@ Nicole Ferraro We are holding an event on Int'l Privacy Day, Jan. 27 called "Beware of Surveillance by Design." This relates to several controversial Canadian bills that would expand the web of warrantless surveillance by the government and compelling telcos to provide 11 fields of subscriber data to law enforcement -- all without any judicial authorization. This is completely unaccepable to me and hopefully to many others. We hope to see you at our event in Toronto. Watch our website for more details. www.ipc.on.ca
@Dr. Ann Cavoukian, in Alberta and BC many bars were offering this service for the security of patrons of bars known as "Barwatch", "Barlink" and other names. How has Ontario handled these machines that scan people's IDs and uploads them to a server, and to police/RCMP's servers in real time? Alberta and Alberta had a major problem with there not being enough disclosure upon entry. Bouncers grabbing patron's IDs and scanning them without proper notice. Does Ontario have these machines? If so, how have you worked to make sure privacy is the #1 concern. Is this your area? I figured it would be since it covers data being collected that is sent over private and Internet connected servers.
@Mary agreed. Reminds me of Oracle's "Unbreakable" product launch of their database software in the early 2000s. It made them a huge target. About 6 vulnerabilities were found in about 48-72 hours if my memory serves me correctly. :)
@ Mary Jander We have three papers that outline how PbD can be embedded into the code of smart meters and smart grid developments -- at a very granular level. Most recently, we have partnered with San Diego Gas and Electric to embed PbD into their smart meter dynamic pricing program. Our white paper will be released March 8 and will demonstrate how privacy can indeed by embedded into smart meter functionality. www.privacybydesign.ca
Dr. Cavoukian thank you for taking so much time and for joining us on the board here. I saw this on your site: “Surveillance by Design:” The Threat of Looming “Lawful Access” Legislation. Can you tell us more about that?
I wish more companies took a privacy / security by design in mind pertaining to their business and the information they have and have collected on their customers, clients and non-business users and partners. Of course, I'm sure there are lots... we just hear about the nightmares. The stars in the industry are rarely mentioned. Bad press is popular.
@Paul Whyte PbD will save considerable resources and should not negatively impact the timelines to roll out new products. Properly planned from the outset, it could, in fact, save you time and it will for certain save you heartache in terms of data breaches..Privacy by Design NOT Privacy by Disaster.
@Dr. Cavoukian: Speaking of smart grids, there have been privacy issues cited by consumers hesitant to allow monitoring of home utility use into their communities. How might privacy by design be implemented to boost consumer confidence?
Re: @Ann: What are the limitations of 'privacy by design'? We prefer to think of these as "challenges:" 1) getting the buy-in of senior leadership 2) creating Privacy by Design (PbD) as the organizational culture, not just a tick-box to be checked 3) translating the 7 principles of Pbd into tangible, precision engineering language (as we have done in the areas of the Smart Grid, biometrics, and RFIDs).
@Dr. Ann Cavoukian, in Alberta and BC many bars were offering this service for the security of patrons of bars known as "Barwatch", "Barlink" and other names. How has Ontario handled these machines that scan people's IDs and uploads them to a server, and to police/RCMP's servers in real time? Alberta and Ontario had a major problem with there not being enough disclosure upon entry. Bouncers grabbing patron's IDs and scanning them without proper notice. Does Ontario have these machines? If so, how have you worked to make sure privacy is the #1 concern.
@Bolingbroke -- I touched on this; it doesn't so much matter if users know as much as if users care. If users care, it means any business that doesn't play nice with data can be attacked by rivals or governments. There will be demand for either government to keep an eye on things or consumers will stick to trustworthy brands.
@Mary, I agree. That's where the PIPEDA statute comes in and her role as commissioner to oversee their activities, and then the local provincial statutes related to privacy for Ontario. Finding that synchronicity between public sector, private sector and 'we the people'.
Dr. Ann Cavoukian, you're a star and a perfect example of what a Privacy Commissioner should be. I'm in Alberta, our privacy commissioner should be getting talking points from you. Especially after hearing about your wonderful work in grilling Google. Bravo!
@Mary, I agree, I think that's a battle that we as users and governments need to compel Facebook to make changes on based on our demands. @Paul, When Facebook makes mistakes they should be punished, but making them the 'enemy' is wrong. People love their service, so let's work with them to make it better.
For example, let's say we have two rival companies, A and B. A does a good job of privacy, B doesn't, and consumers demonstrate they prefer companies that respect their privacy. It means A can actually attack B successfully for financial gain.
Privacy and connectivity! Yes. You should be able to MANAGE your own privacy. Facebook for example; let's you manage your own privacy settings. We need this control as end-users. That's an issue - control.
As far as whose responsiblity privacy is, that's a very simplified idea. In reality most of the consumers won't be able to know for sure whether or not their privacy is protected. But if consumers demonstrate they will take action (boycotts and other financial incentives) then the other two bodies will listen.
But companies and government agencies should also be concerned about privacy. Intellectual Property, Trade Secrets, information on healthcare from citizens, and so forth. Privacy is all our responsibility.
In my opinion, the job of protecting privacy belongs to the consumer. It's the consumer who will have to demand privacy compliance, forcing the market to listen. If people just complain but don't take action then the only the government will take steps. If people take action, then the market listens and the government doesn't have to do anything.
I was part of the original working group with Industry Canada and other agencies and companies in Canada that developed the original framework for PIPEDA. So I'm very interested to hear Dr. Cavoukian's views on this.
This is exciting. As a Canadian and someone who works in IT, and who has previously worked in information security, this is a particular topic that will be quite interesting to participate in. Welcome, Dr. Ann Cavoukian, Information Privacy Commissioner for the Canadian province of Ontario, and others!
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?