Tuesday, February 06, 2007

Federal Court orders Privacy Commissioner to investigate American company

Yesterday, the Federal Court of Canada released what is an important decision related to the jurisdiction of the Federal Privacy Commissioner to investigate organizations outside of Canada, but are trafficking in the personal information of Canadians. Phillipa Lawson, of the University of Ontario, filed a complaint against Abika.com after she ordered, paid for and obtained her own personal information from the information broker. She then complained to the Privacy Commissioner of Canada under PIPEDA. The Commissioner declined to investigate saying that the legislation does not extend to investigating organizations located only in the United States.

Phillipa Lawson sought judicial review of the decision not to investigate and the Federal Court agreed. It concluded that the Privacy Commissioner confused her power to investigate with the effectiveness of the investigation. (Abika refused to participate in the investigation.)

The conclusion of the decision says it all: "In conclusion, PIPEDA gives the Privacy Commissioner jurisdiction to investigate complaints relating to the transborder flow of personal information."

Thanks to Michael Geist for the link.

For additional background, see here.

Posted by privacylawyer at 2/06/2007 04:28:00 pm 0 comments
Labels: , ,

Monday, February 05, 2007

No sneaky PC searches in Germany

A federal court in Germany has concluded that law enforcement are not permitted to remotely search suspects' computers. They continue to be fair game during legitimate, in-person searches, however. See: German court bars stealth PC searches - Yahoo! News
Posted by privacylawyer at 2/05/2007 11:16:00 pm 0 comments
Labels: , , ,

VeriChip goes public

Applied Digital Solutions, the creator of VeriChip, is planning an IPO shortly. It'll be interesting to see how investors feel about this controversial company and its technology. See: A Medical ID Business, Much Criticized, Plans a Stock Offering - New York Times.
Posted by privacylawyer at 2/05/2007 11:51:00 am 0 comments
Labels: , ,

Sunday, February 04, 2007

Gov't balks at phone privacy provision

The Federal Communications Commission is trying to develop rules to counter pretexting, but is encountering resistance from the FBI and Secret Service. A requirement to destroy calling records after they have served legitimate business purposes would not make the records available to be reviewed by law enforcement. A second requirement to notify consumers if their records have been disclosed by a pretexter would tip the consumers off if they are the subject of an investigation. See: Gov't balks at phone privacy provision - Yahoo! News.

Posted by privacylawyer at 2/04/2007 11:36:00 pm 0 comments
Labels: , , ,

Consumer response and responsibility

Dissent, at the Chronicles of Dissent (part of Pogowasright) asks whether consumer stupidity plays a role in privacy breaches and the response. Dissent points to an article from my local newspaper, the Chronicle Herald, quoted below.

I can't say that Canadians are more prudent or insistent about their privacy than our cousins below the border, or more stupid. In my experience on the east coast of Canada, most folks around here are much more trusting of the companies they do business with. The cynicism from down south hasn't quite permeated this neck of the woods. One thing we generally are more tolerant of is government regulation, such as that governing privacy.

We have not yet seen any provinces or the federal government come up with mandatory breach notification, with the narrow exception contained in Ontario's health privacy law. In that regard, we are lagging behind most of the states in the US.

Winners reassures Canadians

Security breach did not involve cards issued north of border, says retailer

By AMANDA-MARIE QUINTINO The Canadian Press

TORONTO — Assurances from Winners and HomeSense that a security breach reported last month did not involve Canadian debit-card transactions isn’t making much of dent with customers of the two retail chains.

Not much can keep them from their bargain hunting.

The deals to be found at Winners makes the risk of becoming the victim of credit card fraud worthwhile, said Sherry Croney as she slowly sifted through the blouse racks at one of the chain’s cavernous stores in downtown Toronto.

Croney said she never uses her credit card when clothes shopping, and even if she did, a security breach wouldn’t stop her.

...

"Our computer security experts have now completed their investigation of the portion of our computer network that handles Winners and HomeSense transactions, and they have advised us that they do not believe that debit cards issued by Canadian banks were compromised in the intrusion," said a TJX statement posted on the Winners website.

I note there is only a reference to Canadian debit cards.... nothing said about credit cards.

Posted by privacylawyer at 2/04/2007 07:13:00 pm 1 comments
Labels: , , , ,

Saturday, February 03, 2007

Behind the scenes in organized online fraud

Wired News recently ran a very interesting, multi-part series that provides a behind the scenes look at organized credit card fraud:

Wired News: I Was a Cybercrook for the FBI

David Thomas ran one of the most popular online crime hubs, while the FBI ran him.

Tightening the Net

The Grifters operation makes headway against the notorious "King Arthur," the Moriarty of cybercrime.

Tracking the Russians

A U.S. agent tells of the frustration of tracking Eastern European criminal masterminds.

The Boards Come Crashing Down

The FBI shuts down its operation, as the Secret Service drops the hammer on the underground carding scene.

Posted by privacylawyer at 2/03/2007 10:14:00 am 0 comments
Labels: , ,

Incident: Veterans Affairs hard drive with personal data missing

The Associated Press is reporting that the US Department of Veterans Affairs has lost a portable hard-drive that contained unencrypted records of thousands of veterans. See: AP Wire | 02/03/2007 | VA hard drive with personal data missing.

Posted by privacylawyer at 2/03/2007 09:03:00 am 0 comments
Labels: , ,

Friday, February 02, 2007

PIPEDA Hearings - Days 9 and 10

The PIPEDA Review Hearings have resumed after a recess and Michael Geist continues to link to notes taken at the hearings (see: Michael Geist - PIPEDA Hearings - Days 9 (banking industry) and 10 (Chamber of Commerce, Insurance)). The focus has shifted to discussions of breach notification, a topic that now seems to have strong support on the committee.

Posted by privacylawyer at 2/02/2007 07:05:00 pm 0 comments
Labels: , ,

Thursday, February 01, 2007

Data Privacy Bill Expected to Target Retailers, Banks

According to the Washington Post, the new chairman of the House Financial Services Committee will be pushing hard for a national privacy/data breach law:

Data Privacy Bill Expected to Target Retailers, Banks - washingtonpost.com

Data Privacy Bill Expected to Target Retailers, Banks

By Brian Krebs

washingtonpost.com Staff Writer

Friday, February 2, 2007; Page D03

Data privacy is likely to be among the hottest technology issues to face Congress this year, in part due to interest from the new chairman of the House Financial Services Committee.

Panel Chairman Barney Frank (D-Mass.) said he plans to craft a bill that would exempt companies from disclosing data breaches, provided they secure the data with encryption software or other technology that would render it virtually unreadable if it fell into the wrong hands....

Posted by privacylawyer at 2/01/2007 11:23:00 pm 0 comments
Labels: ,

Citizen Journalism and Privacy

Teresa Scassa of Dalhousie Law School has an interesting contribution to blog*on*nymity about Citizen Journalism and Privacy.

Posted by privacylawyer at 2/01/2007 07:53:00 am 0 comments
Labels:
Subscribe to: Posts (Atom)