You Might be Interested In

A recent research report titled Research Related to Privacy and the Use of Geospatial Information explores Canadian’s awareness of the uses of location (or geospatial) data and their concerns about privacy when it comes to sharing their location-linked personal information.

The research examined Canadian’s concerns with the privacy of their personal information generally, level of comfort with sharing location-linked personal information, level of awareness and use of location-tracking devices such as Global Positioning Systems (GPS) and use and comfort level with online mapping tools.

This report was commissioned by Natural Resources Canada through its GeoConnections initiative.  A couple of highlights…

It was confirmed that respondents had a very low general understanding of what “geospatial data” is and struggled when trying to define terms such as “location-based information” or “location-based personal information”.

The study found that generally speaking, respondents are concerned about the privacy of their personal information (with over 80% stating they are “concerned” or “very concerned”).

When it comes to sharing location-linked personal information, control over the information being shared and the overall purpose for sharing the information were the two key drivers of comfort.  Respondents felt most comfortable if they have a high degree of control over the sharing of their information and the reason for sharing their location-linked personal information was related to a public good such as enhanced public safety or improved health care.

And what made Canadians uncomfortable?  Canadians became uncomfortable when they had no control over the sharing of their location-linked personal information and when their location-linked personal information was being used for economic reasons or targeted marketing.

There was support for the role of Government in the regulation of geospatial information.  For example, with regard to individual’s real-time movements, over 68% of respondents thought it was important for the Government of Canada to regulate the collection and sharing of location-linked personal information.  The majority of respondents (74%) thought it was important for the Government of Canada to regulate images of private residences appearing on internet mapping tools.

Who do Canadians trust with their location-linked personal information?  Level of trust was highest for medical institutions (58%) followed by federal and provincial governments (46%).  Interestingly, trust levels for federal and provincial governments were somewhat higher than for municipal government (35%) – proponents of the smart grid may have a bit of work to do.

And who was trusted least?  Social networking sites (6%), which is curious considering the sheer volume of personal information we voluntary give up to these sites (including increasing amounts of location-linked personal information).

It is notable that this research was completed just prior to Google’s Streetview going live in Canada.  With the launch of Streetview and the ever growing availability of new, innovative and useful location-based services such as friend finders, local search and restaurant recommenders, it will be interesting to see whether geospatial information evolves into a top-of-mind privacy issue for Canadians.

On Data Privacy 2010 we’d like to take a moment to remind everyone that is the responsibility of both individuals and companies to make sure that personal information is safe.

If you own a company, or work for a big one: in the past, you may have had to ensure that your customers’ name and address information (and in some cases credit card and billing information) were safe. Now, many of you are providing technology and tools for your customers to put increasing amounts of personal information online. Does your company have the systems in place to safeguard this information? Do you give your customers the tools and options to control how their information is used?

If you are a user of new and cool technology: in the past a telephone was a telephone, a video game was a video game, a stuffed toy was simply that – a stuffed toy. Today, more and more toys and handheld tools come with the ability to go online. Do you understand how to enjoy your toys and gadgets without putting your personal information at risk?

If you are a parent or guardian, teacher, coach or caregiver: do the young people in your life understand how to use all these new toys and gadgets while keeping their personal information safe? Our office has recently made youth privacy a key priority. Today, we have posted some new resources to the Parents & Teachers section of our youth web site. The resources include information on 12 privacy issues (such as the importance of privacy settings and knowing who your friends are on social networking sites), along with ideas for generating discussion about each issue with young people. You can use these resources to start discussion about personal privacy and the importance of thinking about what you post on the Internet.

Regardless of which group you are in – if you need any information about how to keep personal information secure, visit our web sites – priv.gc.ca and youthprivacy.ca.

Here we go again! For the seventh year in a row, the Office of the Privacy Commissioner of Canada is launching its Contributions Program, which funds data privacy research and public awareness projects.

We’re very proud of the Contributions Program, partly because it’s considered one of the leading programs of its kind in the world. Since 2004, we’ve been using the Program to advance data privacy knowledge by funding major research projects, all of them led by Canadian researchers. And for the past two years, the Program has helped civil society organizations educate a growing number of Canadians about privacy.

We’re once again making $500,000 available to researchers and civil society organizations who want to apply for funding: $50,000 per project and $100,000 per organization. This year we’re especially interested in funding research projects into the impact of technology on privacy, a hot topic if there ever was one! As well, even though we prefer to fund projects that wrap up in the year the funding is provided (in this case, the 2010-11 fiscal year), we’re willing to fund projects that continue into the next fiscal year (projects ending after March 31, 2011).

Well, there you have it! If you are interested in privacy and feel you have a contribution to make (no pun intended) as a researcher or civil society organization, go ahead and apply. The 2010-11 application deadline is February 26, 2010.

For more information or to access our application form, go to our Web site at http://www.priv.gc.ca/resource/cp/p_index_e.cfm.

I know. It’s kind of boring when I only post excerpts from our more formal publications. In some cases, though, the traditional news release and backgrounder nail the issue and the details.

We’re ” … hosting consultations with Canadians on issues that we feel pose a serious challenge to the privacy of consumers, now and in the near future.

The topics to be explored include the online tracking, profiling and targeting of consumers by businesses, and the growing trend towards cloud computing.

The aim of this consumer consultation is to learn more about such industry practices, explore their privacy implications, and find out what privacy protections Canadians expect with respect to these practices. The consultation is also intended to promote debate about the impact of these technological developments on privacy, and to inform the next review process for the Personal Information Protection and Electronic Documents Act (PIPEDA).

The centerpiece of the consultations will be a series of single-day panel discussions [in Toronto, Montreal and elsewhere] involving a range of participants, including representatives of industry, government, consumer associations and civil society. In order to canvass the broadest possible range of views in preparation for these events, we are also welcoming written submissions.”

More details on the public consultations can be found elsewhere on our site.

Remarks delivered to the Annual Conference of the Canadian Association for Security and Intelligence Studies, October 30, 2009 by Chantal Bernier, Assistant Privacy Commissioner of Canada

… As you may know, I came to the Office of the Privacy Commissioner of Canada from the Department of Public Safety, where I had the privilege of serving as Assistant Deputy Minister in the Community Safety and Partnerships Branch.

As such, I have had substantial engagement in a range of security and intelligence files.

My entire presentation is premised on this tenet: Privacy and security are not at odds.

On the contrary: I would put to you that measures to protect privacy must be integral to any initiatives to fight terrorism or other crimes.

Why? Because we live in a free and democratic society where individuals enjoy the right to live, to move around, to communicate and to go about their daily lives, free from unwarranted interference by the state.

And for practical reasons too:

Any effort towards greater security that is strictly tailored to the actual risk – and that therefore minimizes the infringement of privacy or other rights – will be more targeted and more effective.

For example, an investigation that is carried out in accordance with the law, and in a way that respects privacy and other rights, will yield cleaner evidence and a more compelling case for the prosecution.

In other words, all the work that is poured into greater security is more likely to pay off if it is carried out in a strategic, targeted manner. And an essential consideration in that regard is due respect for the right to privacy.

…

Airport scanners

Another file in which we are deeply involved relates to plans by CATSA, the Canadian Air Transport Security Authority, to install millimetre-wave whole-body imaging scanners at several Canadian airports.

These machines can penetrate clothing to expose concealed objects such as weapons or drugs. Their principal advantage over metal detectors is that they can identify non-metallic objects, such as ceramic weapons or liquid or plastic explosives.

Our Office has examined two Privacy Impact Assessments, or PIAs, prepared by CATSA – first for a pilot test conducted at Kelowna Airport, and more recently for the full program.

As we told CATSA earlier this week in our response to its PIA, we consider this technology to be inherently sensitive as it reveals an outline of the traveller’s body. Many people may perceive it as privacy invasive.

As such, we have worked with CATSA to ensure appropriate privacy safeguards.

One of the key results is that the technology will be used only for secondary purposes, after an individual has already passed through the metal detector. What’s more, the scans will be voluntary, with passengers given the option of going through them, or having a physical pat-down.

And – this is key from a privacy perspective – the images will not be recorded, printed or transmitted. Indeed, they will be deleted as the passenger leaves the scanner.

Four tests

In weighing this and any other government initiative with a potential impact on privacy, our approach is to apply four tests: Necessity, proportionality, effectiveness, and the existence of less-intrusive alternatives.

We ask ourselves: Is the proposed measure really necessary? Have the proponents offered proof of a genuine problem, with no other viable solutions?

Our next criterion is proportionality. Many measures will infringe on privacy; that is just the price we pay for living in a community. Any benefit to the group will generally restrict some liberties of the individual, but the invasion of privacy must be proportionate to the benefit derived.

We also want some assurance of effectiveness. We want to ensure that a measure that infringes on privacy, in the name of the collective good, really meets that specific objective.

As for the fourth test: If a measure is proposed that will affect the privacy of individuals, we want to know that it is justifiable on the grounds that there are no less intrusive alternatives already available.

…

Do your loved ones have toys on their wish lists this holiday? A stuffed animal for a little one… a cell phone or a camera for a teen? These days, these toys and gadgets are more than they used to be. Just a few years ago a stuffed animal was something to cuddle with and a phone was, well, just a phone! Now, many stuffed animals come with codes that allow kids to register them online so that they can play games, feed and care for them, and even chat and play with other kids. And many cellphones are phones, computers and cameras, all in one.

And while such toys and gadgets can be fun, we want people to enjoy them without putting their privacy and personal information at risk.

Here are our tips for protecting your privacy as you and your loved ones enjoy your new gadgets and toys. For parents especially:

Understand new toys and their capabilities – It is important to understand the capabilities of new toys and how your children will use them. Speak with your kids about how they will use the toy and, where appropriate, agree on guidelines and limits.

Pay attention to privacy settings and parental controls – Privacy settings on social networking sites control what people see about you. Only allow your friends to see your page, your posts, your photos and your applications. Parents, if you depend on parental control software that is installed on your desktop, remember that. Those controls won’t be in place on new mobile devices.

Remember, with Wi-Fi, children can access the Internet from anywhere in the house – And if their new toy/gadget has Internet capabilities they can also use it to access the Internet from locations and networks outside your supervision and control.

Here are our tips for protecting your privacy as you and your loved ones enjoy your new gadgets and toys. For everyone:

Think before you click – The Internet is a public arena, and photos and comments you post are permanent. Even if you delete them from a web page, they could continue to exist in archived pages, in your computer’s cache or on the computers of other Internet users who may have copied them. If you don’t want certain people to see something, now or in the future, don’t post it!

Pick and protect the perfect password – Your information is only as safe as your passwords. Use different passwords for different systems; make sure they are strong (eight characters or more and a variety of letters or numbers); never share them with anybody; and change them regularly.

Know your friends – Online, you can’t be 100 per cent sure who you are talking to. Don’t accept friend requests from people you don’t know in real life.

Protect your identity – Identity theft is a growing problem and the Internet is the least private of spaces. Don’t post or e-mail personal details such as your social insurance number, phone number, home address or birth date.

Be careful on online gaming sites – Online gaming sites are hotbeds of people accessing personal information. Be aware that ill-intentioned people can use information from your profile to establish accounts in your name, or use your stolen identity to access your existing accounts.

Be wary of e-mail or instant messages from unknown people – Don’t open online messages that seem odd or are from someone you don’t know. They could contain a virus or let a hacker gain access to your computer.

Have a happy holiday and enjoy all your new toys!

Are you a good digital citizen?

It seems that almost daily we hear of people experiencing negative consequences when the information they post online is seen by an unexpected audience, whether it be a prospective employer, an insurance company, or a law enforcement agency.  Inevitably, such people express surprise and feel deceived by the technology.  Through public education, organizations like the OPC are trying to ensure that people are provided with the resources they need to make informed decisions about managing their personal information online.

Many such tools were on display at the recent FOSI annual conference.  Those from commonsense media and YouTube stood out for their simplicity and straight forward message. The conference theme “Building a Culture of Responsibility: From Online Safety to Digital Citizenship” strongly resonates with us at the OPC.

We see privacy, or the right to control one’s personal information, as a fundamental part of the larger issue of digital citizenship.  In other words, exercising our individual right to privacy is one part of being an ethical and engaged citizen of the web.

The web provides many opportunities for communicating with friends and family, accessing educational resources, stimulating community involvement, and many other participatory activities.

As increasing numbers of Canadians rush to take advantage of online services and integrate new technologies into our lives, however, we need to step back and consider how we conduct ourselves online and manage our personal information in this rapidly evolving environment.

There is a role for every user in the evolution of the web — especially if it is to develop into a space that respects the values, ethics and rights we take for granted in the offline world.

Government, industry and educators must continue public education activities to increase awareness of the potential pitfalls of using technology and to teach individuals how to better protect themselves online.  Regulators have a role in identifying and enforcing standards. Industry must take concrete and early steps to build privacy into their technology.

For individuals, the responsibilities are clear cut.  Take the time to find out how the websites you visit manage your personal information and decide whether this site is appropriate for you. Often, the type of service being offered is a big clue – a site for sharing personal status updates will be specifically designed to broadcast your personal information. If you want to use a particular site but don’t like some of their practices, be vocal about it. Chances are other people agree with you and together you will have a stronger voice in pushing for change.

By taking an active role in protecting your privacy, you will be helping to shape the internet to reflect your values and ethics. That’s what being a good digital citizen is all about.

It’s also the 20^th anniversary of the day the United Nations General Assembly adopted the Convention of the Rights of the Child. A significant milestone, this made privacy a basic human right for everyone under the age of eighteen.

Privacy is a right that all young people should enjoy, no matter where they live. With today’s world being so different than it was 20 years ago, this is something they may not think much about. Today, young people are videotaped by security cameras almost everywhere they go. They are asked for their postal code or driver’s license number when they buy a pair of jeans. They can instant message, update their statuses, download music, talk to friends on Facebook and play games on their computers with people all around the world. Twenty years ago, if someone wanted to get in touch with you they had to phone you or send you a postcard!

It is so easy for young people to overlook their privacy rights and why they’re so important. And it’s easy to forget about the risks that are out there if they don’t protect their personal information. These risks can range from nuisance (all those marketers who are looking for people to target their ads to) to serious (from the people on the Internet who are looking for identities to steal, to the predators who are looking for victims). Many of them also tend to forget that when they post comments, photos and videos, online, that information is public and permanent and almost impossible to remove.

So today, on National Child Day, take a minute and remind the young people in your life, in your community, that privacy is their right. Have them look around youthprivacy.ca and click through the pages. Encourage them to find information about how they can have fun online while protecting this valuable basic human right.

(from our news release)

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has more personal information in its database than it needs, uses or has the legislative authority to receive.

This was one of the key findings of the Privacy Commissioner of Canada’s in-depth audit of the independent agency mandated to analyze financial transactions and identify suspected money laundering and terrorist financing in Canada …

Legislative changes passed in 2006 expanded the types of transactions that must be reported to FINTRAC, as well as the number of professionals and organizations that are required to collect information about clients and to report it to FINTRAC. Examples of entities required to report to FINTRAC include financial institutions, life insurance companies, accountants and casinos.

The audit found that FINTRAC needs to do more to ensure that the amount of personal information it acquires is kept to an absolute minimum. A random sample of files examined in the audit turned up several reports that did not clearly demonstrate reasonable grounds to suspect money laundering or terrorist financing.  For example:

• A reporting entity filed several reports stating it was “taking a conservative approach in reporting this … because there are no grounds for suspecting that this transaction is related to the commission of a money laundering offence, but there is a lack of evidence to prove that the transaction is legitimate.”
• An individual deposited a government cheque for an amount less than $300 and then withdrew the entire amount. The financial institution filed a suspicious-transaction report, but did not indicate why the transaction was deemed suspicious.
• A financial institution filed a report about an individual who had deposited a cheque from a law firm.  The institution was satisfied that the individual had provided legitimate reasons for the source of funds, but decided to notify FINTRAC anyway because of the individual’s ethnic origin and the fact that this person had visited a particular country.

“It is clear that such reports, containing not a shred of evidence of money laundering and terrorist financing, should not be making their way into the FINTRAC database,” says Commissioner Stoddart.

“It is a bedrock privacy principle that you collect only the personal information you need for a specific purpose,” she says. “The federal government needs to have a justifiable need to collect someone’s personal information. Clearly, FINTRAC needs to do more work with organizations to ensure it does not acquire personal information that it has no legislative authority to receive – and that it does not need or use.”

The audit recommended enhanced front-end screening of reports; stronger ongoing monitoring and review to ensure that information holdings are relevant and not excessive, and the permanent deletion of information that FINTRAC did not have the statutory authority to receive.

Under amendments passed in 2006, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act requires the Privacy Commissioner to review FINTRAC every two years and report the results to Parliament.

I had the chance earlier this week to attend The Public Voice, a conference in Madrid to help civil society groups share their work and their points of view on important privacy issues.

One presentation highlighted un barrio feliz – a community led project to protest and undermine the closed circuit surveillance cameras slowly rolling out across Madrid’s neighbourhoods.

This particular effort is a response to the 48 cameras that are being installed in Lavapies, a downtown neighbourhood sometimes criticised for its low-rent atmosphere and late night escort business.

The presenter, David, made a point of noting that the Madrid municipal government has presented different excuses for the cameras, based on individual neighbourhoods.

Around the Puerta del Sol, a popular tourist area, the cameras were installed to deter pickpockets. In Lavapies, the cameras are apparently needed to deter the escorts.

This summer, a local campaign was pulled together to protest the closed circuit surveillance. As part of the campaign, artists and activists designed 37 posters and images that criticise the initiative.

While there are many familiar themes among the images (which, in itself, is a depressing statement for a privacy advocate), there are two that play off the colours and graphics used to support Madrid’s recent 2016 Olympic bid. Here is one (the other is a little rude):

These images remind us of similar measures being put in place to ensure security during Vancouver’s 2010 Winter Games – measures we have followed with interest.

The rest of the images can be found on a common flickr page, and they’re all CC Attribution 2.0 Generic.