(Nov 25, 2015) The Canadian government should “stay the course” and move forward with pro-privacy revisions to the contentious anti-terror legislation, Bill C-51, Michael Geist argues in an op-ed for The Toronto Star. “The security of all Canadians is absolutely crucial, but there is reason to believe that it can be achieved while still respecting individual privacy rights,” Geist writes. “Rather than slowing down work on Canadian privacy and surveillance policy, recent events in Europe point to the urgent need to address the inadequacies of Canadian oversight while also working to develop rules that provide Canadians with stronger assurances that the law is working to safeguard both their security and privacy,” he adds. Read More

Canada Dashboard Digest

Get the 411 on BYOD from the IAPP

(Nov 25, 2015) Bring Your Own Device (BYOD) programs reportedly result in increased employee productivity and job satisfaction, but they also bring privacy and security challenges such as unauthorized access and loss or theft of the device. Luckily, both technical and policy solutions exist to help organizations combat these issues, and lots of industry guidance. This practice guide from the IAPP’s Westin Research Center offers an overview of BYOD, the trends associated with it and the laws that may affect your implementation of it. Plus, see sample policies, tools and strategies for an effective BYOD program. (IAPP member login required.) Read More

Canada Dashboard Digest, Daily Dashboard

PCI SCC Explains How To Respond to a Breach

(Nov 25, 2015) Recently, the Payment Cards Industry Security Standards Council (PCI SSC) published a three-page guide titled Responding to a Data Breach that articulates its position on the correct response to a security incident at a merchant location where the attack exposed cardholder data. This guidance comes at an opportune time as security incidents continue to make headlines, cost organizations significant sums of money and demonstrate the parlous state of most organizations' ability to detect and respond to security incidents. The guidance also highlights some of the difficulties in developing proper response procedures, specifically the challenges in mapping out complete, thorough procedures that actually hold up under the stress of an actual incident, writes Jacob Ansari in this exclusive for The Privacy Advisor. Read More

Canada Dashboard Digest, Daily Dashboard

White House Urges APEC-EU Interoperability

(Nov 25, 2015) The Obama administration, together with leaders of the Asia-Pacific Economic Cooperation (APEC), is singling out the APEC-EU privacy interoperability project as a key initiative to prioritize helping the economies in the region. The project, points out TRUSTe’s Joshua Harris, “is working to establish mechanisms to facilitate a company’s simultaneous participation in the Cross Border Privacy Rules and Binding Corporate Rules systems,” adding, “The goal of this dual-certification approach is to streamline global privacy practices while eliminating the unnecessary duplication of efforts, something that many companies are looking at in light of the ECJ ruling on the validity of Safe Harbor.” In his post for The Privacy Advisor, Harris provides an update of this important development in global data flows. Read More

Daily Dashboard

FCC Hires Jonathan Mayer

(Nov 25, 2015) The Federal Communications Commission (FCC), reports The Washington Post, has hired Jonathan Mayer, known for everything from his work on the Do Not Track working group to his identification of “zombie cookies.” Perhaps most notably, Mayer was the one who, in 2012, identified the way Google was bypassing Safari’s do-not-track mechanism to drop cookies, a practice that later resulted in sanctions from the Federal Trade Commission and lawsuits in the EU. He will serve as the FCC’s “technical lead ... Read More

Daily Dashboard

Fung: Tech Teams Need Ethics Training

(Nov 25, 2015) In most of the recent corporate scandals brands’ top managers have taken heat for, including Ashley Madison and Whole Foods, “none of the dubious activities could have happened without the active participation of technical teams,” writes Kaiser Fung for Harvard Business Review. And that’s a problem that business managers are missing. “The people who collect, store, manage and process our data are not being held to any ethical standards,” Fung writes. A solution? To have every technical and data team go through on-boarding training “that covers the ethics of using data,” he says. “A culture needs to be developed in which team members feel comfortable to bring up discussions about ethics.” Read More

Canada Dashboard Digest, Daily Dashboard

GDPR Needs To Walk Line Between Hearty and Excessive

(Nov 25, 2015) While the General Data Protection Regulation (GDPR) does need “teeth,” it is important the legislation not veer into overbearing territory, Rene Summer opines in a The Network Society Blog op-ed. “The GDPR creates a wide range of complex considerations, few of which are black and white,” Summer said. “The issues are well worth discussing from an ethical and human rights perspective. However, we must not leap from such a perspective to draconian and excessive penalties, without bearing in mind other considerations. Excessive penalties are not only a risk to deceptive businesses but threaten prudent companies, the Digital Single Market, and citizens.” Read More

Daily Dashboard

Hilton Hacked, and Hacked Again

(Nov 25, 2015) Hilton Worldwide Holdings announced yesterday, after trading closed, a breach of customer payment data, according to The Wall Street Journal. Earlier in the week, the Starwood hotel chain reported a breach, as well. Brian Krebs notes that he first identified the breach two months ago, and that this is merely an acknowledgement that his report was correct. The intrusion was the result of malware found on point-of-sale systems, with the breach occurring over two separate periods, between November ... Read More

Canada Dashboard Digest, Daily Dashboard