(Nov 25, 2015) The Canadian government should “stay the course” and move forward with pro-privacy revisions to the contentious anti-terror legislation, Bill C-51, Michael Geist argues in an op-ed for The Toronto Star. “The security of all Canadians is absolutely crucial, but there is reason to believe that it can be achieved while still respecting individual privacy rights,” Geist writes. “Rather than slowing down work on Canadian privacy and surveillance policy, recent events in Europe point to the urgent need to address the inadequacies of Canadian oversight while also working to develop rules that provide Canadians with stronger assurances that the law is working to safeguard both their security and privacy,” he adds. Read More

Canada Dashboard Digest

Get the 411 on BYOD from the IAPP

(Nov 25, 2015) Bring Your Own Device (BYOD) programs reportedly result in increased employee productivity and job satisfaction, but they also bring privacy and security challenges such as unauthorized access and loss or theft of the device. Luckily, both technical and policy solutions exist to help organizations combat these issues, and lots of industry guidance. This practice guide from the IAPP’s Westin Research Center offers an overview of BYOD, the trends associated with it and the laws that may affect your implementation of it. Plus, see sample policies, tools and strategies for an effective BYOD program. (IAPP member login required.) Read More

Canada Dashboard Digest, Daily Dashboard

PCI SCC Explains How To Respond to a Breach

(Nov 25, 2015) Recently, the Payment Cards Industry Security Standards Council (PCI SSC) published a three-page guide titled Responding to a Data Breach that articulates its position on the correct response to a security incident at a merchant location where the attack exposed cardholder data. This guidance comes at an opportune time as security incidents continue to make headlines, cost organizations significant sums of money and demonstrate the parlous state of most organizations' ability to detect and respond to security incidents. The guidance also highlights some of the difficulties in developing proper response procedures, specifically the challenges in mapping out complete, thorough procedures that actually hold up under the stress of an actual incident, writes Jacob Ansari in this exclusive for The Privacy Advisor. Read More

Canada Dashboard Digest, Daily Dashboard

Fung: Tech Teams Need Ethics Training

(Nov 25, 2015) In most of the recent corporate scandals brands’ top managers have taken heat for, including Ashley Madison and Whole Foods, “none of the dubious activities could have happened without the active participation of technical teams,” writes Kaiser Fung for Harvard Business Review. And that’s a problem that business managers are missing. “The people who collect, store, manage and process our data are not being held to any ethical standards,” Fung writes. A solution? To have every technical and data team go through on-boarding training “that covers the ethics of using data,” he says. “A culture needs to be developed in which team members feel comfortable to bring up discussions about ethics.” Read More

Canada Dashboard Digest, Daily Dashboard

Hilton Hacked, and Hacked Again

(Nov 25, 2015) Hilton Worldwide Holdings announced yesterday, after trading closed, a breach of customer payment data, according to The Wall Street Journal. Earlier in the week, the Starwood hotel chain reported a breach, as well. Brian Krebs notes that he first identified the breach two months ago, and that this is merely an acknowledgement that his report was correct. The intrusion was the result of malware found on point-of-sale systems, with the breach occurring over two separate periods, between November ... Read More

Canada Dashboard Digest, Daily Dashboard

PwC To Hold "Freedom Conference"

(Nov 25, 2015) Following the cancellation of our Data Protection Congress, originally scheduled for next week in Brussels, PwC contacted the IAPP about an event they'd like to hold in solidarity. Their "Freedom Conference" is now scheduled for 2 December in London. Details for attending the event can be accessed by clicking the "" link. Read More

Canada Dashboard Digest, Daily Dashboard

How Will TPP Affect Data Flows and Privacy?

(Nov 24, 2015) A report for The Diplomat analyzes how the Trans-Pacific Partnership (TPP) will affect trans-border data flows in the Asia-Pacific region. “By taking a look at relevant chapters within the TPP—including e-commerce, financial services, intellectual property and telecommunications—a broader picture about the potential future of cross-border data flows materializes,” the report states. Of note, the TPP includes provisions for privacy and limitations on data localization. “However,” the report adds, “despite these positives, the TPP does leave some wiggle room for countries to skirt their responsibilities and implement policies that might block the free flow of data across borders.” Read More

Canada Dashboard Digest, Daily Dashboard

Op-Ed: We Still Must Value Privacy After Paris Attacks

(Nov 24, 2015) As governments reel in the aftermath of the Paris attacks, it is important that they ignore the “irresistible opportunity” to erode human rights in favor of stronger surveillance in the name of defensive security, Executive Director of the Human Rights Watch Kenneth Roth argues in an op-ed for Politico. “When people feel threatened, some politicians are too willing to flout individual rights for the promise of a quick fix,” he said. “As painful experience has shown, the smart counter-terrorism p... Read More

Canada Dashboard Digest, Daily Dashboard

Roundup: China, France, UK, U.S. and More

(Nov 23, 2015) China’s Legislative Affairs Office of the State Council has released a draft courier law for public comment that requires senders of parcels to indicate the name, address and phone number of both the sender and recipient as well as parcel contents on waybills and requires the courier company to verify that information. The French National Assembly has voted to give law enforcement increased search powers during the current state of emergency, and the UK’s so-called Snooper’s Charter is headed to the European Court of Justice. Also read an update on U.S. student privacy legislation and the dismissal of the Federal Trade Commission (FTC) v. LabMD case by the FTC’s Chief Administrative Law Judge in this week’s Privacy Tracker legislative roundup. (IAPP member login required.) Read More

Canada Dashboard Digest, Daily Dashboard

Reddit Updates Privacy Policy, Honors DNT

(Nov 23, 2015) After an eventful and controversial summer, Reddit has announced changes to its privacy policy, TechCrunch reports, including that it will begin honoring Do-Not-Track requests starting January 1. The company will also extend its retention of IP address data for an additional 10 days, up from 90, so it can “measure usage across the quarter.” Reddit CEO Steve Huffman said the company practices minimizing data collection because they “don’t want the liability of having it, whether it’s something th... Read More

Canada Dashboard Digest, Daily Dashboard