Posts Tagged ‘canada’

In August, we wrote that the Canadian Government had given Facebook 30 days to comply with 24 aspects of Canada’s Personal Information Protection and Electronic Documents Act or enforcement by the Federal Court may be requested.

On August 27, the Office of the Privacy Commissioner held a news conference to announce progress in the Facebook investigation. Facebook has also released a news brief.

Facebook has announced that it will be making changes to its API, the interface third-party services use to request information from Facebook and its users. The changes would require application developers to specify which pieces of information they would like to access in a user profile and why. Users will also be able to deny access to specific pieces of information. Up until now, the nearly 1 million application developers had almost unrestricted access to profile information.

As many have rightly pointed out, it seems contradictory to participate in a social network and to then attempt to restrict access to some or all of your personal information.

To us at the Office, users should have the chance to find out what information is being collected by the social networking site or a third-party application, and for what reason. Third-party applications have long been a concern to members of the privacy advocacy community, since they have had relatively free access to the information stored in your Facebook profile.

I’m incredibly happy that the Canadian government undertook this privacy investigation. After all, the changes that Canada is requiring of Facebook will not only make the site safer for Canadians but for all Facebook users. These changes, and others requested by the Commissioner, may take months to implement. That said, the Privacy Commissioner is “satisfied Facebook is on the right path to addressing the privacy gaps on its site.”

For a full outline of the issues that the Canadian government brought up, and Facebook’s response, read here.

Last month, Canada’s Privacy Commissioner released a statement about Facebook and its compliance with Canadian privacy laws. The statement is the result of a study into allegations by the Canadian Internet Policy and Public Interest Clinic that Facebook was not complying with 24 aspects of Canada’s Personal Information Protection and Electronic Documents Act. These aspects included default privacy settings, collection and use of personal information, and disclosure of personal information to third parties. Some of the findings concluded that the allegations were not well-founded, while others were supported.

As a result of the report, Canada has released its Report of Findings and its request that Facebook strengthen its privacy protections. The press briefing included some praise for Facebook’s current privacy measures, though many areas were identified for improvement.

Areas of requested improvement include:

• Improving information about privacy practices (example: information on deactivating vs deleting an account)
• Improving safeguards that restrict outside developers from accessing unnecessary profile information
• Deleting personal information after it is no longer necessary to meet appropriate needs (to comply with Canadian law)

Facebook made some improvements to their privacy measures when provided with an interim report; they now have 30 days (from July 16) to respond to the full report.

Facebook has agreed to adopt many of the recommendations stemming from the Privacy Commissioner’s investigation or, in some cases, has proposed reasonable alternatives to the measures recommended. However, there remain a number of recommendations that Facebook has not yet agreed to implement.

The Privacy Commissioner is empowered to go to Federal Court to seek that the recommendations be enforced. So, it may be that Canada’s report helps to strengthen Facebook privacy standards for all Facebook users!

Via internet evolution

The Canadian government ran a video competition for youth called the 2008 My Privacy & Me National Video Competition. The seven finalists, and the winning entry, have been announced! Each video tries to teach youth how technology affects privacy in some way.

The first place video, made by the John F. Ross CVI school in Ontario, was entitled ‘A Lesson in Privacy’:

The video shows a little turtle signing up for Facebook, providing lots of private information that people shouldn’t share online. A little snail tries to teach the turtle a lesson in online privacy. The 7 finalists can all be viewed here.

If you’re an educator or parent, perhaps the videos would be a good tool to illustrate the topic of privacy. Or perhaps you can use it as inspiration to start your own video project! Also check out the My Privacy Quiz, to see how well you know your privacy rights in Canada, and the top 10 things you can do to protect your privacy.

Via privacy commissioner blog

Who Breached: Starbucks
Number Affected: 97,000
Information breached: Social Security Numbers
How: stolen laptop

Starbucks Corp. confirmed this week that a laptop containing the information of 97,000 employees was stolen.

A Starbucks laptop containing names, addresses and Social Security Numbers was stolen on October 29th. It is not clear if the laptop was protected in any way, or how it was stolen.

In 2006, Starbucks reported the theft of four laptop computers, so it is sad that such an issue would again come to light. In 2006, the breach affected 60,000 Starbucks employees / partners. Although the Starbucks statement to employees, after this most recent breach, indicates that the company is taking step to protect data, including encryption, one would hope that those steps would have occurred in the 2-year period since the last breach. A copy of the letter sent to affected Starbucks employees can be found here.

You can help prevent data breaches such as these, or recover from them more easily, with strong computer security policies, enforcement and training and software such as Computrace from Absolute.

Other major data breaches for November, 2008:

• Luxottica Group, 59,000+ affected, hacker [read more]
• University of Florida College of Dentistry, 344,000+, compromised server [read more]
• Christus Health Care, thousands, stolen backup tapes [read more]
• Harvard Law School, 21,000, lost backup tapes [read more]
• North Carolina Division of Aging and Adult Services, 85,000+, lost laptop [read more]
• Baylor Health Care System Inc., 100,000, stolen laptop [read more]
• Arizona Department of Economic Security, 40,000, stolen hard drives [read more]

And in other news…

And in a very strong statement by Canada’s Privacy Commissioner Jennifer Stoddart, Canada was called to shame for inaction on cybercrime. Stoddart called it an “embarrassment” that Canada does not protect the rights of individuals with provisions such as anti-spam legislation, strong identity theft legislation, or mandatory data breach provisions. Read more about this here.

Via datalossdb