(Jul 24, 2015) So, what do you think of the Ashley Madison story? I’ve been asked that many times this week. If you missed the story, the Ashley Madison site was allegedly hacked and the “bad guys” are threatening to release the names of all those registered with the site.  The site, of course, is one that promotes having extra-marital affairs … a dating site, with an unsavoury twist. The news media are particularly excited that, apparently, Ottawans have signed up in droves and statistically there are one in ... Read More

Canada Dashboard Digest

Ontario Seeing Hundreds of Complaints About Mishandling of PII

(Jul 24, 2015) Ontario Privacy Commissioner Brian Beamish described the continued mishandling of personal information by the government and its agencies “disappointing” in a report by the Toronto Star on more than 200 privacy complaints that have come into his office over the past 18 months. Most recently, a misdialed fax machine led to a breach affecting hundreds in Hamilton. While most of the breaches are the result of human error or computer glitches, and intentional breaches are quite rare, that provides little solace to those affected. “There is a couple of types of carelessness,” Beamish said. “One is punching in a wrong number on a fax machine,” but another involves not taking enough time up front to do privacy by design. Read More

Canada Dashboard Digest

The Ashley Madison Breach: Will a Class-Action Follow?

(Jul 24, 2015) The Verge reports on the hack of the controversial Ashley Madison website, known for promoting extramarital affairs, and how the site followed standard web security practices and failed to implement simple privacy and security design features, making such a breach "inevitable." The site's password-reset feature allowed other users to see who used the site, for one, and the site kept real names and addresses on file. Johns Hopkins Cryptographer Matthew Green makes the point that customer data is ... Read More

Canada Dashboard Digest

Commissioner: Employee Snooping “Not Acceptable”

(Jul 24, 2015) Saskatchewan Information and Privacy Commissioner Ron Kruzeniski speaks out against employee snooping after the country’s second incident within a week was reported at Lestock Motors, The StarPhoenix reports. The first incident occurred at the Saskatchewan Cancer Agency, where two employees viewed 48 health records and faced “disciplinary action,” according to a CBC report. “A breach has happened again," Kruzeniski said, adding, "I find snooping by employees unacceptable conduct, and it is an is... Read More

Canada Dashboard Digest

Snowden Describes Privacy-Focused Internet, Calls for SPUD Protocol

(Jul 23, 2015) Former U.S. National Security Agency contractor Edward Snowden remotely spoke at an Internet Engineering Task Force (IETF) meeting, urging attendees to design an Internet for users, not spies, NDTV reports. “Who is the Internet for?” Snowden asked. “Who does it serve; who is the IETF’s ultimate customer?” He said the growing use of credit cards on the web is pinpointing users’ identities. “We need to divorce identity from persona in a lasting way,” he said. “If it’s creating more metadata, this is in general a bad thing.” Snowden urged the engineers to implement the SPUD protocol, reducing the number of intermediaries through which data passes by a combination of transport protocols. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Google Rolls Out User-Friendly Location History Tool

(Jul 23, 2015) Google is rolling out a new “your timeline” feature for Google Maps in coming weeks “that is certain to thrill some folks—and horrify others,” PCWorld reports. The feature allows users to view their entire location history on Google Maps based on data pulled from devices upon sign-in to Gmail. Google says it’s a useful way to remember where you’ve been on any given point in time and that it’s only viewable to the user. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Microsoft To Honor Revenge Porn Takedown Requests

(Jul 22, 2015) Calling it a “first step,” Microsoft announced Wednesday it will honor takedown requests for so-called “revenge porn” in its Bing search engine and content access removal from Xbox Live and OneDrive upon a victim's requests. “Much needs to be done to address the problem,” Jacqueline Beauchere wrote in a Microsoft blog post. “As a first step, we want to help put victims back in control of their images and their privacy.” The company has also set up a new reporting site for victims to inform Micro... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

New Reporting, Notification Obligations on the Way

(Jul 21, 2015) While many of the recent amendments to Canada’s Personal Information Protection and Electronic Documents Act are in force, the new breach reporting and notification provisions are not yet. Timothy Banks, CIPP/C, writes for Privacy Tracker about what we know and what we can expect in terms of requirements for breach logs, reports and notifications under the new law. The information required to be included in reports to the Office of the Privacy Commissioner and individual notifications is expected to “be at least as comprehensive” as similar reporting obligations in Alberta, Banks notes. “What remains to be seen, however, is whether the government will ensure that the content of notifications remains harmonized to avoid the fractured approach in the United States,” he writes. (IAPP member login required.) Read More

Canada Dashboard Digest, Daily Dashboard

More Stores Shut Down Photo Centers

(Jul 21, 2015) CVS recently disabled its online photo center following news of a potential breach through PNI Digital Media, following a similar action by Walmart in Canada, and now other stores in the U.S. and UK—including Rite Aid, Sam’s Club and Tesco’s—have moved to the do the same after PNI, which either manages or hosts the sites, examined the possible extent of the breach, Reuters reports. “We take the protection of information very seriously,” said Kirk Saville of Staples, which purchased P... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Nymity Announces New EU Headquarters, New Roles

(Jul 21, 2015) Nymity has announced it will open a new European headquarters in London, UK, and Lauren Reid, CIPP/US, CIPM, will assume the role of director of EU privacy solutions. Reid has worked for two years at Nymity’s corporate headquarters in Toronto, Canada. “I am excited for the opportunity to be on the ground in Europe during what promises to be an eventful fall, with the EU regulation just around the corner and evolving expectations for the privacy office,” Reid said. Nymity President Terry McQuay, ... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest