Privacy policy, and the interaction of privacy protection with other policy.

Tech-thinkers stand on guard for all of us

A Business Edge News Magazine article by Tom Keenan talks about a recent Computers Freedom & Privacy conference in Montreal earlier this month.

The previous Liberal government introduced a bill to force Internet service providers to help spy on Canadians. It died on the order paper and the Harper government has not re-introduced it. However, Liberal MP Marlene Jennings gave first reading to a substantially similar bill this past March.

It's sure to inspire controversy, and you can track the bun fight at, the excellent website of the Canadian Internet Policy and Public Interest Clinic. The majority of the CFP gurus don't like the idea one bit.

Canadian Surveillance Bill Returns

Drew Wilson has published an article on Slyck that describes the private members bill tabled by the Liberals (Specifically Marlene Jennings, Liberal "Justice" critic) to increasing surveillance on online activities, and circumvent much of the privacy rights of Canadians.

RIAA to US ISPs: Help Us Sue Your Customers Better

An EFF article posted by Cindy Cohn includes:

EFF and others have long warned that copyright claims could become an altar on which personal privacy is sacrificed. Now the RIAA wants your ISP to voluntarily wield the knife, and there's no telling what else the RIAA might ask for once this cut has been made.

Canadians should remember that it is our stronger Privacy legislation, which requires that the copyright holder provide a minimal level of evidence of infringing activity before the court will allow the disclosure of private information.

Experts welcome call for security breach notification law

An article by Nestor E. Arellano in includes:

Canadian privacy law experts support a proposal that organizations be required to notify clients if their personal information has become vulnerable due to a security breach.

The proposal was initially made by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) earlier this week.

CIPPIC said the federal government should have "breach notification laws" similar to those in place in more than 30 American states.

CIPPIC calls for data security breach notification law

News Release Ottawa, ON January 9, 2007

Group calls for Security Breach Notification Law

The Canadian Internet Policy and Public Interest Clinic (CIPPIC) at the University of Ottawa is calling on the federal government to enact legislation requiring organizations to notify individuals when their personal information is exposed to potential thieves and fraudsters as a result of a security breach. In a White Paper released today, CIPPIC reviews breach notification laws enacted by over thirty American states so far, and argues that the federal government should have similar protections in place for Canadians.

Privacy Commissioner of Canada: Start the New Year with privacy resolutions

In a press release the Privacy Commissioner of Canada Jennifer Stoddart is urging Canadians to add good privacy habits to their list of New Year's resolutions.

While a great starting point, I wish she would add that we should also all inform the government that we oppose the legalization and/or legal protection of abuses of "technical protection measures" (TPMs) which circumvent the privacy and other rights of technology owners. TPMs which treat the owner as a threat, such as those that go under the names of "copy control" or "digital rights management" (DRM), disallow the owner to enforce their own computer security rules to protect their privacy and other rights. DRM and computer security may use the same underlying technologies such as cryptography, but are configured with the opposite goals.

Is the US government interested in protecting the privacy of its citizens?

I have been watching the media attention to the HP pretexting issue. I have been wondering if this would encourage the US government to enact privacy legislation, at least to the level that PIPEDA offers Canadians. This issue would not only deal with unscrupulous individuals like the past chair of HP's board, but also the behaviour of the major labels in the USA. It will force these labels to require some minimum level of proof of infringing activity before launching lawsuits against random citizens, allowing US citizens to enjoy the protection that Canadians have.

In a perspective on CNet, Declan McCullagh is skeptical.

The problem, though, is that the proposals in front of Congress aren't likely to stop some of the most aggressive users of "pretexting": the FBI, the Department of Homeland Security and other law enforcement agencies.

HP probe raises queries about Canadian telcos privacy policies

An ITWorld Canada article by Nestor E. Arellano includes:

probe recently carried out by Hewlett-Packard Co. into its own board members in the U.S. has raised concerns in Canada about how telecommunication service providers protect customers’ private information.
"The need to protect intellectual property or company information should not trump privacy and human rights," according to David Fewer counsel for the Ottawa-based Canadian Internet Policy and Public Interest Clinic (CIPPIC).

SWIFT probed for leaks

This London Free Press article by David Canton includes:

A complaint has been filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) under PIPEDA alleging that the six largest Canadian banks have failed to protect personal customer financial information from inappropriate disclosure by SWIFT. CIPPIC says Canada's big six banks all use SWIFT to process international money transfers. Even though it is SWIFT that is distributing the information, the banks do not escape liability and remain responsible under PIPEDA.

The Death of Privacy

This CIO Insight article by Jeffrey Rothfeder includes:

The Canadian Internet Policy and Public Interest Clinic, at the University of Ottawa, recently conducted an in-depth study of 64 major online sites, including those of Inc., Citigroup Inc., Staples Inc., Best Buy Co. Inc. and eBay Inc. The study found that, in general, an alarming number of Web-based operations are sloppy, if not downright negligent, when it comes to privacy practices. According to the CIPPIC report, released in April, "While almost all companies we assessed had a privacy policy and were thus aware of the need to respect customer privacy, many failed to fulfill even basic statutory requirements such as providing contact information for their privacy officers, clearly stating what they do with consumers' personal information and responding to access-to-information requests."

Syndicate content