BNA_PA_09_16_Privacy Laws-728x90

(Aug 26, 2016) I can't imagine you didn't hear about the Ashley Madison decision that came out this week. I, too, am highlighting this news because I think it’s important to give kudos when they're due. I suppose I’m not always singing the praises of the OPC, so when given a proper chance to do so, I’ll take it.  The decision is very good. It provides some real world examples of what not to do. They didn’t just conclude that the safeguards in place were inadequate, rather they went a step further and provided... Read More

Canada Dashboard Digest

Regina Health did not take proper action following illicit viewing of patient records

(Aug 26, 2016) The Canadian Press reports an investigation conducted by Saskatchewan's privacy commissioner found Regina Qu'Appelle Health Region did not act properly after an employee was caught illicitly viewing patient records. The Regina employee inappropriately accessed 97 medical records of 35 people, but the Commission investigation revealed the health system took three months to put the employee on leave, and did not alert patients to the breach in an appropriate amount of time. “RQRHA advised that it ... Read More

Canada Dashboard Digest

Calgary to apologize for WCB privacy breach

(Aug 26, 2016) Metro Calgary reports the city plans to apologize for a privacy breach compromising the information of 3,716 individuals attached to Workers’ Compensation Board claim reports. The breached information included WCB claim numbers, names, incident dates, details regarding the claims, employee ID numbers, and costs associated with the claim. The City of Calgary said no personal contact information, Social Insurance Numbers, banking information, or Personal Health Numbers were leaked. “We apologize f... Read More

Canada Dashboard Digest

City employee puts Calgary on blast for breach response

(Aug 26, 2016) While Calgary city officials say its recent breach of Workers’ Compensation Board data has been contained, one anonymous city employee tells The Calgary Sun he’s not impressed. He says the city should offer a year’s worth of credit monitoring to those affected. “You work for the city and have higher expectations,” he said. “Shouldn’t they try to make it right?” The breach was caused, the city says, by an inadvertent email sent by an employee seeking technical help. But the complaining city employee doesn’t buy it: “I find it ridiculous it was sent to someone’s personal email and they say it wasn’t malicious.” Read More

Canada Dashboard Digest

How to ‘industrialize’ the mandatory DPO

(Aug 25, 2016) As most companies operating in Europe should by now be aware, as of May 2018 there will be a requirement for many firms to have a data protection officer. For small companies that nonetheless handle a lot of personal data, the sensible option may be to bring in an external DPO. There's likely to be a flurry of activity in the next couple of years, and one privacy professional who's definitely looking forward to the shake-up is Xavier Leclerc, the vice-president of the French association of data protection officers (AFCDP) and president of a company called Privacil. IAPP European correspondent David Meyer talks with Leclerc about the concept of the “mutualized DPO” in this piece for The Privacy Advisor. Read More

Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

PwC acquires to prepare for Privacy 2.0

(Aug 25, 2016) The age of privacy as a matter of policy and law is over. Now dawns the age of privacy as a technical matter, of automation, operations, and execution. At least that’s how PwC sees things, and that has fueled a pair of acquisitions in the identity and access management market, which will be bolted on to PwC’s growing cybersecurity, privacy and data protection practice. IAPP Publications Director Sam Pfeifle talks with PwC and the CEO of Everett, PwC’s latest buy, about why “if you don’t have deep technical expertise, such as about how biometric authentication works in a technical sense, you don’t have any future in the market.” Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

WhatsApp to begin sharing user data with Facebook

(Aug 25, 2016) The New York Times reports WhatsApp will start sharing user information with Facebook. The messaging app plans to send members’ phone numbers and analytics data to the social network, marking the first time WhatsApp has connected user accounts to Facebook. WhatsApp said neither company would be able to view users’ encrypted messages, and promised not to share phone numbers with advertisers. “Our values and our respect for your privacy continue to guide the decisions we make at WhatsApp,” Co-foun... Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Sony adds two-factor authentication for PlayStation Network

(Aug 25, 2016) ZDNet reports Sony has implemented two-factor authentication to its PlayStation Network. PlayStation and PSP owners can now connect their accounts to their smartphones and tablets. When logging into the PlayStation Network, a code will be sent to the chosen device, and the user must submit the code in order to access their account. The authentication system makes it harder for hackers to access the network. Implementing two-factor authentication is a response to the massive data breach the PlayStation Network suffered in 2011, where the names, dates of birth, and credit card numbers of 77 million users were compromised. Read More

Asia-Pacific Dashboard Digest, Canada Dashboard Digest, Daily Dashboard

Canadian Security Establishment increased interceptions 26x in 2015

(Aug 25, 2016) An Office of the Commissioner of the Communications Security Establishment report of the Canadian Security Establishment has found that the agency increased its rate of private communication interception 26-fold in 2015, the National Post reports. While the government won’t explain the reason for the increase, the agency did find that all of the CSE’s proceedings were lawful. CSE watchdog Bill Robinson predicts that that agency “may have targeted social media conversations between individuals and counted each separate message in the string as a private communication,” the report states. “A small number of online conversations could be responsible for the rather large total.” Read More

Canada Dashboard Digest, Daily Dashboard

Why data protection needs to extend to virtual places

(Aug 24, 2016) Without a doubt, the emergence of “Pokemon Go” has made a splash in the privacy world. From regulatory and lawmaker inquiries to real-world, unexpected privacy invasions, the game appears to be just the beginning of a new virtual reality paradigm. And though Google Maps and Niantic — the game’s developer — have honored most take-down requests from mis-tagged locations, the “real danger is that, due to the incredible popularity in a very short period of time, many imitators are looking to cash in on the location-based gaming craze.” In this post for Privacy Perspectives, Intel Senior Attorney Diana Jimenez and Group Counsel of IT, Privacy & Security Daniel Christensen, CIPM, CIPP/US, CIPT, discuss what is needed to protect personal data while allowing this exciting new innovation to thrive in the marketplace. Read More

Canada Dashboard Digest, Daily Dashboard, Europe Data Protection Digest