Canadian businesses missing important steps to protect personal information stored digitally, poll finds

Privacy Commissioner of Canada reminds businesses
that when using technology to safeguard personal information,
sometimes small steps can prevent a big loss.

OTTAWA, May 4, 2012 /Canada NewsWire/ - Canadian businesses are storing more and more personal information digitally, but many are not using the technological tools or implementing the recommended practices to protect this information, a new survey has found.

In a telephone survey of 1,006 companies across Canada, commissioned by the Office of the Privacy Commissioner of Canada (OPC) and published today, companies are storing personal information on a variety of digital devices, such as desktop computers (55%), servers (47%) and portable devices (23%). Most (73%) are using some type of technological tool, such as passwords, encryption or firewalls, to prevent unauthorized access to the personal information stored on these devices.

However, the survey also suggested that many businesses may not be adequately using technology when it comes to protecting the personal information they store digitally.

For example, passwords are the most popular technological tool used by businesses to protect personal information (96%). However, of those using passwords, 39% do not have controls in place to ensure that those passwords are difficult to guess, and 27% never require employees to change passwords.

"Using passwords is like locking your front door. They can be a very simple and effective way to protect valuable personal information," says Commissioner Stoddart. "But simply setting a password is not enough to thwart today's savvy online criminals—passwords must to be complex and dynamic."

The poll, conducted in late November and early December 2011 by Phoenix Strategic Perspectives, also found that nearly one quarter of businesses are storing personal information on portable devices, such as laptops, USB sticks or tablets, which are more vulnerable to theft and loss. Nevertheless, almost half of those who do (48%) indicated that they did not use encryption to protect the information on these devices. Encryption refers to the use of a secret code as a key to scramble information to make it unreadable. Once the information is scrambled, only the same key can be used to unscramble the information and make it readable again.

"Encryption is one step better than locking your doors - it is like putting information into a safe - and it can really help limit the risks if a laptop is stolen or a USB key is misplaced," says Commissioner Stoddart. "Businesses that lose their customers' data, lose their customers' trust, so they need to take every precaution to ensure they safeguard personal information they hold."

The survey did find that many Canadian companies attribute considerable importance to protecting privacy (77%).

"I am encouraged to see that companies are beginning to realize the importance of building privacy into their business processes," said Commissioner Stoddart. "Smart businesses know that taking the time to build privacy in from the beginning is much easier than cleaning up a privacy breach down the road."

In fact, survey responses seem to suggest that companies are becoming more sensitive to the potential for data breaches. Only 40%, however, indicated that they were concerned about data breaches that might compromise the personal information of their customers and 31% indicated that they have guidelines in place for responding in the event of a breach.

Other highlights of the poll include:

...One third (32%) of businesses have staff that has had training on appropriate information practices and responsibilities under Canada's privacy laws.

...Almost half (48%) of businesses have procedures in place for dealing with complaints from customers who feel that their information has been handled improperly.

...Just over three in five businesses have a privacy policy.

...The majority of companies that have a privacy policy update it at least once a year (57%) and of those that do, 35% have notified their customers about the changes.

...Many companies (39%) view protecting privacy as a competitive advantage, with 24% seeing it as a significant advantage and 15% a moderate advantage.

The OPC commissioned the survey in order to better understand the extent to which businesses are familiar with privacy issues and requirements, and the types of privacy policies and practices they have in place. Similar surveys were conducted in 2010 and 2007.

The complete survey, which is considered to be accurate to within +/- 3.1%, 19 times out of 20, can be found on our website at www.priv.gc.ca.

The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman and guardian of privacy in Canada. The Commissioner enforces two federal laws for the protection of personal information: the Privacy Act, which applies to the federal public sector; and the Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to commercial activities in the Atlantic provinces, Ontario, Manitoba, Saskatchewan and the Territories. Quebec, Alberta and British Columbia each has its own law covering the private sector. Even in these provinces, PIPEDA continues to apply to the federally regulated private sector and to personal information in interprovincial and international transactions.

Keep it private - your Facebook password should not be shared

Commissioner Cavoukian advises people to
protect their online social media profiles

TORONTO, May 3, 2012 /Canada NewsWire/ - Spurred by numerous recent media reports of employers requesting Facebook passwords from job candidates, Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, launched a paper today to provide Ontarians with practical advice on how to protect their online privacy in the increasingly complex social media world.

Entitled "Reference Check: Is Your Boss Watching? The New World of Social Media: Privacy and Your Facebook Profile," the paper will be officially launched this evening in Toronto during a presentation by Commissioner Cavoukian at international law firm Baker & McKenzie.

"Passwords are meant to be kept private, and I want to be clear that the practice of employers requesting personal passwords from their current or potential future staff is fundamentally wrong," said Commissioner Cavoukian.

"Canada's human rights and privacy laws provide strong protections for job applicants when it comes to improper practices, such as employers requesting personal passwords. However, everyone using social media must remain vigilant when it comes to guarding their own personal information."

The paper offers true-to-life examples of improper practices by employers, provides context, and most importantly, offers practical tips to protect your privacy in today's constantly-evolving online world. Some of the issues covered in depth in the paper include:

...Think hard before you click;

...Review all the information about you that lives online;

...Remove potentially-damaging information & photos;

...Apply strong privacy controls to all of your personal information;

...Know your rights: employment, human rights & privacy laws;

...Build up a positive online social media profile.

"It is absolutely crucial to remember that anything you post online may stay there forever, in one form or another, so think carefully before you post," said Commissioner Cavoukian.

"With 86 per cent of Canadian Internet users having a Facebook profile, my sincere hope is that our paper will remind people to use social media sites wisely - posting information with their eyes wide open, and considering the potential risks to their employment - current and future."

"Job candidates should preserve their legally-protected right against what the courts have now labeled 'intrusion into seclusion'," agrees Mark Ellis of Baker & McKenzie. "As counsel to many of Canada's largest employers, we advise companies to respect the legal boundaries regarding investigation of any applicant. While an employer's review of outward-facing social media pages is proper and valuable due diligence, probing beyond the password-protected wall constitutes unwarranted invasion of privacy."

About the IPC

The Information and Privacy Commissioner is appointed by and reports to the Ontario Legislative Assembly, and is independent of the government of the day. The Commissioner's mandate includes overseeing the access and privacy provisions of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act, as well as the Personal Health Information Protection Act, which applies to both public and private sector health information custodians. A vital component of the Commissioner's mandate is to help educate the public about access and privacy issues.

Privacy Commissioner of Canada awards $500,000 to advance privacy research and awareness

Funding for 11 new independent research and awareness projects
which will explore emerging and evolving privacy issues

OTTAWA, May 2, 2012 /Canada NewsWire/ - The Office of the Privacy Commissioner of Canada (OPC) today announced the recipients of its 2012-2013 Contributions Program, which will provide $500,000 this year for projects that explore emerging and evolving privacy issues of interest to Canadians.

This year's projects touch on all four policy priorities of the OPC: 1) identity integrity and privacy; 2) information technology and privacy; 3) genetic information and privacy; and 4) public safety and privacy. For example, there are projects that focus on privacy issues related to social networking, cybercrime, surveillance, cloud computing, smartphone applications and cell therapy research.

"Technologies are advancing at an astounding rate, and it's essential that we take time to both truly understand and reflect upon their impacts on privacy," says Commissioner Stoddart. "By supporting privacy research, my Office is encouraging the exploration of complex privacy issues as well as the development of information and tools to help Canadians make informed decisions about protecting their personal information."

The Office announced the 2012-13 recipients today at its Pathways to Privacy Research Symposium at the National Arts Centre in Ottawa. The Symposium is showcasing privacy-related research funded by OPC's Contribution Program and other organizations to stimulate discussion and enable others to use and apply the research in their fields of expertise or areas interest.

The OPC is supporting a total of 11 projects in 2012-13 under the Contributions Program. This year, there is an emphasis on making the research outcomes accessible, and researchers will be using a variety of approaches, such as workshops, forums, web sites and tools, or awareness materials, to share the results of their work. Some examples of the projects include: A study of the privacy challenges emerging from innovations in cell therapy research;

...An analysis of the scope of voluntary information sharing by private enterprises in law enforcement investigations into cybercrime;

...The development of a series of in-depth news reports and other informational tools for French radio and web sites that provide practical information about protecting personal information;

...An interactive mapping tool to help Canadians better understand cloud computing and its impact on their personal information;

...An investigation of smartphone applications and the risks to end-user privacy.

...A report on the positive and negative privacy implications of using information technology in situations involving domestic violence, sexual violence and stalking.

A full list of the 2012-13 Contributions Program recipients and their projects is available on our web site.

The OPC received 45 proposals for the 2012-2013 Contributions Program. Each proposal was evaluated by representatives of the OPC, as well as an external peer review panel of privacy experts in various fields.

"It was wonderful to have the opportunity to review the interesting, innovative, and creative applications to the Contributions Program," says Dr. Jacquelyn Burkell, Associate Professor, Faculty of Information and Media Studies at the University of Western Ontario. "The research they outlined addresses complex aspects of privacy in our digital environment and will produce results that have important implications for Canadians."

The OPC's Contribution Program was created in 2004 to support arm's length, non-profit research on privacy, further privacy policy development, and promote the protection of personal information in Canada. To date, the Program has allocated approximately $3 million to nearly 90 initiatives in Canada, and it is considered one of the foremost privacy research funding programs in the world.

The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman and guardian of privacy in Canada. The Commissioner enforces two federal laws for the protection of personal information: the Privacy Act, which applies to the federal public sector; and the Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to commercial activities in the Atlantic provinces, Ontario, Manitoba, Saskatchewan and the Territories. Quebec, Alberta and British Columbia each has its own law covering the private sector. Even in these provinces, PIPEDA continues to apply to the federally regulated private sector and to personal information in interprovincial and international transactions.

Keep Your Loot; Give Fraud the Boot!

North Wellington, Ontario - Keep Your Loot; Give Fraud the Boot!", April 23, 2012, Teen Elder Abuse Awareness Initiative

Grade 12 High school students partnered with older adults in North Wellington, Ontario to research and develop an awareness event in honour of National Victims of Crime Awareness Week. Working with local OPP, the Seniors Centre for Excellence and the Seniors at Risk Coordinator of Trellis Mental Health & Developmental Services, students and seniors surveyed older adults on elder abuse and frauds/scams and put together an awareness event for seniors.

Consumer Alert from FCA Canada - Be aware of the information you share

OTTAWA, April 17, 2012 /Canada NewsWire/ - The Financial Consumer Agency of Canada (FCAC) has issued a Consumer Alert warning consumers to be very careful about giving out their personal and financial information over the telephone or online.

Scams designed to trick consumers into revealing their personal and financial information can be very sophisticated.

A current scam helps fraudsters get key missing details from unsuspecting consumers who think they are talking to a representative from their financial institution or credit card company.

Consumers can find ways to protect themselves from this scam, and tips on how to protect themselves against fraud, in the Fraud section of FCAC's website.

FCAC has also posted two Tip Clips on its YouTube channel to help consumers protect themselves against financial fraud.

About FCAC

With educational materials and interactive tools, the Financial Consumer Agency of Canada (FCAC) provides objective information about financial products and services to help Canadians increase their financial knowledge and confidence in managing their personal finances. FCAC informs consumers about their rights and responsibilities when dealing with banks and federally regulated trust, loan and insurance companies. FCAC also makes sure that federally regulated financial institutions, payment card network operators and external complaints bodies comply with legislation and industry commitments intended to protect consumers.

You can reach them through the FCAC Consumer Services Centre by calling toll-free 1-866-461-3222 (TTY: 613-947-7771 or 1-866-914-6097) or by visiting their website: itpaystoknow.gc.ca.

Money is Lost and Reputations Are Harmed by Charity Fraud

Donors and Charities Can Protect One Another

ORILLIA, Ontario, March 29, 2012 /Canada NewsWire/ - Opening your heart and your wallet to someone representing an unfamiliar charity or special interest can be hazardous to your wealth, according to the Ontario Provincial Police (OPP).

As Fraud Prevention Month nears an end, some charitable fund-raising campaigns are getting into high gear. Warning signs of charity fraud include: high pressure or threatening telemarketers who want you to contribute immediately; a caller thanks you for a pledge you don't remember making; or, the charities have 'copycat names' which are designed to mislead or deceive their targets.

"By nature, Canadians are very generous. However, criminals will ruthlessly use whatever means necessary to prey upon your good intentions for their own selfish purposes." - Deputy Commissioner Scott Tod, OPP Investigations/Organized Crime Command.

In 2011, the Canadian Anti-Fraud Centre received 418 Canadian complaints of charity fraud. Of those, 48 people were victimized to the tune of more than $88-thousand. Police believe only five (5) per cent of victims actually report the crime.

Members of the OPP Anti-Rackets Branch suggest would-be donors consider the following tips on a year-round basis:

...Never give out your personal or financial information over the phone, or at the door. You may wish to make out a cheque payable to the charity. You can mail the cheque later.

...Call the charity. Find out if they know about the appeal and if it is authorized, and what percentage of your donation they will receive. You should never feel pressured into making a donation.

...If you receive a telephone call, ask for the information to be sent to you in writing. Ask how much of your gift will be used directly for the charity. Ask how much will go toward administrative costs. Legitimate charities will have no problem giving you this information.

...Ask if the charity is registered. Contact Canada Revenue Agency (CRA) for the charitable tax number of the charity. Question any discrepancies.

...At the beginning of each year, decide which charities to support - send your cheques directly to their head office, and feel good about giving. If approached more directly, you can then say that you have already given, and perhaps you will consider their appeal next year when you decide on the charities to support.

"Committing your hard-earned money to charity should be as safe and secure as you intend it to be. Your best defence against charity scams is knowing as much about the charitable organization as possible before you decide to donate." - Detective Inspector Paul Beesley, OPP Anti-Rackets Branch.

Responsible charities can do their part to ensure their representatives carry appropriate identification and have information would-be donors may need for each aspect of their operation, such as about how donations are used.

If you suspect you or someone you know have been approached by a fraudulent representative of a charity, contact your local police service or CrimeStoppers at 1-800-222-8477 (TIPS).

FRAUD…Recognize it…Report it…Stop it.

LEARN MORE

OPP - March is Fraud Prevention Month

Glossary of Pitch Types from the Canadian Anti-Fraud Centre

Charity/Donation: Any false, deceptive or misleading solicitation for a donation to a charity, association, federation, or religious cause.

Extortion: Any person who unlawfully obtains money, property or services from a person, entity, or institution, through coercion.

OPP: Lower interest rates may equal more fraud victims

Don't trust offers that are too good to be true!

ORILLIA, Ontario, March 22, 2012 /Canada NewsWire/ - Ontario Provincial Police (OPP) are warning consumers not to blindly trust phone calls that claim to be able to negotiate significantly lower interest rates on your credit cards or loans.

Members of the OPP Anti-Rackets Branch say this type of "service scam" is becoming more prominent during the tough economic times being experienced by many Canadians. Consumers who get these interest rate reduction offers - sometimes through automatically-dialled "robo-calls" - should listen to them with extreme scepticism because many are scams. What the callers really want is the processing fee, which is usually paid by credit card. Some even follow-up with a fraudulent client acknowledgement or cancellation clause that reimburse the amount EXCLUDING a "retainer fee."

"Criminal telemarketers are relentless and will say anything to come between a vulnerable, unaware person and their money, regardless of the circumstances. Education, awareness and good, old-fashioned common sense are your best defence against becoming a victim." - Deputy Commissioner Scott TOD, OPP Investigations and Organized Crime

In 2011, the Canadian Anti-Fraud Centre received 982 Canadian complaints of criminals who offered lower interest rates either online or over the phone in return for some type of fee. Of those, 173 people were identified as victims who reported a loss of more than $133 thousand. Again, there are likely many more victims but they are reluctant to report the crime.

It's important to note, companies behind these calls can't do anything for you that you can't do for yourself - for free. Indeed, investigators found that people who pay for these services don't get the touted interest rate reductions, don't save the promised amounts, don't pay off their credit card debt three to five times faster, and struggle to get refunds.

If you're looking to reduce interest rates is to call your financial institution or the customer service phone number on the back of your credit card and negotiate. And, if you are tempted by the promises made in a rate reduction 'robo-call', hold off - and hang up.

"You have just as much clout with your credit card issuer as these companies say they do. All the criminals want is easy access to small amounts of money…a pattern they repeat thousands of times a week across the country. Save yourself and your money…simply hang up the phone!" - Detective Inspector Paul Beesley, OPP Anti-Rackets Branch

If you suspect you or someone you know has experienced an interest rate reduction scam or has been the victim of a service scam, contact your local police service or CrimeStoppers at 1-800-222-8477 (TIPS).

FRAUD…Recognize it…Report it…Stop it.

OPP - March is Fraud Prevention Month

Glossary of Pitch Types from the Canadian Anti-Fraud Centre

Service Scam: Any false, deceptive, or misleading promotion of services or solicitation for services. These scams typically involve third parties that make offers for telecommunications, internet, financial, medical and energy services. This category of scams may also include, but is not limited to, offers such as extended warranties, insurance and sales services.

Unauthorized Charge: Any consumer's bank account or credit card that is charged for a service or merchandise (which may or may not have been performed and/or received) that was not authorized by the account holder. It may also occur when a consumer provides credit card or banking information to a company offering a free trial for a product. The company does not disclose the billing terms and/or conditions or does not have such details prominently displayed on their website which can result in repeated billing.