Larry Ponemon's Top 5 privacy issues for 2005: "Despite privacy concerns, however, the vast majority of people we contacted are willing each day to take significant information-sharing risks for small benefit. These actions include downloading free software, obtaining free Internet services or receiving an e-product coupon. "
The top five issues are:
Phishing and Spoofing
Customer Trust for business value
After losing their first complaint about Abika, the Canadian Internet Policy and Public Interest Clinic (CIPPIC)
has refiled a complaint. The first complaint was rejected because the federal Privacy Commissioner maintained due to lack of jurisdiction outside of Canada.
The CAW in Winnipeg has just launched a grievance and a privacy complaint in reference to employer video surveillance, asking for damages based on "loss of dignity and invasion of privacy". Meanwhile, next door in Ontario, in a provincially regulated arbitration hearing, David Fraser has pointed out an arbitration hearing rejecting a grievance about video surveillance, since there is NO statutory right of privacy in provincial labour relations in Ontario.
I predict two things. First is that Anne Cavoukian, the outspoken Information and Privacy Commissioner of Ontario will not be pleased and will say so. Second and more nebulous is that this decision, if publicized, may act as a catalyst to properl private sector privacy legislation in Ontario. The two are not unrelated.
The next time suggests to you that they release a product or process without realistic simulation and testing, just point them to this
In this story one of the directors of the organization is cited as saying that, "... he did not know until this week that the organization was using an outside company to collect data or that collection had expanded from major donors to those who contribute as little as $20. 'Honestly, I don't know the details of how they do it because that's not something a board member would be involved in,' he said"
Big problem here. Knowing the privacy guidelines for personal information collection sufficiently well to know that privacy is not being violated is EXACTLY the responsibility of the board. Hiding this as 'too detailed' for our attention is, at best, a serious misunderstanding the role of governance and privacy. At worst it could quality as malfeasance in office. When you add that the organization in question is the ACLU, you have to add hypocrisy to the mix
This one in from the Globe on-line:
"As a vice-president at Environics Analytics, he runs one of the Canadian companies that tell people trying to sell you stuff how to track you down and get your attention. He advises banks where to locate new branches, he knows which grocery stores should stock thin-crust pizza and he can design direct mail to your presumed tastes. A few years back, with great success, he told the Liberal Party what to say (and not to say) to woo swing voters in certain neighbourhoods."
Is it just me or is there something fundamentally wrong about a policital party operating on polls instead of something silly like principles and policies? I know that it's been this way for a while, but seeing it cast this way as if it were a positive thing is just a bit too over the top for me.
Given how few IT projects are solidly grounded in financials, it's hard to see how this assertion could be made in Compliance Pipeline:
"Weighing the costs versus the benefits of compliance projects has been a challenge. Most corporations hate being told how they must spend their money, but in the final analysis, IT projects like Sarbanes-Oxley compliance may actually net positive results."
Jonathon Monpetit of MediaScout says, "Yesterday, Britain’s law lords, who preside over the UK’s highest court of appeal, ruled in a blockbuster decision that Britain’s anti-terrorism law contravenes the European Charter of Rights. The pronouncement was unequivocal in its criticism: Britain’s anti-terror legislation is xenophobic and discriminatory. What the law lords took issue with are clauses allowing foreigners to be detained without any of the traditional liberties afforded to defendants, such as a trial, while citizens are spared such treatment. Canada has similar laws and provisions to those currently being held to the fire in Britain. But Anne McLellan, Canada’s Public Safety Minister, has said there are no plans for a review of this country’s anti-terrorist legislation. At least Justice Minister Irwin Cotler has said he will consider the British ruling carefully. "
Shame on you Ms. McLellan!
It's about time. According to Canada NewsWire, "Privacy Commissioner of Canada Jennifer
Stoddart today congratulated Industry Minister David L. Emerson on the recent
introduction of legislation to create a national Do Not Call List for
A business idea whose time has come? A subscriber based private fax phone network?
According to IT World Canada, "Microsoft Corp. has quietly released an update to Windows XP to fix a potentially serious configuration problem in the firewall that ships as part of Windows XP Service Pack 2 (SP2). Users who installed SP2 on their Windows XP machines and also have file and printer sharing enabled may have been sharing their files and printers with the entire Internet, according to Microsoft."
As tempting as it might be to slag Microsith over this, I do understand that they are caught in a fundamental contradiction. Microsoft grew fat and happy on providing 'easy' and 'convenient' software for a mass market. Enterprise priorities are different. And now you add to the mix that people SAY they want security, but ACT and BUY for price and convenience. What's a company based on old style, pre-Cluetrain marketing to do?
I don't know, but I do know that until we have some general consensus on how to understand and specify our individual and corporate requirements on privacy, security, and ease of use software companies are going to continue to be caught between a rock and a hard place. On the other hand, sitting on the pile of cash that they are, even the that place has to be pretty comfortable for Microsoft.
After the hoopla in B.C. the show appears to be going on the road. There were two press releases by the Alberta Privacy Commissioner in the last two days. First the commissioner announced a review of public sector outsourcing. The very next day, we find a press release on the disclosure of credit information of hundreds of Alberta civil servants.
I'm not trying to be cynical here people, but I'm thinking that someone had to be doing some spin control in releasing the "gov't has done something bad" and the "The gov't is doing some positive" so close to each other. But that could just be me!
I remember sitting in a presentation about privacy complaints from a senior crown corporation official about a year ago. For those of you that aren't Canadian, a crown corporation is a corporation set up by the government to run as a business at arms length from the government. But because it was a crown corporation it was regulated by public sector rules, including the 20 year old Privacy Act, rather than the post millenial PIPEDA for the private sector.
Anway, the point of his presentation is that over the 20 years they had experienced a doubling of complains about every 5 years, with no signs that the rate of increase would slow down. While we are at a much earlier stage in the curve for privacy complaints in the public sector, it's beginning to look like the rate of increase may be faster. Another complaint to the Privacy Commissioner of Canada has been launched. According to the online version of the Georgia Straight out of Vancouver, Straight.com: Straight Talk: "A Vancouver man has asked the federal privacy commissioner to investigate the outsourcing of Canada student loans to a U.S.-owned company. Mark O'Meara, founder of the www.canadastudentdebt.ca/ Web site, claimed that as a result of a recent corporate takeover, Nebraska-based Nelnet has access to all federal student debtors' personal information and financial data."
I have to agree with David Fraser who, blogging about this as well, said that it would be easier to blog about who isn't complaining to the privacy commissioner this week.
I found this quote: on John Gilmore's home page: "If you are an innocent person living in Afghanistan or Iraq, you are far more likely to die from the intentional act of a US Government soldier than you are to be killed by any other terrorists."
I was actually searching for the original context for the source for this one, "The Internet interprets censorship as damage and routes around it," which John Gilmore is also reputed to have said.
I figure both are true, and both offend those who would be authorities, so I felt impelled to repeat them.
First, we're readers, viewers, listeners and (most of all) customers, not just "consumers." As Jerry Michalski put it long ago, a consumer is nothing more than a gullet whose only purpose in life is to gulp products and crap cash. Economically speaking, "consumer," as the word is commonly used in the advertising business, is a linguistic fossil from the old industrial world where the only way big companies could reach potential customers was through media conduits that sluiced in one direction only, from the privileged few to the captive many. Except as the literal reciprocal of "producer," "consumer" no longer holds much useful meaning, except where the supply side of advertising talks amongst itself. Worse, using it is risky and misleading. It disses a whole side of the marketplace that grows in power every time one customer links to another one.
Note the careful wording of this comment. This is anti-FUD
Not only is the picture on this photoblog cool, but the quote is a winner.
You can assume, however, that if the eye of the government turns to you with regard to your treatment of personally identifiable information you will feel like Frodo in Mordor if you haven't cleaned up your act and started treating your customer data appropriately.
If a professional wants what you have then the chances are that you will lose it. Precautions and security may prevent amateurs getting at you or your information, but they only add to the resale cost for the professional. The trick is to make the cost of getting what you have more than the value of the goods/information to the thief.
Sing along now,
It's the end of the fax as we know it,
It's the end of the fax as we know it,
It's the end of the fax as we know it, and I feel fine...
Sing to the the tune of REM's "It's the End of the World as We Know it"
From the review, sounds like a book that I should read.
It's amazing any prior generation got out of life alive.
This sounds pretty interesting. The reason that I named this blog Webistemology, other than that play on words, was to reinforce the idea in my head that the Web provides on filters. Heck, that's why I can publish like this. So how do we know what we know about the web? A semanticly self-aware Web connected as suggested here?
This make case for Danny Weitzner's Open Internet Policy even more interesting.
Jennifer Stoddart has got to like that interpretation. The Federal Commissioner's only 'punitive' power is the power to publish names. This interpretation suggests that a Well Founded finding by the Office of the Privacy Commissioner would act in support of a civil suit.<\p>
It will be interesting to see if a business model built on this premise will work. And be interesting I mean of course scary and Orwellian.
This article summarizes an interesting approach to privacy put forward by Danny Weitzner. The approach is Openness as a Privacy Protection Strategy, and is an interesting take, to say the least. My reading of this is that he argues that since privacy by obscurity or security is no longer feasible, it makes for better protection of privacy to bring the data into the open, so that you can effectively control who has access to it and why. He says, "This is the transparency paradox: Amid the explosion of the collection of personal information, privacy protection requires that we embrace the transparency of information systems in order to ensure that information is used properly. Giving people a window into the information collected about them, and control over its use, can help put the transparent enterprise on the right side of privacy protection."
I have very little doubt that this will be challenged in some manner by those of a marketing bent.>
Schneier on Security: Airline Security and the TSA: "4. I think airline passenger screening is inane. It's invasive, expensive, time-consuming, and doesn't make us safer. I think that civil disobedience is a perfectly reasonable reaction."
The issue is choice. If consumers want the 'free' software, enabled by spyware and such, cool. Not too aware of the consequeces of identity theft and fraud, but their choice. The problem is that these sites and/or service usually only operate in a mandatory mode, so people have to choose the service or not....not cool. A better more responsible model is needed by companies offering these services.
Cool AND Scary