The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Thursday, September 07, 2006
The Information and Privacy Commissioner of Ontario and the Bank of Montreal have just released a brochure related to safety, security and privacy in using mobile devices. Here's the media release:
IPC - Guard the information you take out of the office, urges Privacy Commissioner Ann Cavoukian:NEWS RELEASE : September 7, 2006
Guard the information you take out of the office, urges Privacy Commissioner Ann Cavoukian
In a number of recent cases, thousands of people have found themselves facing the potential threat of identity theft simply because someone took a laptop – packed with people’s personal information – home with them or on a business trip, and the laptop was later lost or stolen.
Ontario’s Information and Privacy Commissioner, Ann Cavoukian, and BMO Financial Group (BMO) have met this challenge head on by partnering together to create a joint brochure, Reduce Your Roaming Risks – A Portable Privacy Primer, which outlines specific steps that everyone can take to minimize the chance that the information contained on one’s laptop or personal digital assistant (PDA) will be accessed by unauthorized parties.
“With today’s technology, people have the flexibility to connect to their organization’s network from virtually anywhere in the world,” said Commissioner Cavoukian. “But working away from the bricks and mortar office means that you are also working outside of the traditional security layers. You need to re-assess the privacy and security risks associated with working remotely or while travelling.”
“It is critical that you take the steps needed to safeguard all confidential information, whether it be your own, that of your employer, or, most importantly, that of the people who entrusted their personal information to your custody and care, in the belief that it was in safe hands,” said the Commissioner.
“As a financial services provider, it is fundamentally important that we continue to earn the trust and confidence of our customers that their personal information is safe and secure,” said Dina Palozzi, Chief Privacy Officer, BMO Financial Group. “We were pleased to work with Commissioner Cavoukian on the development of the brochure. It’s a timely and relevant tool that all workplaces should make available to any employees who share a responsibility for safeguarding important customer or company information.”
Among the recommendations that the Commissioner and BMO make in the brochure:
- Always use strong password protection, preferably in conjunction with data encryption;
- Do not remove any client information from your organization’s network or premises without proper authorization from your supervisor;
- Remove all confidential information, or any devices containing confidential information, from plain sight in your vehicle. Lock your valuables in the trunk before you start the trip, not in the parking lot of your destination;
- In public places, do not discuss any confidential information on your cell phone; and
- Only conduct confidential business on business or personal computers. Do not use public computers or networks, or conduct business in public places.
Laptops, PDAs, Cell Phones:
Laptops, PDAs and, more recently, cell phones, are considered to be the “golden eggs” by identity thieves. Here are some of the precautions the brochure recommends be taken to minimize the risks:
- Ensure that all of your devices require passwords for access: power-on passwords, screensaver passwords, account passwords. Strong passwords consist of at least eight characters, upper and lower case, numerals and special characters. The password should not be a word that can be found in any dictionary;
- Enable the automatic lock feature of your device after five minutes of idle time;
- Encrypt your data according to your company’s policies. This is essential if you transport personal and/or confidential customer data – it should never be left in “plain view;”
- When no longer needed, remove all confidential data from your devices using a strong “digital wipe” utility program. Do not simply rely on the “delete” function.
Confidential and Financial Information:
If you handle confidential information online or perform financial transactions, then your laptop (and sometimes your PDA) should, at a minimum, have a personal firewall, anti-virus and anti-spyware protection. In addition, install the latest updates and security patches for your mobile devices, including your cell phone.
When connecting to public wireless networks or HotSpots in airports, hotels, coffee shops, etc., bear in mind that these networks are inherently unsafe. Remember the following:
- Watch out for shoulder surfing – someone “casually” observing the work on your laptop; Never connect to two separate networks simultaneously (such as Wi-Fi and Bluetooth);
- Do not conduct confidential business unless you use an encrypted link to the host network (such as a Virtual Private Network – VPN).
The brochure also contains advice on what to do if you lose confidential data, as well as providing a quick reference checklist.
Labels: air travel, airlines, identity theft, laptop, ontario, privacy
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.