Designing Privacy Protections into Computer Systems

How do you design privacy & security into a new or re-designed computer systems?  How do you take advantage of the benefits of big data while protecting privacy? This presentation delves into these issues.

To view the presentation given by George C. Eyre, Designing Privacy into Computer Systems  which was given at Federated Press' Managing Privacy Compliance on  March 3 & 4,  2014,  go here:  www.law4it.com

Are You Ready For Canada’s Anti-Spam Act Which Comes In Effect On July 1, 2014

Do You Conduct Business Online?

If you conduct business online, you should review your terms of use, privacy policies and other legal agreements and marketing processes to ensure compliance with Canada’s new Anti-Spam law which is expected to come into force next year. The penalties are high ($1m for individuals and $10M for business) and the Act is very complex and the definitions are not as precise as they should be.

Read more... Add new comment

 

More at www.law4it.com

Is your Smart TV spying on you? Is your cable company spying on you?

A UK blogger discovered that his new LG Smart TV was sending back unencrypted information about what TV shows he was watching and the names of files in his USB card attached to his TV to LG. “In fact, there is an option in the system settings called "Collection of watching info:" which is set ON by default. This setting requires the user to scroll down to see it and, unlike most other settings, contains no "balloon help" to describe what it does.” He turned this switch off; however, it had no effect! The LG Smart TV was still spying on him.

Do you have a smart TV or are you thinking of buying? Is it spying on you? Also, is you cable company spying on you? More to come. at www.law4it.com

Designing Privacy Protection into Computer Systems

Are you involved in the design and implementation of computer systems (including web based systems) within your organization? If so, are you implementing privacy-by-design or a version of privacy at the design stage? To gain some insight into privacy-by-design and computer systems implementation,  view the following presentation given by George C. Eyre, Designing Privacy Protection into Computer Systems at Managing Privacy Compliance (Federated Press) which was held March 28 & 29, 2012 by clicking here:www.law4it.com

Bill C30 - Canada’s Spying Act

The federal government introduced Bill C-30, the online surveillance legislation, the name of which was changed after going to the printers to: “the Protecting Children from Internet Predators Act.” It should be called: “the Big Brother Act.” It breaches privacy laws and the Charter.



Its main features are that:
1. Telecommunications and Internet Service Providers (ISP’s) are required to give, without a warrant, subscriber data to police, national security agencies and the Competition Bureau , six types of identifiers from subscriber data; namely, Name, Address, Telephone number, Email address, Internet protocol (IP) address and Local service provider identifier.  This disclosure is not limited to criminal activity.
2. ISP’s are to provide a "back door" to make communications accessible to police;
3. It allows police to obtain information transmitted over the internet and data related to its transmission, including locations of individuals and transactions, by getting a warrant;
4. It allows courts to compel other parties to preserve electronic evidence;
5. An internal audit of warrantless requests that will go to a government minister and oversight review body
6. A review after Five years review is provided for.
7. Telecommunications service providers have 18 months to buy equipment that would allow police to intercept communications – these costs will be borne by these service providers and most likely passed on the consumers.
8. Changes the definition of hate propaganda to include communication targeting sex, age and gender.
The bill would be costly and increase the amount of data available for hackers: “This is going to be like the Fort Knox of information that the hackers and the real bad guys will want to go after. This is going to be a gold mine,” said Ontario Information and Privacy Commissioner Ann Cavoukian. “The government will say that they can protect the data, and they can encrypt it. Are you kidding me? The bad guys are always one step ahead.”
A major privacy concern with Bill C-30 is the mandatory disclosure of subscriber information without court oversight. Law enforcement has not shown that it needs these drastic measures since serve providers comply with the request 95% of the time. This disclosure should only be done for criminal activity and a streamline warrant procedure should be set up that can be reviewed by criminal defence lawyers etc.

Under intense pressure the federal government has stated that it is open to changes. The Bill as drafted is unconstitutional. Write your member of parliament to let your views be known!

Last Updated (Thursday, 23 February 2012 11:03)

the Privacy Commissioner of Canada launched new guidelines

On Dec. 6, 2011, the Privacy Commissioner of Canada launched new guidelines under the Personal Information Protection and Electronic Documents Act, PIPEDA for online behavioral advertising i.e. tracking users’ online activities in order to deliver targeted advertisements that are based on past activities and interests. There is a battle between web site owners desire to make increase revenue from personal information (PI) and privacy.

---

These guidelines provide that web site owners require a user’s knowledge and consent for the collection, use, or disclosure of personal information and that the purposes for which a user’s information is to be collected, used or disclosed be explained in a clear and transparent manner. Express consent (opt-in) is required when dealing with sensitive information whereas implied consent (opt-out) can be used when the information is less sensitive.

Implied consent i.e. "opt-out" consent may be used if:

First the user must be:

made aware of the purposes for the practice in a manner that is clear, obvious and understandable;

informed of these purposes at or before the time of collection and should be provided with information about the parties involved in the advertising; and

able to easily opt-out of the practice, ideally at or before the time the information is collected.

Also, the opt-out should both take effect immediately and be persistent, while the information collected and used:

must be limited, to the extent practicable, to non-sensitive information (for example, avoiding sensitive data such as health information); and

should be destroyed as soon as possible or "anonymised," so if someone gains access to it through say hacking, it can't be used to identify specific individuals.

The use of tracking techniques of which users are unaware of but can't decline such as web bugs, web beacons, and super cookies “should be avoided.”

These guidelines are consistent with the wording of PIPEDA and provide some guidance for the drafting of Canadian privacy policies. It is interesting to note that the use of web bugs and beacons was not forbidden but only “should be avoided.” Of great interest will be interesting to see how the large Internet companies such as Google and Facebook measure up to these guidelines and the Commissioner’s response.

BC  Supreme Court on Enforceability of Browsewrap Agreements such as Terms of Use & Copyright

In Century 21 Canada Limited Partnership v. Rogers Communications Inc., 2011 BCSC 1196 the BCSC heard allegations by Century 21 that Roger’s subsidiary Zoocasa improperly scraped content from Century 21′s online real estate listings.  For more information go to www.law4it.com