Facebook changes privacy settings

On September 22nd Facebook introduced a new range of privacy settings aimed at “simplifying” the content users share, namely with respect to photos, personal information and various posts. Facebook says these changes are designed to make it explicitly clear to users who can see what is on their profiles at any given time. Now every time information is shared, the user is given the opportunity to quickly and easily adjust how visible it is to other users. These “inline controls” include where someone tags you in a photo or some other post, allowing you to tell who can see it by simply clicking on the icon in the top right corner. You can then very easily change your privacy settings relating to different types of posts accordingly. You also have the option of using a ”tag review” feature, which allows you to approve or deny posts to your profile before they becomes visible to others. This will likely be the most popular change, because it grants almost absolute control as to what is made visible on your page.

Some things you may not know… Under the default settings, when a person tags you in a status update this will appear on your profile. Therefore you may want to consider using the new tag/post review features in order to allow you to choose whether it makes it onto your wall or not. The default settings are set to “off”. When someone tags you in a post, it will be that person’s privacy settings that have final say over what is visible unless you specifically adjust the settings pertaining to posts you are tagged in. So make sure you personalize your privacy settings individually, because a “one size fits all” approach may not be in your best interests.

Do these changes require you to revisit your privacy settings? Your privacy settings should not have changed from what they were before, however some simplifications have been made. Therefore it is important that you check your settings to see what settings are now controlled “inline” (again, meaning adjustable for each separate post whether it be a picture, post or other information) and make sure that these inline controls are by default set to what you want.

What should you be doing moving forward? It is important to remember that Facebook is continually updating its layout, and this includes its privacy templates. While users should not fear that their settings will completely reset each time such changes occur, they should keep a close eye on new features that may (1) replace an existing feature; (2) remove an existing feature entirely; or (3) introduce something entirely different, which might require some tweaking from its default settings.

Buses, bingo and bins – and the need for privacy to be designed

Buses, bingo and bins. Probably not the first things that come to your mind when you think of privacy.

Yet in recent days, privacy issues have impacted school buses, casinos and garbage bins. This may seem odd when most privacy news stories these days deal with Facebook and other websites. But the world of privacy is increasingly affecting just about every segment of society. Read more>>

Supreme Court of Canada releases electric meter privacy decision

The Supreme Court of Canada (SCC) released an important decision today that considered whether an individual home owner had a reasonable expectation of privacy in electric meter data.

The police had asked a local utility company to attach a digital recording ammeter (DRA) to the electric meter on a home in order to monitor electrical usage. The data gleaned from the DRA and from other sources was then used to obtain a warrant to search the home. The search resulted in exposing a marijuana grow op. The defence argued that the installation of the DRA infringed the privacy rights of the accused to be secure against unreasonable search contained in Canada’s Charter of Rights and Freedoms.

A critical factual consideration, on which much of the disagreement in the case turned, was the degree to which the use of DRA technology reveals private information. The SCC ultimately decided that DRA technology merely indicates electricity use, not what the electricity was used for, so it was a reasonable loss of privacy.

Here’s an excerpt from the decision:

The central issue in this case is thus whether the DRA discloses intimate details of the lifestyle and personal choices of the individual that form part of the biographical core data protected by the Charter’s guarantee of informational privacy.  The evidence available on the record offers no foundation for concluding that the information disclosed by the utility company yielded any useful information at all about household activities of an intimate or private nature that form part of the inhabitants’ biographical core data.  The DRA’s capabilities depend of course on the state of the technology at the time of its use.  As DRA technology now stands, it is not capable of giving access to the occupants’ personal information.  Instead, the DRA data merely yield an additional piece of information to evaluate suspicions — based on an independent evidentiary foundation — police already have about a particular activity taking place in the home.

A final factor affecting the informational privacy analysis is the fact that G’s interest in the electricity use data was not exclusive.  G’s electricity consumption history was not confidential or private information which he had entrusted to the utility company.  As the supplier of electricity, the utility company had a legitimate interest of its own in the quantity of electricity its customers consumed.  Consequently, it is beyond dispute that the utility company was within its rights to install a DRA on a customer’s line on its own initiative to measure the electricity being consumed.  The utility company was not an interloper exploiting its access to private information to circumvent the Charter at the behest of the state; rather, its role is limited to the wholly voluntary cooperation of a potential crime victim.

While a territorial privacy interest involving the home is a relevant aspect of the totality of the circumstances informing the reasonable expectation of privacy determination, the Charter’s protection of territorial privacy in the home is not absolute.  Where, as in the case at bar, there was no direct search of the home itself, the informational privacy interest should be the focal point of the analysis.  The fact that the home was the focus of an otherwise non-invasive and unintrusive search should be subsidiary to what the investigative technique was capable of revealing about the home and what information was actually disclosed.  The fact that the search includes a territorial privacy aspect involving the home should not be allowed to inflate the actual impact of the search to a point where it bears disproportionately on the expectation of privacy analysis.

 

A Conversation with Elizabeth Denham, British Columbia’s Information and Privacy Commissioner

Continuing a series of blog posts that I’m calling “A Conversation with…”, I’m delighted to post the following conversation with British Columbia’s new Information and Privacy Commissioner, Elizabeth Denham. 

Canada’s privacy community will know that Commissioner Denham brings to her new role a wealth of experience and accomplishment. Her resume includes Assistant Privacy Commissioner of Canada and Director, Private Sector, for the Office of the Information and Privacy Commissioner of Alberta. I’ve had the pleasure of knowing Commissioner Denham for some time and have always appreciated her practicality and great sense of humour. B.C. will undoubtedly be well-served.

Of course, I’d like to thank Commissioner Denham for agreeing to engage in this online conversation.  If you’d like to learn more about Elizabeth Denhem or B.C.’s Information and Privacy Commissioner’s Office (“OIPC”), I’d encourage you to visit the OIPC’s website (www.oipc.bc.ca).

Q – You served as Assistant Privacy Commissioner of Canada until being appointed BC’s Information and Privacy Commissioner in July 2010. How are things going in your new role?

A – It is a good thing that I am a recreational runner, because I have certainly hit the ground running! This is an extremely busy office, due to the scope and nature of the work and to the fact that I have inherited one of the leanest oversight agencies in the country. I am very lucky to have a team of hardworking, enthusiastic and seasoned professionals to support me.

While I do have “in the trenches” FOI experience, that was more than 10 years ago, forcing a quick re-immersion into the duties of ensuring accountable and transparent government. Since my appointment I have issued a report on the timeliness of government responses to access requests, worked on a strategy for government-wide proactive disclosure and executed our annual tribute to open government, Right to Know Week.

However, in my view the biggest challenge facing me in this term is public sector privacy issues. The government has ambitious plans for data sharing across ministries, to create linked electronic databases. It is my immediate priority to ensure that privacy is baked into BC’s e-government programs, including e-health.

Q – I’ve long considered BC one of the most progressive privacy jurisdictions in Canada. How has this happened and what can other provinces/territories learn from BC’s privacy community?

A – I think there are a number of factors that has put BC out in front with respect to privacy. My two predecessors, David Flaherty and David Loukidelis, are without a doubt two of the top privacy experts, and their ability to break trail has benefited all of BC. The former Commissioners were very skilled at making privacy a common topic of discussion and spreading the word about privacy rights and obligations. BC also has active and engaged civil society pushing hard for access and privacy rights, and I am referring to the BC Freedom of Information and Privacy Association as well as the BC Civil Liberties Association as key thought leaders. Finally, the citizens of BC have a reputation for being politically aware and engaged, and unafraid to bring burning issues to the forefront. I think the key learning outcome for other jurisdictions is work hard at capacity building and public outreach, and encourage other groups to actively enter the policy debates around access and privacy. We need other voices. Regulators cannot do it alone.

Q – Given that BC has a provincial privacy law (PIPA) that is “substantially similar” to PIPEDA, and considering that many readers of this blog are from outside BC (and Canada), can you briefly highlight the most important things that businesses should know about BC’s private sector regime?

I think the three most important points are these:

First, make sure you have a legitimate operational need to collect any personal information. This requires ongoing monitoring to ensure the operational requirement still exists, and routinely and safely purging personal information no longer required. Personal information is both an asset and a liability, and collecting and retaining personal information when no reason exists is a huge business risk.

Second, be transparent about what you are doing with the personal information you collect in the course of your operations, and ensure that anyone that you hire on your behalf behaves in the same manner.

Finally, data safeguards, or rather the lack thereof, remain the primary source of privacy breaches and a threat to your business brand. Safeguards are much more than passwords and locked cabinets—they include proper and ongoing staff training, privacy audits and assessing the privacy impacts of new policies, programs or services. Safeguarding personal information requires ongoing attention, and a willingness and ability to adjust the safeguard strategy when needed.

Q – Your work in the area of social networking as been outstanding, which in the case of Facebook resulted in a number of changes to the social networking site—changes that were implemented on a global basis. Some readers may presume that a privacy commissioner such as you wouldn’t use social networking sites. In my case, I’m active on LinkedIn. How about you?

A – I have several accounts with social networks, including Facebook and LinkedIn. I first joined the networks because I wanted to deeply understand the services, and their functionality; this was critical to my work. But Facebook also helps me keep track of my far-flung 20-something children who live their lives on-line! But I am a savvy consumer of these services, and obviously avail myself to all of the privacy controls they offer. I do not post anything on either of those sites that is not already publicly available or any information that I would not hesitate to make public. I am very careful before downloading any third party application—carefully scrutinizing their privacy policies beforehand.

Q – In your view, what kind of privacy developments should we watch for in the coming year in British Columbia?

A – On the government side, I think the primary issues will be an increase in the development of linked data networks containing personal information bringing risks to transparency, appropriate access, use and disclosure and a heightened risk of transmission of inaccurate and incomplete information.

On the private sector side, I know we will see more collaboration and cooperative oversight between the federal and provincial commissioners. New technologies and business models challenge the ability of any office to “go it alone”. Canada is a leading voice on privacy and new technologies. I look forward to working with my colleagues on smart, relevant and timely oversight.

A Conversation with Gary Dickson, Q.C.

Continuing a series of blog posts that I’m calling “A Conversation with…“, I’m really pleased to post the following conversation with the Information and Privacy Commissioner of Saskatchewan, Gary Dickson, Q.C.

Gary Dickson was appointed as Saskatchewan’s first full-time Information and Privacy Commissioner back in 2003, and he was re-appointed in 2009 for a further five-year term.  That’s great news because Gary Dickson has been outstanding in his role as Commissioner. On a personal note, I’ve been thrilled to watch his many successes as Commissioner. I’ve known Gary for many years. In fact, it was he who suggested that I get involved with the Canadian Bar Association at a time when some of us were trying to form what is now the CBA’s National Privacy and Access Law Section. 

Thanks to Commissioner Dickson for agreeing to take part in this online Q & A conversation.  CFL fans may find some humour in the last Q & A below. Go Bombers! If you’d like to learn more about Commissioner Dickson or the Office of the Saskatchewan Information and Privacy Commissioner (“IPC”), I’d encourage you to visit the IPC’s website.

Q. You were previously an Alberta MLA. In that capacity, you were involved in privacy law development as the critic for the Freedom of Information and the Protection of Privacy portfolio, and also on several important privacy law committees and panels. What’s it like to now be involved with privacy as the Information and Privacy Commissioner of Saskatchewan?

A. The experience is exciting, stimulating, and almost always challenging. I am very fortunate that our office has a committed team of excellent staff who are focused on ensuring that Saskatchewan residents enjoy the full benefit of our provincial access and privacy laws. I’m very lucky to continue to be involved with such a fascinating area but from a very different perspective than that of a lawmaker. It has been very useful to have had that experience in the development of access and privacy legislation before I assumed the new Commissioner role in Saskatchewan. I hope that I am more aware and more sympathetic to the challenges and issues that arise with any access and privacy law for front line workers. It has certainly motivated me to promote wherever possible making such laws simpler and more accessible to the people who must administer them and for those who are the ‘data subjects’. I have also enjoyed the opportunity to modestly influence the way that our access and privacy laws are viewed and understood. My experience in Saskatchewan has been that those who work in public bodies or health trustee organizations genuinely want to do the ‘right thing’ in terms of transparency and privacy protection but are often unsure on where the line is drawn and are unfamiliar with best practices that have evolved over the last 26 years in Canada. As a result, a major focus for my initial five years in Saskatchewan has been on raising awareness and creating tools to assist those workers meet their statutory responsibilities.

Q. While Alberta, Quebec, British Columbia and Ontario (for personal health information only) have provincial privacy laws that are “substantially similar” to PIPEDA, Saskatchewan does not. Is it time for that to change?

A. I have for the last six years encouraged the former provincial government and now the current government to carefully consider the advantages of adopting a PIPA type law based on the B.C. and Alberta experience. As it stands, our fundraising foundations and NGOs, including those that deal with significant amounts of sensitive, prejudicial personal information are effectively unregulated. We often hear complaints from employees working in private businesses (not federal works, undertakings, etc.) who are extremely disappointed and upset when we tell them that they do not have the same privacy protection guaranteed to all public sector employees in Saskatchewan. I must acknowledge that the federal Privacy Commissioner has recently undertaken a pilot project in Saskatchewan to raise awareness of PIPEDA but this exercise also has highlighted how big the knowledge deficit is in the small and medium sized business sector. I remain of the view that Saskatchewan individuals, businesses and charitable NGOs should all benefit from a simple private sector privacy law. This could be designed to complement and harmonize with our public sector FOIP and Local Authority FOIP Acts and our Health Information Protection Act. It would allow for a more seamless kind of privacy protection that would be simpler for those organizations and for residents. I notice that the impetus for PIPA in BC and Alberta was really business organizations such as Chambers of Commerce realizing that PIPEDA is in some respects cumbersome and deficient for the SME sector. Business organizations in Saskatchewan do not appear to have adopted that view.

Q. The Saskatchewan Gaming Corporation has been recognized as a positive privacy story. What has it done, and what role has your office had in this development?

A. This is a good example of how an Information and Privacy Commission office can perhaps achieve more through consultation than by emphasizing the enforcement role. We started out a year ago with a complaint that the Casino Box Office in Regina required anyone purchasing a ticket for a show to provide name and contact information even if purchasing the ticket with cash. When we followed up with the Saskatchewan Gaming Corporation that operates the casinos in Regina and Moose Jaw, we found no senior identified FOIP Coordinator or Privacy Officer, no appropriate policies and procedures and no comprehensive training program for staff. Instead of focusing solely on the collection of personal information by the Box Office, we spent the better part of the year working with the Corporation in fundamentally reorganizing to meet its FOIP responsibilities as a ‘government institution’. With the assistance of a Portfolio Officer from our OIPC, the Corporation made a senior Vice President the new Privacy Officer and FOIP Coordinator. Comprehensive policies were put in place and a new FOIP training program rolled out. In the casino, the Box Office now only collects personal information if the ticket purchaser volunteered that information but it is no longer mandatory. In addition, prominent signage now advises customers of the Corporation’s information collection practices. There is also new literature readily available to customers. I think that as a result of our collaboration the Corporation and its leadership now view our office as a useful resource and as an office genuinely committed to operating on the basis of cooperation and collaboration.

Q. You’ve published a best practices guide for mobile device security. It’s getting easier to collect and store personal information, but are we keeping up with our privacy responsibilities in the meantime?

A. I’m afraid that privacy risks are not always top-of-mind for organizations embarking on new IT programs, systems, etc. Although we have developed a Privacy Impact Assessment tool available on our website, there is no statutory requirement that a PIA be done by a public body or health trustee before proceeding with new technology. What is perhaps even more troubling is that we see problems with old technology. Our office brought out a FAX advisory after we found a number of health information trustees didn’t appreciate that when the modern multi-use copier machine is sold as surplus equipment it likely will contain memory of the documents it has processed and perhaps substantial amount of personal health information. Look at the number of cases that have come to Information and Privacy Commissioners across the country that involved theft of unencrypted laptops. So, the short answer is that many organizations are not keeping up with their privacy responsibilities. The education and compliance challenge continues apace.

Q. Your office opened more than double the amount of case files in 2009 than it did in 2008. Is this number going up because of inadequate privacy practices, because the public is becoming more aware of its privacy rights, or both?

A. Good question. I think the answer is some of both. I believe there is significantly higher privacy awareness with the organizations that my office oversees and also greater public awareness. The difficult question is how accurately we can assess what is going with all approximate 3000 organizations that we oversee given that we are largely in a reactive role. In any given year if we are dealing with 200 organizations are these just the few ‘bad apples’ or is this indicative of widespread non-compliance. We simply don’t have the resources to be able to accurately assess and catalogue privacy compliance province wide. At the end of the day however, whatever the reason for the large increase in case files there is an indication that a lot more work is yet to be done to move to a more pervasive privacy protective culture.

Q. Looking forward, what kind of privacy developments should we watch for in 2010?

A. One of the interesting ‘growth’ areas will be the electronic health record. Our office just issued our first Investigation Report (H2010-001) dealing with our electronic health record now in development. This involved a pharmacist who entered the Pharmaceutical Information Program database on nine different occasions to view medication profiles for three individuals who were not patients/customers of that pharmacist of the pharmacy he worked for. We identified a number of problems in terms of HIPA compliance with the pharmacy, the regional health authority and the Ministry of Health. We also issued more than 20 recommendations for remedial action. Since the electronic health record is still some distance from completion, I anticipate that there may be more of this type of complaints touching on some element or another of the E.H.R. In fact, at the end of my Investigation Report, I included a Postscript which incorporated a number of broader considerations that this particular case highlighted.

We will be carefully monitoring changes to our health information regulations that enable regional health authorities to disclose certain personal health information of patients to hospital foundations without prior consent of those patients.

Finally, we are witnessing a number of new information and data-sharing initiatives with Executive Government and we expect to be busy considering these initiatives in the next few years.

Q. And, finally, how many points do you think the Winnipeg Blue Bombers will beat the Saskatchewan Roughriders this year in the Labour Day Classic game?

A. I love the fact that all of those Bomber fans come to Regina and generously spend their dollars in our hotels and restaurants and I always feel badly for their long drive back to Winnipeg. Sorry Brian but I don’t see that the return trip to Winnipeg is likely to be any more joyous in 2010!!

Today’s “buzz” on Google Buzz offers lesson for new service roll-outs

Canada’s Privacy Commissioner, Jennifer Stoddart, has teamed up with nine other country’s privacy watchdogs today to warn Google and other organizations to better respect people’s privacy rights. The privacy commissioners have sent a letter to Google, accusing it of overlooking privacy values and legislation in launching new online products.

The privacy commissioners’ letter states, “we are increasingly concerned that, too often, the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications. We were disturbed by your recent rollout of the Google Buzz social networking application, which betrayed a disappointing disregard for fundamental privacy norms and laws… Unfortunately, Google Buzz is not an isolated case. Google Street View was launched in some countries without due consideration of privacy and data protection laws and cultural norms. In that instance, you addressed privacy concerns related to such matters as the retention of unblurred facial images only after the fact, and there is continued concern about the adequacy of the information you provide before the images are captured… We therefore call on you, like all organizations entrusted with people’s personal information, to incorporate fundamental privacy principles directly into the design of new online services. That means, at a minimum:

collecting and processing only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;

providing clear and unambiguous information about how personal information will be used to allow users to provide informed consent;

creating privacy-protective default settings;

ensuring that privacy control settings are prominent and easy to use;

ensuring that all personal data is adequately protected, and

giving people simple procedures for deleting their accounts and honouring their requests in a timely way.”

The privacy commissioners’ demand that Google and other organizations better incorporate privacy into the design of new online services underscores the need for the “Privacy by Design” initiative that Ontario’s Information and Privacy Commissioner recently discussed in my “A Conversation with Dr. Ann Cavoukian” post. All organizations, regardless of their size (after all, we’re all not Google), would be well-advised to learn from today’s “buzz” about Google Buzz.

Camera ban missed privacy point

Last week’s widely reported ruling by Judge Tim Preston that cameras will not be permitted into the Brian Sinclair inquest hinged largely on a desire to protect the privacy rights of witnesses.

But what if some individual witnesses don’t have privacy concerns and actually want their testimony broadcast to the world?

Read More>>

Man jailed for secretly filming naked wife: ABC News

In what can only be describe as a bizarre fact scenario, ABC News is reporting that “an appeals court in the US state of Minnesota has upheld a one-year prison sentence for a man who drilled a hole in his bathroom wall and filmed his wife naked without her consent.”

The case is interesting because it deals with the important privacy issue of what constitutes a “reasonable expectation of privacy” (in this case, in one’s own bathroom).  Read the story here>>

A Conversation with Dr. Ann Cavoukian, Ontario’s Information and Privacy Commissioner

Continuing a series of blog posts that I’m calling “A Conversation with…“, I’m delighted to post the following conversation with Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian.

Dr. Cavoukian leads a dynamic team of professionals at the IPC who are at the forefront of addressing today’s privacy challenges.  Her depth of understanding of privacy issues combined with her passion for privacy has made for a powerful and learned force in Canada’s privacy world.

Thanks to Dr. Cavoukian for agreeing to take part in this online Q & A conversation.  If you’d like to learn more about Dr. Cavoukian, the IPC, or the issues raised in this conversation, I’d encourage you to visit the IPC’s website.

Q. In one of my previous blog posts, Jennifer Stoddart explained how she got involved in the world of privacy.  How about you?

A.  I have always had an interest in human rights, but my direct introduction to the privacy world came as a result of my work as the Chief of Research for the Attorney General of Ontario. As part of the role I completed a program evaluation of the Public Complaints Commission headed by (now Justice) Sidney B. Linden. He was aware of my work with the Canadian Civil Liberties Association, among other things, and when Justice Linden was appointed as the first Information and Privacy Commissioner of Ontario in 1987, he asked me to join him as the Director of Investigations. I haven’t looked back since!

Q.  One of your significant achievements has been your development and advocacy of “Privacy by Design”. Can you explain the concept behind Privacy by Design?

A.  The privacy landscape of the early ‘90s had become increasingly challenging – the volume of personal information collected was growing, as were the risks posed by increasingly sophisticated and interconnected technologies.  It became clear to me that relying solely on compliance with regulation and legislation would no longer be sufficient to safeguard the protection of personal information.  Instead, organizations would need to operate in an environment of default privacy protection.  Those which could do so, I recognized, would gain a competitive advantage.

This is the context in which I developed Privacy by Design (PbD), my philosophy of embedding privacy into the design of three broad application areas:  information technology; business practices; and physical design/infrastructure.  Instead of treating privacy as an afterthought – “bolting” it on after the fact – I argued that privacy should be regarded as a design feature and built right into the system, from the outset.  PbD shatters the zero-sum paradigm which trades off privacy against security and functionality.  It is positive-sum, or doubly-enabling “win-win” in nature, demonstrating that it is possible to protect privacy without compromising other legitimate requirements, such as security or functionality.

You can find our “7 Foundational Principles” of PbD at www.privacybydesign.ca.  To summarize, PbD seeks to establish privacy as the default by embedding it in system design.  It is proactive in nature – already in place when data is first collected, it describes a comprehensive “cradle to grave” approach to information management.  In being proactive, it seeks to prevent data breaches from occurring, rather than prescribing remedial actions.  Importantly, it demonstrates respect for user privacy by ensuring that its component parts and operations are transparent and subject to independent verification.

Q.  Who should be aware of, and consider following, the principles of Privacy by Design?

A.  Broad spectrums of people within most organizations should be aware of Privacy by Design – certainly anyone with influence over how personal information is managed.

Personal information is an asset, the value of which is protected and enhanced by a suite of security practices and business processes. Regardless of industry sector, whether the organization is large or small, public or private, whether it is retained in house or out-sourced, executive leadership and managers responsible for the management of personal information need to carefully consider how to build privacy protections directly into their operations.

I have a new title for those who commit themselves and their organizations to the principles of Privacy by Design – I am appointing them as PbD Ambassadors.  Those who wish to learn more can visit our Privacy by Design website, which houses all of the PbD resources developed by my Office over the years.  While there, I hope people will take the time to share their own PbD experiences or questions with our growing PbD community on the Global Forum.  You can now also follow PbD on Twitter @embedprivacy.

I remind people that Privacy by Design was not developed for use in an ivory tower.  I always intended it to result in real and positive changes in our everyday lives.

Q.  So can you give us an example of the “win-win” approach of Privacy by Design in action?

A.  An example that really brought Privacy by Design to life is the work being undertaken by our mass transit system – the Toronto Transit Commission (TTC), in testing and deploying encryption-based video surveillance technology.

In the autumn of 2007, the Toronto Transit Commission (TTC) announced plans to expand its video surveillance program on both surface vehicles and within the subway system. In response to a formal complaint, I launched an investigation. I found that the TTC’s expansion of its video surveillance system did not contravene any applicable laws. However, I strongly urged the TTC to adopt privacy-enhancing video surveillance technology that was being developed at the University of Toronto by Karl Martin and Professor Kostas Plataniotis.

Using innovative object-based encryption, the technology completely obscures the images of individuals who appear as the subjects of video surveillance. However, unlike current permanent masking techniques, the technology enables the images to be decrypted at a later time, only by authorized staff, when an incident occurs that demands further investigation for safety or security purposes.

This new technology, in its essence, lays to rest the outdated zero-sum paradigm, where one party wins and one party loses. It ushers in a new era in “positive-sum” thinking where both parties may “win” and neither party must, by necessity, lose. Positive-sum privacy-enhancing technologies (I call them PETs Plus) ultimately enable the co-existence of privacy and security, side by side, without forfeiting one for the other, “win-win,” not “win-lose.”

For the full report, see Privacy and Video Surveillance in Mass Transit Systems: A Special Investigation Report.

Q.  One of the first virtual strip search scanners was recently installed at Toronto’s Lester B. Pearson International Airport. What are your thoughts about the privacy implications of these scanners?

A.  I feel it’s important that we understand exactly what this technology does. The public should know what types of images are being produced of them, and what happens with those images. That’s why I chose to personally experience the Whole Body Imaging (WBI) system in both Toronto and Washington D.C. – to assess first-hand how passengers are treated.

From a privacy perspective, my WBI experience highlighted several important points. The scanned images displayed are not actual pictures and do not contain any unique personal identifiers (there is no way for someone to identify the image as my own). The screening site where the scanner images are viewed is located in a windowless, secure room located a significant distance away from the open scanning area. The personnel viewing the images are not able to visually connect images with the actual passengers being scanned. Also, the machines are not able to record, copy or store any images. Finally, the personnel who review the scanned images are not allowed to have cameras, cell phones or any other recording devices in the secure viewing room.

I have always believed that privacy needs to be built directly into technology – privacy by default. Improved airport security need not come at the expense of privacy – both may be achieved together, in a positive-sum manner.

Q.  Business professionals consult this blog (at least, I like to think they do!). Based on your experience as Ontario’s Information and Privacy Commissioner, can you identify an area where businesses fall short in the realm of privacy and provide tips to help address the problem?

A.  It is a sad fact that many privacy breaches occur largely because of poor information management practices by organizations, and the volume of the information at risk grows with the ever increasing collection of personal information.

As Commissioner, half of the Health Orders that I have issued under Ontario’s Personal Health Information Protection Act (PHIPA) were the result of personal health records being abandoned or disposed of in an unsecure manner. Identity theft is one of the fastest growing forms of consumer fraud in North America, costing Canadians millions of dollars a day and billions of dollars a year.

That is why it is crucial for all organizations, large, medium or small, to engage in the practice of “secure destruction.” The goal of secure destruction is to have records containing any personal information permanently destroyed or erased in an irreversible manner which ensures that the record cannot be reconstructed in any way.

For the effective secure destruction of records, organizations need to ensure that they match the destruction method to the media. For paper records this means using cross-cut shredders which do not allow for records to be reconstructed. For electronic media such as DVD’s or USB keys, the media should be physically destroyed.

Further, if an organization is hiring an external agent to destroy records, they need to be selective. Look for a provider that is accredited by an industrial trade association or is willing to commit to upholding its principles, including undergoing independent audits. Always check references, and insist on a signed contract spelling out the terms of the relationship, to ensure end-to-end lifecycle protection. Remember, you can outsource the service, but you can never outsource accountability.

For more information, please see Fact Sheet #10, Secure Destruction of Personal Information .

Q.  Looking forward, what kind of privacy developments should we watch for in 2010?

A.  The privacy landscape is continually changing and posing new challenges – particularly in this age of information technology where personal information about individuals is increasingly collected and stored indefinitely.

In addition to daily developments on the “Cloud” and Web 2.0, one of the areas we are focusing on in 2010 is the Smart Grid – the modernization of the current electrical grid with a view to more efficient energy usage and delivery. This will involve the increased collection, use and disclosure of end users’ personal information. I have identified privacy as the real “sleeper issue” in this area, which causes me great concern. The Smart Grid is still in a nascent stage, not only here in Ontario and across North America, but around the world. So now is the time to bake in privacy right from the outset. With that in mind, we are proactively working with local energy distributors, and government officials, to ensure that privacy is top of mind as we move toward the Smart Grid. It is the ideal time to proactively build in privacy – by design. 

NDP dragging its heels on our privacy

It’s safe to say that the Alberta provincial government is regarded as being right wing. But Manitoba’s? Not at all. So why then is Alberta light years ahead of Manitoba at protecting workers’ privacy?

Read more>>

The above link takes you to the Winnipeg Sun.  I’m delighted to have been asked by Sun Media Corp. to provide Comment columns like today’s on a monthly basis.  I hope you find them of interest!