While Google is resisting turning over search records, what they should really be doing is telling its users:
The US federal government is asking a California court to force Google Inc. to turn over information about usage of the company’s search engine for finding pornography on the Internet. The government says it needs those Google usage records to prepare its defense in a 1998 lawsuit brought against it by the American Civil Liberties Union ACLU challenging the Child Online Protection Act (COPA) law. Google is resisting.
Last fall, the Office of the Privacy Commissioner (Canada) issued a decision regarding a customer complaint against CIBC in respect of its outsourcing of credit card processing services to the United States. The concern was that moving the data to the US would result in such data being accessible to US authorities under the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, 2001 (USA PATRIOT Act). In the findings portion of the decision, the OPC expressly states: that, at the very least, a company in Canada that outsources information processing to the United States should notify its customers that the information may be available to the U.S. government or its agencies under a lawful order made in that country. Consequently, it is submitted that Canadian companies that outsource the processing of personal information to US subcontractors should prominently disclose this fact to their customers and potential customers. Unfortunately, this is not always occurring.
Three more states (Illinois, Louisiana and New Jersey) have passed laws that require businesses to notify customers when data breaches occur. They join existing statutes that are in effect in 20 other states.
H&R Block apparently sent out packages containing tax preparation software to certain of its customers and placed the customer’s social security number on the outside of the package.
Yesterday, I saw an article on ZDnet that I thought I’d comment on. So I clicked the feedback button. Turned out that in order to add any feedback, one had to register for ZDnet. This did not just involved the usual request for an email address, which is then verified, but also involved a request for a lot of other information. More than should be required just to provide feedback. As part of the “registration”, users are also asked if they wish to subscribe to certain emails newsletters. By default, certain ones are prechecked. I unchecked everything and then registered. Just one day later, I’ve already started to receive unwanted emails. It seems that there are other newsletters that new users are automatically subscribed to unless they log into their account and uncheck further boxes. Come on. If users provide information, including emails address, for one purpose or sign up to perform a specific task, that information should not be used for other purposes without explicit consent. Users should not be subject to reading long privacy policies each time they sign up for something new.
The Governor in Council has indicated that Ontario’s Personal Health Information Protection Act is substantially similar to Part 1 of the Personal Information Protection and Electronic Documents Act as it applies to health information custodians and has issued an exemption order in respect of such health information custodians.
With the support of the Canadian Internet Policy & Public Interest Clinic (CIPPIC) and the Electronic Frontier Foundation (EFF), a new grass-roots organization, Online Rights Canada, was launched last Friday in order to give Canadians a new voice in critical technology and information policy issues.
Continue reading Online Rights Canada