You Might be Interested In

A recent research report titled Research Related to Privacy and the Use of Geospatial Information explores Canadian’s awareness of the uses of location (or geospatial) data and their concerns about privacy when it comes to sharing their location-linked personal information.

The research examined Canadian’s concerns with the privacy of their personal information generally, level of comfort with sharing location-linked personal information, level of awareness and use of location-tracking devices such as Global Positioning Systems (GPS) and use and comfort level with online mapping tools.

This report was commissioned by Natural Resources Canada through its GeoConnections initiative.  A couple of highlights…

It was confirmed that respondents had a very low general understanding of what “geospatial data” is and struggled when trying to define terms such as “location-based information” or “location-based personal information”.

The study found that generally speaking, respondents are concerned about the privacy of their personal information (with over 80% stating they are “concerned” or “very concerned”).

When it comes to sharing location-linked personal information, control over the information being shared and the overall purpose for sharing the information were the two key drivers of comfort.  Respondents felt most comfortable if they have a high degree of control over the sharing of their information and the reason for sharing their location-linked personal information was related to a public good such as enhanced public safety or improved health care.

And what made Canadians uncomfortable?  Canadians became uncomfortable when they had no control over the sharing of their location-linked personal information and when their location-linked personal information was being used for economic reasons or targeted marketing.

There was support for the role of Government in the regulation of geospatial information.  For example, with regard to individual’s real-time movements, over 68% of respondents thought it was important for the Government of Canada to regulate the collection and sharing of location-linked personal information.  The majority of respondents (74%) thought it was important for the Government of Canada to regulate images of private residences appearing on internet mapping tools.

Who do Canadians trust with their location-linked personal information?  Level of trust was highest for medical institutions (58%) followed by federal and provincial governments (46%).  Interestingly, trust levels for federal and provincial governments were somewhat higher than for municipal government (35%) – proponents of the smart grid may have a bit of work to do.

And who was trusted least?  Social networking sites (6%), which is curious considering the sheer volume of personal information we voluntary give up to these sites (including increasing amounts of location-linked personal information).

It is notable that this research was completed just prior to Google’s Streetview going live in Canada.  With the launch of Streetview and the ever growing availability of new, innovative and useful location-based services such as friend finders, local search and restaurant recommenders, it will be interesting to see whether geospatial information evolves into a top-of-mind privacy issue for Canadians.

On Data Privacy 2010 we’d like to take a moment to remind everyone that is the responsibility of both individuals and companies to make sure that personal information is safe.

If you own a company, or work for a big one: in the past, you may have had to ensure that your customers’ name and address information (and in some cases credit card and billing information) were safe. Now, many of you are providing technology and tools for your customers to put increasing amounts of personal information online. Does your company have the systems in place to safeguard this information? Do you give your customers the tools and options to control how their information is used?

If you are a user of new and cool technology: in the past a telephone was a telephone, a video game was a video game, a stuffed toy was simply that – a stuffed toy. Today, more and more toys and handheld tools come with the ability to go online. Do you understand how to enjoy your toys and gadgets without putting your personal information at risk?

If you are a parent or guardian, teacher, coach or caregiver: do the young people in your life understand how to use all these new toys and gadgets while keeping their personal information safe? Our office has recently made youth privacy a key priority. Today, we have posted some new resources to the Parents & Teachers section of our youth web site. The resources include information on 12 privacy issues (such as the importance of privacy settings and knowing who your friends are on social networking sites), along with ideas for generating discussion about each issue with young people. You can use these resources to start discussion about personal privacy and the importance of thinking about what you post on the Internet.

Regardless of which group you are in – if you need any information about how to keep personal information secure, visit our web sites – priv.gc.ca and youthprivacy.ca.

Here we go again! For the seventh year in a row, the Office of the Privacy Commissioner of Canada is launching its Contributions Program, which funds data privacy research and public awareness projects.

We’re very proud of the Contributions Program, partly because it’s considered one of the leading programs of its kind in the world. Since 2004, we’ve been using the Program to advance data privacy knowledge by funding major research projects, all of them led by Canadian researchers. And for the past two years, the Program has helped civil society organizations educate a growing number of Canadians about privacy.

We’re once again making $500,000 available to researchers and civil society organizations who want to apply for funding: $50,000 per project and $100,000 per organization. This year we’re especially interested in funding research projects into the impact of technology on privacy, a hot topic if there ever was one! As well, even though we prefer to fund projects that wrap up in the year the funding is provided (in this case, the 2010-11 fiscal year), we’re willing to fund projects that continue into the next fiscal year (projects ending after March 31, 2011).

Well, there you have it! If you are interested in privacy and feel you have a contribution to make (no pun intended) as a researcher or civil society organization, go ahead and apply. The 2010-11 application deadline is February 26, 2010.

For more information or to access our application form, go to our Web site at http://www.priv.gc.ca/resource/cp/p_index_e.cfm.

I know. It’s kind of boring when I only post excerpts from our more formal publications. In some cases, though, the traditional news release and backgrounder nail the issue and the details.

We’re ” … hosting consultations with Canadians on issues that we feel pose a serious challenge to the privacy of consumers, now and in the near future.

The topics to be explored include the online tracking, profiling and targeting of consumers by businesses, and the growing trend towards cloud computing.

The aim of this consumer consultation is to learn more about such industry practices, explore their privacy implications, and find out what privacy protections Canadians expect with respect to these practices. The consultation is also intended to promote debate about the impact of these technological developments on privacy, and to inform the next review process for the Personal Information Protection and Electronic Documents Act (PIPEDA).

The centerpiece of the consultations will be a series of single-day panel discussions [in Toronto, Montreal and elsewhere] involving a range of participants, including representatives of industry, government, consumer associations and civil society. In order to canvass the broadest possible range of views in preparation for these events, we are also welcoming written submissions.”

More details on the public consultations can be found elsewhere on our site.

Do your loved ones have toys on their wish lists this holiday? A stuffed animal for a little one… a cell phone or a camera for a teen? These days, these toys and gadgets are more than they used to be. Just a few years ago a stuffed animal was something to cuddle with and a phone was, well, just a phone! Now, many stuffed animals come with codes that allow kids to register them online so that they can play games, feed and care for them, and even chat and play with other kids. And many cellphones are phones, computers and cameras, all in one.

And while such toys and gadgets can be fun, we want people to enjoy them without putting their privacy and personal information at risk.

Here are our tips for protecting your privacy as you and your loved ones enjoy your new gadgets and toys. For parents especially:

Understand new toys and their capabilities – It is important to understand the capabilities of new toys and how your children will use them. Speak with your kids about how they will use the toy and, where appropriate, agree on guidelines and limits.

Pay attention to privacy settings and parental controls – Privacy settings on social networking sites control what people see about you. Only allow your friends to see your page, your posts, your photos and your applications. Parents, if you depend on parental control software that is installed on your desktop, remember that. Those controls won’t be in place on new mobile devices.

Remember, with Wi-Fi, children can access the Internet from anywhere in the house – And if their new toy/gadget has Internet capabilities they can also use it to access the Internet from locations and networks outside your supervision and control.

Here are our tips for protecting your privacy as you and your loved ones enjoy your new gadgets and toys. For everyone:

Think before you click – The Internet is a public arena, and photos and comments you post are permanent. Even if you delete them from a web page, they could continue to exist in archived pages, in your computer’s cache or on the computers of other Internet users who may have copied them. If you don’t want certain people to see something, now or in the future, don’t post it!

Pick and protect the perfect password – Your information is only as safe as your passwords. Use different passwords for different systems; make sure they are strong (eight characters or more and a variety of letters or numbers); never share them with anybody; and change them regularly.

Know your friends – Online, you can’t be 100 per cent sure who you are talking to. Don’t accept friend requests from people you don’t know in real life.

Protect your identity – Identity theft is a growing problem and the Internet is the least private of spaces. Don’t post or e-mail personal details such as your social insurance number, phone number, home address or birth date.

Be careful on online gaming sites – Online gaming sites are hotbeds of people accessing personal information. Be aware that ill-intentioned people can use information from your profile to establish accounts in your name, or use your stolen identity to access your existing accounts.

Be wary of e-mail or instant messages from unknown people – Don’t open online messages that seem odd or are from someone you don’t know. They could contain a virus or let a hacker gain access to your computer.

Have a happy holiday and enjoy all your new toys!

It’s also the 20^th anniversary of the day the United Nations General Assembly adopted the Convention of the Rights of the Child. A significant milestone, this made privacy a basic human right for everyone under the age of eighteen.

Privacy is a right that all young people should enjoy, no matter where they live. With today’s world being so different than it was 20 years ago, this is something they may not think much about. Today, young people are videotaped by security cameras almost everywhere they go. They are asked for their postal code or driver’s license number when they buy a pair of jeans. They can instant message, update their statuses, download music, talk to friends on Facebook and play games on their computers with people all around the world. Twenty years ago, if someone wanted to get in touch with you they had to phone you or send you a postcard!

It is so easy for young people to overlook their privacy rights and why they’re so important. And it’s easy to forget about the risks that are out there if they don’t protect their personal information. These risks can range from nuisance (all those marketers who are looking for people to target their ads to) to serious (from the people on the Internet who are looking for identities to steal, to the predators who are looking for victims). Many of them also tend to forget that when they post comments, photos and videos, online, that information is public and permanent and almost impossible to remove.

So today, on National Child Day, take a minute and remind the young people in your life, in your community, that privacy is their right. Have them look around youthprivacy.ca and click through the pages. Encourage them to find information about how they can have fun online while protecting this valuable basic human right.

Now that Canada has officially entered the “second wave” of the H1N1 flu season, and the United States President has proclaimed the H1N1 pandemic to be a national emergency, Canadians are staring at the possibility of a significant flu outbreak. The sense of concern and urgency about how to respond to this situation presents interesting challenges for protecting the right to privacy.

As anyone who has stood in the long lines to get the new H1N1 vaccine can tell you, preparing for the potential disruptions in our daily lives as a result of the flu outbreak may well be new territory for organizations, employees, as well as customers.  And business continuity plans don’t always address important privacy questions!

To help bridge this gap, we’ve developed guidance for organizations and a fact sheet for employees to explain how privacy laws apply in the private sector workplace during the H1N1 pandemic. This important work was prepared in consultation with our counterparts in Alberta and British Columbia.

Right now, in Canada’s current “non-emergency” situation, it’s important to remember that privacy laws apply in the usual way. For example, employers can collect only the minimum amount of personal information necessary to meet a business need.

However, it’s a different story if an emergency is declared. For example, if an outbreak is declared to be a public emergency, the powers to collect, use and disclose personal information to protect the public health may be very broad. Privacy legislation would not prevent the sharing of information in the event that H1N1 is declared to be an emergency pandemic.

This guidance will be updated as circumstances warrant.

As you may have noticed, we held a news conference this morning to announce further progress in our investigation into the privacy practices at Facebook. Our news release is now available, as is Facebook’s.

The changes proposed by Facebook will make it easier for users to make clear and informed decisions about how to share their personal information within the popular social networking site – and with whom.

Importantly, Facebook has announced that it will be making changes to its API. These changes will, effectively, force developers to acknowledge what pieces of information they would like to access in your profile, and why. The changes will also give each user the opportunity to deny an application access to that piece of information.

Here’s an excerpt from our news release:

Third-party Application Developers

Issue: The sharing of personal information with third-party developers creating Facebook applications such as games and quizzes raises serious privacy risks. With more than one million developers around the globe, the Commissioner is concerned about a lack of adequate safeguards to effectively restrict those developers from accessing users’ personal information, along with information about their online “friends.”

Response: Facebook has agreed to retrofit its application platform in a way that will prevent any application from accessing information until it obtains express consent for each category of personal information it wishes to access. Under this new permissions model, users adding an application will be advised that the application wants access to specific categories of information.  The user will be able to control which categories of information an application is permitted to access. There will also be a link to a statement by the developer to explain how it will use the data.

This change will require significant technological changes. Developers using the platform will also need to adapt their applications and Facebook expects the entire process to take one year to implement.

As many have rightly pointed out, it seems contradictory to participate in a social network and to then attempt to restrict access to some or all of your personal information.

To us at the Office, users should have the chance to find out what information is being collected by the social networking site or a third party application, and for what reason. Third party applications have long been a concern to members of the privacy advocacy community, since they have had relatively free access to the information stored in your Facebook profile.

If you have any doubt about the extent of the access granted to apps, just take this handy quiz developed by the Northern California chapter of the ACLU – but make sure to delete the app once you’re finished! (Facebook has instructions for that )

Thankfully, Facebook has made it clear that they consider the privacy of their users to be a priority – and maybe even a competitive advantage in comparison to other social networks.

The changes announced today will take months to implement, but the Office will continue to monitor progress on this important issue.

How comfortable, exactly, are online users with their information and online browsing habits being used to track their behaviour and serve ads to them?

A survey of Canadian respondents, conducted by TNS Facts and reported by the Canadian Marketing Association, reports that a large number of Canadians and Americans “(69% and 67% respectively) are aware that when they are online their browsing behaviour may be captured by third parties for advertising purposes.”

That doesn’t mean they are comfortable with the practice. The same survey notes that “just 33 per cent of Canadians who are members of a site are comfortable with these sites using their browsing information to improve their site experience. There is no difference in support for the use of consumers’ browsing history to serve them targeted ads, be it with the general population, the privacy concerned, or members of a site.”

But how much information are users willing to consciously hand over to win access to services, prizes or additional content?

A survey of 1800 visitors to coolsavings.com, a coupon and rebate site owned by Q Interactive, has claimed that web visitors are willing “to receive free online services and information in exchange for the use of my data to target relevant advertising to me.”

Now, my impression is that visitors to sites like coolsavings.com – who are actively seeking out value and benefits online – would be predisposed to believing that online sites would be able to deliver useful content and relevant ads.

That said, Mediapost, who had access to details of the full Q Interactive survey, cautions that users “… continue to put the brakes on hard when asked which specific information they are willing to hand over. The survey found 77.8% willing to give zip code, 64.9% their age and 72.3% their gender, but only 22.4% said they wanted to share the Web sites they visited and only 12% and 12.1% were willing to have their online purchases or the search history respectively to be shared …”
In both the TNS Facts/CMA and Q Interactive surveys, the results seem to indicate that users are willing to make a conscious decision to share information about themselves – especially if it is with sites they trust and with whom they have an established relationship.

Startling for privacy advocates is the willingness to trade data like zip code, age and gender – three data points that can effectively identify each individual when overlaid and correlated. (Kim Cameron has made this point, and academics from the University of Calgary have demonstrated how closely a postal code can target your actual street address.)

Now, users may be willing to provide that information because they fully intend to lie about it. In a survey conducted by our office in 2007, 13% of Canadians reported that they had deliberately given incorrect information to a retailer when asked for it – and that was in a face-to-face transaction. We can assume that it is far easier to mislead when simply entering information into an online form.

It is encouraging to read that respondents are reluctant to allow sites or services to share specific information about their purchases or their search habits.

A common thread seems to be emerging: consumers see a benefit to providing specific data that will help target information relevant to their needs, but they are less certain about allowing their past behaviour to be used to make inferences about their individual preferences.

They may feel their past search and browsing habits might just have a greater impact on their personal and professional life than the limited re-distribution of basic personal information by sites they trust. Especially if those previous habits might be seen as indiscreet, even obscene.

Twitter. That’s right; I’m going to talk about Twitter, making the Office of the Privacy Commissioner of Canada the official end point for the “Have you heard about Twitter?” meme. (For a quick summary of this meme, listen to this audio from a podcast called Jordan Jesse Go!)

Twitter, the instant messaging application that limits each message to 140 characters, is experiencing tremendous growth across a range of demographic groups.  Entrepreneurs, employees, supervisors, managers and executives are leaping aboard, sharing information as broad as golf scores, children’s hobbies, favourite movies, the relative tedium of on site meetings, and more interesting tidbits about their daily business.

Senior executives from across the Fortune 500 are experimenting with the service – and are being tracked by members of the traditional media.

While the Office doesn’t want to discourage the use of new technologies, especially when they seem to encourage professional development and the creation of personal networks, we continue to gently remind Canadians to watch what they say online.

This is especially true when it comes to business. Loose and quick finger work can result in uncorrectable errors and mis-statements. Every level of an organization handles information that could be considered sensitive or a business secret – from information in human resources files to the data underlying market forecasts.

Every online identity is expected to have a personality, and it is preferred that they have a professional or personal obsession that provides colour and detail to their activities.

If you are experimenting with an application like Twitter, you should have a clear idea of your desired identity in mind when putting finger to keypad.

THAT’s the way to avoid embarrassment – at home and at the office.