Official Blog of the Office of the Privacy Commissioner of Canada

25 Oct 2017

Privacy Tech-Know Blog: Seeing A Different World: The Possibilities Associated with Augmented and Virtual Reality


Phones, glasses, and headsets can now all either overlay information on the world we’re looking at or immerse us entirely in imaginary ones. The processes of overlaying information, termed ‘augmented reality’, can be seen when Pokémon appear on our mobile phones, directions appear for nearby restaurants, or our food’s nutritional information is displayed when we point our camera at our plate.

The full immersion into alternate worlds, termed ‘virtual reality’, can let us look around a space, play games with others in simulated cockpits, or climb mountain ranges. Both technologies present novel opportunities to experience the world while simultaneously raising questions about how our data is collected or used. Whereas Augmented Reality (AR) routinely presents information on top of our real-world environment, virtual reality (VR) replaces that environment entirely. The technologies underlying AR and VR share some commonalities but the ways in which they collect and process data are different.

Read the rest of this entry »


21 Aug 2017

Privacy Tech-Know Blog: Cookieless Identification and Tracking of Devices


We are regularly told to block or ‘clear our cookies’, or use a private browsing mode, if we don’t want to be tracked as we visit websites. Website operators and marketing, advertising, and other tracking companies, however, have developed other ways of tracking us, called ‘fingerprinting’, which work even if you clear or block your cookies. How prevalent is this kind of cookieless tracking? How accurate is it? And what are the implications for our ability to control our personal information and protect our privacy interests?

Read the rest of this entry »


17 Jul 2017

Privacy Tech-Know Blog: Can We Still Be ‘Just Another Face In The Crowd’?


Facial recognition technologies can quickly identify who you are by automatically analyzing your facial features. The characteristics of your face (your biometric information) may be collected when you apply for an identity document like a passport, when you get your photo taken for an employee badge, or when you upload photos online to social media websites.

Given how many opportunities there are to record our faces, it is time to ask: can we remain anonymous in a crowd?

Read the rest of this entry »


13 Jun 2017

Privacy Tech-Know Blog: Who’s Watching Where You’re Driving?


When you drive down the road or park your car, have you considered who might be recording where your car was at any given time, and where that information is stored and shared? Public agencies and private companies are using Automated Licence Plate Recognition (ALPR) systems to track vehicles throughout Canada, today.

ALPR systems have privacy implications because they record where specific vehicles are at given times, often without the driver realizing that such information is being captured.

Read the rest of this entry »


6 Mar 2017

Privacy Tech-Know Blog: Let me virtually assist you


The way we interact with our digital devices has evolved over time: from specific commands in command line interfaces, to graphical user interfaces (GUIs), to touch-based interfaces. Virtual assistants (VAs) are the next step in this evolution, and they present new privacy challenges. These assistants, such as Siri (Apple), Alexa (Amazon), Cortana (Microsoft), or simply ‘Google’, are designed to respond to your spoken or written commands and take some action. Such commands let you place phone calls, order a car service, book a calendar appointment, play music or buy goods.

The use of these assistants is on the rise: a 2015 Gartner study found that 38 per cent of Americans had used a virtual assistant in 2015 and that two-thirds of customers in developed markets would use them daily in 2016. The most commonly-used VAs are voice-based, however, much of the presented information also applies to text-based VAs.

Read the rest of this entry »


1 Mar 2017

Don’t miss the Pathways to Privacy Research Symposium 2017


On Friday, March 10, 2017, the Behavioural Economics in Action at Rotman (BEAR) group at the University of Toronto will bring together academics, researchers, regulators, and industry and consumer groups alike to address consumer privacy challenges in the online world.

Patricia Kosseim, Senior General Counsel, OPC

Funded through the Office of the Privacy Commissioner of Canada’s (OPC) Contributions Program, the BEAR group will host a symposium highlighting the privacy challenges that consumers face every day while on the Internet.

“Online Privacy: A Human-Centred Approach” will be the theme of the day, and the symposium will feature recent research funded by the OPC’s Contributions Program and explore the key factors—cognitive, contextual, and social—that underlie consumers’ decisions to share their personal information online.

Read the rest of this entry »


10 Feb 2017

Privacy Tech-Know Blog: The actual privacy benefits of virtual private networks


Virtual Private Networks (VPNs) let you establish a secure communications channel between your computing device and a server. After connecting to the server, you could gain access to a private network that has work files or applications, or use the server as a relay point to then access Internet content when browsing from a public network.

There are several reasons for using a VPN: you might need to remotely access information held on corporate servers while travelling or working from home; you might be wary of the insecure wireless networks you’re using; or you might want to access online content that’s blocked on the network you’re connected to but is accessible from the server somewhere else. Sometimes a company will require you to use a VPN, meaning the company will dictate the security and type of VPN you use (for example, your employer). Whereas when you make a consumer decision to use a VPN you’re responsible for making these decisions on your own.

In the wake of Edward Snowden’s revelations, a large number of consumer VPN providers have sprung up, and security experts now often suggest that you use a VPN when accessing the Internet from an insecure network (e.g., a café, public library, or other free Wi-Fi hotspot). This blog post will help you understand what to look for when choosing between different VPN services.

Read the rest of this entry »


20 Jan 2017

Mass mailing mistakes and how to avoid them this tax season


mail theftWith tax season approaching, many businesses are pulling together mass mailings to send out to customers. The information these mailings contain is likely pretty sensitive – names, addresses, social insurance numbers and financial details. You don’t want it falling into the wrong hands!

Every year, a number of Canadians contact our Office to complain because they received sensitive financial information that does not belong to them. A number of businesses also reach out to our Office to report related breaches.

You can take precautions to prevent printing or mailing errors that can cost your customers dearly and tarnish your reputation as good stewards of personal information:

Read the rest of this entry »


5 Jan 2017

Privacy Tech-Know Blog Your Identity: Ways services can robustly authenticate you


token

Traditionally, we have logged into online systems using a username and password. These credentials are often being compromised, however, when databases containing them are breached or we are tricked into providing the information to fraudulent individuals or websites (often through phishing or other social engineering attacks). Once these credentials are compromised, attackers can use them to log into the associated online services. Even worse, because people often reuse their usernames and passwords, the attackers can access multiple services.

In order to better verify that it is actually you submitting the username and password, organizations are increasingly turning to multi-factor authentication (MFA). MFA requires you to present multiple types of authenticating information, such as, for example, a username and password along with a unique code displayed on a token or smartphone. MFA can stymie attempts to log into a service by guessing your password or using stolen usernames and passwords. A related, less powerful technique is two-step verification which requires two pieces of information of the same kind of factor, such as two pieces of information that you know, while MFA requires you to present multiple types of authenticating information.

Read the rest of this entry »


8 Dec 2016

Privacy Tech-Know Blog: Uniquely You: The identifiers on our phones that are used to track us


techblog-uniquelyyou

Canadians’ mobile devices are filled with applications that collect personal information, including identifiers that are engrained into different parts of the devices. But what exactly are these identifiers, and how are they used?

An identifier is a piece of information (usually a sequence of characters) that’s used to uniquely identify a device, a user, or a set of behaviours taken on the device. Mobile identifiers constitute privacy-affecting technologies because they can be used to correlate an individual’s various activities while using a phone, tablet, or other connected device, and they support the linking of devices with actual persons.

Our mobile devices are filled with identifiers that uniquely label different components and behaviours. The radios and other physical hardware, operating systems, applications, and even web browsers are all rife with identifiers that can uniquely identify the device, the person using the device, or the behaviours of the user. And while these identifiers are typically meant to serve a useful purpose, the user is often unaware that these identifiers exist or how they’re collected and used. We will outline several of the most prominent identifiers associated with mobile devices and their significance for privacy.

Read the rest of this entry »