This page contains a Flash digital edition of a book.
PRIVACY MATTERS with Meaghan McCluskey

COURSE

COLLISION

When technology is used to enhance security, companies must never forget the privacy issues that may arise after implementation

date information security policy; the only policy in place at the time of the incident was a 2002 desktop PC policy that did not contemplate mobile devices, such that even if the IT employee had consulted the policy, it would not have provided guid- ance on USB stick security.

The policy was in the process of being updated at the time, adding an encryp- tion requirement for laptops in the wake of the Commissioner’s Order HO-004 (in- volving a stolen laptop from a parked car), and after the incident, the policy has been revised to require secure trans- portation of encrypted USB drives, wearing them on a lanyard around the neck. The Commissioner makes the point that in some cases, mobile devices could be done away with if alternatives, like vir- tual private networks, are used and USB ports are locked.

ecently, I was contemplating inter- esting privacy issues facing today’s courts and privacy commissioners. In 2009, many issues came before the na- tion’s regulators, including privacy notices for social networking sites, use of infor- mation for marketing purposes and whether insurance companies can obtain access to Facebook profiles in the course of personal injury litigation.

R

Three different tribunal decisions ren- dered last year provide some insight into the issue of implementing technological solutions and its impact — be it good or bad — on privacy.

12 SECURITY MATTERS • MARCH/APRIL 2010

MISSING USB STICK

In Order HO-007, the Ontario Privacy Commissioner dealt with the issue of a lost USB stick containing unencrypted per- sonal information for more than 80,000 Ontarians, when a nurse accidentally dropped the stick in a parking lot while heading to a H1N1 vaccination clinic. The nurse thought the drive was encrypted, since the USB drives used for the sea- sonal flu clinics were encrypted. However, no one had communicated the encryption requirement to the new IT employee working on the H1N1 project. The health department also did not have an up-to-

THE NEED FOR SURVEILLANCE

In British Columbia, the Office of the In- formation and Privacy Commissioner ad- dressed the issue of video surveillance in a condominium in Order P09-02. At the time the condominium in question was built, eight video surveillance cameras were installed, covering the external doors, parking garage, pool and fitness centre, which were reviewed on a daily basis regardless of whether any com- plaints had been made. The Commis- sioner found that the installation of the cameras was pre-emptive, rather than in response to a legitimate security threat. (Clearly at the time the building was con- structed no threat could be said to exist.) Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32
Produced with Yudu - www.yudu.com