I can't imagine you didn't hear about the Ashley Madison decision that came out this week. I, too, am highlighting this news because I think it’s important to give kudos when they're due. I suppose I’m not always singing the praises of the OPC, so when given a proper chance to do so, I’ll take it.
The decision is very good. It provides some real world examples of what not to do. They didn’t just conclude that the safeguards in place were inadequate, rather they went a step further and provided significant detail, allowing us to learn from the mistakes of the company. I know that I’m going to feel more confident advising clients about certain things after I commit the decision to memory.
And, if you don’t have time to read the whole decision (it is rather long), the OPC also put out a handy cheat sheet. In it, they provide some solid advice — with significant detail — to help organizations do things better in a number of areas.
Good on the Canadian and Australian commissioners for taking this one on.
My only real frustration with this case is that, other than having to fix their errors, there's no real punishment for Ashley Madison. And, in my view, very little deterrent comes from this. Despite the fact that they lied to their users by actually faking a security seal! By simply agreeing to be better, the company got a ton of free publicity in which they come out looking okay, because they made the smart move of just agreeing to every recommendation.
I know I say this a lot, but privacy laws need some growing up in Canada to keep up with the kinds of new problems that arise and the huge number of people who can be affected by these mistakes — scratch that — these choices to ignore security and privacy.
If you want to comment on this post, you need to login.