and Privacy

On Thursday, U.S. Department of Homeland Security Secretary Janet Napolitano visited Canberra, Australia, to celebrate the 70th Anniversary Commemoration of the Battle of the Coral Sea (related to World War II). She also came to sign agreements, including one to “improve information sharing between the United States and Australia.” During her trip, she spoke at [...]
Privacy Lives

Rep. Ed Markey: When, How Are Wireless Carriers Sharing Consumers’ Personal Information With Law Enforcement?

Rep. Ed Markey (D-Mass), co-chairman of the House caucus on privacy, has sent letters (Markey page; archive pdf) to nine major wireless communications companies  – U.S. Cellular, Sprint Nextel, T-Mobile USA, Leap Wireless Inc./Cricket Communications, MetroPCS, Verizon Communications, AT&T, C Spire Wireless and TracFone Wireless — and asked “each about its policies and practices for sharing [...]
Privacy Lives

Government to apply for core participant status at Leveson Inquiry

Marta Cooper: Government to apply for core participant status at Leveson Inquiry
THE FREE SPEECH BLOG