• No results found

Is There Such a Thing as Internet Privacy?

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Is There Such a Thing as Internet Privacy?"

Copied!
28
0
0
Download now ( 28 Page )

Full text

(1)

LAWYERS

Is There Such a Thing as

“Internet Privacy”?

April 13, 2015

(2)

LAWYERS

Click to edit Master title style

 What is “Internet Privacy”?

 Why does it matter?

 What laws govern Internet Privacy?

 What do individuals need to know about Internet Privacy?

 What are the risks?

 How do the laws protect you?

 What can you do to protect yourself?

 What do organizations need to know about Internet

Privacy?

 What are an organization’s privacy law obligations?

Agenda

(3)

LAWYERS

Click to edit Master title style

What is “Internet Privacy”?

 “Internet Privacy” is the privacy and security level of

personal information published or available via the internet.

 It is a broad term referring to the various concerns, technologies, and strategies for protecting information, communications, and choices that are meant to be private.

 In general, using the internet often means giving up some

measure of privacy.

 Taking certain precautions can reduce the privacy risks

(4)

LAWYERS

Click to edit Master title style

 Canadians log an average of 43.5 hours of online

browsing per month, and nearly half of Canadians are on Facebook.

 The Internet is part of almost every aspect of our lives –

both personal and work-related.

 Online data:

 is permanent

 is never entirely private and leaves data trails

 over time, reveals a lot about who you are, what you do, and what you like and dislike

 is very valuable – for businesses and for criminals

Why does it matter?

(5)

LAWYERS

Click to edit Master title style

 Federal:

Personal Information Protection and Electronic Documents Act

(“PIPEDA”) Privacy Act

Canadian Anti-Spam Laws (“CASL”)

 Saskatchewan:

The Freedom of Information and Protection of Privacy Act (“FOIP”)

The Local Authority Freedom of Information and Protection of Privacy Act (“LAFOIP”)

The Privacy Act

 Laws relating to specific organizations or activities (e.g. the

Bank Act, cyber crimes or terrorism laws)

 Common law

What Canadian laws govern Internet

Privacy in Saskatchewan?

(6)

LAWYERS

Click to edit Master title style

R. v. Spencer:

 Supreme Court of Canada decision from June 2014

 Police requested Internet Protocol address used to access and store child pornography

 Ruling: internet users have a “reasonable expectation of privacy” in their “subscriber information”

Can you expect your online activities to

be private?

(7)

LAWYERS

Click to edit Master title style

Individuals & Internet Privacy -

What are the risks?

(8)

LAWYERS

Click to edit Master title style

 There are many threats to Internet Privacy, but some key

threats are:

 Threats to Personal Information

 Risks relating to Social Networking Sites  Online “Spam”

(9)

LAWYERS

Click to edit Master title style

 Collection, use, and disclosure of personal information

about you – e.g. “Cookies”, information that you voluntary provide, information from other organizations

 Online fraud – others using your credit card, stealing

money from your bank account, etc.

 Identity Theft – others pretending to be you to open credit

card and bank accounts or take out loans, redirect mail, set up cellphone service, rent or buy vehicles, equipment, or accommodation, secure employment, commit crimes, etc.

 “Social engineering” attacks

(10)

LAWYERS

Click to edit Master title style

“Social engineering” attacks: using influence and

persuasion to deceive people into divulging personal information.

 “phishing”

 “spear phishing”

 “pharming”

 “vishing”

(11)

LAWYERS

Click to edit Master title style

 Use of social media to build social engineering attacks or

to commit identity theft or fraud

 Loss of employment or academic opportunities or

employment or professional discipline

 Embarrassment

Threats Relating to Social Networking

Sites

(12)

LAWYERS

Click to edit Master title style

 More than just unsolicited emails

 Potential for serious damage to your computer or risk to your personal information

 Threats commonly associated with spam:

 Address harvesting  Botnet

 Denial-of-service (DoS) attacks  Dictionary attack

 Malware  Phishing

(13)

LAWYERS

Click to edit Master title style

 Require organizations to obtain your consent to collect,

use, or disclose your personal information.

 Limit how organizations can collect, use, or disclose your

personal information.

 Give you a right to see what information an organization

has about you, and to correct errors in such information.

 Privacy Commissioners can investigate complaints about

possible violations of applicable laws.

 Anti-spam laws are intended to prevent unsolicited

commercial electronic messages (e-mails, text messages, etc.)

Individuals & Internet Privacy –

How do privacy laws protect you?

(14)

LAWYERS

Click to edit Master title style

Protecting Canadians from Online Crime Act

 New criminal offence for distribution, advertising of “intimate images” without consent

 Cyber Bullying - expansion of existing criminal code offences to include electronic communications

 Lawful access provisions

Individuals & Internet Privacy –

How do privacy laws protect you?

(15)

LAWYERS

Click to edit Master title style

 Require organizations to collect, use, or disclose your

information in certain circumstances.

Individuals & Internet Privacy –

(16)

LAWYERS

Click to edit Master title style

Cannot eliminate the risk, but you can reduce the risk:

Protect your computer

Update your browser

Be suspicious of e-mails

Don’t click on links or call numbers in e-mails

Ensure that you are using an authentic, secure website

Watch out for suspicious or unfamiliar clickable items

Read website privacy policies

Limit the information you provide

Use and update appropriate security settings and passwords

Report as soon as possible if you suspect your personal

(17)

LAWYERS

Click to edit Master title style

 What personal information is the organization collecting?

 How is the organization collecting your personal information?

 What is the organization using your personal information for?  Will the organization be sharing your personal information with

third parties?

 Where will your personal information be stored?

 Does the organization have appropriate safeguards in place?

 Does the organization have a contact responsible for privacy and access/amendment to my personal information?

What to Look for in Website Privacy

Policies

(18)

LAWYERS

Click to edit Master title style

Organizations – Obligations Under

Privacy Legislation

 Privacy legislation contains requirements regarding

collection, use and disclosure of personal information:

 Limits on the collection, use and disclosure of PI  Subject individual’s consent is required to collect PI

 Exceptions to the general consent rule (these vary from statute to statute)

 Collection of PI must be reasonable for the purpose for which it is collected

 Reasonable steps must be taken to ensure that PI collected is accurate, complete and up-to-date

(19)

LAWYERS

Click to edit Master title style

Organizations – Privacy Compliance

Program

(20)

LAWYERS

Click to edit Master title style

Organizations – Privacy Compliance

Program

 Organizational Commitment

 Buy-in from the Top  Privacy Officer

 Program Controls

 Personal Information Inventory  Policies

 Risk Assessment Tools

 Training and Education Requirements  Privacy Breach Protocols

 Service Provider Management  External Communication

(21)

LAWYERS

Click to edit Master title style

Organizations – Protecting Customers:

10 Tips for a Better Privacy Policy

Make your privacy policy about your business

 Be specific and provide meaningful information

 It’s about more than cookies – how do you collect, use and disclose personal information?

 Privacy choices (i.e. opt-outs)

 Access/amendment processes

 Update your privacy policy regularly

 Make it easy to contact you

 Make privacy information easy to find

 Use plain language

(22)

LAWYERS

Click to edit Master title style

 Is personal information processed outside of Canada?

 Not prohibited, but PIPEDA sets out guidelines.

 If information used for the purpose it was originally collected, additional consent not required.

 Outsourcing the processing of personal information does not outsource accountability.

 Organizations must be transparent about their personal information handling practices. This includes advising customers that their personal information may be sent to another jurisdiction for processing.

(23)

LAWYERS

Click to edit Master title style

Organizations – What Happens If There is a Privacy Breach?

(24)

LAWYERS

Click to edit Master title style

Digital Privacy Act (proposed)

– mandatory notification

Saskatchewan OIPC recommendations:

 Step 1 – Contain the Breach

 Step 2 – Investigate the Breach

 Step 3 – Assess and Analyze the Breach

 Step 4 – Notification: Who, When and How to Notify

 Step 5 – Prevention

 Role of the OIPC

Organizations – What Happens If There is a Privacy Breach?

(25)

LAWYERS

Click to edit Master title style

Investigation/Review by Privacy Commissioners

The Privacy Commissioners and complainants may

seek remedies for non-compliance in the court system

Digital

Privacy

Act:

Compliance

Agreements

(proposed)

Organizations – What Happens If You Don’t Comply

(26)

LAWYERS

Click to edit Master title style

 Many useful websites:

 Privacy Commissioner of Canada

 Information and Privacy Commissioner of Saskatchewan

 MLT Privacy and Technology Blogs

(27)

LAWYERS

Click to edit Master title style

Thanks for attending!

Please note that the information contained in this presentation is general in nature and does not constitute legal advice, nor is it exhaustive on the

subjects noted.

(28)

References

Download now ( PDF - 28 Page - 580.00KB )

Related documents

Scandinavian object shift, remnant VPtopicalisation,

As Fox & Pesetsky (2005a) observe, remnant VP-topicalisation is possible in Swedish under certain conditions: In double object constructions, topicalisation of a non-finite

KIBS for public needs

The main difference between purchases of KIBS in the private and public sectors is the method of procurement. The private sector is free of any constraints either on the choice

Power distribution design for high-density packages

Placing decoupling capacitors on the power distribution system based on the 2D-3D. optimization strategy reduces noise on the

Developing collective leadership for health care

• Leaders need to ensure that all staff adopt leadership roles in their work and take individual and collective responsibility for delivering safe, effective, high- quality

Aboriginal Agency and Marginalisation in Australian Society

These organisations include remote Com- munity Councils and urban community organisations providing legal aid and health services; Land Councils; Native

Clinical effectiveness and micro perfusion alteration of Jingui external lotion in patients with knee osteoarthritis: study protocol for a randomized controlled trial

turnover. Recent research suggests that abnormal perfusion in bone marrow lesions, fat pads, and subchondral bone is associated with pain in knee osteoarthritis, and that

A systematic review of the use of an expertise based randomised controlled trial design

Data on the trial characteristics and context (year of publication, funding [13], clinical area, interventions under evaluation, and type of comparison), expertise- based

Unstrained and strained flamelets for LES of premixed combustion

The unstrained and strained flamelet closures for filtered reaction rate in large eddy simulation (LES) of premixed flames are studied.. The required sub-grid scale (SGS) PDF in

1. Contact Information. 2. System Information. 3. Characterization of the Information

Because the PII collected about witnesses is limited to just their contact information, privacy risk that may arise from obstacles to record access and amendment does not exist?.

Management and long-term evolution of a patient with 3-hydroxy-3-methylglutaryl-coenzyme A lyase deficiency

We report a new case of HMG-CoA lyase deficiency whom after the diagnosis at 2 years of age was once again re-admitted 12 years later, after severe metabolic decompensation

Database of Pune Builders

Bhat Housing company 1348,Sadshivpeth, Kamalbhai Bhat Marg, Near Chimnya Ganpati Temple Pune

Privacy, PIPEDA, and Personal s at Work: How Far Does Access to Personal Information Go?

(Bell Canada, para. 39) The Court therefore concluded that personal e-mails were not subject to PIPEDA and not subject to disclosure in response to the request for access by

Seleksi Bakteri Penambat Nitrogen Dan Penghasil Hormon Iaa (Indole Acetic Acid) Dari Rizosfer Tanah Perkebunan Kedelai (Glycine Max L.)

dilakukan oleh Firrani (2011), didapatkan hasil bahwa kemampuan isolat bakteri tertinggi dalam menambat nitrogen hanya menghasilkan 3.13 ppm yaitu bakteri yang

Rule of Thumb: think do I need to stabilise, strengthen or mobilise?

Stabilise and then gradually increase the setting (progression) ie strengthening deep neck flexors using this principle, one would start lying down supine to work these

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

– Does my organization have the proper data protection requirements in place for ensuring the privacy of patient information pertinent to ensuring compliance.. – Does my

Is there such a thing as semantic content?

See Hall (2009) and Gasparov (2010) for two quite different possible alternative solutions to the problem of grasping the meaning of novel sentences. 11 While, like most

I. Introduction to Privacy: Common Principles and Approaches

Online Privacy: Using Personal Information on Websites and with Other Internet-related TechnologiesB. Internet

Information Privacy Policy

Access and amendment requests, questions in relation to concerns about privacy, the University’s management of personal information or to make a complaint should be directed

BELL TERMS OF SERVICE

23. How does Bell protect my personal information? Bell protects your personal information in a manner consistent with Bell’s Privacy Policies available at www.bell.ca/privacy

Competing Risks Data Analysis with High-dimensional Covariates: An Application in Bladder Cancer

In the present study, we aimed to compare the performance of three variable selection methods including Lasso, elastic net, and likelihood-based boosting for analysis

Are You Ready for Some (Political) Football? How Section 501(c)(3) Organizations Get Their Playing Time During Campaign Seasons

An organization is governed by Section 501(c)(3) if it satisfies the following five requirements: (1) the organization is legally recognized; (2) the organization

Blood eosinophil count, a marker of inhaled corticosteroid effectiveness in preventing COPD exacerbations in post-hoc RCT and observational studies: systematic review and meta-analysis

Data derived from published post-hoc analyses of rando- mised controlled trials (RCTs) and observational studies in primary or secondary care that reported the association, presented

Benjamin_Thyer_Undergraduate_Thesis.docx

New U/Pb zircon geochronology results for rocks from the younger portion of the system suggest that the Badger Creek Tuff erupted at 34.35  0.08 and reveal complex zircon