TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Canada Dashboard Digest | Notes from the IAPP Canada Managing Director, October 7, 2016 Related reading: NIST launches development of 'privacy framework' in Austin

rss_feed
DPC18_Web_300x250-COPY

PrivacyTraining_ad300x250.Promo1-01

Busy lately? As a guy in private practice, I’m pretty careful about not complaining when things are too busy. After all, it’s much better being busy than waiting for the phone to ring. But, holy moly, things this fall are moving fast. How is it Thanksgiving already? I suspect it’s the same with you. What is it that you’re working on?

Me? A few things in particular but thought I’d mention the fact that I’m finishing a privacy audit where we examined the privacy and security practices of a third party that had access to my client’s data (including personal information). To be sure, I’m grateful for clients like this … the ones that take privacy and security seriously and go so far as take a close look at how their partners are doing it too. Clearly, from the news of the latest privacy breach of the Ottawa-based pot dispensary, not all organizations go the extra mile and even old mistakes (like ccing your entire client database) still happen.

The thing that has me worried is that my client spends a fair amount of money ensuring that the third parties it trusts with its data are doing things correctly. The audit costs them some money and there is a fair amount of time and resources allocated to it. In the end, I’m confident that they are doing the right thing.

The pot dispensary, on the other hand, obviously took short cuts. It violated people’s privacy by not training its staff properly. It saved some money in doing so. The consequence for them? Well, some extra publicity about the fact that they exist, I suppose. And, if you bother to read the story, you’ll see that they are actually otherwise painted in a favourable light. Makes me think that they are going to come out of this privacy breach without any real penalty. And, like the Ashley Madison case suggests, they might come out even better for it.

Who is doing privacy better? My client or the pot dispensary? Guess it depends on your sense of what is right and wrong. It’s definitely not something that our law does a good job defining.

 

Comments

If you want to comment on this post, you need to login.