Security News

Elections Ontario discovers privacy breach of voter data

Tuesday, July 17, 2012

Elections Ontario has discovered a privacy breach that involves the personal information of voters in up to 24 provincial ridings.

CBC News has learned that memory sticks containing personal information about voters have gone missing from the office of the chief electoral officer for Ontario.

The information on the missing memory sticks includes the full name, address, gender and birth date of voters and may also include information on whether or not these same individuals voted.

The chief electoral officer, in a letter to all three provincial party leaders, says the information is encrypted and there is no evidence it has been accessed.

The privacy breach is now under investigation by the Ontario Provincial Police and Ontario’s information and privacy commissioner.

Greg Essensa, the chief electoral officer, will hold a press conference at Queen’s Park on Tuesday morning.

His letter to the Ontario political leaders indicated that he takes the matter of the privacy breach “extremely seriously.”


Source: http://news.ca.msn.com/local/ottawa/elections-ontario-discovers-privacy-breach-of-voter-data-1
... Learn More

Canada’s spy chief backs Vic Toews’ Internet surveillance plan, offers to help strengthen parts of bill

Friday, July 13, 2012
Canada’s spy chief backs the Conservative government’s troubled bid to bolster Internet surveillance powers, and has offered to help tweak the legislation to make it more palatable to a wary public.

In a letter to Public Safety Minister Vic Toews, Canadian Security Intelligence Service director Dick Fadden says the spy agency was “extremely pleased” to see the bill come before Parliament, considering it “vital” to protecting national security.

CSIS was drafting “potential options” to strengthen accountability measures in the bill, says the late February letter, sent to the embattled minister following a wave of opposition to the legislation from civil libertarians and Internet privacy advocates.

The Canadian Press obtained a declassified version of the top secret letter this week under the Access to Information Act.

The federal legislation would allow police, intelligence and competition bureau officers access to Internet subscriber information — including name, address, telephone number, email address and Internet Protocol address — without a warrant. An IP address is the numeric label assigned to a computer on the Internet.

It would also require telecommunication service providers to have the technical capability to enable police and spies to intercept messages and conversations.

...  Fadden acknowledges the cost for companies to set up and maintain intercept-capable networks could be significant. But he argues the legislation provides “generous lead times and grandfathering provisions” that will help industry. ....

Read full article at: http://news.nationalpost.com/2012/07/13/canadas-spy-chief-backs-vic-toews-internet-surveillance-plan-offers-to-help-strengthen-parts-of-bill/

... Learn More

Durham USB key settlement approved: judge calls risks from lost data 'negligible'

Thursday, July 12, 2012

Durham residents whose health information went missing on a lost USB key will have to prove they were financially harmed to get compensation.
 
Justice Peter Lauwers has approved a settlement agreement in a class action lawsuit launched after 83,524 people's data was lost by a Region of Durham employee in December 2009.
 
While many affected residents had hoped to receive a lump sum payment, the agreement requires class members to file individual claims that prove they suffered economic harm as a direct result of the incident.
 
The Region then has a chance to try to mitigate the harm.
 
If a person is still unsatisfied they can take a shot at monetary compensation, which the agreement says will be based on "common law principles."
 
Sean Brown, one of the lawyers representing the class action, says he is "content" with the resolution and has only heard from a handful of class members who aren't.
 
Of the roughly 79,000 people who didn't opt out of the lawsuit, lawyers got feedback from about 500.
 
Only about 20 of those voiced an objection before the July 3 settlement hearing.
 
"That's an extremely small minority of people that have any real problems with the settlement process," Mr. Brown said. "Everyone else, whether their silence means they're content with it or not, is difficult to say."
 
Lawyers representing the Region could not immediately be reached for comment.
 
In his decision Justice Lauwers calls the agreement "fair and reasonable" and says it's the best outcome the class can hope to accomplish given that "ongoing risks to the members of the class appear to be negligible."
 
The information on the USB key was collected from residents who received an H1N1 flu shot at health department clinics between Oct. 1 and Dec. 16, 2009. Data included name, address, phone number, date of birth, health card number and the name and address of each patient's family doctor.
 
The USB key was lost by a nurse in the Region of Durham headquarters parking lot on Dec. 16, 2009.
 
In his decision Justice Lauwers cites evidence from fraud experts who said the data on the key likely wouldn't be enough to commit identity theft.
 
"Over the course of this action, anxiety about the abuse of private information has given way to the realization that it is now probable that no one has the missing USB key," the judge says. "This inference comes from the fact that no class member has claimed the information on the key has been used to financially damage his or her interests."
 
Justice Lauwers goes on to say the case would "look far different" if the missing health information had been abused.
 
Still, more than a dozen local residents vented their anxiety at the July 3 settlement hearing in Oshawa.
 
Some even cited incidents of fraud and suggested there might be links to the lost USB key.
 
"I got call from RBC saying I have overdrawn account, I don't even deal with RBC," said Tom Cole, who said he has also had difficulty crossing the border due to identity theft issues.
 
The settlement agreement requires the Region to pay class counsel $500,000 to cover the cost of roughly 900 hours spent working on the file since January 2010.
 
The firm of Flaherty Dow Elliott and McCarthy is representing the class -- if the names sound familiar it's because the firm is connected to Whitby-Oshawa MP Jim Flaherty and his wife Whitby-Oshawa MPP Christine Elliott.
 
In past interviews lawyers at the firm have declined to comment on the connection between the local MP and MPP and the lawsuit. The Region is also on the hook for any awards to class members -- 25 per cent of each award will go to the class lawyers.
 
Region staff said those amounts will all be covered by insurance, which will have an impact on premiums -- and possibly future budgets.
 
Staff said there is no way to forecast how much premiums could go up.
 
Class members have until Aug. 2, 2016 to submit a claim for compensation.
 
For more information, visit www.durhamhealthclassaction.com.

Source:
http://www.durhamregion.com/news/article/1392350--durham-usb-key-settlement-approved-judge-calls-risks-from-lost-data-negligible

... Learn More

Online profiling aims to spot would-be psychos

Monday, June 11, 2012

Using one of his many under-cover online personas and armed with his "Spidey" senses, Michael Arntfield scours social media sites, paying particular attention to people whose public profiles display compulsive, narcissistic and potentially dangerous behaviours. Maybe he'll try to "friend" them to dig deeper into their profiles.
 
Arntfield, a detective-constable with the London Police Service and a professor of media studies and criminology at Western University in Ontario, is at the forefront what he says is an emerging area of law enforcement that combines Internet intelligence with psychological profiling. The goal is to identify potential violent offenders and disrupt crimes before they happen.
 
"Before, you thought a guy had some issues and was weird and potentially dangerous, you might put a stakeout detail on his house. Now I can keep him under loose surveillance for months at a time through his digital life," says Arntfield.
 
His work seems especially relevant after the killing and dismemberment of Concordia University student Jun Lin in Montreal. Up until his arrest last week in Germany, Lin's suspected killer, Luka Rocco Magnotta, had amassed an extensive digital archive - including video posts purportedly showing him killing cats - that left many wondering whether police could have intervened sooner, especially when online sleuths had raised concerns about Magnotta.
 
ONLINE WARNING SIGNS
 
"I think this case, and the warning signs that Magnotta posted for public consumption, will reveal a new-found recognition for the investigative value of digital media as both a threat assessment and profiling instrument," Arntfield said.
 
Not all in the law enforcement community are convinced that this investigative technique - which Arntfield admits can be very time-consuming - is the best use of time.
 
"There's so much [Internet] activity, it's like sticking your head out the window in a blizzard looking for a snowflake," said retired Ontario Provincial Police criminal profiler Jim Van Allen.
 
"To say we're going to scan a large body of electronic information and pick out the next bad guy and monitor them is unrealistic."
 
But Arntfield says police departments need to keep up with the times, and that "as the public sphere moves into a digital forum, policing needs to become increasingly digital, too."
 
In the past, society's monsters could fly under the radar, living sequestered and anonymous lives until they committed a violent act, Arntfield says.
 
Today, social media provide a forum for budding deviants to publicly display their narcissistic tendencies, a space where they can seek out validation or admiration for their ideas and fetishes and even "rehearse" their crimes.
 
Facebook's new timeline function, which provides a visual chronology of one's activities on that site, is an ideal investigative tool because you can see the progression of someone's anti-social behaviours and risk taking, Arntfield says.
 
The deeper Arntfield can get into someone's social media pages - convincing that per-son to friend him on Facebook, for instance - the better the profile he can develop of that person, including who their associates are and what makes them "tick."
 

But what exactly is he looking for?
 
Some criminologists subscribe to a theory developed decades ago that animal cruelty, fire starting and bed-wetting are predictive of violent behaviour.
 
'Gateway' behaviours
 
Arntfield and his colleagues are attempting to develop a new 21st century list of "gate-way" or "pre-cursor" behaviours, including online behaviours, that may be predictive of violent behaviour.
 
Arntfield admits that the interpretation of online personas is highly subjective and there is no clear line between the garden-variety narcissism so evident in social media and the truly anti-social, malignant narcissism that lends itself to predatory and sadistic behaviours.
 
But there are some online behaviours, he says, that can be considered red flags.
 
A middle-aged man, for instance, who regularly shoots and uploads videos of women in public without their knowledge would be someone Arntfield might pay attention to.
 
If that man's online pro-file also shows that he's a fan of slasher flicks, that might pique Arntfield's interest even more.
 
If the activities start becoming more disturbing, Arntfield's shadowing of that person might shift from cyberspace into the real world.
 
"The tipping point that would enable me, or any criminal investigator, to move from passive electronic intelligence gathering into a bona fide investigation ... would be my having reasonable grounds that an offence has been, is being, or is about to be committed."
 
At some point, Arntfield might confront the person, though it doesn't necessarily have to be during the actual commission of a crime. It might be more of a casual interview, letting the person know that he knows what they've been up to.
 
"I'm a huge advocate of intelligence-led policing, which is disrupting crimes or interdicting crimes before they can hap-pen, identifying offenders and getting them for something else - to basically stop them in their tracks."
 
And to those who may wonder if this all sounds a bit Big Brotherish, Arntfield stresses that the online surveillance he conducts is more overt than covert, and that he won't take action against someone with-out corroborating evidence.
 
"I think the misinterpretation is that you make a tweet and we come break down your door," he said. "It's not Orwellian like that."

Read more: http://www.vancouversun.com/technology/Online+profiling+aims+spot+would+psychos/6762250/story.html#ixzz1xmfCAMbf

... Learn More

Can Internet snooping protect us, or do criminals just get used to it?

Friday, June 08, 2012

As the world watched with grim fascination the gruesome details of Lin Jun's killing in Montreal these past two weeks, Public Safety Minister Vic Toews took the time to tell reporters that his proposed Internet surveillance bill, Bill C-30, would have helped police investigate.
 
Perhaps so. But in reality, the suspect, Luka Rocco Magnotta, was caught relatively quickly, considering that he was already on another continent short days after the events. And in the end Mr. Magnotta’s capture wasn’t prompted by high-tech surveillance, but by sharp-eyed citizens.

Even the alleged evidence of Mr. Jun’s killing wasn’t hidden on some personal computer or private site, forcing police to obtain the kind of warrants that Bill C-30 would heavily streamline. It was available on a public website for anyone to see (and, disturbingly, it appears that many, many people wanted to see).

Is digital monitoring starting to generate diminishing returns?

To be sure, the ability to monitor Internet activity has proved beneficial in countless cases. There have been numerous high-profile busts in child pornography – Mr. Toews’s most often-cited cause – because investigators were able to quickly and easily collect evidence and track offenders down.

Surveillance also serves more than one purpose: Besides helping to snare criminals, it helps to deter them. In a corner convenience store, letting people know you’ve got cameras watching them is just as important as the watching itself.

However, surveillance may be hitting a saturation point. Twenty years ago, it was difficult to leave a significant digital footprint – today, it’s pretty difficult not to. More and more people are aware they’re being watched online, by someone or other, all the time. As such snooping becomes pervasive, people may stop altering their behaviour in response to it.

Mr. Magnotta not only seemed unconcerned with being observed, he positively sought it out. When caught by German police, he reportedly was sitting in an Internet café looking at photos of himself on the Web. Would increased surveillance have helped to catch the suspect sooner? Maybe. Would it have prevented the crime? Almost certainly not.

Of course, it’s impossible to generalize from such an extreme case. But this summer, the decreasing value of surveillance as a deterrent will be the subject of a massive case study – the London Olympics.

Over the past decade, London has made a strong case for itself as the world’s surveillance capital, with closed-circuit cameras (CCTV) seemingly on every corner. The Olympic Games, during which the city will be under the world’s magnifying glass, has only exacerbated the situation.

So overt is the theme of surveillance there that the Olympic mascots, two creatures called Wenlock and Mandeville that look like blobs of mercury in <QL>unitards, don’t even have faces. Instead, each mascot greets onlookers with a giant, face-encompassing eye that “lets <QL>Wenlock record everything,” according to Games organizers.

If there’s any wrongdoing during the Games, London’s massive mobilization of monitoring technology may help to catch the perpetrators. But will it achieve the organizers’ much greater goal of deterring anyone or anything that might damage the event’s image? When surveillance cameras are more common than streetlights and being watched is the norm, it can become just another part of the background, more noise to be ignored.

In 2009, a group of criminologists reviewed more than 40 studies on England’s CCTV systems. They found that, despite massive costs, the surveillance had little effect on crime. The only area where CCTV did have significant impact was on thefts in car parks, when the devices were used along with better lighting and more guards.

In the U.S., large-scale surveillance networks have produced mixed results. In some neighbourhoods of Baltimore, for example, crime dropped significantly where cameras were installed. In others, criminals were largely undeterred.

To be sure, many people aren’t ready to accept constant monitoring as a fact of modern life. Earlier this year, millions of Internet users in the U.S. and Canada stood their ground against wide-ranging Web surveillance bills such as Mr. Toews’s C-30, forcing politicians to backtrack.

But instead of dying, this kind of legislation tends to resurface in modified form a few months or years later, the authors betting that gradually fewer and fewer people will complain.

Every time Mr. Toews sings the praises of his proposed surveillance law, he will face resistance from critics on very legitimate civil-rights grounds. But there’s another question policy-makers need to consider when it comes to spending millions on more digital surveillance: What if a growing number of people have come to terms with being watched all the time, and what if many of them no longer care?

Source: http://www.theglobeandmail.com/news/politics/can-internet-snooping-protect-us-or-do-criminals-just-get-used-to-it/article4244278/

... Learn More

Stolen UVic items found in mailbox

Friday, January 27, 2012

An investigation into a security breach and breakin at the University of Victoria has taken a bizarre twist after most of the items that were stolen - minus a key computer-storage device - were found inside a garbage bag that had been left in a mailbox.

The discovery in Langford last week heightened concerns that someone may be planning to defraud UVic employees using unencrypted personal and banking information that was stored on the missing device.

"We think the situation now is more grave as far as the potential for frauds," Saanich police spokesman Sgt. Dean Jantzen said.

A Canada Post employee found the green bag in the box in the 1300 block of Bear Mountain Parkway on Jan. 18. A handwritten note on the bag said: "Stolen data from UVic. Please return."

Inside, police found a second note as well as a number of laptops, computer flash drives and media-storage devices believed to have been taken from a university administration building. The theft was discovered Jan. 8.

The unsigned, computer-generated note in the bag apologized for causing any inconvenience and claimed that none of the information on the hard drives had been misused.

"The information on these drives was not copied, distributed, or exploited," the note said. "We want no part of everyday people living in fear that their personal information is being used against them to take they're (sic) hard earned money."

Police said the devices that were returned had all been "thoroughly and professionally destroyed," making it impossible to recover any data or determine for certain whether they were the ones stolen from UVic.

Police showed the items to university officials who recognized most of them.

But the officials insisted that one media storage device did not belong to them.

The phoney device resembles a stolen drive that contained most of the unencrypted information on nearly 12,000 current and former employees.

"Why return this data absent the one key media drive that does have all the concerning data on it - 99 per cent of the concerning data?" Jantzen said.

"Someone or some people have taken the time to actually mock up a dummy media-storage device and include it in the materials returned, suggesting: 'Here you are, everything's been returned and all is well.'

"In our minds, all is not well . . . This goes beyond just a sick prank in our minds, leading us to believe this is something more sinister."

Jantzen said the concern is that the thief or thieves hope to throw the police off their trail, and dupe some employees into thinking that there is no longer a risk. He advised all employees who have not already done so to contact their banks and credit agencies and take steps to protect their finances and identities.

"We are really trying to head off any future frauds," he said.

Police took the rare step of releasing the note in its entirety in hopes that someone will recognize the words or phrases used.

"We think the note is unique," Jantzen said.

Source: http://www2.canada.com/victoriatimescolonist/news/capital_van_isl/story.html?id=a481f8e9-59a1-4d6f-8552-b115265b5099

Anyone with information is urged to contact police or Crime Stoppers. lkines@timescolonist.com



... Learn More

2,700 personal tax files downloaded on missing laptop

Sunday, November 06, 2011
The confidential tax files of almost 2,700 Canadians are missing after a Canada Revenue Agency worker took them home and let a friend download them onto a laptop.

The laptop has disappeared, the agency is scrambling to rewrite its security protocols and the privacy commissioner is asking why no one alerted her to the breach in confidentiality.

“Our office was not informed about this incident,” said Anne-Marie Hayden, spokeswoman for Jennifer Stoddart, privacy commissioner of Canada. “We will be following up with CRA for further information on the issue.”

The investigation report, along with related documents, was obtained by The Canadian Press under the Access to Information Act.

The major breach occurred in early 2006, when an auditor in the agency’s Toronto office asked a government computer technician to download 37,488 of her emails and 776 documents onto 16 CDs. The confidential material covered the years 2000 to 2006, and was not encrypted as required by agency rules.

The woman took the CDs home, and allowed a male friend to copy at least one of them to a laptop.

The breach only came to light when the woman produced the CDs during a grievance hearing before the Public Service Labour Relations Board in 2008. She wanted the panel to read a key 2005 email on one of the CDs, in support of her grievance that the CRA had not accommodated her health problems.

“She was upfront at the hearing that the CDs contained taxpayer information and advised (CRA senior official) Tracey O’Brien to safeguard the information,” says an internal report into the privacy breach. “This caused a disruption in the hearing.”

The woman employee, who suffers from fibromyalgia which causes chronic body pain, eventually won her grievance and was awarded $6,000 for pain and suffering. Two of her supervisors were required to take training in how to accommodate workers with disabilities.

But the privacy breach uncovered at the hearing triggered a wide-ranging internal probe into why the confidential material was poorly safeguarded — and whether it could be retrieved. The woman was sent a letter in early 2009, asking her to produce the friend’s laptop.

“He (the friend) told her that he would not provide the laptop and was unco-operative,” says the investigation report.

The agency eventually recovered the 16 CDs from the employee, but still has not recovered the laptop.

“The laptop was the property of a private company and was no longer available at the time of the administrative investigation,” CRA spokesman Philippe Brideau said when asked about the incident.

“However, the facts gathered during the investigation determined reasonable grounds to believe that the information copied to the laptop had been erased in such a way that an average user could not access through a normal operating system.”

Brideau confirmed the agency’s policy requires that personal information copied onto CDs or any other removable storage device must be encrypted, but there was a “gap in awareness training and procedures.”

He said CRA is currently drafting a guideline to prevent further breaches in confidentiality.

The internal probe found at least 2,660 instances of confidential taxpayer information on the single CD that the employee said she had given to her friend to download. All 16 CDs contained much more confidential information, but the investigation did not indicate how many more taxpayers were involved.

The heavily censored report notes, however, that “a limited number of taxpayer accounts was reviewed. At that point, there did not appear to be any income tax implications such as requested adjustments or unusual refunds.”

Treasury Board policy “strongly” recommends that institutions inform the privacy commissioner soon after learning of any breach if it “involves sensitive personal data such as financial ... information.” The CRA probe determined that the CDs contained exactly such financial information.

But Brideau said the incident was judged to be “low risk,” and the decision taken not to inform the privacy commissioner.

He added that he could not comment on any sanctions taken against the offending employee because of privacy rules.

“All CRA employees are subject to a strict Code of Ethics and Conduct,” he said. “The CRA takes all allegations concerning the conduct of its employees very seriously and takes immediate action to have all allegations investigated.”

“Any employee who violates this code may face disciplinary action up to and including termination of employment.”

The laptop incident is among dozens in which tax agency workers have breached security rules, many of them snooping on other Canadians, including ex-spouses, mothers-in-law, creditors and others by reading confidential tax files.

Source: http://www.thestar.com/news/canada/politics/article/1082212--2-700-personal-tax-files-downloaded-on-missing-laptop

... Learn More

Councillor levels 'cyber-stalking' accusation

Friday, November 04, 2011

As fallout from Mississauga's judicial inquiry continued Wednesday, Councillor Bonnie Crombie surprised observers by accusing a long-time city watchdog of "cyber-stalking" her teenage children.

The allegation came after Ursula Keuper-Bennett, who maintains a critical blog called MississaugaWatch, raised questions about council's response to the recently concluded inquiry, which found Mayor Hazel McCallion acted improperly by advocating for her developer son.

"What qualities do you possess to make you an authority on ethical behaviour?" Ms. Crombie demanded.

After Ms. Keuper-Bennett, appearing to be caught off guard, conceded she was not an ethics expert, the Ward 5 councillor unleashed a tirade.

"Is it ethical to create a video on a 14-year-old child?" Ms. Crombie demanded. "Is it ethical to cyber-stalk a minor [and] to go after politicians' children in videos?"

She was referring to an online video compilation featuring Facebook photographs of her three children that was uploaded by "MississaugaWatch" this past August. The video primarily focuses on Alex Crombie, now 22, contrasting picture of his vacations and parties with a Facebook site he created to support his political ambitions.

But the video also highlights photographs of 14-yearold Natasha Crombie and 18year-old Jonathan Crombie. The children were younger in some of the featured photographs, Ms. Crombie said.

Ms. Keuper-Bennett says she looked the children up after discovering the Crombie sons' names on a 2009 petition urging the city to cancel the inquiry.

"You have breached every code of conduct that I can imagine by going after my family on a personal level," Ms. Crombie fumed.

Ms. Keuper-Bennett disputed the cyber-stalking allegation, suggesting Ms. Crombie was merely trying to avoid the inquiry discussion.

"She's been trying to sweep the inquiry under the rug," Ms. Keuper-Bennett said, noting her video aimed to underscore Ms. Crombie's "hypocrisy" as a public figure who sent her children to private school.

Ms. Keuper-Bennett also pointed to Ms. Crombie's public Web presence, which includes photos of her children posing with Liberal MP Justin Trudeau.

The unexpected exchange took the focus squarely off Ms. Keuper-Bennett's council presentation, which called into question the city's response to the $7-million inquiry. She replayed clips from last week's fiery general committee meeting, during which pro-inquiry Councillor Nando Iannicca lashed out at his pro-McCallion colleagues: "If you did not vote for the inquiry, if you do not agree with its findings and if you are not appalled at what happened, you are not fit for public service."

Source:http://www.canada.com/nationalpost/news/toronto/story.html?id=65dcd18b-590a-4a2e-b537-c844ede81fd3

... Learn More

Missing laptop, USB stick put VGH patient records at risk

Saturday, October 29, 2011

In a major breach of privacy, medical records of 430 Vancouver General Hospital patients may have been compromised after a laptop and USB memory stick with their information were lost by a medical resident while he was in Toronto for a conference.

The data consisted of information involving surgical patients who visited the hospital between Nov. 16, 2010 and March 2011, including their names, date of birth and diagnosis.

The information was password protected, but not encrypted, and there was a delay of 12 days before the Vancouver Coastal Health privacy office was notified.

Letters dated Oct. 6 were sent out to patients informing them of the breach, warning them to protect themselves from possible identity fraud.

But it was not done fast enough, argued NDP health critic Mike Farnworth, saying the delay in notifying those involved implies that the health authority doesn't take the protection of personal information seriously.

"The fact that there was a time-lapse of two to three weeks before the people concerned were informed is unacceptable," said Farnworth.

"There needs to be a proper protocol in place to deal with such situations."

Gavin Wilson, director of public affairs at Vancouver Coast Health, said the organization has very clear policies in place with regard to the use of portable and mobile devices. These include using mobile devices only when absolutely needed, keeping a bare minimum of personal information on them and making sure that in addition to being password protected, the information is encrypted.

Physicians and health care professionals are also required to keep the mobile devices on their person, and in case the devices are lost or stolen, they are required to inform the privacy office as soon as possible.

"This was a very serious breach of patient confidentiality. It is unacceptable," said Wilson. "We are conducting a thorough investigation and the person concerned has been issued a verbal warning."

"It is possible the resident was not entirely aware of our policy and guidelines. He was not a regular employee, so had not gone through our orientation in this regard."

The matter is also being investigated by The B.C. Office of the Information and Privacy Commissioner, which is acting on a complaint from one of the affected patients.

In a previous incident in 2006, a computer containing personal information of health care employees had gone missing from the office of the Employee and Family Assistance program run by VCH.

Concerns were also raised last year about possible breaches of patient privacy when Auditor-General John Doyle and Paul Fraser, who was acting Information and Privacy Commissioner at the time, issued separate reports identifying serious weaknesses in a computer system that is used by the health authority.

Read more: http://www.vancouversun.com/health/Missing+laptop+stick+patient+records+risk/5627700/story.html#ixzz1dWmJmrqR

... Learn More

How private is that text message?

Thursday, August 25, 2011

Text messaging may help quiet the hum of public cellphone conversations – but it may be just as vulnerable to eavesdropping.

Canada’s privacy commissioner says Canadians aren’t doing enough to protect their mobile communication devices, such as cellphones and tablet computers.

A survey by the commissioner’s office suggests only four in 10 people password-protect their phones or adjust privacy settings on personal-information sharing via downloaded applications.

People who actually store personal information on their devices were more likely to use privacy measures.

“We encourage people to use passwords, encryption, privacy settings and every other available measure to safeguard their personal information, because the meaningful protection of privacy has to start with the individual,” Commissioner Jennifer Stoddart said.

Canadians are increasingly worried about their privacy in a digital environment.

The survey found that levels of concern about a range of technologies and applications, including cellphones, online banking, and credit- and debit-card transactions, all rose since 2009.

Canadians between the ages of 18 and 34 were found to be the most enthusiastic users of technology but also the most likely to use available tools to protect their privacy online.

Ms. Stoddart called that finding gratifying.

“Young people are sometimes stereotyped as digital exhibitionists who are quite uninhibited in posting comments and personal images,” she said.

“And yet, this new data shows that they not only care about privacy, they are actually leaders in protecting it.”

Two thousand people were surveyed for the commissioner’s poll, which has a margin of error of plus or minus 2.2 percentage points, 19 times out of 20.

It was conducted between Feb. 23 and March 6, just as outrage in Britain over a tabloid newspaper hacking into people’s cellphones began to grow. In that case, reporters broke into people’s voice mail messages and investigations continue into whether reporters also had phone-tracking records.

The scandal ultimately brought down one of the country’s oldest newspapers.

And in the aftermath of riots in London earlier this month, authorities there are actively monitoring social-media sites and musing about expanding that to mobile devices to prevent similar events.

The Canadian survey asked whether people felt police should have access to their online usage information without a warrant. A whopping 82 per cent said No.

Eight in 10 Canadians also said Internet companies should ask permission to track how users spend their time online.

One of the biggest thorns in the privacy commissioner’s side over the years has been the privacy policies of online social networks.

In 2008, she launched one of the first investigations into how Facebook handled the issue.

The social-media giant has since repeatedly toughened up its policies, including a revamp this week that allows people to accept or reject being identified in someone else’s photo.

The survey found that more than half of Canadians have concerns related to social-networking sites, but most take advantage of available privacy controls.

Source: http://www.theglobeandmail.com/news/technology/tech-news/how-private-is-that-text-message/article2141766/

... Learn More