01-15 May 2013

Biometrics

US – Biometric Database of All Adult Americans Hidden in Immigration Reform

Immigration reform being debated in the Senate Judiciary Committee could eventually result in “a ubiquitous national identification system.” The proposed legislation includes a mandate to create a database of names, ages, Social Security numbers and photographs “of everyone in the country with a driver’s license or other state-issued photo ID,” to be maintained by the Department of Homeland Security. The ACLU has raised concerns, and David Bier of the Competitive Enterprise Institute said, “The most worrying aspect is that this creates a principle of permission basically to do certain activities and it can be used to restrict activities,” he said. “It’s like a national ID system without the card.” [WIRED]

Canada

US – OPC Survey and Demise of Data Farm Deal Highlight Privacy Issues

A deal has ended that would have resulted in a Facebook “data farm…full of high-powered servers necessary to store information from billions of users worldwide” being built in Manitoba. Facebook considered the province due to such factors as land prices and renewable energy but ultimately “cited concerns about Canadian privacy laws in making its decision to pull out of Manitoba,” the report states. In other news, an Office of the Privacy Commissioner survey indicates, “Privacy concerns are driving Canadians away from smartphone apps and online services,” SC Magazine reports. [Winnipeg Free Press] SEE ALSO: [NDP call for broader probe into data breaches, identity fraud]

CA – Alberta Privacy Commissioner says Child First Act threatens privacy

Alberta’s proposed Children First Act will erode privacy rights and undermine Albertans’ control over their own health and personal information, privacy commissioner Jill Clayton says. Alberta’s Information and Privacy Commissioner criticized the sweeping new law, saying the government hasn’t done enough to make sure those subject to the act — mainly at-risk children and their families – will have their privacy protected. The proposed new legislation allows those who work with at-risk children to talk to one another about the people they serve; those on the list include child welfare workers, police, teachers and foster parents, among others. These front-line workers have consistently said rules that restrict them from sharing information make it harder to do what is right for kids in care. Clayton said she recognizes the need to share information but remains concerned about the privacy implications of the bill, known as Bill 25. [Source]

CA –New Institute Designed To Turn Alberta Research Into Commerce

A new institute that will help colleges and universities commercialize their research in partnership with private companies and other agencies is underway, Advanced Education Minister Thomas Lukaszuk says. The institute, as yet unnamed, will be open to researchers and students from any campus in Alberta, and serve as a major vehicle for diversifying the economy. It should eventually generate a stream of royalties for campuses and businesses, Lukaszuk said. In 2010, the province closed the Alberta Research Council and an Alberta Heritage Foundation for Medical Research program funding scientists, two agencies at arm’s length from government with independent boards. In their place, the Stelmach government set up the four Alberta Innovates agencies inside Advanced Education, with budgets of $20 million to $70 million each to fund short-term, applied research projects geared to priorities set out by government. Those reforms caused concern and consternation in the research community. [Source]

Consumer

US – Man Takes On Data Miners by Selling Personal Information via Kickstarter

If pieces of information about our online habits are worth billions to marketers each year, should consumers be getting a piece of the pie? Zannier’s A Bite of Me. project sets out to find the answer – or at the very least, to get more people thinking about the big data industry, online tracking, and how the internet works. For the past three months, the Brooklyn-based electrical engineer and student has been tracking his every online activity using “spy software” similar to what’s sometimes used by professional data miners. The project started as part of his thesis at NYU’s Interactive Telecommunication Program, where Zannier translated the information into stunning data visualizations. Eventually, he decided to sell it via Kickstarter to raise both funds and awareness. Now, for just $2, anyone can buy a single day’s worth of his personal data. The package includes a log of every website Zannier visited that day, the applications he used, an image of his face looking at the computer taken every 30 seconds by a webcam, screenshots of what he was seeing onscreen, the position of his mouse pointer, and even his GPS locations throughout the day. For $200, you can buy the entire 7GB data archive along with a suite of tools (over 50 bash, python and R scripts are included) to help analyze the data and potentially create impressive data visualizations like the ones Zannier provides on Kickstarter and his own website. So far, 103 people have backed the project, netting him more than twice his original funding goal with 22 days still to go. [Source]

WW – Preteens’ Use of Instagram Creates Privacy Issue, Child Advocates Say

The photo-sharing service Instagram, the mobile app owned by Facebook, is seeing tremendous growth, doubling in size to 100 million users in about a year. But child advocates and some parents say too much of its rise has been driven by preteens or even younger kids. These advocates say they worry about whether Instagram is collecting the personal information of young children — and whether the company is doing enough to make sure kids are safe from adult strangers. Over the past two weeks, more than 4,500 people signed a petition on Change.org that calls for Facebook to automatically set the accounts of children and teens to private. It also asks the company to disable GPS technology that can pinpoint where children take photos.[Source]

E-Government

US – Obama to Agencies: Make Data More Public

President Barack Obama has “directed agencies to make their data easy to find and use by the public,” as agencies increasingly face requests and pressure to release government data to the public. The Office of Management and Budget has issued an open data policy requiring agencies to meet goals on improving data gathering, management and sharing. Agencies must create updated data set inventories, provide public listings of all public data and ensure the data is created and stored in “machine-readable and open formats, whether collected electronically, by phone or on paper,” the report states. [Federal Times] SEE ALSO: [Oshawa orders search of councillors’ email to find leak]

US – Executive Order Requires US Gov’t Agencies to Adopt Open Data Standards

The White House has issued an executive order requiring that “the default state of new and modernized Government information resources shall be open and machine readable.” Over the next six months, agencies must compile lists of all the datasets they collect and maintain. They must also indicate which of those lists are supposed to be available to the public. They also must make the publicly available data easy to find and to access and to use. [NextGov] [Text of Executive Order]

US – Government is the Largest Purchaser of Hacking Tools

According to a report from Reuters, the US government is the single largest buyer in the “gray market” of offensive hacking tools. While tools that exploit unknown vulnerabilities provide a tactical advantage, not disclosing the flaws leaves other organizations, including those in the US, vulnerable to attacks. Former high level cybersecurity officials have expressed concern about the situation. Former White House cybersecurity advisor Richard Clarke said, “If the US government knows of a vulnerability that can be exploited, under normal circumstances, its first obligation is to tell US users.” Howard Schmidt, also a former White House cybersecurity advisor, said, “It’s pretty naive to believe that with a newly-discovered zero-day, you are the only one in the world that’s discovered it.” And former NSA director Michael Hayden said that although “there has been a traditional calculus between protecting your offensive capability and strengthening your defense, it might be time now to readdress that at an important policy level.” Paying the vulnerability purveyors for the malware also removes the incentive for talented hackers to inform software makers about the flaws. [Reuters] [ZDNet]

Electronic Records

US – HIPAA Update Poses Tech Problems for Privacy

The move toward electronic health records and new federal rules set to give patients more control over their data are posing technical and administrative obstacles. One CEO of an electronic records system firm said, “The reality is, our ability to exchange electronic information is already well beyond our ability to control it.” Beth Israel Deaconess Medical Center Chief Information Officer John Halamka said, “It’s a technology problem and a work-flow problem and a policy problem.” Patient Privacy Rights Founder Deborah Peel said she’s concerned patients won’t be candid with their doctors over privacy fears. “Nobody knows who is using their health information and for what purpose,” she added. [The Wall Street Journal]

Encryption

WW – iPhone Encryption Stymies Law Enforcement

Law enforcement agencies are growing frustrated with Apple iPhone encryption. Because the encryption used on the devices is so strong, law enforcement agencies are finding that they need to ask Apple to manually override the security controls and decrypt the data on seized devices. The demand is high enough to have created a significant backlog. Some law enforcement officials report having been been told that they would have to wait seven weeks for Apple to help decrypt the information. Law enforcement frustration with Apple’s encryption is not new. Just a few weeks ago, the US Drug Enforcement Agency (DEA) warned that messages sent through Apple’s Messages App are nearly impossible to wiretap. The issue is illustrative of the balance that needs to be struck between law enforcement’s need to eavesdrop on certain communications, and people’s right to privacy. [v3.co.uk] [Ars Technica]

EU Developments

EU – Regulation Vote Delayed Again

The European Parliament Civil Liberties Committee has decided to delay a planned vote on the draft data protection regulation that had been scheduled for May 29. “German MEP Jan Philipp Albrecht, who is charged with steering the legislation through to the final vote, explained that although several meetings have been held and some agreements have been reached, more rounds of discussions are still needed,” the report states. Meanwhile, small- and medium-sized businesses remain concerned as the proposal would require those with 500 or more customers to have a data protection office, resulting in “additional expense in an economy where many are struggling.” Albrecht has said a vote is still possible before July. [PC World]

EU – Court Says Apple Must Revise Customer Data-Handling Rules

A German court has told Apple to change its data-handling rules. The court struck down eight of 15 provisions in the company’s data-use terms, stating they deviate too far from German law, the report states. The court also ruled Apple can’t seek “global consent” from consumers on the use of data, including geolocation information. “The ruling shows the high importance of data protection for consumers in a digital world,” said Gerd Billen, head of consumer group Verbraucherzentrale Bundesverband. [Bloomberg] [Source]

EU – BCR for Processors Endorsed

“The fact that with everything that is going on in the world of data protection right now, the Article 29 Working Party has devoted a thorough 19-page explanatory document to clarifying and endorsing the role of BCR for Processors or Binding Safe Processor Rules (BSPRs) is very telling,” Eduardo Ustaran writes for Field Fisher Waterhouse’s Privacy and Information Law Blog. Ustaran’s post highlights key elements in the Working Party’s document and notes that “despite the detailed requirements that must be met, the overall approach of the Working Party is very ‘can do’ and pragmatic.” [Source]

EU – Bill in Dutch Legislature Would Give Law Enforcement Broad Cyber Powers

Dutch lawmakers are considering broad legislation that would give law enforcement the authority to hack into computer systems in the Netherlands and abroad for research, evidence gathering, or to block access to specific data. Specifically, the bill would let law enforcement block illegal content like child pornography; read communication between criminals; and conduct digital wiretaps. It would also allow law enforcement to activate GPS capabilities on a suspect’s mobile phone for location tracking purposes. The powers would be subject to a judge’s approval and there must be logs kept of investigation data. The bill is being criticized for being “rushed” and for creating “new security risks for citizens.” [ComputerWorld]

Facts & Stats

EU – CNIL Report: Record-Breaking Year for Complaints

The French data protection authority (CNIL) has published its annual report, which indicates a “significant increase in complaints, audits and sanctions.” The CNIL processed a record-breaking number of complaints in 2012—more than 6,000—mostly from private individuals. It conducted 458 audits, up 20% from 2011. In the report, the authority notes “the challenges of regulating Big Data and cloud computing” and recommends “the right to be forgotten” within the proposed EU data protection regulation be enhanced. [Chronicle of Data Protection]

Finance

WW – Detangling the $45 Million Cyberheist

In the aftermath of the recent news about an international $45 million cyberheist and ATM cash-out scheme, experts say pinpointing the source of such a massive breach can prove to be extremely difficult. That’s because so many different entities are now involved in the global payments chain. “There are so many parties in the payments chain that it is very difficult to assign blame in these types of breaches,” says financial fraud expert Avivah Litan, an analyst with consultancy Gartner Inc., who blogged about the attack. “There can easily be seven roundtrip hops or more between an ATM cash disbursement request and the cash disbursement. The leakage can happen at any of those points or hops.” News reports this week named two payments processors that had their networks hacked, leading to the card data compromises in the $45 million cyberheist. But one is claiming it had no data intercepted, and the other has yet to make a statement.[Source]

FOI

CA – Plague of Government Secrecy Throttles Canadians’ Freedom

Canada now ranks No. 55 among 93 nations when it comes to the law that allows journalists and others to get access to federal government documents. The ranking by the Centre for Law and Democracy puts us just ahead of Angola and Thailand, but one place behind Slovakia. This is a huge drop from 31 years ago when Canada’s initial legislation on access to information (ATI) was hailed as world-leading. What has happened since then? For one thing, despite many demands over the years for changes to make our law more effective, successive Liberal and Conservative governments did nothing. Meanwhile, in many other countries new ATI laws were passed that gave individuals the right to express their views and also enshrined the right guaranteed in the Universal Declaration of Human Rights for people to receive information about important things going on in their government and society.Present Canadian law and processes concerning Access to Information are particularly bad and getting worse in how long it takes for government departments to reply. While 36.8% of requests in 1999 were answered beyond the 30 days the law allows, by 2011-12 that rose to 44.7%. According to a 2011 survey by Canadian Journalists for Free Expression, the average time for an answer was 395 days; on one request, the Department of Defence took an extension of 1,100 days. The CJFE’s annual Review of Free Expression in Canada, published today, gave a grade of D-minus to the federal Access to Information system. Another thing that can hurt Canadians is this country’s inability to protect whistleblowers — those brave people who step forward in the public interest to expose misdeeds, corruption or other wrongdoing in their workplaces. The federal and six provincial governments have laws and regulations about protecting whistleblowers among their employees, but they are flawed in many ways. In the private sector things are even worse. There is no direct legislation at any level that protects the jobs of whistleblowers and they are almost always terminated by their employers. Many never work again in their industry of choice. Amid all these issues, the federal government continues to stop the free flow of information to the public. In successive moves it has stymied federal government scientists, other bureaucrats, even their own backbenchers in Parliament and, most recently, senior RCMP officers from speaking to members of Parliament without permission from Public Safety Minister Vic Toews. In this era of news and views everywhere, the government tries to control its message, undermining democracy along the way.[Source]

CA – $2.1M in Severance Paid to Premier’s Advisers, But Details Remain Secret

More than $2.1 million in severance has been paid to departing members of the premier’s inner circle of advisers over the past three years, but the Redford government won’t say who received the payments — or even reveal how many staff received the taxpayer-paid settlements. Opposition critics and advocacy groups expressed surprise at the government’s position, saying it flies in the face of Premier Alison Redford’s oft repeated pledge to lead an open and accountable government. “You’re telling me severance payments are a state secret if they are issued by executive council?” said a Canadian Taxpayers Federation spokesman. “So when you have an embarrassing case of a political staffer who has done something wrong and they are let go, you can pay them out and no one can never know?” The amount of severance paid to departing employees is not included in the annual reports for executive council — the department the premier heads — and the premier’s office declined to provide the information to the Herald. In response to a subsequent request for the information under the Freedom of Information and Protection of Privacy (FOIP) Act, the premier’s office has provided aggregate amounts for 2010-11, 2011-12 and 2012-13, refusing to say how many staff received severance pay in each of those years. The largest amount, nearly $1.3 million, was paid in severance in 2011-12, the year Tory Premier Ed Stelmach handed over the reins of power to Redford, but since then more than $585,000 in severance has been paid to employees departing Redford’s office. The premier suggested Friday the details of severance payments can’t be released because of privacy legislation — a position her office has claimed for weeks. “It’s actually not up to us,” she said in Calgary. But the Freedom of Information and Privacy Commissioner has ruled previously that severance payments to publicly appointed officials must be disclosed. [Source]

SEE ALSO: [Canada: Why Do I Have To Agree To the Privacy Notice of Canada’s new online tool for making access to information (ATIP) requests? And Other Curiosities]

CA – Star Gets Action: Public Can Now Know Bad Cabbies’ Records

The public can now access records of bad taxi and tow truck drivers in Toronto. Detailed records of hearings where drivers were convicted of sexual assault, multiple Highway Traffic Act convictions and other crimes are now posted on the City of Toronto’s website. The documents were published following a Star investigation into the city’s licensing system that revealed the city’s policy of only checking criminal records every four years was allowing drivers with criminal convictions to remain on the road. The city has since pledged to tighten the gap between criminal background checks to two years, possibly one. [Source]

UK – Britain Struggles with Info Access vs. Privacy

In a recent case involving the theft of 113,000 GBPs from a building in Warwickshire, police refused to identify the man charged with the crime. His identity was only disclosed after free speech campaigners made hay, and it was then learned the suspect was a former police officer. “The incident is indicative of rising tensions between journalists and authorities in Britain” when it comes balancing privacy and freedom of information. “The police are in a real bind about this, because they have to balance the right to privacy against the public interest,” said one journalist. [NYT]

Google

WW – Google Introduces New Search Tools to Try to Read Our Minds

The company revealed new search tools at its annual developers conference. Taken together, they are another step toward Google’s trying to become the omnipotent, human-like “Star Trek” search engine that its executives say they want it to be. When people ask Google certain questions, it will now try to predict the person’s follow-up questions and answer them, too. Google Now, the service that sends you information on traffic and weather before you even ask for it, is also digging deeper into our minds. Google is adding more entertainment alerts, like new music based on videos watched on YouTube, and turning Google Now into a robotic to-do list and a stronger competitor to Apple’s Siri. Tell Google to remind you to buy milk next time you are in a grocery store, for instance, and the alert will automatically pop up when you step in a Safeway. Google is also trying to make search more conversational by encouraging people to talk to their phones and computers and hear answers out loud. Voice search has already been possible on both types of devices, but Google announced that people can now talk to its Chrome browser to perform a search, by saying, “O.K. Google.” Google also uses location information to answer questions. So people can ask, “How far from here to Santa Cruz?” and Google will know where “here” is, or they can ask, “How tall do you have to be to ride the Giant Dipper?” and Google will know that is a ride nearby. In another step to personalize search, Google is expanding its tool that plucks information from Gmail and presents it in search results. Already, a search for “flights” by logged-in users produces flight information from Gmail. Now, you can ask Google to show your photos from your trip to New York last year, and it will find them on Google Plus and show them to you. Underlying many of these developments is Google’s privacy policy, which it revised last year to permit the company to use information shared with one Google service on another one. [The New York Times] SEE ALSO: [Google’s Eric Schmidt On Data Privacy: The Internet Needs A Delete Button]

Health / Medical

AU – Keeping Tabs On Elderly, As Dick Tracy Would

Two Sydney brothers are launching a personal security smart watch they say will assist care of the elderly, at a time Australia braces for its “silver tsunami” of aged baby boomers. Peter and Paul Apostolis’ SOS Mobile Watch has a built-in SIM card and a GPS chip, and lets its wearer communicate with carers by initiating calls through their watch at the touch of a button. “Essentially it’s a GSM, GSP device, a mobile personal-security response device,” Peter Apostolis said. The watch has three SOS buttons which lets its wearer contact any of three carers or family members, with their numbers programmed in. While outgoing calls are restricted to carers, anyone can call in and say hello. It also features GPS for real-time tracking. To ensure a wearer’s privacy, only the three nominated carers can track a wearer’s location.[Source]

Horror Stories

US – Reputation Protection Biz Announces Breach

Reputation.com announced to its customers this week that it had been hacked, reports Dark Reading. The information compromised included customer names, e-mail addresses and mailing addresses, though no financial data was stolen. The company reports it has hired third-party security experts to inspect and improve its current operations. Law enforcement is also investigating. Meanwhile, HealthIT Security reports on how the Kmart data breach could have been avoided. [DarkReading] SEE ALSO: [Anti-piracy enforcement company becomes accidental pirate]

WW – Name.com Data Breach Includes Encrypted Passwords, Credit Card Info

Domain name register Name.com has notified customers that their personal information, including encrypted passwords and payment card data, were compromised in a security breach. Name.com required all customers to reset their passwords. The method used – customers were instructed to click a link to perform the reset – has been criticized because it resembles tactics used in phishing attacks.[SC Magazine] [ComputerWorld]

WW – Victims Suing for $40M; Other Beaches Announced

Montfort Hospital patients whose personal information was lost have filed a $40 million lawsuit. The breach involved the loss of a USB stick containing data on 25,000 patients back in November. Although it was eventually recovered, plaintiffs are accusing the hospital of “breach of contract, negligence, breach of privacy and violating its own bylaws and the Personal Health Information and Protection Act,” in connection with the loss of the memory stick, the report states. Meanwhile, in the U.S., Indiana University Health has notified 10,300 patients of a health data breach; Presbyterian Anesthesia reports a data breach affecting nearly 10,000, and Memphis Regional Medical Center has reported a breach involving three e-mails. [Toronto Sun] SEE ALSO: [Researcher suing B.C. government over privacy breach scandal] AND [Boston: Unions eye medical privacy violation]

Identity Issues

US – Rights Groups File Suit Over Plate-Readers

The American Civil Liberties Union Foundation of Southern California (ACLU) and the Electronic Frontier Foundation have asked a judge to order Los Angeles police and sheriff’s departments to provide details on their use of license-plate scanning technology. The departments have refused to produce the information as requested under the Public Records Act, stating the information is investigative material. The groups are seeking a week’s worth of data from the readers. The sheriff’s department responded, saying, “The public interest served by not disclosing the record clearly outweighs the public interest served by disclosure of the record,” but an ACLU lawyer notes, “Nothing will demonstrate to people the threat to their privacy as clearly as the release of this data.” [Los Angeles Times] SEE ALSO: [Automated Passport Control debuts at Vancouver International Airport] SEE ALSO: [Who Owns The Indian UID Database?]

US – FTC to Hold Hearing on Identity Theft and Senior Citizens

The US Federal Trade Commission (FTC) plans to hold a hearing on Tuesday, May 7 at which it will look into identity theft schemes perpetrated on senior citizens, including tax and government benefit identity theft; long term care identity theft; and medical identity theft, which is occurring with increasing frequency. One study said that about two million US citizens are victims of medical identity theft every year. The incidents cost an average of US $20,000 to resolve. The hearing will also look at ways of educating senior citizens about these issues. [SC Magazine] [FTC]

Intellectual Property

WW – Montreal Firm Monitoring Illegal Downloading for Court Cases

Massive lawsuits targeting people who illegally download copyrighted content are common in the U.S., where people have been stuck with hefty fines and out-of-court settlement and now, there’s an attempt to bring that to Canada. At the centre of the effort is Canipre, the only anti-piracy enforcement firm that provides forensic services to copyright-holders in Canada. The Montreal-based firm has been monitoring Canadian users’ downloading of pirated content for several months. It has now gathered more than one million different evidence files, according to its managing director Barry Logan. One of its clients is now before Federal Court in Toronto, requesting customer information for over 1,000 IP addresses — a user’s unique internet signature — collected by Canipre. That client is the American studio Voltage Pictures, maker of hundreds of films including the Academy Award-winning Hurt Locker. On the other side of the case is Teksavvy, an Ontario-based Internet provider. The IP addresses flagged by Canipre link back to its users. The case is set to resume next month. If the court orders Teksavvy to hand over customer info, it could be the beginning of a new chapter in the anti-piracy battle in Canada.”We have a long list of clients waiting to go to court,” said Canipre’s Logan, who estimates that about 100 different companies are paying close attention to the case.[Source]

Internet / WWW

WW – GPEN Launches First Internet Privacy Sweep

A total of 19 privacy enforcement authorities are participating in the Global Privacy Enforcement Network’s first Internet Privacy Sweep initiative. In announcing the launch of the weeklong initiative, the Office of the Privacy Commissioner of Canada said participating authorities will dedicate individuals to search the Internet in a coordinated effort to assess privacy issues related to the theme, Privacy Practice Transparency. “Privacy issues have become global and they require a global response,” noted Canadian Privacy Commissioner Jennifer Stoddart. “It is critical that privacy enforcement authorities work together to help protect the privacy rights of people around the world.” [Source] [Source]

Law Enforcement

US – FTC Sting Operation Results in Warnings to 10 Data Brokers

The FTC has announced it sent warning letters to 10 data brokers warning they may be in violation of the Fair Credit Reporting Act (FCRA). The potential violators were discovered by an undercover FTC data shopper in a sting operation; part of a Global Privacy Enforcement Network initiative. In it, the FTC approached 45 companies seeking financial data, citing reasons such as checks for employment eligibility or creditworthiness. Of those, “10 appeared willing to sell information without complying with the requirements of the FCRA.” [Ad Age]

Location

US – What’s the Equivalent of Shouting “Fire!” in a Crowded Theater?

The Center for Geographic Analysis held its annual conference at Harvard’s Tsai Auditorium last week, focusing on the challenges and thoughts surrounding policy-making for a location-enabled society. The benefits of location technology are hard to deny—identifying influenza outbreaks, getting necessary transportation to people in remote locations, providing emergency services to people who call 911 from cell phones, heck, even just figuring out how to get home without being stuck in rush-hour traffic—but the collection, analysis and use of this data bring risks, too. [Source]

US – How to Mine Cell Phone Data Without Invading Your Privacy

Cell-phone mobility data could be a huge boon to development and planning efforts. but that resource can’t be used if privacy is compromised. Researchers at AT&T, Rutgers University, Princeton, and Loyola University have devised a way to mine cell-phone data without revealing your identity, potentially showing a route to avoiding privacy pitfalls that have so far confined global cell-phone data-mining work to research labs. Working with billions of location data points from AT&T mobile phone calls and text-messages around Los Angeles and New York City, they’ve built a “mobility model” of the two regions that aggregates the data, produces representative “synthetic call records”—then mathematically obscures any data that could tend to identify people. [MIT Review]

Online Privacy

WW – LinkedIn Revises Policy for User Clarity

LinkedIn is updating its privacy policy within the next week, the company reports in its blog. The updates will clarify and simplify language to make it easier for members to read and understand. The policy will be located on a page that will become the company’s “Privacy Portal” where users can access all of their LinkedIn data. [Source]

US – Reddit Rewrites Policy for Usability

Reddit has rewritten its privacy policy “from the ground up” in order to be clearer and more accessible to the average user. The policy goes into effect May 15. “For some time now, the reddit privacy policy has been a bit of legal boilerplate,” said the announcement. “This new policy is a clear and direct description of how we handle your data on reddit and the steps we take to ensure your privacy.” [WebProNews]

WW – Online Ads Can Now Follow You Home

Advertisers already know what people are up to on their personal computers. But understanding their online whereabouts on smartphones or tablets has remained elusive. A number of companies are trying to better pinpoint mobile users’ online activity with new software and techniques they say could help advertisers track users across devices. By harvesting cross-screen identities, the ad industry could serve ads to mobile phones based on the interests people express when surfing the Web on their PCs.[Source]

WW – In-App Advertisers Beware: Lookout Announces Deadline

With adware targeting the Android operating system up 61% over last year, by Bitdefender’s estimate, mobile security firm Lookout has decided to take a firmer stance with in-app advertisers. The company has announced “rules and standards for acceptable advertising practices that promote good user experience and privacy best practices” and given advertisers 45 days from May 10 to comply or be otherwise classified as adware. If advertisers don’t get explicit user consent for display advertising outside the normal in-app experience, harvesting PII or performing unexpected actions in response to ad clicks, Lookout’s product will block them from users. [Source]

WW – Who Stands To Profit from the Quantified Self Movement?

The explosion of wearable devices and wellness apps are often transmitting potentially sensitive data to the cloud. As many as five million Americans currently use wearable devices, and as much as $700 million was invested by venture capital firms in creating such devices in the first half of last year. As a result, one digital tracking group, Quantified Self, has been formed and abides by the credo, “Self-knowledge through numbers.” Others, however, are concerned about the privacy ramifications of transmitting personal health data to the cloud. One computer scientist worries the data could be used against an individual. “It might mean that if your health is looking shaky, all of a sudden you won’t be able to get a loan,” he said. Meanwhile, a California-based programmer has raised concerns that Google Glass could easily be compromised by hackers. [Details Magazine] SEE ALSO: [Man with Down syndrome sues for $18 million after picture altered online]

US – Apple, Verizon Earn Poor Marks in EFF Privacy Report

The Electronic Frontier Foundation is warning that some companies should not be trusted with your data — but some should, and actively fight on the user’s behalf. Out of the 18 major Web and technology companies listed in the latest report from the U.S. privacy and civil liberties group, only six firms had five out of six stars rating how far they will go to either protect users from the government or even fight on their behalf in court. The report published by the EFF ranks the selected firms based on their privacy policies and law enforcement guidelines, but also how far they will go to protect users’ data when a subpoena is issued and so on. The EFF also notes whether the company in question needs a warrant to be issued before it hands over data. [Source]

Other Jurisdictions

AU – Draft Breach Notification Bill Being Circulated

A draft data breach notification legislation from the Australian government is being circulated among a “small number of stakeholders.” Circulated by the Australia Attorney-General’s Department, the Exposure Draft Privacy Amendment (Privacy Alerts) Bill 2013 “appears to take a conservative approach in its demand for data breaches to be reported, with only classifications of serious data breaches considered,” and the report states the legislation could come into force this July with an undisclosed grace period for compliance. [SC Magazine] See also: [NZ: Senior executives told to address privacy breaches]

UK – Trade Group Issues Insurance Guidelines

The Association of British Insurers (ABI) has published guidance for insurance companies on obtaining consent for data-sharing. ABI advises companies obtain opt-in consent to share data with firms that are not “directly involved in managing or delivering a policy, handling a claim, setting premiums, detecting and preventing fraud” or involved in customer service, the report states, adding that companies collecting data must respect UK data protection laws. [Out-Law.com]

Privacy (US)

US – Foreign Intelligence Surveillance Court Approved All Requests in 2012

The US Justice Department sent a report to Senator Majority Leader Harry Reid (D-Nevada) detailing certain activity of the Foreign Intelligence Surveillance Court. In 2012, the court approved every request it received to authorize physical searches or surveillance of people within the US “for foreign intelligence purposes.” There were 1,856 requests in all. [WIRED] [WIRED]

US – Obama May Back FBI Internet Wiretapping

The Obama administration “is on the verge of backing” an FBI initiative for “a sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services.” The original FBI proposal would have required Internet communications services to build in a means to wiretap, but the revised proposal, pending a White House review, would fine businesses that do not comply, the report states. The Center for Democracy & Technology’s Greg Nojeim said, “I think the FBI’s proposal would render Internet communications less secure and more vulnerable to hackers and identity thieves.” FBI General Counsel Andrew Weissmann said, “This doesn’t create any new surveillance authority” and would require a court order. [The New York Times]

US – Delta Wins Dismissal of California Mobile App Privacy Suit

Delta Air Lines has won its request for dismissal of claims it violated California’s Internet privacy law because it didn’t notify mobile app users that their data was being collected. California Attorney General Kamala Harris sued the company in December, alleging its “Fly Delta” app didn’t clearly post its privacy policy. But Judge Marla Miller said the federal Airline Deregulation Act “bars states from imposing regulations on airlines related to price, routes or services,” the report states. [Business Week]

US – FTC Denies Group’s Request for Delay in COPPA Date

The Federal Trade Commission (FTC) has voted to keep July 1 as the scheduled implementation date for the update to COPPA. The decision denies a request from 20 groups including the Interactive Advertising Bureau and the Application Developers Alliance that the date be pushed up by six months, citing “insufficient time” between the FTC’s issued guidance on the new rules and the required compliance date. The groups say they need more time to make changes to their products. But the FTC responded that the groups had enough time and didn’t provide sufficient reasons for the requested change in date. [ADWEEK]

US – Medine confirmed to lead PCLOB

The Senate confirmed President Barack Obama nominee David Medine as chairman of the Privacy and Civil Liberties Oversight Board (PCLOB). This ends a two-year process and finally allows the PCLOB to go forward “at full strength,” said Judiciary Chairman Patrick Leahy (D-VT). However, questions remain as to the jurisdictional and scope-of-authority issues that Medine and the agency must decide. [Source]

US – Meet Nicole Wong, Obama’s New Internet Privacy Czar

President Obama has tapped a former Googler nicknamed “the Decider” to handle the administration’s approach to Internet privacy. Nicole Wong, who’s spent the last six months as Twitter’s legal director, will report to White House Chief Technology Officer Todd Park. While she won’t be the nation’s chief privacy officer, she’ll be considered a senior adviser, someone familiar with the matter told me. Wong already has a truckload of issues to sort through, and she hasn’t even started yet. Last month, the administration threatened to veto the controversial Cyber Intelligence Sharing and Protection Act, better known as CISPA, on privacy grounds. Reforms to the way government is allowed to access your emails for forensic purposes are also headed to a full Senate vote. [Source]

US – Corporate Personhood Denied by Pennsylvania Judge

Do corporations count as people? The Supreme Court said as much in Citizens United, but a Pennsylvania judge recently issued a resounding “no.” On March 20, Judge Debbie O’Dell-Seneca ruled that the state’s constitution doesn’t guarantee corporations a right to privacy—because that’s a privilege reserved for people. Two local newspapers had petitioned O’Dell-Seneca to unseal a 2011 settlement between a western Pennsylvania family and several fracking companies. The Hallowich family had sued over charges that hydraulic fracking operations on their land were causing them chronic nosebleeds, headaches and sore throats. The companies agreed to settle but imposed a strict gag order—something the fracking industry regularly insists upon in health-related lawsuits. Gas extraction company Range Resources Corp. argued before O’Dell-Seneca that the companies’ privacy rights protected them from disclosing the details of the settlement. But the judge disagreed, finding the argument “meritless” because the companies have no right to privacy. In fact, Judge O’Dell-Seneca spent roughly one-third of her 32-page decision forcefully articulating the reasons why corporations are not considered legal persons under the state’s constitution, observing that, “the constitutional rights that business entities may assert are not coterminous or homogeneous with the rights of human beings.” She continued, “It is axiomatic that corporations, companies and partnerships have no ‘spiritual nature,’ ‘feelings,’ ‘intellect,’ ‘beliefs,’ ‘thoughts,’ ‘emotions’ or ‘sensations,’ because they do not exist in the manner that humankind exists.” “The ruling represents the first crack in the judicial armor that has been so meticulously welded together by major corporations,” Thomas Linzey, Community Environmental Legal Defense Fund (CELDF) executive director, told AlterNet. In what it calls a “new civil rights movement,” CELDF has helped more than 100 communities in eight states adopt a Community Bill of Rights to limit corporate personhood. Other activists hope that Judge O’Dell-Seneca’s decisions will boost the movement for an amendment to the U.S. Constitution clarifying that corporations are not people. The Move to Amend Coalition has gathered more than 280,000 online signatures supporting such an amendment, and 12 states have passed resolutions of support. [Source]

Privacy Enhancing Technologies (PETs)

WW – Lookout Will Intercept Privacy-Invading Mobile Ad Networks, Apps

Mobile security vendor Lookout plans to start flagging as adware mobile apps that use aggressive ad networks if they don’t obtain explicit consent from users before engaging in behavior that potentially invades privacy. Ad networks, advertisers and app developers have until June 24 to start conforming to the company’s set of privacy and security best practices for mobile app advertising if they want to avoid being blacklisted. According to a study released by Bitdefender in March, the number of adware apps for Android devices increased by 61% during a five-month period ending in January. In the U.S. in particular, the number of adware apps increased by 35% during the same period. [Source]

WW – The Struggling Do-Not-Track Negotiations

There is friction between industry and privacy advocates leading up to what will be the final face-to-face negotiations within the World Wide Web Consortium (W3C) on establishing a Do-Not-Track (DNT) standard. On Friday, Mozilla posted a new report on the “State of Do Not Track in Firefox.“ Yet, if the W3C cannot come to an agreement this week, the proposed standard may go the way of the dodo. Two main sticking points revolve around default settings and what data may be collected after a DNT signal is activated. Jonathan Mayer, a Stanford University graduate student and participant in the W3C talks, said, “I think it’s right to think about shutting down the process and saying we just can’t agree,” adding, “We gave it the old college try. But sometimes you can’t reach a negotiated deal.” [The New York Times]

Security

WW – Perimeter Security No Longer Enough: RSA

Forget about the perimeter, you’ve already been breached. That’s the mindset that RSA Security wants business and IT leaders want to adopt when it comes to security posture. “If you’re still racking your brains about how to keep the bad guys out, you’re already way behind,” said Art Coviello, the 59-year-old executive chairman of RSA said during a media briefing at the EMC World 2013 conference here. “It’s very likely that your network has already been breached and what you need to focus on is how to minimize and stop the damage.” A recent attack on RSA led it to refocus from authentication to detecting “faint noises” of an attack in progress and immediately plug that leak.” He said, as more companies adopt big data strategies, they are also expanding the attack surface for cybercrime organizations. Unfortunately, many companies are still locked in the old model of reactive security. The RSA chief characterized this as:

  • Perimeter-based and focus on keeping attackers out
  • Static and signature based, primarily using anti-virus and authentication
  • No true defense in-depth

Most organizations that employ this security strategy, he said, spend 80% of their IT budget on perimeter defenses, 15% on monitoring and 5% on response. However, in recent years, enterprises have been dealing with growing amounts of data and an increasing number of devices hooked-up to the corporate network and the Internet. This, Coviello argues, has expanding the threat landscape. A more mature security approach, he said, is one that splits the security emphasis this way:

  • Perimeter defense, 34% of budget
  • Monitoring, 33% of budget
  • Response, 33% of budget

Many organizations however are hampered by three main challenges: budget constraints, lack of skilled personnel and lack of information sharing. He said ideally, organizations should be sharing information on threats they have encountered and methods they have employed to reduce the security risk for everyone. “Information sharing in this matter has to scale out,” Coviello said. “What we need is a neighbourhood watch.” [Source]

WW – Honeywords Would Serve As Hack Alert

Researchers have proposed a technique to thwart account hijacking by seeding cryptographically hashed password files to include dummy passwords, or honeywords. Admins would be alerted when the phony passwords were used. While the technique does not prevent hackers from using dictionary attacks to crack passwords, the attackers will not know if they are using the correct passwords when attempting to access the account. [ArsTechnica] See also: [Facebook] [NakedSecurity] [DigitalTrends]

US – Pentagon Approves BlackBerry 10 and Samsung Galaxy Devices

The US Defense Department (DOD) has cleared Samsung Galaxy smartphones and tablets and Research in Motion’s BlackBerry 10 devices for use by military officials and government workers. A Pentagon spokesperson called the approvals “a significant step toward establishing a multi-vendor environment that supports a variety of state-of-the-art devices and operating systems.” The Pentagon expects to clear Apple iOS6 devices later this month. [Information Week] [ABC News] [The Register]

WW – Bloomberg Reporters Had Access to Client Account Information

Bloomberg news editor-in-chief Matthew Winkler has apologized for employees using the company’s financial data terminals to snoop on customers. Bloomberg reporters had access to login histories, “high-level types of user functions on an aggregated basis,” and help desk inquiries. Having access to the information may have given Bloomberg reporters an edge over other reporters. The terminals, which are in many financial institutions and related organizations, provide financial industry professionals with real-time market data, news, and a messaging service. Companies rent the machines for US $20,000 a year.

Winkler wrote, “Our reporters should not have access to any data considered proprietary. I am sorry they did. The error is inexcusable.” The issue came to light after a Bloomberg reporter commented to a Goldman Sachs executive that another Goldman executive had not logged in recently. The reporters no longer have access to the customer information. [CNN] [CNET] [Wash Post]

Surveillance

US – Use These Secret Google Search Tips to Become Your Own Spy Agency

There’s so much data available on the internet that even government cyberspies need a little help now and then to sift through it all. So to assist them, the National Security Agency produced a book to help its spies uncover intelligence hiding on the web. The 643-page tome, called Untangling the Web: A Guide to Internet Research, was just released by the NSA following a FOIA request. The book was published by the Center for Digital Content of the National Security Agency, and is filled with advice for using search engines, the Internet Archive and other online tools. [Source] [FBI Guidance on open source intelligence collection]

IN – Central Database Has Advocates “Up in Arms”

Privacy advocates are concerned after the Indian government introduced a central monitoring system (CMS) designed to give authorities access to citizens’ phone calls and online communications. The plan aims to thwart terrorism attempts, but the CMS will be accessible by law enforcement and tax authorities and allows the government “a single point of access to ‘lawfully’ intercept voice calls and texts, e-mails, social media and the geographical location of individuals.” Activists claim privacy laws aren’t strong enough to protect citizens against such powers. [The Register]

US – DoJ Obtains Journalists’ Phone Records

The Associated Press is crying foul after discovering the Department of Justice (DoJ) had secretly obtained two months of telephone records for more than 20 corporate and personal phone lines used by as many as 100 AP journalists. In a letter of protest to U.S. Attorney General Eric Holder, AP CEO Gary Pruitt said, “There can be no possible justification for such an overbroad collection of the telephone communications of the Associated Press and its reporters.” DoJ officials would not tell the AP why or how the records were obtained. The DoJ simply notified the AP via letter on Friday the records were in hand. The Obama administration denied knowledge of the investigation. Sen. Patrick Leahy (D-VT) pronounced himself “concerned” by the DoJ actions, as did Sen. Rand Paul (R-KY) and groups like the ACLU and American Society of News Editors. [Source]

AU – Cameras Shut Down Over Privacy Incident

New South Wales Premier Barry O’Farrell has said the government will move to enact legislation to ensure the continued use of closed-circuit television cameras (CCTV) on public streets after an invasion-of-privacy incident prompted officials to turn off the cameras. O’Farrell said CCTV “has proven essential in assisting police” and cameras are “a vital tool in the fight against crime, and I am determined to ensure they remain so.” O’Farrell also has asked the attorney general “to seek urgent advice on the implications and whether legislative amendments are required to validate the continued use of CCTV.” In the U.S., meanwhile, during Sunday’s airing of Meet the Press, a U.S. lawmaker discussed the importance of camera surveillance to curb terrorism in the context of the Boston Marathon bombings. [The Sydney Morning Herald] [CCTV use in spotlight after privacy ruling] SEE ALSO: [All cars may soon get eyes]

US – Boston Bombing Highlights Need for High-Tech Surveillance

Police and politicians across the U.S. are pointing to the surveillance video that was used to help identify the Boston Marathon bombing suspects as a reason to get more cameras on their streets. From Los Angeles to Philadelphia, efforts include trying to gain police access to cameras used to monitor traffic Relevant Products/Services, expanding surveillance networks in some major cities and enabling officers to get regular access to security footage at businesses. Some in law enforcement, however, acknowledge that their plans may face an age-old obstacle: Americans’ traditional fear that more law enforcement powers will erode their privacy. There are also questions about effectiveness. A 2011 Urban Institute study examined surveillance systems in Baltimore, Chicago and Washington, and found that crime decreased in some areas with cameras while it remained unchanged in others. The success or failure often depended on how the system was set up and monitored. There’s general agreement, however, that cameras can be useful to identify suspects after a crime in committed. [Source]

Telecom / TV

US – Judge Admits Evidence Gathered With Cell Tower Spoofing Technology

A judge in Arizona will allow evidence collected by federal investigators through the use of technology known as stingray, which mimics a cell phone tower. The defense had filed a motion to suppress the evidence, claiming that the use of stingray violated Daniel Rigmaiden’s Fourth Amendment rights because there was no warrant for the search of his apartment. The judge determined that Rigmaiden did not have a reasonable expectation of privacy because he had obtained all of those things fraudulently – using others’ identities. Rigmaiden allegedly filed hundreds of phony tax returns using the names of people who had died. He is the alleged mastermind in a scheme that stole US $4 million from the IRS through fraudulent tax returns. The judge also said that the government did not act improperly by failing to inform the magistrate judge who authorized the tracking activities that it planned to use a stingray to track the suspect or explain how the technology worked. [WIRED] [ArsTechnica] [Judge’s order denying motion to suppress evidence]

US – Former FBI Agent Says All Phone Calls in U.S. are Recorded by Government

Tim Clemente, a former FBI counter terrorism agent, hinted on CNN that the government uses an intrusive surveillance network to monitor citizens’ phone calls. On CNN, he discussed the Boston Marathon attacks and telephone conversations between Katherine Russell and her now deceased husband Tamerlan Tsarnaev. Clemente said that the conversations between them will be available to the FBI. He said that no digital communication was secure from the surveillance of the government. This isn’t the first time government surveillance on cellphone conversations has made headlines. Even Senators Ron Wyden and Mark Udall have said the public would be “stunned” to learn the lengths the government went to uncover information. Should the U.S. government have the right to invade privacy if it helps ensure the safety of the American people? [Source]

US – NYC Police Chase Smartphone Thief

“The closest comparison that leaps to mind is a classic chase scene from a 1971 thriller,” is how The New York Times describes a case where New York City police tracked down an individual who stole an iPhone. Law enforcement was able to track the suspect’s movements by using the “Find My Phone” feature. According to the report, 16,000 smartphone devices are stolen per year in New York City. [Source]

US – NY A-G Wants Mobile Phone Companies to Help Thwart Device Theft

New York State Attorney General Eric Schneiderman has sent letters to the CEOs of Apple, Samsung, Google, Motorola, and Microsoft asking them to specify what they are doing to make phones less susceptible to theft. Schneiderman asked why the companies do not offer technology that would make stolen phones useless, which would deter thieves. [CNET]

US Legislation

US – Gov’t: Warrantless E-mail Access OK; Legislators Intro Bills

The U.S. Department of Justice and the FBI have said they don’t believe they need search warrants for access to Americans’ electronic communications. That’s according to internal documents obtained by the ACLU. U.S. Reps. Tom Graves (R-GA) and Kevin Yoder (R-KS) have introduced a bill aimed at protecting consumer privacy by updating protections for electronic communications stored by third-party service providers. The E-mail Privacy Act would extend protections for regular mail to e-mail and cloud data. Meanwhile, Sen. Rand Paul (R-KY) has introduced a bill that would repeal the anti-privacy provisions in the Foreign Account Tax Compliance Act. [The Wall Street Journal]

US – FBI Domestic Investigation Guide Says No Warrant Needed to Access eMail

According to the 2012 edition of FBI’s Domestic Investigations and Operations Guide, the FBI believes it is has the authority to access individuals’ electronic communications and documents without a search warrant. The ACLU obtained the document through a Freedom of Information Act (FOIA) request. The guide indicates the FBI believes all that is required to access such information is a subpoena signed by a federal prosecutor. This policy appears to fly in the face of a 2010 ruling that requires federal authorities to obtain warrants prior to accessing email accounts. At a Congressional hearing earlier this year, DOJ officials acknowledged that the interpretation of the Electronic Communications Privacy Act (ECPA) of 1986 that allows access to opened email and unopened email more than six months old is not longer applicable. [Ars Technica] [ZDNet] [v3.co.uk]

US – Bill Requiring Data-Use Disclosure, Others Introduced

A new bill that would require app developers to have privacy policies detailing how they share user data. Rep. Hank Johnson (D-GA) has introduced the bill, which would require users to sign off on the privacy policy before using an app, the report states. The user would also be able to ask for data to be deleted upon ceasing to use the app. Politico reports that support for privacy legislation is gaining momentum from the right side of the political aisle; four Republican congressman have introduced two bills that would require law enforcement to obtain warrants before accessing individuals’ e-mail data. [Ars Technica] SEE ALSO: Researchers: Hold Off on APPS Act]

US – Proposed Legislation Would Place Privacy Onus on Mobile App Developers

A US legislator has introduced the Application Privacy, Protection and Security Act of 2013, a bill that would require mobile app developers to take responsibility for the privacy of users’ data. The legislation would require developers to inform users which data the apps collect and how the data are stored, and to obtain consent before the data are gathered. The developers would also need to specify how they will use the collected data, and whether they will be shared with other parties. The FTC would bear the responsibility of enforcing the measure should it become law. [ComputerWorld] [SC Magazine] [Discussion Draft of the Bill]

US – Researchers: Hold Off on APPS Act

Research reports on calls to hold off on the proposed Application Privacy, Protection and Security (APPS) Act . The Marketing Research Association (MRA) is concerned the act would empower the FTC “to define what the term ‘personal data’ meant, as the MRA had already seen in a previous act’s amendment debate that the FTC thought this meant that almost any piece of information could be personally identifiable,” the report states. The MRA is also concerned about the FTC being able to decide the meaning of de-identified data, the act’s mobile app transparency notice requirements and the legislation “not giving industry attempts to introduce a workable privacy code of conduct a chance.”

US – State Legislative Roundup

A number of U.S. states have passed or are working on various types of privacy legislation—from employee privacy to breach notification. Most notably, California has pulled a bill that would have required businesses to disclose to consumers data they have collected on them. The Pennsylvania Senate has passed a law that would require state agencies to notify residents of a breach “as soon as possible.” And the Texas House has also “tentatively” approved similar social media legislation. [Source]

US – U.S. Companies Fight EU-like Proposals

U.S. Internet companies are pushing back against California privacy bills that closely resemble EU proposals. One such bill would require companies to disclose what information they share with third parties and provide them with the corresponding contact information. Another would require social networking sites to remove user information within four days of such a request, akin to Europe’s “right to be forgotten” provision in the draft data protection regulation. Companies have argued the provisions would be detrimental to ad revenues. [Bloomberg]

Workplace Privacy

CA – Director’s ‘Reply All’ Email Discussing Firing of Employee Leads to Lawsuit

We have all experienced that awful feeling after hitting the ‘send’ button and realizing a copy of a sensitive or confidential email has inadvertently gone to the wrong person. Usually, the situation is simply embarrassing. Not so for Maria Fernandes, a Mississauga employee of healthcare communications company Marketforce Inc. In March 2011, she accidentally received an email discussing whether or not she should be fired. Court documents allege that Linda Guerin, the company’s Director of Operations intended to send the email to the company’s lawyers. Too late she realized Fernandes was also on the list and she unsuccessfully sent three recall notices. She also sent an email to Fernandes asking that she delete the message without opening it. Fernandes read it, treated the information in the email as a constructive dismissal and hired a lawyer. A few weeks later, she left her job as a Director of Client Services at Marketforce, which subsequently amalgamated with Sudler & Hennessey ULC. Fernandes claimed in a court filing, she had effectively been fired. She had worked for the company for over six years and was earning $145,000 a year. She is suing her former employer in the Ontario Superior Court for wrongful dismissal. The case has not been heard, so we don’t know if a trial judge will agree that Fernandes was constructively dismissed. The company went to court and argued that because the intended recipients of the email were the company’s lawyers, the information in it was a privileged communication. The company wanted the email removed from the Statement of Claim in Fernandes’ lawsuit. The company’s motion was dismissed and an application to appeal the ruling was also refused. [Source]

+++

Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: