26 Nov – 06 Dec 2015

Big Data

WW – Smarter Cities Will be based on Open Data, says Expert

Imagine a world where the smart meters used to record and manage energy consumption in homes are used by health care providers to monitor outpatients, or where information recorded by traffic cameras or road sensors is used to help people plan their journeys more efficiently. Regardless of the model being adopted, the success of smarter cities will depend on the liberalisation of data that has been traditionally locked into individual bits of infrastructure. Freeing up that data, and using software to manipulate the information for wider use, will deliver benefits like smarter energy consumption, transportation, city planning and health care in cities. [Out-Law]

WW – Most Businesses Collecting Data They Never Use, Survey Finds

Most companies in the UK, France and Germany collect data they never use, according to a new survey. 22% of respondents admitted that they often collect data that they never end up using, whilst half of those surveyed said it “happens occasionally.” Just over a quarter of respondents (26%) said they always use the data they collect. A lack of internal skills, cost, the time consuming nature of data processing and a lack of “proper data processing tools” were all cited as reasons why organisations do not “fully process” the data at their disposal. In an opinion issued on data protection and the internet of things (IoT) last year, EU privacy watchdog the Article 29 Working Party warned businesses that collect personal data that is not necessary for the purposes they wish to pursue on the hope that they will find a use for it in future that they could be found in breach of EU data protection laws. [Out-Law] SEE ALSO: [Big Data to Become a Big Asset at Deutsche Bank] and [How to Keep Your Customers’ Trust While Collecting and Learning From Their Data] and [The Internet of Things: Guidance, Regulation and the Canadian Approach] and also [Nielsen study on Information Security for Small and Medium Enterprises recently commissioned by Chartered Professional Accountants of Canada]

Canada

CA – BC Commissioner Recommends FIPPA Amendments

B.C.’s FIPPA should be amended to require public bodies to have a comprehensive privacy management program (including privacy training and a FIPPA complaints process), require notification of a breach to individuals and the OIPC that would cause significant harm; the current OIPC’s complaint process and review and inquiry process should be streamlined into one process, and the penalties for offences under FIPPA should be raised to a maximum of $50,000 for both general and privacy offences. Other recommendations include requirements for public bodies to document key actions and decisions, to apply de-identification methods to public data sets, correct PI when an individual requests it, amend definitions of “data-linking,” “advice” vs “recommendations” and to enact new comprehensive health information laws. [OIPC BC – Submission to the Special Committee to Review the Freedom of Information and Protection of Privacy Act] [Press Release] [Speech]

CA – BC Supreme Court Rules OIPC Has Responsibility for Breach Remedies

The Supreme Court heard an appeal and cross-appeal of an appellant’s claim of breach of privacy by an employee of the Insurance Corporation of BC. At issue were claims for vicarious liability for breach of privacy, and for negligent breach of a statutory duty. According to the ruling, the BC FIPPA provides a comprehensive complaint and remedy procedure for public bodies that fail to protect personal information; the Commissioner has supervisory responsibility over the adequacy of a public body’s informational security arrangements, can investigate and attempt to resolve complaints and has ordering powers. [Ari v Insurance Corporation of British Columbia – Court of Appeal for British Columbia – 2015 BCCA 468 CanLII] See also: [Quebec Privacy Commission Encourages Organisation to Report Security Incidents [Press Release (French)] [Security Incident Reporting Form (French) ]

Consumer

WW – Growing up Cyber: Generation Z and Online Privacy

A new study analyses where Generation Z excel in privacy but may need a friendly nudge in the right direction, examining passwords, messaging apps, cybercrime and social media privacy, noting Generation Z became experts in adjusting their privacy settings for fear of embarrassing baby pictures popping up on their friends’ newsfeeds, and are well versed in how to hide information and what to do when something just doesn’t feel right. Case in point, 74% of teen social media users have deleted people from their networks. [Source]

E-Government

US – New Federal Council Will Hone in On Data Privacy Issues

The Office of Management and Budget is creating a new Federal Privacy Council to make policy recommendations, establish best practices and foster a community of privacy professionals within the federal government. The Privacy Council will be modeled off the Federal CIO Council — a group of agency CIOs that work together to advise on IT priorities. The new council will form in early 2016. [Source] SEE ALSO: [OPM Just Now Figured Out How Much Data It Owns: T he Atlantic] See also: [Lessons learned from the Adobe data breach]

Encryption

WW – Free Encryption Certificates Now Available to Public

The Let’s Encrypt project is now offering free TLS certificates to the general public. The project, which is run by the Internet Security Research Group, initially ran a trial for a small group of volunteers earlier this fall. The certificates are trusted by all major browsers. [The Register]

WW – Blackberry to Leave Pakistan Over Government Access Demands

BlackBerry has announced it will no longer operate in Pakistan because of local government demands for access to communications. The government wanted access to all Blackberry Enterprise Service (BES) traffic in the country, including all BES emails and messages. “We do not support ‘back doors’ granting open access to our customers’ information and have never done this anywhere in the world,” wrote BlackBerry Chief Operating Officer. [Computerworld]

WW – Dell Installs Root Certificates on Laptops, Endangers Users’ Privacy

Users are reporting that some Dell laptops sold recently come preloaded with a self-signed root digital certificate that lets attackers sniff traffic to any secure website. “If I were a black-hat hacker, I’d immediately go to the nearest big city airport and sit outside the international first class lounges and eavesdrop on everyone’s encrypted communications,” said the CEO of a major security firm. “I suggest ‘international first class,’ because if they can afford $10,000 for a ticket, they probably have something juicy on their computer worth hacking.” [PC Advisor] SEE ALSO: [Millions of Internet Things are “secured” by the same “private” keys]

EU Developments

EU – Report Argues Greater Role for DPAs in Supervising Intelligence Agencies

According to a new report by the European Union Agency for Fundamental Rights, there is no consistency in EU Member States’ oversight systems with relation to intelligence services (e.g. in almost half of all Member States DPAs have no competence over intelligence services), and there are gaps between DPAs and oversight bodies; in almost 1/3 of Member States there is no law providing for the obligation to inform and the right of access. [Surveillance by Intelligence Agencies: Fundamental Rights, Safeguards and Remedies in the European Union] [Summary] [EU wants to give national privacy regulators more clout in new U.S. data pact] SEE ALSO: [EU Member States Agree Higher Fines for Firms For Privacy Violations]

EU – Officials Pressing Tech Companies for More Access

E.U. officials want the large U.S.-based technology companies to work with them in providing more access to user data to help fight terrorism. Companies including Facebook, Twitter, Microsoft, Apple and Alphabet’s Google reportedly met with government and law-enforcement officials from the EU to talk about ways of cooperating to fight terrorism. One meeting in Paris with the French PM focused on finding ways to quickly remove propaganda from social networks, but another focus for EU officials was on finding ways to include so-called back doors into encrypted services.” [The Wall Street Journal ]

UK – Snooper’s Charter: Privacy Groups Challenge Controversial Bill

Security experts, civil liberty groups and technology organisations have pushed back against key sections of the recently revealed Investigatory Powers Bill in 46 separate written submissions to the government. Now, as the bill faces increasing scrutiny, V3 has analysed the submissions sent to the Science and Technology Committee to pick out the key arguments, finding strong opposition to approaches on encryption, bulk surveillance and hacking. [Source]

EU – EU-Based Cloud Aims to Solve Safe Harbor Data-Storage Conundrum

European cloud provider Zettabox launched its Zettabox Euro Harbor service, which is geared toward helping U.S. companies comply with post-Safe Harbor data storage. The new service aims to allow companies acting as data controllers and operating in Europe to store their clients’ data in the EU in one of 10 European data centers, offering reassurance to EU customers and regulators that U.S. law enforcement and intelligence services can’t legally access the data stored in such servers. [TechWeek]

EU – “Privacy Bridges” Proposals at Amsterdam Commissioners’ Conference

19 renowned privacy experts from the US and the EU have developed ten practical proposals to increase the transatlantic level of protection of personal data. Most proposals can be implemented within existing different legal systems and are applicable worldwide. It concerns pragmatic bridges that benefit people, companies, governments and supervisory authorities. The experts present their report at the International Privacy Conference at the end of October in Amsterdam. Their paper is now available. [Privacy Conference 2015] [EU-U.S. Privacy Bridges]

UK – ICO Announces Search for Successor

The ICO announced that it is in need of a successor to head Christopher Graham. The job listing notes, “This is a demanding and high profile role as a key UK regulator. The successful candidate will be an outstanding individual with a strong professional track record who is able to take and defend difficult decisions, to win the confidence of a wide range of stakeholders from all sectors and to act as the public face of the organization at a domestic and international level.” The office is based in Wilmslow, Cheshire, with three regional offices, and employs roughly 400. The appointment is for five years. [Press Release]

Facts & Stats

WW – Google Releases Right To Be Forgotten Statistics

Google’s most recent Transparency Report reveals that the search engine took stock of 1.2 million webpages in its right-to-be-forgotten evaluations, eradicating 42% of problematic links, the majority of which were Facebook-borne. “Google doesn’t explain in its data why it removes some links and keeps others,” the report states. “But it dropped clues signaling it takes into account whether someone is a public or private figure, whether it considers crimes to be minor, and whether embarrassing incidents took place during a person’s private or professional life.” The countries with the highest number of requests? France and Germany. [The Wall Street Journal] [Facebook tops Google’s list of domains for ‘right to be forgotten’ requests]

CA – Data Breaches Costs Canadian Companies $250 per Record

IBM partnered with the Ponemon Institute to examine the cost of data breaches in Canada. Twenty-one companies participated in the study, which found that the average per capita cost of a data breach is $250 and the average total organizational cost is $5.32-million. The industries with a per capita data breach of substantially more than $250 were financial, services, technology and energy. Public sector, education and consumer organizations had a per capita cost well below the overall mean value.” [Globe & Mail]

Finance

WW – PCI SCC Explains How to Respond to a Breach

The Payment Cards Industry Security Standards Council (PCI SSC) published a three-page guide titled Responding to a Data Breach that articulates its position on the correct response to a security incident at a merchant location where the attack exposed cardholder data. This guidance highlights some of the difficulties in developing proper response procedures, specifically the challenges in mapping out complete, thorough procedures that actually hold up under the stress of an actual incident [IAPP]

FOI

CA – Liberal Transparency Reforms Subject to ‘Review’ Next Year

Trudeau has pressed for reform of access to information since 2014, but nothing is planned for 2015. The Liberal government quickly implemented some key policies, including the removal of a gag order on government scientists, shutting down a court case about niqabs at citizenship ceremonies and ramping up Syrian refugee processing. But there has been no directive from the top about releasing more documents under freedom-of-information law, a move the U.S. president made on his first day in office. [CBC]

US – FTC goes ‘Star Chamber’ on Warrant Transparency

Nobody knows how many administrative subpoenas are issued by government agencies. Administrative subpoenas are warrants for records such as private “papers” and emails. They are issued unilaterally by government bureaucrats and are impossible to reconcile with the Fourth Amendment’s requirements of “oath and affirmation” of “probable cause” before neutral judges. Watson and The Daily Caller News Foundation have been issued multiple FOIA requests to various government agencies to get a sense of how many of these subpoenas are issued. [Source]

UK – ICO Guidance for Removing PI When Responding to Access Requests

The UK Office of the Information Commissioner published guidance on how to disclose information safely when responding to information requests. Organisations should control access to files containing personal data and use specific software to permanently redact information intended for release in an electronic format; when considering disclosure of files, organisations should consider if the file contains linked data, meta-data or comments that should be removed. [ICO UK How to Disclose Information Safely – Removing Personal Data from Information Requests and Databases]

Genetics

CA – Supreme Court Zeroes in on Penile Swabs

The clash between the privacy rights of a criminal suspect and the powers of police is once again before the Supreme Court. This time the court must decide whether police are permitted to force an individual suspected of committing a sexual assault to provide a genital swab for the purposes of obtaining DNA evidence. The trial judge found that the search (leading to a match) was unreasonable but admitted the evidence under s. 24(2) of the Charter. A majority of the Alberta Court of Appeal found that a warrant should have been obtained first, yet it also upheld the conviction under s. 24(2). The other judge on the panel found that this was a legitimate search incident to arrest under the common law powers of police and a warrant was not necessary. Whether a genital swab without a warrant is appropriate should be governed by the same test the Supreme Court set out in R. v. Golden for strip searches according to the Alberta Crown and the Ontario Ministry of the Attorney General, which is an intervener. A genital swab is no different than a test for gunshot residue on a suspect and it is not an intrusion on bodily integrity. [Law Times]

Health / Medical

US – ONC Issues Guidance on PHRs

A report prepared for the Office of the National Coordinator for Health IT provides practical and useful guidance to Health Information Exchange (“HIE”) organizations who are interested in designing and implementing a Personal Health Record (“PHR”) as part of their portfolio of services. [Final Report: HIEs and Personal Health Records Community of Practice: Key Considerations for HIE-based Personal Health Records]

US – White House Issues Medical Guidelines and Funding Opportunities

The White House released the Precision Medicine Initiative (PMI) Privacy and Trust Principles, aimed at building patient trust and protecting patient privacy for precision medicine-related activities last month, as the National Institutes of Health (NIH) announced the availability of $72 million in PMI-related funding opportunities for fiscal year 2016. A Security Policy Framework that will help ensure that security is built into the foundation of the PMI is in development. [Hogan and Lovells]

US – HIPAA Questions Portal a Hit

Some healthcare providers are pleased with the U.S. Department of Health and Human Services’ nascent HIPAA Questions Portal as use of the tool grows. The system allows those in the field to pose questions to HIPAA experts, thus avoiding breaches of protocol. Meanwhile, privacy concerns regarding the app dubbed “the Instagram for doctors” abound. [iMedicalApps]

Horror Stories

US – Toymaker Breach Affects Six Million Children, 4 Million Adults

Toymaker VTech announced the attack on its Learning Lodge app store and Kid Connect messaging system databases exposed the data of 6.4 million children and 4.9 million adults. The largest percent of those affected were in the U.S., with France, the UK, Germany and Canada all in the top five. The stolen data on children included name, gender and birth date; and from adults, name, mailing address, email address, password retrieval questions, IP address and passwords. [The Register] [Washington Post] [Bloomberg] [The Wall Street Journal: VTech Begins Breach Clean-Up] [Reuters] See also: [VTech Hacker Explains Why He Hacked the Toy Company ]

Identity Issues

US – Concerns Over ID Protection Overlook Dangers of Inference

The IAPP VP of Research and Education discusses the debate surrounding de-identification. The discussion thus far has generally focused on protecting identity, but that’s distracted policymakers from a central privacy problem in this age of big data, “the ability of organizations to draw highly sensitive conclusions about you without exposing your identity, by mining information about ‘people like you,’” he writes. As such, the main privacy issue isn’t identity, but inference, because even without identification, “machine-made inferences pose risks to societal values of privacy, fairness and equality.” [Yale Journal of Law & Technology] SEE ALSO: [How Dynamic Data De-Identification Is a Bridge to the Future]

CA – Yukon IPC: Health Numbers, Cards Unsuited for Secondary Purposes, Uses

The Yukon Info & Privacy Commissioner issued comments on the Dep’t of Health and Human Services’ proposed development of regulations under the Health Information Privacy and Management Act  The proposed regulations would allow other uses of health cards for government and non-government programs and services; this presents significant risks, public bodies do not have privacy management programs in place and non-governmental organizations that may use the cards may not be subject to any privacy laws. [Health Information Privacy and Management Act Public Consultation – IPC Comments]

US – Woman’s Ex Used ID-Theft Service to Track Her

An Arizona woman says her ex-husband was able to track her financial movements using an identity-theft protection company after he used her Social Security number to open a bogus account in her name at LifeLock, allowing him to receive alerts and emails when the woman applied for credit cards, leased a car and opened a bank account. “He knew everything I did,” she said. [USA Today]

Law Enforcement

ON – Mental Health, Carding Records No Longer Disclosed by Police

A new Ontario law mandates that police first disclose the results of a record check to the person who is the subject of those records, then that person would have to provide written consent for police to disclose the information to the third party that requested the check. The Liberal government introduced the act after stories emerged of people being stopped at the U.S. border after records of suicide attempts were disclosed and people being prevented from volunteering because they witnessed a crime. This legislation does not cover information sharing between police agencies, so it may not prevent mental health records being used to turn people away at the border. [City News]

CA – RCMP Unveils Plan to Tackle Cybercrime

The RCMP published its Cybercrime Strategy setting out objectives, strategic enablers and 15 actions items to be implemented over the next 5 years. The Mounties’ strategy is designed to tackle technology-based crime that is increasingly moving beyond their ability to investigate because of advanced encryption, the global reach of crime and enhanced privacy protections. Missing in the RCMP report — and the broader debate about privacy versus public safety in Canada — is comprehensive data from police detailing the scope of the problem. [Source] See also: [‘We can’t protect public from cyber crimes’: RCMP boss] [RCMP need warrantless access to online subscriber info: Paulson] [The RCMP wants more online surveillance power. We should say no] [Once again, the RCMP calls for warrantless access to your online info. Once again, the RCMP is wrong]

US – LA Considers Notifying Potential Johns They’re Being Watched

L.A. City Council wants to tackle prostitution by sending “Dear John” letters to the homes of any drivers who linger in the area by taking note of their license plates. Critics call the move “stigmatic” for neighbors, while arguing that some cars, like garbage trucks, aren’t necessarily in the neighborhood for company. Displeasure with being surveilled seems to be the biggest concern, however. “Registered owners will know the city is watching your every move and notifying you of it,” said a commenter at a public hearing on the motion. “If Hitler were here, he would applaud you today,” adding in no uncertain terms that he felt the proposal to be “fascism on steroids.” [fusion.net]

Location

EU – CNIL Identifies When Employees Work Vehicles Can Be Tracked

France’s Commission nationale de l’informatique et des libertés (“CNIL”) published guidelines on geolocation tracking in vehicles. Geolocation devices can be installed on employee vehicles to monitor and charge for a transport service (such as ambulance in the context of billing the health insurance company), for security of employees (e.g., a commercial truck carrying merchandise of great value), and to improve the allocation of resources (e.g., identify the ambulance closest to an accident); geolocation devices cannot be installed to monitor compliance with speed limits. [CNIL Guidelines for the Use of Geolocation Tracking of Employees (French) ]

Online Privacy

WW – Cross-Device Tracking Raises Consumer Awareness Concerns

At a workshop on cross-device tracking, the FTC Chairwoman described the uses of probabilistic models, which make inferences on information over which the user has no control such as shared IP addresses or location information when 2 devices are consistently used together in the same household. This type of tracking raises transparency issues (it employs persistent identifiers), and there are almost no tools that tell consumers which devices are linked together or to them or that allow them to opt-out of the linking of the identifiers. [FTC – Remarks of FTC Chairwoman Edith Ramirez at FTC Workshop on Cross-Device Tracking] See also: [FTC Guidance is Needed for Cross-Device Tracking – CDT] See also: [TD Visa customers’ browsing activities open to ‘surveillance’ by bank; Bank denies collecting general information about what customers do online]

Other Jurisdictions

AU – Australia Introduces New Counter Terrorism Legislation

Australia’s Attorney General introduced new counter-terrorism legislation; the bill includes measures that will allow a control order to be imposed on persons 14 years or older, simplify monitoring of individuals subject to control orders through enhanced search, telecommunications interception and surveillance device powers and introduce a new offence of advocating genocide. [Attorney-General] See also: [AU – Government Unveils Data Breach Notification Bill, Seeks Input]

Privacy (US)

US – EFF Wants FTC to Investigate Google Apps for Ed

The EFF says in a complaint to the FTC that Google’s Apps for Education violates the Student Privacy Pledge the company signed in January, which indicates it will only collect, store or use student data for educational purposes. The EFF found that the company was collecting kids’ personal information through the “Sync” feature in the Chrome browser that “is enabled by default on Chromebooks sold to schools” and says Google is using that information for uses beyond education. Google has agreed to change the settings for computers sold to schools but is “confident that these tools comply with both the law and our promises, including the Student Privacy Pledge.” [The Wall Street Journal]

US – Task Force Recommends Register Drones at Point of Operation, Not Sale

The Federal Aviation Administration’s Unmanned Aircraft Systems (“UAS”) Registration Task Force (“RTF”) Aviation Rulemaking Committee (“ARC”) issued its final recommendation in relation to drone/UAS registration requirements. All drones under 55 pounds must be registered prior to operation in national airspace; a single registration number will cover all drones a registrant owns, who must register on a free web-based system. [Task Force Recommendations Final Report]

US – Lorrie Faith Cranor Named FTC’s New Chief Technologist

Carnegie Mellon’s Lorrie Faith Cranor, will succeed Ashkan Soltani as the FTC’s Chief Technologist, the agency said. “We are delighted to welcome Lorrie to our team, where she will play a key role in helping guide the many areas of FTC work involving new technologies and platforms,” said the FTC Chairwoman. Not everyone reacted positively: “The revolving door of privacy advocates masquerading as Chief Technologists continues at the FTC,” said the Interactive Advertising Bureau. “It’s like they are funding a one semester internship for anyone with advocate bona fides.” FTC Press Release

Privacy Enhancing Technologies (PETs)

US – New PIA Templates, Case Study, Announced

Last year, AvePoint announced a free and downloadable privacy impact assessment automation tool, APIA. Now, with more than 2,500 privacy professionals using APIA in countries spanning the globe, a case study has been published. Also, two new questionnaire templates are now available to help users simplify PIAs and carry out surveys according to recommended best practices: third-party vendor assessment and cloud readiness. [IAPP Resource] SEE also: [Hong Kong DPA Issues PIA Guidance]

Security

WW – Study: Employees Account for 80% of Breaches

Experian’s annual Data Breach Industry Forecast found that 80% of breaches are catalyzed by employees—careless or otherwise. “Unfortunately people doing stupid stuff is the largest cause—it’s as simple as putting a non-production server into production, not turning on a malware or firewall protection or as simple as the lost (unencrypted) laptop or USB key.” [BankInfoSecurity] SEE also: [Fung: Tech Teams Need Ethics Training] [Accessing personal information common practice at RNC, Newfoundland privacy commissioner told]

Surveillance

US – DoJ Testifies on Policy Governing Use of Cell-Site Simulators

The Principal Deputy Assistant Attorney General testified before the U.S. House of Representatives’ Subcommittee on Information Technology Committee on Oversight and Government Reform at a hearing for Examining Law Enforcement Use of Cell Phone Tracking Devices. [Testimony before the House Committee on Oversight and Government Reform – Department of Justice] See also: [UK GCHQ accused of ‘persistent’ illegal hacking at security tribunal] AND: [U.K. Spies Turn Your Cell Phone Into a Bug in Tech War on Terror]

CA – Vancouver Police Deny FOI Request for Cellphone Tapping Info

In September 11, 2015, the Information and Privacy Unit of the Vancouver Police Department (VPD) replied to a July 23 FOI request, explaining that it was unable to provide access to the requested information. In accordance with section 15(1)(C) of the B.C. FIPPA, the VPD refused to release the records requested on the grounds that any disclosure would be harmful to law enforcement. And furthermore, in accordance with section 8(2) of the act, the VPD refused to confirm or deny that any such records existed. The VPD’s response reminded many in the press that the Harris Corporation has, in the past, required U.S. law enforcement agencies buying its brand name StingRay technology to sign non-disclosure agreements (NDAs), requiring questions from the press and the public to be answered as obliquely as the VPD answered the Pivot FOI request. [Source]

Telecom / TV

US – National Security Letter Content Revealed

A US District court judge has allowed a former ISP owner to disclose the content of a National Security Letter he received in 2004. NSLs come with gag orders, forbidding recipients from disclosing their contents or even revealing that they have been received. The document reveals that the FBI sought the target’s entire web browsing history, the IP addresses of everyone the target corresponded with, and a record of all the target’s online purchases. [v3.co.uk] [ArsTechnica] [Yale.edu] [Newly published FBI request shines light on National Security Letters]

US Legislation

US – Sen. Announces Proposed Surveillance Bill

As the government said goodbye to the NSA bulk phone record surveillance program, Senator Tom Cotton (R-AR) introduced the Liberty Through Strength Act II, a bill that aims to “let the government keep the phone records it has already collected for five years.” According to critics, the bill is “Big Brother on steroids.” FreedomWorks’ CEO took umbrage with Cotton and others who “are willing to sacrifice our liberties on the altar of security” and “treating Orwell’s 1984 as a how-to guide instead of a warning.” [SC Magazine] SEE ALSO: [Chat, text, email – Congress moves to stop government snooping]

Workplace Privacy

WW – New Employee Monitoring Software Opens Up Range of Legal Issues

Canadian employers looking to track workplace satisfaction and productivity are taking inspiration from foreign companies that use personal data trackers and data analysis to improve employee performance. However, employers looking to gain the benefit from such programs should prepare for workers raising challenges related to this new practice. Incidental breaches of privacy abound, as do concerns whether the employer’s use of data unfairly prejudices certain employees. Finally, data associated with an individual employee may become disclosed in the course of wrongful dismissal claims. Before using data to track employee productivity, employers would be wise to develop human resources policies in anticipation of challenges raised by workers, as well as to make workers aware of how data will be used. At this early stage, employers may even want to “decouple” data so that it cannot be linked with an individual employee. [Lawyers Weekly] See also: [The Chilling Effect of Privacy Invasion]

CA – Federal, BC and Alberta Commissioner Issue BYOD Guidance

The underlying message contained in the Guidelines appears to be “proceed with caution, if at all”. Implementing a BYOD arrangement for employees should not be taken lightly and the Guidelines raise a number of issues which must be carefully considered prior to moving ahead with such an arrangement. The complete Guidelines can be found here. The Guidelines are summarized at [Lexology] [Is a Bring Your Own Device (BYOD) Program the Right Choice for Your Organization] Se ealso: [IAPP BYOD Resources]

 

+++

 

 

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: