#CyberFLASH: Canadians not terribly savvy about digital privacy, poll finds


We all delete our internet browser history from time to time, and most of us have, at some point, removed something we’ve posted online.

But encryption? Virtual private networks? Not so much.

A poll conducted by CBC News and the Toronto Star this month found that hardly anyone in Canada said they use more advanced personal security tools.

This means that when it comes to digital security and privacy, Canadians really aren’t too savvy.

“There are so many unauthorized uses of people’s data and data breaches and hacking — it’s just grown exponentially,” said Ann Cavoukian, the former Ontario privacy commissioner and now the executive director of the Privacy and Big Data Institute at Ryerson University.

Read more here

#CyberFLASH: Extreme online security measures to protect your digital privacy – a guide

Cyber-700x5001 Secure your email

Outlook and other email clients let you install a personal security certificate, which you can use to encrypt email so that only trusted recipients can read it, or digitally sign your messages to prove that they came from you. You can get your own certificate from comodo.com and it doesn’t cost a penny. The catch is that your recipients will need to be using a compatible email system – if they’re using Gmail on their smartphone, they’ll just be annoyed when you keep sending them unreadable strings of garbled data. “It also means you’ve got to protect your laptop,” points out Tony Anscombe, security “evangelist” at the antivirus firm AVG. “If your laptop’s stolen and your password is written on a Post-it note on the screen, then what’s the use of the encryption?”

2 Get virtual

Running programs in a virtual environment, rather than on your “real” desktop, makes it harder for viruses to sink their claws into your computer and if you do get infected, it’s easy to roll back your software to an earlier state. “It’s a complex thing to do,” warns Anscombe. “But there are benefits. If I wanted to download something that I was suspicious of, I might do that in a virtual machine, then disconnect the VM from the network before opening it.” Virtualisation isn’t a panacea, though. Many attacks are aimed at stealing your passwords and banking details; if you get tricked into revealing these, virtualisation won’t make a blind bit of difference.

Read more here

#CyberFLASH: Is Digital Privacy Becoming a More Participatory Process?

10712553There has always been tension surrounding privacy online. Most users want an experience something between total anonymity and total openness, and largely the onus has been on them to learn about their rights and options. However, the dynamic may now be changing as companies become more transparent about their practices, and users begin questioning the data companies collect.

In an environment of changing data protection laws, and increased user participation in the process, users are increasingly confronted with the reality that their data is being constantly mined. Last week the European Parliament, industry groups, and companies, reached an agreement on a packet of laws that aim to increase consumer privacy protections through better communication with users. The legislation also aims to outline the boundaries for law enforcement and businesses with regard to their access to user data.

Google responded after the agreement by asking users, once again, to agree the collection of their data. Aside from being a legally necessary move, this is indicative of trends in the industry that have resulted from greater user participation. Users also more aware of the value of everything they upload, and are seeking out services that value their content, and are willing to compensate them for it.

However, companies like Facebook, that offer no direct value to the user, have increasingly come under scrutiny for their practices. Facebook has been reluctant to roll facial recognition technology out to Europe and Canada, perhaps because of tighter data regulations. Facebook is already facing lawsuits over facial recognition in the U.S., relating to the storing data deemed too sensitive or identifying.

Read more here

#CyberFLASH: Privacy bill actually undermines privacy

n-ONLINE-PRIVACY-largeCanada’s privacy reform law should include stiffer penalties for companies that commit security breaches, according to a University of Ottawa law professor.

But instead the Digital Privacy Act, Bill S-4, leaves a “massive hole” when it comes to protecting Canadians’ personal information says Michael Geist.

As the draft legislation currently stands, Bill S-4 allows telecom companies, Internet providers or banks to share personal information about subscribers – without the subscriber knowing.

“Not only does it really hurt our privacy, but it really runs counter to a lot of things that Canadian courts have had to say about safeguarding personal information,” said Geist on Monday, after speaking at a committee hearing for the bill.

Read more here

#CyberFLASH: Canada Mulls Mandatory Data Breach Notifications

FEATURE-encryption-graphic-1-SHUTTERSTOCKCanada is considering incorporating fines for organizations that do not proactively notify individuals or the appropriate regulatory bodies of data breaches.

Bill S-4, the digital privacy act, is now before the House of Commons. It would amend the Personal Information and Electronic Documents Act to include mandatory breach notification provisions to alert both affected individuals and the privacy commissioner if there’s an incident, and would require compromised organizations to keep a record of every breach.

“On breach notification, I think Bill S-4 has it right,” said Chantal Bernier, former interim privacy commissioner of Canada who is now counsel at Dentons LLP, speaking to Canadian Lawyer Magazine. “You need to make breach notification mandatory so the affected individuals can protect themselves.”

Failure to comply could include fines of up to $100,000, but the language of the bill leaves significant loopholes open. For one, the notification will only be required in cases that inflict “significant harm,” including “physical and moral” harm. The bill also does not specify a notification window—only that it should be carried out “as soon as possible.”

Read more here

#CyberFLASH: Government May Be CC’d On All Your Emails, Documents Show


At least one Canadian telecom is evidently giving the government unrestricted access to communications on its network, according to documents from Canada’s privacy commissioner.

The documents, obtained by University of Ottawa digital law professor Michael Geist, cite an unnamed telecom firm as saying it had allowed the government to essentially copy the communication data moving on its networks.

“Interception of communications over data networks is accomplished by sending what is essentially a mirror image of the packet data as it transits the network of data nodes,” the privacy commissioner’s document states.

Read more here

#CyberFLASH: Digital Privacy Act Opens Copyright Loophole That TekSavvy-Voltage Case Closed


Michael Geist, the Canada Research Chair in internet and e-commerce law at the University of Ottawa, was the first to raise alarm bells about a provision buried within Bill S-4.

The bill would finally require organizations to tell Canadians when there had been a security breach involving their personal information. But the proposed rules also permit companies to voluntarily disclose personal information to another company, without a court order and without telling the person affected.

“The expansion of warrantless personal information disclosure raises enormous concerns,” Geist said. 

Read more here

#CyberFLASH: Canada’s Digital Privacy Act lets companies share customers’ personal info, privacy critics warn


If you worry Big Brother is reporting everything you do on the Internet, changes introduced to Canada’s privacy legislation last week may prove your worries aren’t totally unfounded.

Privacy advocates warn under the Digital Privacy Act, Bill S-4,  Internet users could have their personal information handed over to companies and organizations and they won’t even know that it’s happening.

All those downloaded songs your teen didn’t pay for, the Latest Game of Thrones episode you downloaded illegally or any other real or suspected infractions could result in your name and subscriber information passed along to any company or organization claiming to be investigating fraud or the even the potential breaking of Canadian laws. And the law doesn’t stop at digital piracy.

Michael Geist, who holds the Canada Research Chair in Internet and e-commerce law at the University of Ottawa, says the legislation could be used may be used to obtain information about you for everything from defamation to consumer disputes.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.