You Might be Interested In

It’s also the 20^th anniversary of the day the United Nations General Assembly adopted the Convention of the Rights of the Child. A significant milestone, this made privacy a basic human right for everyone under the age of eighteen.

Privacy is a right that all young people should enjoy, no matter where they live. With today’s world being so different than it was 20 years ago, this is something they may not think much about. Today, young people are videotaped by security cameras almost everywhere they go. They are asked for their postal code or driver’s license number when they buy a pair of jeans. They can instant message, update their statuses, download music, talk to friends on Facebook and play games on their computers with people all around the world. Twenty years ago, if someone wanted to get in touch with you they had to phone you or send you a postcard!

It is so easy for young people to overlook their privacy rights and why they’re so important. And it’s easy to forget about the risks that are out there if they don’t protect their personal information. These risks can range from nuisance (all those marketers who are looking for people to target their ads to) to serious (from the people on the Internet who are looking for identities to steal, to the predators who are looking for victims). Many of them also tend to forget that when they post comments, photos and videos, online, that information is public and permanent and almost impossible to remove.

So today, on National Child Day, take a minute and remind the young people in your life, in your community, that privacy is their right. Have them look around youthprivacy.ca and click through the pages. Encourage them to find information about how they can have fun online while protecting this valuable basic human right.

(from our news release)

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has more personal information in its database than it needs, uses or has the legislative authority to receive.

This was one of the key findings of the Privacy Commissioner of Canada’s in-depth audit of the independent agency mandated to analyze financial transactions and identify suspected money laundering and terrorist financing in Canada …

Legislative changes passed in 2006 expanded the types of transactions that must be reported to FINTRAC, as well as the number of professionals and organizations that are required to collect information about clients and to report it to FINTRAC. Examples of entities required to report to FINTRAC include financial institutions, life insurance companies, accountants and casinos.

The audit found that FINTRAC needs to do more to ensure that the amount of personal information it acquires is kept to an absolute minimum. A random sample of files examined in the audit turned up several reports that did not clearly demonstrate reasonable grounds to suspect money laundering or terrorist financing.  For example:

• A reporting entity filed several reports stating it was “taking a conservative approach in reporting this … because there are no grounds for suspecting that this transaction is related to the commission of a money laundering offence, but there is a lack of evidence to prove that the transaction is legitimate.”
• An individual deposited a government cheque for an amount less than $300 and then withdrew the entire amount. The financial institution filed a suspicious-transaction report, but did not indicate why the transaction was deemed suspicious.
• A financial institution filed a report about an individual who had deposited a cheque from a law firm.  The institution was satisfied that the individual had provided legitimate reasons for the source of funds, but decided to notify FINTRAC anyway because of the individual’s ethnic origin and the fact that this person had visited a particular country.

“It is clear that such reports, containing not a shred of evidence of money laundering and terrorist financing, should not be making their way into the FINTRAC database,” says Commissioner Stoddart.

“It is a bedrock privacy principle that you collect only the personal information you need for a specific purpose,” she says. “The federal government needs to have a justifiable need to collect someone’s personal information. Clearly, FINTRAC needs to do more work with organizations to ensure it does not acquire personal information that it has no legislative authority to receive – and that it does not need or use.”

The audit recommended enhanced front-end screening of reports; stronger ongoing monitoring and review to ensure that information holdings are relevant and not excessive, and the permanent deletion of information that FINTRAC did not have the statutory authority to receive.

Under amendments passed in 2006, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act requires the Privacy Commissioner to review FINTRAC every two years and report the results to Parliament.

I had the chance earlier this week to attend The Public Voice, a conference in Madrid to help civil society groups share their work and their points of view on important privacy issues.

One presentation highlighted un barrio feliz – a community led project to protest and undermine the closed circuit surveillance cameras slowly rolling out across Madrid’s neighbourhoods.

This particular effort is a response to the 48 cameras that are being installed in Lavapies, a downtown neighbourhood sometimes criticised for its low-rent atmosphere and late night escort business.

The presenter, David, made a point of noting that the Madrid municipal government has presented different excuses for the cameras, based on individual neighbourhoods.

Around the Puerta del Sol, a popular tourist area, the cameras were installed to deter pickpockets. In Lavapies, the cameras are apparently needed to deter the escorts.

This summer, a local campaign was pulled together to protest the closed circuit surveillance. As part of the campaign, artists and activists designed 37 posters and images that criticise the initiative.

While there are many familiar themes among the images (which, in itself, is a depressing statement for a privacy advocate), there are two that play off the colours and graphics used to support Madrid’s recent 2016 Olympic bid. Here is one (the other is a little rude):

These images remind us of similar measures being put in place to ensure security during Vancouver’s 2010 Winter Games – measures we have followed with interest.

The rest of the images can be found on a common flickr page, and they’re all CC Attribution 2.0 Generic.

Is there a young person in your life who is fixated on social network and video-sharing sites, online games and gadgets such as iPods and mobile phones? If so, you may want to take notice of the Media Literacy Week, which is taking place this week, from November 2 to 6, 2009.

This year’s theme is Media Literacy in the Digital Age, emphasizing the multiple levels of literacy that young people today need to access, evaluate, repurpose, create and distribute media content if they are to successfully navigate their digital media world.

Young people face many new challenges in this environment, but they also need to know how to protect their privacy while they are online and how to stay safe when using social networks.

This week, take a moment to familiarize yourself with all the great tools that are out there for you to share with your kids, students or other young people in your life. Here is a short list that we’ve compiled for you:

From This Office

If you haven’t already done this, spend some time on our site for young people, parents and educators, youthprivacy.ca. It’s full of tips about how young people can enjoy digital tools while staying safe and protecting their privacy. We are also featuring a video contest for 12-18-year-olds and a youth blog which discusses privacy issues that young people face. The site also features two teaching lessons on privacy (for grades 7 to 9 and 9 to 12) that were developed in partnership with the Media Awareness Network.

The Media Awareness Network

Their web site is full of valuable tools, including a Passport to the Internet, an online tutorial to help students in grades four to eight develop the critical thinking skills they need to navigate the web in a secure and ethical manner; and the Media Education: Make it Happen! program, which is a series of free resources to help educators understand and facilitate media literacy in their classrooms.

Our international partners face the same challenges and are working on various projects in order to reach youth. Check out the youth privacy web sites of some of our international partners:

Australia’s Office of the Privacy Commissioner – Whether you never think about privacy or always do, they have created a publication for you. They will tell you what some of the privacy issues are that you might face, some of the pitfalls to avoid, and who to turn to for help if your privacy has been affected.

The Office of the Privacy Commissioner for Personal Data of Hong Kong has developed an interactive web site that aims to provide access to information regarding the execution of the Ordinance. It offers unparalleled user-friendly functions and a Privacy Zone for Youngsters that includes a few games.

The Information Commissioner Office of the UK has a youth site that is aimed at helping them protect their personal information.

YOU decide… an ingenious campaign put together by the Norwegian Board of Technology, the Norwegian Data Inspectorate and the Norwegian Directorate for Education and Training. Their videos, web site and guidebooks are produced by kids, for kids.

Now that Canada has officially entered the “second wave” of the H1N1 flu season, and the United States President has proclaimed the H1N1 pandemic to be a national emergency, Canadians are staring at the possibility of a significant flu outbreak. The sense of concern and urgency about how to respond to this situation presents interesting challenges for protecting the right to privacy.

As anyone who has stood in the long lines to get the new H1N1 vaccine can tell you, preparing for the potential disruptions in our daily lives as a result of the flu outbreak may well be new territory for organizations, employees, as well as customers.  And business continuity plans don’t always address important privacy questions!

To help bridge this gap, we’ve developed guidance for organizations and a fact sheet for employees to explain how privacy laws apply in the private sector workplace during the H1N1 pandemic. This important work was prepared in consultation with our counterparts in Alberta and British Columbia.

Right now, in Canada’s current “non-emergency” situation, it’s important to remember that privacy laws apply in the usual way. For example, employers can collect only the minimum amount of personal information necessary to meet a business need.

However, it’s a different story if an emergency is declared. For example, if an outbreak is declared to be a public emergency, the powers to collect, use and disclose personal information to protect the public health may be very broad. Privacy legislation would not prevent the sharing of information in the event that H1N1 is declared to be an emergency pandemic.

This guidance will be updated as circumstances warrant.

A survey commissioned by American academics and privacy advocates reveals that Americans are generally suspicious of efforts to track their behaviour online and to target advertising based on this tracking.

While you might expect older Americans to be suspicious of efforts to track their behaviour on individual websites, and even more so if tracking their behaviour on multiple sites, there seems to be opposition from younger Americans as well. 55% of 18 to 24 year-olds do not want to be subject to tailored advertising – and this number increases significantly if the advertiser is compiling data from a number of sources in order to target.

Interestingly, promises to anonymize the data do not seem to win many supporters:

“Even when they are told that the act of following them on websites will take place anonymously, Americans’ aversion to it remains: 68% “definitely” would not allow it,  and 19% would “probably” not allow it.”

The June/July survey was conducted by telephone interviews with a national sample of 1,000 adult internet users living in the continental United States, using both land line and cellular service.

The report by Joseph Turow, Jennifer King, Chris Hoofnagle, Amy Bleakley and Michael Hennessy is available on the Social Sciences Research Network.

As you might have noticed, we’ve spent quite a bit of time over the past year looking at the privacy issues surrounding social networks.

While we released the report into our investigation of Facebook in July, in recent weeks we have also made public other research we have commissioned.

Last week, it was a report on a series of focus groups examining Canadian’s attitudes towards privacy on social networks. These were originally held in December 2008, and seem to confirm observations made in the U.S. and Europe: the users of social networks will say they are concerned about their privacy online, will argue that they have taken steps to protect their privacy, but will gradually admit that they don’t invest too much time or thought into the process.

This week, we are releasing a research paper that examines the privacy protections available on social networks popular with Canadians: Facebook, Linkedin, Livejournal, MySpace, Hi5 and Skyrock.

This paper, by Jennifer Barrigar, was not meant as an exhaustive examination of these networks’ privacy practices: instead, it should provide users with a general indication of the protection each network provides. It also lists a number of steps social networks of any stripe can take to make themselves more privacy protective and respectful of the information their users make available.

As I note in a foreword to the paper, Jennifer originally finished her work in February 2009. As we all know, many social networks and online services regularly revise their privacy policies and improve the protections they make available to their users. As a result, you will likely find that this paper is out of date in places (say, the Facebook section).

Nevertheless, we are releasing the paper because we feel it is an important contribution to an ongoing discussion about privacy protection in social networks – and on many other online services. Jennifer’s observations serve as a useful reminder to these services that their users are increasingly expecting more from their providers.

Ever wonder what information a government agency might hold about your traveling habits? Thanks to an anonymous U.S citizen, we can sneak a peek at a travel record held by the United States Department of Homeland Security. The scanned copies are posted on philosecurity, and include data like:

• IP address used to make web travel reservations
• Hotel information and itinerary
• Full Name, birth date and passport number
• Full airline itinerary, including flight numbers and seat numbers
• Cruise ship itinerary
• Credit card number and expiration
• Phone numbers, including. business, home & cell
• Every frequent flier and hotel number, even ones not used for the specific reservation

Several countries, including Canada, collect similar information as part of an Advanced Passenger Information or Passenger Name Record program.

While we would all prefer it if the government did not collect information about our travel habits, these programs are meant to provide security agencies with enough advance information to screen travelers and identify potential risks to transport security. If your travel plans include the European Union, Switzerland or the United States, information in Canada’s database will also be shared with their security agencies.

More information about the Canada Border Services Agency’s programs is available, including directions on how each individual can access the travel data the Agency holds on you.

Our Commissioner, Jennifer Stoddart is worried that maybe they don’t. After conducting an investigation into Facebook’s privacy policies, we’re now turning our attention to youth as the school year gets underway. Because while they may be savvy about using social media, many of them still may not know how to create a secure online identity.

If you’re listening to the radio today you may hear a message from our office that we created especially for young Canadians. In case you miss it, we’ve provided clips from it for you here . The gist of it is that many young people are still jeopardizing their safety, and possibly compromising their futures, by sharing photos and information – some of it inappropriate – with people they don’t know… people who may not be who they say they are.

Young people – everyone, really –  need to always be aware that the personal information that they post online could be used in a variety of shady ways, from embarrassing them, to stealing their identities – even for finding out where they live, go to school, or their plans for the weekend. Our radio message urges young people (and their parents and teachers) to regularly visit youthprivacy.ca for information on safely using the Internet and social networking sites.

The message also reminds everyone that we’re inviting all young people, between the ages of 12 and 18, to participate in our second annual video contest. All they have to do is create a one- to two-minute public service announcement on the importance of privacy by Friday, December 11th and they could win some really cool prizes!

As you may have noticed, we held a news conference this morning to announce further progress in our investigation into the privacy practices at Facebook. Our news release is now available, as is Facebook’s.

The changes proposed by Facebook will make it easier for users to make clear and informed decisions about how to share their personal information within the popular social networking site – and with whom.

Importantly, Facebook has announced that it will be making changes to its API. These changes will, effectively, force developers to acknowledge what pieces of information they would like to access in your profile, and why. The changes will also give each user the opportunity to deny an application access to that piece of information.

Here’s an excerpt from our news release:

Third-party Application Developers

Issue: The sharing of personal information with third-party developers creating Facebook applications such as games and quizzes raises serious privacy risks. With more than one million developers around the globe, the Commissioner is concerned about a lack of adequate safeguards to effectively restrict those developers from accessing users’ personal information, along with information about their online “friends.”

Response: Facebook has agreed to retrofit its application platform in a way that will prevent any application from accessing information until it obtains express consent for each category of personal information it wishes to access. Under this new permissions model, users adding an application will be advised that the application wants access to specific categories of information.  The user will be able to control which categories of information an application is permitted to access. There will also be a link to a statement by the developer to explain how it will use the data.

This change will require significant technological changes. Developers using the platform will also need to adapt their applications and Facebook expects the entire process to take one year to implement.

As many have rightly pointed out, it seems contradictory to participate in a social network and to then attempt to restrict access to some or all of your personal information.

To us at the Office, users should have the chance to find out what information is being collected by the social networking site or a third party application, and for what reason. Third party applications have long been a concern to members of the privacy advocacy community, since they have had relatively free access to the information stored in your Facebook profile.

If you have any doubt about the extent of the access granted to apps, just take this handy quiz developed by the Northern California chapter of the ACLU – but make sure to delete the app once you’re finished! (Facebook has instructions for that )

Thankfully, Facebook has made it clear that they consider the privacy of their users to be a priority – and maybe even a competitive advantage in comparison to other social networks.

The changes announced today will take months to implement, but the Office will continue to monitor progress on this important issue.