• No results found

Is There Such a Thing as Internet Privacy?

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Is There Such a Thing as Internet Privacy?"

Copied!
28
0
0

Loading.... (view fulltext now)

Download now ( 28 Page )

Full text

(1)

LAWYERS

Is There Such a Thing as

“Internet Privacy”?

April 13, 2015

(2)

LAWYERS

Click to edit Master title style

 What is “Internet Privacy”?

 Why does it matter?

 What laws govern Internet Privacy?

 What do individuals need to know about Internet Privacy?

 What are the risks?

 How do the laws protect you?

 What can you do to protect yourself?

 What do organizations need to know about Internet

Privacy?

 What are an organization’s privacy law obligations?

Agenda

(3)

LAWYERS

Click to edit Master title style

What is “Internet Privacy”?

 “Internet Privacy” is the privacy and security level of

personal information published or available via the internet.

 It is a broad term referring to the various concerns, technologies, and strategies for protecting information, communications, and choices that are meant to be private.

 In general, using the internet often means giving up some

measure of privacy.

 Taking certain precautions can reduce the privacy risks

(4)

LAWYERS

Click to edit Master title style

 Canadians log an average of 43.5 hours of online

browsing per month, and nearly half of Canadians are on Facebook.

 The Internet is part of almost every aspect of our lives –

both personal and work-related.

 Online data:

 is permanent

 is never entirely private and leaves data trails

 over time, reveals a lot about who you are, what you do, and what you like and dislike

 is very valuable – for businesses and for criminals

Why does it matter?

(5)

LAWYERS

Click to edit Master title style

 Federal:

Personal Information Protection and Electronic Documents Act

(“PIPEDA”) Privacy Act

Canadian Anti-Spam Laws (“CASL”)

 Saskatchewan:

The Freedom of Information and Protection of Privacy Act (“FOIP”)

The Local Authority Freedom of Information and Protection of Privacy Act (“LAFOIP”)

The Privacy Act

 Laws relating to specific organizations or activities (e.g. the

Bank Act, cyber crimes or terrorism laws)

 Common law

What Canadian laws govern Internet

Privacy in Saskatchewan?

(6)

LAWYERS

Click to edit Master title style

R. v. Spencer:

 Supreme Court of Canada decision from June 2014

 Police requested Internet Protocol address used to access and store child pornography

 Ruling: internet users have a “reasonable expectation of privacy” in their “subscriber information”

Can you expect your online activities to

be private?

(7)

LAWYERS

Click to edit Master title style

Individuals & Internet Privacy -

What are the risks?

(8)

LAWYERS

Click to edit Master title style

 There are many threats to Internet Privacy, but some key

threats are:

 Threats to Personal Information

 Risks relating to Social Networking Sites  Online “Spam”

(9)

LAWYERS

Click to edit Master title style

 Collection, use, and disclosure of personal information

about you – e.g. “Cookies”, information that you voluntary provide, information from other organizations

 Online fraud – others using your credit card, stealing

money from your bank account, etc.

 Identity Theft – others pretending to be you to open credit

card and bank accounts or take out loans, redirect mail, set up cellphone service, rent or buy vehicles, equipment, or accommodation, secure employment, commit crimes, etc.

 “Social engineering” attacks

(10)

LAWYERS

Click to edit Master title style

“Social engineering” attacks: using influence and

persuasion to deceive people into divulging personal information.

 “phishing”

 “spear phishing”

 “pharming”

 “vishing”

(11)

LAWYERS

Click to edit Master title style

 Use of social media to build social engineering attacks or

to commit identity theft or fraud

 Loss of employment or academic opportunities or

employment or professional discipline

 Embarrassment

Threats Relating to Social Networking

Sites

(12)

LAWYERS

Click to edit Master title style

 More than just unsolicited emails

 Potential for serious damage to your computer or risk to your personal information

 Threats commonly associated with spam:

 Address harvesting  Botnet

 Denial-of-service (DoS) attacks  Dictionary attack

 Malware  Phishing

(13)

LAWYERS

Click to edit Master title style

 Require organizations to obtain your consent to collect,

use, or disclose your personal information.

 Limit how organizations can collect, use, or disclose your

personal information.

 Give you a right to see what information an organization

has about you, and to correct errors in such information.

 Privacy Commissioners can investigate complaints about

possible violations of applicable laws.

 Anti-spam laws are intended to prevent unsolicited

commercial electronic messages (e-mails, text messages, etc.)

Individuals & Internet Privacy –

How do privacy laws protect you?

(14)

LAWYERS

Click to edit Master title style

Protecting Canadians from Online Crime Act

 New criminal offence for distribution, advertising of “intimate images” without consent

 Cyber Bullying - expansion of existing criminal code offences to include electronic communications

 Lawful access provisions

Individuals & Internet Privacy –

How do privacy laws protect you?

(15)

LAWYERS

Click to edit Master title style

 Require organizations to collect, use, or disclose your

information in certain circumstances.

Individuals & Internet Privacy –

(16)

LAWYERS

Click to edit Master title style

Cannot eliminate the risk, but you can reduce the risk:

Protect your computer

Update your browser

Be suspicious of e-mails

Don’t click on links or call numbers in e-mails

Ensure that you are using an authentic, secure website

Watch out for suspicious or unfamiliar clickable items

Read website privacy policies

Limit the information you provide

Use and update appropriate security settings and passwords

Report as soon as possible if you suspect your personal

(17)

LAWYERS

Click to edit Master title style

 What personal information is the organization collecting?

 How is the organization collecting your personal information?

 What is the organization using your personal information for?  Will the organization be sharing your personal information with

third parties?

 Where will your personal information be stored?

 Does the organization have appropriate safeguards in place?

 Does the organization have a contact responsible for privacy and access/amendment to my personal information?

What to Look for in Website Privacy

Policies

(18)

LAWYERS

Click to edit Master title style

Organizations – Obligations Under

Privacy Legislation

 Privacy legislation contains requirements regarding

collection, use and disclosure of personal information:

 Limits on the collection, use and disclosure of PI  Subject individual’s consent is required to collect PI

 Exceptions to the general consent rule (these vary from statute to statute)

 Collection of PI must be reasonable for the purpose for which it is collected

 Reasonable steps must be taken to ensure that PI collected is accurate, complete and up-to-date

(19)

LAWYERS

Click to edit Master title style

Organizations – Privacy Compliance

Program

(20)

LAWYERS

Click to edit Master title style

Organizations – Privacy Compliance

Program

 Organizational Commitment

 Buy-in from the Top  Privacy Officer

 Program Controls

 Personal Information Inventory  Policies

 Risk Assessment Tools

 Training and Education Requirements  Privacy Breach Protocols

 Service Provider Management  External Communication

(21)

LAWYERS

Click to edit Master title style

Organizations – Protecting Customers:

10 Tips for a Better Privacy Policy

Make your privacy policy about your business

 Be specific and provide meaningful information

 It’s about more than cookies – how do you collect, use and disclose personal information?

 Privacy choices (i.e. opt-outs)

 Access/amendment processes

 Update your privacy policy regularly

 Make it easy to contact you

 Make privacy information easy to find

 Use plain language

(22)

LAWYERS

Click to edit Master title style

 Is personal information processed outside of Canada?

 Not prohibited, but PIPEDA sets out guidelines.

 If information used for the purpose it was originally collected, additional consent not required.

 Outsourcing the processing of personal information does not outsource accountability.

 Organizations must be transparent about their personal information handling practices. This includes advising customers that their personal information may be sent to another jurisdiction for processing.

(23)

LAWYERS

Click to edit Master title style

Organizations – What Happens If There is a Privacy Breach?

(24)

LAWYERS

Click to edit Master title style

Digital Privacy Act (proposed)

– mandatory notification

Saskatchewan OIPC recommendations:

 Step 1 – Contain the Breach

 Step 2 – Investigate the Breach

 Step 3 – Assess and Analyze the Breach

 Step 4 – Notification: Who, When and How to Notify

 Step 5 – Prevention

 Role of the OIPC

Organizations – What Happens If There is a Privacy Breach?

(25)

LAWYERS

Click to edit Master title style

Investigation/Review by Privacy Commissioners

The Privacy Commissioners and complainants may

seek remedies for non-compliance in the court system

Digital

Privacy

Act:

Compliance

Agreements

(proposed)

Organizations – What Happens If You Don’t Comply

(26)

LAWYERS

Click to edit Master title style

 Many useful websites:

 Privacy Commissioner of Canada

 Information and Privacy Commissioner of Saskatchewan

 MLT Privacy and Technology Blogs

(27)

LAWYERS

Click to edit Master title style

Thanks for attending!

Please note that the information contained in this presentation is general in nature and does not constitute legal advice, nor is it exhaustive on the

subjects noted.

(28)

References

Download now ( PDF - 28 Page - 580.00 KB )

Related documents

Database of Pune Builders

Bhat Housing company 1348,Sadshivpeth, Kamalbhai Bhat Marg, Near Chimnya Ganpati Temple Pune

Unstrained and strained flamelets for LES of premixed combustion

The unstrained and strained flamelet closures for filtered reaction rate in large eddy simulation (LES) of premixed flames are studied.. The required sub-grid scale (SGS) PDF in

Seleksi Bakteri Penambat Nitrogen Dan Penghasil Hormon Iaa (Indole Acetic Acid) Dari Rizosfer Tanah Perkebunan Kedelai (Glycine Max L.)

dilakukan oleh Firrani (2011), didapatkan hasil bahwa kemampuan isolat bakteri tertinggi dalam menambat nitrogen hanya menghasilkan 3.13 ppm yaitu bakteri yang

Competing Risks Data Analysis with High-dimensional Covariates: An Application in Bladder Cancer

In the present study, we aimed to compare the performance of three variable selection methods including Lasso, elastic net, and likelihood-based boosting for analysis

Scandinavian object shift, remnant VPtopicalisation,

As Fox & Pesetsky (2005a) observe, remnant VP-topicalisation is possible in Swedish under certain conditions: In double object constructions, topicalisation of a non-finite

KIBS for public needs

The main difference between purchases of KIBS in the private and public sectors is the method of procurement. The private sector is free of any constraints either on the choice

Aboriginal Agency and Marginalisation in Australian Society

These organisations include remote Com- munity Councils and urban community organisations providing legal aid and health services; Land Councils; Native

Developing collective leadership for health care

• Leaders need to ensure that all staff adopt leadership roles in their work and take individual and collective responsibility for delivering safe, effective, high- quality