Saturday, October 30, 2010

Presentation: Location Based Services

The fourteenth annual Canadian IT Law Association conference just wrapped up and I had the distinct pleasure of sitting on a panel moderated by Michael Erdle, with Lisa Lifshitz and Mark Hayes on the topic of privacy and social media, online advertising and location-based services.

I addressed location based services and, in case you're interested, here is my slide deck setting out the background for discussion:

Monday, October 25, 2010

Michael Power would like to introduce you to FATCA

Michael Power would like to introduce you to FATCA (Foreign Accounts Tax Compliance Act).

Don't blame the messenger; Michael's a nice guy:

Michael Power - It’s Time You Met FATCA

... So affected institutions (remember FATCA covers both financial and non-financial entities) must identify clients who are American (which means asking the question of every client since “U.S. persons” do live abroad); obtain their consent to the disclosure of sensitive personal information to the IRS or withhold the provision of a service for a failure to provide consent to disclose. How these organizations reconcile FATCA compliance with PIPEDA compliance is a topic for another day.

Privacy Commissioner releases draft report on 2010 consumer privacy consultations

The Privacy Commissioner of Canada has released her draft report on her 2010 Consumer Privacy Consultations that focused on "Online Tracking, Profiling and Targeting and Cloud Computing." You can get to the report here: http://www.priv.gc.ca/resource/consultations/index_e.cfm.

Sunday, October 24, 2010

Privacy for Sale: The Real Cost of Social Networking

This month's edition of The National magazine (National (English) - October/November 2010) has a significant multi-page article on privacy and social networking, featuring interviews with me, Michael Geist, Ariane Siegel and Jennifer Stoddart.

You can download the entire article in PDF here.

Tuesday, October 19, 2010

Using the Best and Ignoring the Rest: Connecting Social Media to Business Results

I've been invited to participate in a panel discussion at the Annual CBA Law Firm Leadership Conference on the use of social media by lawyers and law firms. Here's the description of the panel I'm on:
Using the Best and Ignoring the Rest: Connecting Social Media to Business Results

Blogging? Twitter? Facebook? There is no finishing line in the world of technology. While most law firm leaders are now comfortable with websites, this does not mean that the IT challenge is over. The next challenge is to make the most of social media - to identify, for example, the most promising uses of Twitter and Facebook in communicating and collaborating with clients. To help delegates sort the wheat from the chaff will be leading legal analyst, Jordan Furlong, and panelists moderated by Richard Susskind, with emphasis on case studies of what has worked for law firms in Canada and beyond.

Featured Speaker: Jordan Furlong, Senior Consultant, Stem Legal Web Enterprises, Ottawa

Panelists: Jeremy Grushcow, Lawyer, Ogilvy Renault, Toronto

David Fraser, Partner, McInnes Cooper, Halifax

Scott Wolfe, Jr., Member, Wolfe Law Group, LLC, New Orleans

Commissioner to initiate new investigation of Facebook, perhaps?

It appears that another investigation of Facebook by the Privacy Commissioner may be in the offing as it is revealed that the site passed -- perhaps unwittingly -- user info to advertisers and applications. See: Personal info slips through Facebook into advertisers’ hands - The Globe and Mail.

Monday, October 18, 2010

Wednesday, October 13, 2010

Stalking celebrities just got easier

Celebrity stalking is about to get much, much, much easier thanks to a soon-to-be released app called Just Spotted. Read more at TechCrunch: Celebrity Geo-Stalking In Real-Time. Finally. JustSpotted Launches Next Week.

Of course, this raises issues about celebrity privacy and then one has to ask what is the threshold for "celebrity". It's a bar that's dropping with each new D-lister reality show.

Tuesday, October 12, 2010

Mirror, mirror on the web

This week's Lawyers Weekly quotes me in an article by donalee moulton on monitoring and protecting your online defamation. See: Mirror, mirror on the web.

Monday, October 11, 2010

The Slow Demise of Defamation and the Privacy Torts

Daniel Solove at Concurring Opinions has some interesting thoughts on the progressive demise of defamation and privacy tort cases in the United States:

Concurring Opinions - The Slow Demise of Defamation and the Privacy Torts

I think this turn of events is unfortunate. People used to resort to self-help (violence and duels) to vindicate their reputations. Civilized society replaced these methods with a more humane alternative — using the court system to resolve disputes. Sadly, that method is increasingly becoming too expensive and cumbersome for people to use.

Some commentators argue that today, people can more readily have the record corrected or improve their reputations by posting good things about themselves online. But it is hard to manipulate Google and other search engines to make the good information crowd out the bad. The problem is that bad information is often more interesting and juicy — and hence more popular. And popularity is the key to getting information to the top of search engine results. Many people have short attention spans and don’t care to dig to find out the boring truth or other facts about a person.

We need to have an outlet in civilized society for people to vindicate their reputations. We need to have some meaningful way to prevent defamation and invasion of privacy. Otherwise, people will spread all sorts of damaging rumors and gossip about each other online, and victims will return to self-help methods. That would be a big step backwards.

I don't have any Canadian stats at my fingertips, but I would hazard a guess that defamation is flourishing in Canada while the privacy torts are stuck in neutral.

Friday, October 08, 2010

Teens Want More Privacy Online Too | Fast Company

Fast Company is reporting on a recent US survey that suggests that there is no generation gap when it comes to concern about privacy. Teens want control over their personal information in overwhelming numbers. See: Teens Want More Privacy Online Too | Fast Company.

This really isn't a surprise. Almost everyone, when asked, says they are concerned about their privacy. What really matters is what people do about it. If there is a generation gap, it's the comfort level about carrying out a large portion of their social lives online. But this has spread to the oldies, who are following suit in large numbers.

Wednesday, October 06, 2010

Facebook offers additional privacy features

Today, in what has been speculated to be phase one of significant announcements in the coming days, Facebook has revealed some important new features to increase user control over personal information. First, the company has unveiled a completely redesigned "groups" feature that allows you to more easily share information with smaller groups of friends, rather than all your "friends" or the world at large. The second is the ability to download the information that Facebook has about you. Read: Gawker: New Facebook Offers Cliques for Privacy, Techcrunch: This Was Just Phase One Of Facebook’s “Lockdown” — Redesign Still Coming and the Official Facebook Blog: Giving You More Control.

Tuesday, October 05, 2010

Privacy Commissioner's Annual Report on the Privacy Act tabled

Jennifer Stoddart has today tabled her Annual Report to Parliament on the Privacy Act (2009-2010). The report deals with her duties and the administration of the federal public sector privacy law.

Some highlights from her accompanying press release include:

  • Wireless audit: Of five federal entities examined, none had fully assessed the threats and risks inherent in wireless communications. Gaps in policies and/or practices resulted in weak password protection for smart phones and inadequate encryption for Wi-Fi networks and data stored on mobile devices. Shortcomings were also noted in the disposal of surplus handheld devices and the use of PIN-to-PIN messaging, a form of direct communication between two smart phones that is vulnerable to interception.
  • Disposal audit: Satisfactory policies and procedural rules were in place for paper shredding and the disposal of surplus computer equipment among the federal institutions audited. There were, however, disturbing deficiencies in practice. For example, tests on a sample of computers donated to a recycling program for schools revealed that 90 percent of the donating institutions had not properly wiped their computers’ hard drives, leaving behind data that was confidential, highly sensitive and, in some cases, even classified.
  • Unauthorized access to tax records: An OPC investigation confirmed that a former Canada Revenue Agency worker had posted to an Internet chat group some personal tax information of high-profile sports figures, which he appears to have gleaned while working at the agency. The investigation further found that other staff still with the agency had similarly accessed tax records without authorization. They were subsequently suspended or fired and new measures were introduced to safeguard the data.
  • RCMP Automated Licence Plate Recognition Program: A surveillance technology rolled out by the RCMP in British Columbia, which aims to spot stolen or uninsured vehicles, raised concerns about the collection and retention of incidental licence plate data from cars that were lawfully on the roads. In response to OPC recommendations, the RCMP made privacy-sensitive modifications to the program.
  • Political Impartiality Monitoring Approach: The OPC reviewed a Privacy Impact Assessment for the Political Impartiality Monitoring Approach, a program developed by the Public Service Commission to monitor media outlets, personal websites and social networking sites for signs of inappropriate political activity by government employees and appointees. The review raised concerns about the scope and privacy implications of the initiative. In response, the Commission undertook to modify its approach and to provide the OPC with a new Privacy Impact Assessment in the fall of 2010.
  • Technical malfunctions: Several investigations turned up mechanical or computer glitches that led to the unauthorized disclosure of personal information by federal institutions. For instance, a programming flaw allowed a hacker to access personal information submitted through the Canada Post Ombudsman’s online complaint system.
  • Federal administrative tribunals: The OPC continues to express concerns about the disclosure of personal information by administrative tribunals and other quasi-judicial bodies. In one case, the Public Service Staffing Tribunal improperly shared sensitive medical information about an individual with hundreds of his former colleagues. In 2009-2010, the Office published guidelines for tribunals on balancing transparency and privacy in the Internet era.