The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

Privacy Calendar

Links

RSS FEED for this site

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Thursday, November 15, 2007

Alberta commissioner: "It' just nuts that we're not looking after this stuff better"

After an investigation into a stolen laptop from Alberta Capital Health, Frank Work has expressed some exasperation about how personal information is being protected:

Safeguard cyber-privacy
The Edmonton Journal
Thursday, November 15, 2007
Crafting sophisticated privacy legislation has never been more important, as lawmakers struggle to keep up with technological advances. And yet all the statutes in the world are no excuse for common sense.
"It's just nuts that we're not looking after this stuff better," exclaimed an exasperated Frank Work on Tuesday. Work, Alberta's information and privacy commissioner, had just released a report investigating the May theft of four laptop computers at a Capital Health office.
The study concluded that Capital Health had contravened the Health Information Act by not taking adequate security precautions. This was in spite of two previous warnings about the need for encryption programs. Capital Health has promised that it will have encryption for laptops installed by January and will soon provide the commissioner with a detailed implementation plan for other changes. Let's hope so.
Not that Capital Heath is alone. Work also announced another investigation into the theft of a memory stick storing personal details of 560 students attending Edmonton Catholic Schools. An employee of the board's school bus company kept the stick in her purse. The school board now insists bus carriers' memory sticks must be encrypted.
The hope is that other organizations are paying attention. Breaches in consumer information security have made all of us think twice when ordering online or even at the local cash register.
To be fair, a lot of bright people are working on this and lessons have been learned. Still, coming to terms with the storehouse of private information most of us carry around daily in various devices is everyone's business. As technology moves forward, we must remember that privacy is too precious to be taken lightly. That begins at home, at work and at school.

Labels: alberta, health information, laptop, privacy

11/15/2007 09:37:00 AM :: (2 comments) :: Backlinks

Comments:

A very good point on common sense. Government and technology are only part of the equation. If people keep putting personal information in public Internet forums and not being responsible for their own information, identity thieves and hackers would still succeed.

A case in point, a story that Intergovworld.com (www.intergovworld.com/article/bcc35b140a01040800a1918e6edd2e29/pg0.htm) did on a recent hack on Monster.com's Web site really put into the spotlight how vulnerable we can become if we do not exercise caution about what we put on the Internet about ourselves.
Another interesting read on IT World Canada (http://www.itworldcanada.com/a/search/2cbff245-44d6-4a9d-8dc7-2f7f2945e847.html) talks about some online job hunting safety tips.

# posted by

Mari-Len De Guzman : November 16, 2007 3:43 PM

Ah yes, to every complicated question, there is a simple answer. It's easy, it's quick, and it's absolutely wrong.

Wrt the issue at hand, the large financial institution I work for recently installed encryption software on all laptops. The problem is, despite assurances to the contrary, saving files to a network will often (not always, but often) encrypt the file. Because computers don't share the same encryption key (otherwise, what's the point?), the file is unreadable. The encryption software - top of the line, I hasten to add - has in effect hauled us back into the pre-networked era.

Encryption software is not ready for prime time, a certainly no silver bullet. Protecting confidential information is going to require a fundamental re-thinking of who has this information and how it gets shared. We're barely in the first inning of figuring this out.