The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Wednesday, July 23, 2008
This morning's Globe & Mail ran a story about an apparent connection between a rash of credit card fraud and the check-in kiosks at Toronto's Pearson International Airport. The Airport Authority has said they've checked them out and think all is well:
WestJet suspends credit-card kiosk check-ins amid fraud probe...Earlier Wednesday, a spokesman for the Greater Toronto Airport Authority said a recent audit demonstrated the kiosks, used to check in and pick up boarding passes, were safe and secure.
"We checked our systems and everything checks out, so we're happy with that," said Scott Armstrong.
Meanwhile, airlines have disabled the ability to use a credit card to check in.
From today's Globe:
globeandmail.com: Credit-card fraud probe targets Pearson's self-service kiosksAn investigation of suspected credit-card fraud at Toronto's Pearson airport is now concentrating on the security of its 150 self-service check-in kiosks.
In recent months, financial institutions that issue credit cards spotted isolated fraud patterns that appeared to stem from use of the cards in conjunction with getting boarding passes at the Pearson kiosks, according to sources.
While the investigation is in the early stages, it is currently focused on the kiosks, where passengers use passports, frequent-flier cards, reservation numbers, names, and/or credit card data to identify themselves for flights on any one of 13 airlines. It is not known whether any information has actually been stolen or otherwise gone astray.
Some members of the financial industry are very concerned because Pearson is Canada's busiest airport, with 31.5 million passengers travelling through it last year.
One person familiar with the investigation said the fact that personal data at airports might not be secure “should send shudders through every airport traveller.” ...
Labels: air travel, airlines, fraud, privacy
Sunday, March 11, 2007
Stephen Dubner and Steven Levitt, the authors of the best-selling book Freakonomics and the consistently interesting Freakonomics Blog have a very interesting piece in today's New York Times on the economics of identity theft and credit card fraud: Identity Theft - Identity Crisis - Stephen J. Dubner and Steven D. Levitt - New York Times. Read more at the blog: Freakonomics Blog » Who Cares About Identity Theft?
Labels: fraud, identity theft, privacy
Friday, March 02, 2007
According to Computerworld, a US Appeals Court has upheld the eight year setence for the theft of billions of e-mail addresses from Acxiom: Appeals court: Stiff prison sentence in Acxiom data theft case stands. It's worth noting that the convictions were under the federal hacking staute and not theft of information simpliciter.
Thursday, February 08, 2007
In most cases of fraud following a security breach, the biggest problem for consumers seeking a remedy is proving the connection between the breach and the ensuing fraud. According to CIO Blogs, the TJX breach is different and a small bank in New England has made the connection. It has found the smoking gun and says it will seek damages against the company.
This may be the wakeup call that will force companies to be more diligent about security. See: CIO Blogs - The TJX security breach. This one's different. Way different. |.
Thanks to John Gregory for the link.
Labels: fraud, identity theft, privacy, tjx, tort
Saturday, February 03, 2007
Wired News recently ran a very interesting, multi-part series that provides a behind the scenes look at organized credit card fraud:
Wired News: I Was a Cybercrook for the FBIDavid Thomas ran one of the most popular online crime hubs, while the FBI ran him.
The Grifters operation makes headway against the notorious "King Arthur," the Moriarty of cybercrime.
A U.S. agent tells of the frustration of tracking Eastern European criminal masterminds.
The FBI shuts down its operation, as the Secret Service drops the hammer on the underground carding scene.
Labels: fraud, law enforcement, privacy
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.