You Might be Interested In

Entry written by Kristen Yates, Senior Public Education Officer, Office of the Privacy Commissioner of Canada.

It can be tough raising kids in a digital environment. Many of them use the Internet effortlessly, and easily adapt to new devices that connect to it. For many of us, these tools have become a routine part of our children’s lives, as they use them to chat, surf, post, play and learn. The Internet has become one of the most powerful tools they have to connect with friends and make new ones.

Many kids, however, don’t fully understand the impact that some online activities may have on their privacy. The Office of the Privacy Commissioner of Canada has come up with a new tip sheet that offers 12 practical tips for parents interested in discussing online privacy with their kids. The tips include simple ideas and advice that parents may use to limit risks to their child’s personal information, while allowing them to continue enjoying their time online.

 Here is a quick list of the tips. Look at the tip sheet for detailed information on each tip!

1. Talk to your kids.
2. Try it out.
3. Keep up with the technology.
4. Make restricting privacy settings a habit.
5. Make password protection a priority.
6. Emphasize the importance of protecting mobile devices.
7. Remind your kids that what they post on the Internet is not always private.
8. Teach your kids to think before they click.
9. Stress the importance of knowing your real friends.
10. Teach your kids that their personal information is valuable.
11. Let your kids know that you are there if they make a privacy mistake.
12. Set a good example.

These tips were launched this week as part of our Office’s week-long campaign leading up to Data Privacy Day. For more information on the Office’s Data Privacy Day activities and resources, go to www.priv.gc.ca.

For more information on talking to your kids about how their use of technology can affect privacy, visit www.youthprivacy.ca/en/teachers.html.

Entry written by Kristen Yates, Senior Public Education Officer, Office of the Privacy Commissioner of Canada.

We all know how savvy kids are with the Internet and online tools. Many of them are way ahead of adults in adapting to new technologies, making it difficult to keep up with them – let alone educate them on online privacy.

The Office of the Privacy Commissioner of Canada is here to help. Today, we launched a new video, tip sheet and presentation package  for youth in grades 7 and 8 (Secondary I and II in Quebec) that will help parents and teachers talk to youth about the importance of protecting their privacy online.

The new video speaks to teens and ‘tweens alike, and covers the key privacy concepts kids need to consider when sharing information online. The video may be viewed online or downloaded to support discussion.

The new tip sheet offers 12 practical tips for parents interested in discussing online privacy with their kids. The tips include simple ideas and advice that parents may use to limit risks to their children’s personal information, while allowing them to continue enjoying their time online.

The Grades 7 and 8 presentation package is the latest release in the Office’s Protecting Your Online Rep presentation series. The package includes slides, speaking notes and discussion topics for use by educators and community leaders to speak with young people about online privacy. The new presentation offers much of the practical privacy advice found in the presentation package for grades 9 to 12, which our Office launched last fall, only the graphics and speaking notes have been tailored to the social realities and online activities of younger students.

These tools are being launched this week as part of our Office’s week-long campaign leading up to Data Privacy Day. For more information on the Office’s Data Privacy Day activities and resources, go to http://www.priv.gc.ca/resource/dpd/2012/index_e.cfm.

Entry written by Heather Ormerod, Senior Communications Advisor, Office of the Privacy Commissioner of Canada.

Once a year, privacy advocates and enthusiasts around the world get the chance to collectively shine a spotlight on the issue of online privacy.

Data Privacy Day, which is celebrated annually on January 28, is an annual international celebration designed to promote awareness about privacy and education about best privacy practices. Granted, it doesn’t rank up there with Canada Day or Thanksgiving in terms of food, fun or festivity, nevertheless it is a date worth circling on the calendar.

In this digital age, where our online activities can so easily be tracked, stored, shared and analyzed, and we are under constant pressure to share more and more personal information, we are all feeling a bit uneasy about all that personal data floating around in cyberspace.

It’s not that we want to turn our backs on the limitless potential of the Internet. We just need to figure out how we can all limit the potential for online personal information to be misused and abused.

The answer? When it comes to sharing personal information, think less is more.  

Once our personal information is on the Internet, we have very little control over who sees it, how it is used, or how long it will be available. By sharing less personal information, we can help limit our exposure and the risks of our personal information being misused, abused or disclosed without consent.

So, whether we are social networking, using an app on a mobile device, or signing up for discounts and deals, we need to think carefully about the personal information we are putting into cyberspace.

Less is more is also good advice for businesses and organizations that collect personal information. Collecting and holding excess data raises the risks for customers, but it is also costly for businesses because it increases the risk of data breaches, which can be damaging to businesses’ reputations and expensive to clean up.

This week, the Office of the Privacy Commissioner of Canada is pleased to join governments, privacy professionals, corporations, academics and students from around the world, in marking Data Privacy Day.

Our Office will be engaging in a number of activities in the week to leading up to January 28, such as the launch of some new youth privacy tools, and presentations to youth, public servants, businesses and staff. The Office has also produced some new resources, such as posters and graphics which can be used to raise awareness of privacy in any organization.

For more information on the Office’s Data Privacy Day activities and resources, go to our Data Privacy Day web page or http://www.priv.gc.ca/.

Given the time of year, many Canadians are spending time in malls. 

By now, most have come to terms with the fact that security cameras survey nearly every corner of every store. 

This is well known – and if stores obey Canada’s private sector privacy law, they provide notice.

In short, if you’re out shopping, you’re informed that you’re on camera.

But now, how would you feel if there were people on the other side of the cameras, not simply monitoring to see what you might steal, but instead keeping tabs on the specific stores you visited … of the specific brands, styles, colours and sizes of clothes you tried on … on the magazines you leafed through at a newsstand … of what exactly you ordered from the food court … in addition to everything you actually bought from stores during your visit?  

Copious notes would be recorded throughout and filed upon your exit. 

Upon returning, you would be recognized and new data would be entered into your file accordingly.

This may sound far-fetched, but something similar is happening regularly to eight in 10 Canadians aged 16 and older, according to Statistics Canada’s latest figures.

While it’s not actually happening to people browsing in malls, it is happening to most anyone browsing online, through a practice called behavioural advertising.

Online advertising used to consist of mini billboards that came up for everyone who visited a certain page or made a particular search query.

Today, increasingly, ads are based on profiles compiled on us by tracking our browsing activity over time. 

It’s usually carried out by third-parties who follow users via cookies or web beacons.

These effectively lay a trail of digital bread crumbs which are tracked and analyzed to determine your interests based on where and what you click and, in turn, what ads may interest you which are effectively “beamed” onto pages upon your visit.

Some people appreciate ads being tailored to them.

Others might feel like they’re browsing in that earlier-described mall.    

Either way, the information involved in this practice can identify individuals and will generally constitute personal information under Canada’s private sector privacy law.

As a result, individuals must be made aware of what’s happening when they browse and provide meaningful consent. 

If you were unaware of this practice, you’re not alone. In general, to find out you’re being tracked, you need to dig down deep into a typical website’s lengthy, legalistic privacy policy.

To be fair, this is a fairly new practice in the still evolving digital world. Some advertisers are making an effort to inform users and many may be unsure how to ply their trade in compliance with privacy law.

For example, what constitutes meaningful consent?

This is why my Office has just released a new guidance which explains that “opt-out” consent may be used so long as some conditions are met.

First, individuals must be:

• made aware of the purposes for the practice in a manner that is clear, obvious and understandable.  In other words, one shouldn’t have to hunt for it;
• informed of these purposes at or before the time of collection and should be provided with information about the parties involved in the advertising; and
• able to easily opt-out of the practice, ideally at or before the time the information is collected.

In addition, the opt-out should both take effect immediately and be persistent, while the information collected and used:

• must be limited, to the extent practicable, to non-sensitive information (for example, avoiding sensitive data such as health information); and
• should be destroyed as soon as possible or “anonymised,” so if someone gains access to it through say hacking, it can’t be used to identify specific individuals.

Further, the use of tracking techniques of which users are unaware and can’t decline such as web bugs, web beacons and super cookies in the current context of behavioural advertising should be avoided.

On top of this, websites specifically aimed at kids should not allow tracking for behavioural advertising, as it is difficult to obtain meaningful consent from children. 

Attention to this is needed as a recent report noted 40 percent of kids aged two to four have used a smartphone, tablet or video iPod.

All told, in the months to come, we’ll be watching the watchers to see that our guidance is being followed. 

And if we see troubling trends, we’ll take enforcement action.

Many people would tend to think of Internet content as being free.

And indeed, we can spend seemingly endless hours reading online news articles and watching Youtube videos, all without handing over a penny.

But is there a cost?

One might say that depends on how much you value your privacy.

One thing beyond dispute however, is the fact that advertisers see immense value in the data trails we create when surfing the web.

Our IP number can reveal the city or region in which we live.

Our web traffic can provide a pretty strong sense of what we’re interested in, particularly if it shows we travel to the same sites regularly or even daily.

All this to say, once a site you visit provides you with a cookie, advertisers follow the trail of crumbs.

In the end, they target and tailor ads to your perceived interests which appear on various sites you visit.

Some may see benefits in this as they’d prefer being offered products and services that do indeed correspond to their interests.

Others may chafe at the thought of being ceaselessly monitored.

For anyone who wants to learn more about behavioural advertising, I invite you to click here to read our latest fact sheet.

And stay tuned. You’ll be hearing more from us on this in the weeks to come in the form of new information for organizations

As a small business owner, you wear many hats. You’re the Chief Executive Officer, the Chief Financial Officer, the VP of Marketing and Sales. And of course, you’re also the Chief Information Officer and Chief Privacy Officer. While big business has the budget to keep legal advisers on retainer to deal with privacy issues, this isn’t a likely option for you.

This is one of the major reasons why the Office of the Privacy Commissioner has developed a suite of tools and resources over the years to help you meet your privacy obligations and build trust with your customers and clients. 

By running your business, you’re making an important contribution to the economy and your community. And it’s our pleasure to do what we can to make things easier for you. Speaking of which, listed below, you’ll find all of these tools in one place.

Cybersecurity for Small Business Articles:

• Steps toward stronger cybersecurity for your business

Guidance for Small Businesses:

• A Guide for Businesses and Organizations
• Privacy Guide for Small Businesses: The Basics
• Guidelines for Processing Personal Data Across Borders

Online Tools:

• Privacy for Small Business online tool
• Securing Personal Information: A Self-Assessment Tool for Organizations

 Fact Sheets:

• Complying with the Personal Information Protection and Electronic Documents Act
• Determining the appropriate form of consent under the Personal Information Protection and Electronic Documents Act
• Privacy Legislation in Canada
• Truncated Credit Card Numbers – Why stores should print only partial credit card information on customer receipts
• Businesses and Identity Theft
• Organizations’ Guide to Complaint Investigations under the Personal Information Protection and Electronic Documents Act
• Best Practices for the use of Social Insurance Numbers in the private sector
• Introduction to cloud computing

The federal, Alberta and British Columbia Privacy Commissioners have created an online tool that will help small and medium-sized businesses better safeguard the personal information of customers and employees.

The Securing Personal Information: A Self-Assessment Tool for Organizations is a detailed online questionnaire and analysis tool that helps organizations gauge how well they are protecting personal information, in keeping with the applicable private-sector privacy law.

The tool is comprehensive and detailed, but also offers users the flexibility of focusing on areas most relevant to their own enterprise. The self-assessment and analysis process results in a framework that organizations can use to systematically evaluate and improve their data-security practices.

The Securing Personal Information Self-Assessment Tool is available via the commissioners’ websites: www.priv.gc.ca; www.oipc.ab.ca; and www.oipc.bc.ca.

To access all of the small business tools developed by the Office of the Privacy Commissioner of Canada, click on: www.priv.gc.ca/resource/sbw/2011/index_e.cfm

Over the last few years, the word “cloud” has been given new life. 

At one time, it was associated with blocking out the sun or bringing rain. 

Today it’s become synonymous with providing access anywhere, anytime to the photo-sharing, email and social network accounts of individuals and cutting IT infrastructure costs for businesses.

Put simply, cloud services allow users to access data over the Internet which is stored or hosted on third party servers. In other words, the third party stores it so you can spare your hard drive additional burden. 

As the use of cloud computing services increases, my Office has developed a fact sheet answering questions you may have on the privacy implications of this growing trend.

For example:

• What are the security risks (and/or benefits) of cloud services?
• How does Canada’s private sector privacy law apply to such services?
• May the laws of countries where data is hosted apply?

All in all, whether you’re a small business owner weighing the pros and cons of a cloud service to store customer or client data, or if you’re considering an affordable, less memory-taxing way to store your family photos, I encourage you to give it a read, by clicking here. 

And stay tuned, because our Office is also preparing some words of advice specifically for small – and medium-sized enterprises considering using cloud services which will be available in the coming months.

We’re launching our fourth annual My Privacy & Me Video Contest, where students aged 12 to 18 show us what they have to say about privacy.

To participate, we’re asking them to create their own video public service announcements about privacy issues related to any one of these four categories:

• mobile devices;
• social networking;
• online gaming; or
• cybersecurity.

All contest details can be found here.

Entries must be submitted by teams of one or two people. Schools may submit up to 10 different videos. (If a school has more than 10 videos to submit, we suggest a contest be held within the school to select the 10 best submissions for this contest).

First-place winners in each category will receive a $350 gift card, second-place winners will receive a $200 gift card, and third-place winners will win a $100 gift card. The deadline is Wednesday, Feb. 1, 2012 at noon ET.

For inspiration, we encourage teams to watch the 2010 winning videos. Then, power up their video cameras, and show us what they have to say!

The Office of the Privacy Commissioner of Canada is launching a new youth privacy tool that will help teachers and community leaders talk with younger Canadians about their privacy online.

The tool launched today is called Protecting Your Online Rep and comes right in time for back-to-school. It offers people who work with youth all the information necessary to provide an engaging and effective presentation in their own school or community.

The package includes a PowerPoint presentation with detailed speaking notes for each slide, along with class discussion topics, for Grades 9 to 12 (Secondary III to V in Quebec). Educators and others interested in delivering the presentation can find the package here.

The goal of the new tool is to teach young people that technology can affect their privacy, and to show them how to build a secure online identity and keep their personal information safe.

Link to news release