Official Blog of the Office of the Privacy Commissioner of Canada

3 Oct 2014

Cybersecurity Awareness Month 2014


October 1st marked the start of Cybersecurity Awareness Month.  It’s an opportunity to share tips and tools to help people stay more safe and secure online.

Throughout October, we’ll be highlighting the resources we have available to encourage Canadians to be more privacy- and cybersecurity-conscious.  On our blog, among other things, we’ll look at innovative cybersecurity research projects funded through our Contributions Program, we’ll let you know how young people are protecting their privacy online, and we’ll highlight what small-and medium-sized businesses can do when it comes to protecting personal data.

So, throughout the month, keep up with us on Twitter (@privacyprivee) and on our blog for more information on privacy and cybersecurity.   Also be sure to check out Public Safety Canada’s cybersecurity website.


9 Sep 2014

From APP-laudable to dis-APP-ointing, global mobile app privacy sweep yields mixed results


Back in May, the Global Privacy Enforcement Network (GPEN) embarked upon its second annual Privacy Sweep, this time with a focus on mobile apps.

The Office of the Privacy Commissioner of Canada coordinated 25 other privacy enforcement authorities across the country and around the globe, in an assessment of the privacy communications of some 1,211 apps designed for both tablets and smartphones in a bid to find out which of them left our sweepers most at ease in terms of how their personal information was being collected and used.

By downloading and briefly interacting with the apps, this exercise was meant to recreate the consumer experience. Our sweepers ultimately sought to assess transparency based on five key indicators:

  1. Prior to installation, did the app explain how it would collect, use and disclose personal data via a privacy policy, app marketplace description or through some other communications tool?
  2. Which permissions did the app request access to and did the app explain why? For example, did it seek permission to access your identity/accounts, (which may include email address, Twitter handle and Facebook username, but not the information stored in those accounts); location, (based on nearby cell towers, GPS or nearby WiFi networks); photos/media/files, (which can include music, movies and other files stored on your device); camera/microphone, (which could allow the app to turn on and capture data from the phone’s camera and/or microphone, hopefully with the user’s knowledge and consent); device ID/call information (including phone number and an indication of when the user is on the phone and with whom, a request often made by games that wish to pause when the phone is engaged); and device/app history, (often used to perform diagnostics after a crash but that can include sensitive information like log data, web bookmarks and history, which apps are running on the device and other system information.)
  3. Did the sweeper feel that the permissions being sought went beyond what they expected based on the app’s functionality?
  4. Were the app’s privacy communications tailored to be read on a small screen?
  5. Overall, how satisfied was the sweeper with the privacy communications? How well did the app explain the permissions and how it collects, uses and discloses the associated personal information?

At the end of the day, users can only provide meaningful consent to the collection of their personal information if they are well informed as to how that information will be used.

In total, our Office examined 151 apps, for both Android and iOS platforms, that are popular among Canadians. About three-quarters of them were free, while the remaining ones were paid apps. Our assessment included a significant number of games, as well as health and fitness apps, news and magazine apps, and social networking apps.

We believe it’s important to share specific results from our Sweep, as we did last year, so Canadians can better understand our conclusions.

But before we start, let’s be clear: The Sweep was not intended to conclusively identify compliance issues or possible violations of privacy legislation. It was also not meant to be an assessment of the apps’ privacy practices in general, nor was it meant to provide an in-depth analysis of the design and development of the apps examined.

We haven’t conducted a formal investigation and we’ve chosen the following play on words to give you a general sense of how our sweepers felt about the apps during the experience.

With that, here are some examples of apps with the most APP-laudable, L-APP-luster and Dis-APP-ointing privacy features.

 

APP-LAUDABLE

On a scale of 0 to 3, our sweepers gave 28 per cent of apps top marks for providing timely, clear, concise explanations of their privacy practices.

In general, these apps made their privacy policies available on their website, their marketplace listing and within the apps themselves. The policies were, for the most part, consistent throughout and clearly explained how the apps would collect, use and disclose personal information.

Among the positive examples identified:

Shazam

This free app ranked 5th among music app downloads in Canada according to the popular Distimo Apple Store app chart the month of our sweep. Shazam will listen to a song or television show playing in the background and identify what it is you’re listening to or watching.

The app requests a number of permissions, including access to identity (accounts), location, photos/media/files, camera/microphone and device ID/call information.

Our sweepers were singing the praises of this app because its privacy communications provided clear explanations of individual permissions that left them with a generally positive feeling about how their personal information would be used.

For iOS, the app uses just-in-time notifications prior to accessing information, like in the example below which outlines why the app needs access to the microphone. On the Android marketplace listing, sweepers noted there’s a handy link that explains why the app needs to collect certain information. It’s appropriately dubbed: “Why does Shazam need these app permissions?”

Shazam on iOS

Shazam on Android permissions explained

Shazam on Android permissions breakdown

 

Fertility Friend: Ovulation Calendar

This free, made-in-Canada app was downloaded as many as 1 million times by Android users alone. It allows users to input cycle-related information to help track their fertility.

Sweepers were particularly pleased that this app explained not only what it would do with the information it collected, but also what it would NOT do.

For example, the app acknowledges that the type of information it collects is “extremely sensitive,” and promises not to “sell or transmit to others any personally identifiable data” entered on the site. A separate link explains that the site charges for premium services to avoid having to rely on advertisers for revenue.

Sweepers also noted the app’s privacy policy was well formatted for the small screen.

Fertility Friend on Android

As you can see from this colour-coded screen that displays menstrual cycle, fertile days and intercourse, users are required to input some pretty intimate details. These excerpts from the privacy policy, however, are quite clear about what the app will not do with that information and why.

Fertility Friend on Android

Fertility Friend privacy policy

Trip Advisor: City Guides

This popular free travel app has been downloaded more than 1 million times by Android users alone. It creates travel itineraries and offers reviews of restaurants, attractions and hotels in various cities.

Sweepers noted that the app did not provide a link to its privacy policy on either platform’s app marketplace. The policy was, however, available prior to installation on Trip Advisor’s website and in-app on Android and iOS.

The app ultimately earned APP-lause from our sweep team for tailoring its privacy communications to the app and to the small screen. The privacy policy is in an easy-to-read font and is well-structured, with a table of contents comprised of a list of explanations that users can click on to obtain more information (see the Android screenshot below for a list of hyper-linked privacy policy topics). The policy also provides a separate explanation for information collected by Trip Advisor apps on a mobile device (see iOS screenshot below).

TripAdvisor on Android

TripAdvisor on iOS

Our sweepers also gave a shout out to Trip Advisor last year when they examined the company’s website, and found its privacy policy went the extra step by offering users a detailed explanation of its “Instant Personalization” feature. The feature uses information provided by Facebook to give the user a more customized experience. The company’s explanation not only detailed what information was collected and how it was being used, but also provided instructions on how to enable and disable the feature.

L-APP-LUSTER

A significant number of apps earned praise from our sweepers for some of their privacy communications, but missed the mark in other areas.

Among them:

Trials Frontier

This free app ranked 14th overall in Canada the month before our sweep, according to Distimo’s Apple Store app chart. It’s a motorcycle racing game that allows users to compete against friends and strangers around the world.

This app makes its privacy policy available on the Google Play marketplace but not on Apple’s App Store. Also, it’s tough to locate the privacy policy on the developer’s website for iOS. Initially, users are directed to a page of game ads.

For the most part, sweepers felt the app did explain how it would collect, use and disclose personal information. The policy is fairly detailed and organized under useful headings like “what personal information does (the company) collect,” “how will my personal information be used and by whom,” and “what safeguards does (the company) use to protect my personal information.”

But this racing app earned some unwanted demerit points for failing to tailor to the small screen. On the iOS platform shown below, the privacy policy strained sweepers’ eyes, and when they zoomed in, they were forced to scroll horizontally, as well as vertically, which is cumbersome and not particularly user friendly.

Ubisoft privacy policy on Android

Ubisoft privacy policy on iOS

Guess the Emoji

This free app reached No. 48 overall in Canada the month before our sweep, according to Distimo’s Apple Store app chart.  It’s a fill-in-the-blank word game.

According to sweepers, the app seeks permission to access identity (accounts), photos/media/files and device ID/call information, among other things. The app’s privacy policy expanded on this to say that the company “may gain access to some personal data through third-parties or affiliates,” including access to “financial information such as credit card or bank account numbers and “information related to your current living accommodations.” Sweepers wondered what exactly this could mean.

The policy also provided a laundry list of potential uses of personal information, but sweepers were still perplexed as to why the app needed all those details for such purposes.

Their discomfort was only exacerbated by the policy’s explanation of the wide-ranging circumstances pursuant to which such information might be disclosed. It said, for example, that the company “may sell or rent your personal information to third parties for marketing purposes without your explicit consent.”

While it is good that the company provided a detailed explanation of the information it may collect and how it may be disclosed, privacy practices need to be justified, not just stated.

Guess the Emoji screenshot 1

See for yourself what this app proposes to do with the personal information it collects in these two screen grabs of the developer’s privacy policy.

Guess the Emoji Screenshot 2

DIS-APP-OINTING

Approximately 26 per cent of apps left our sweepers with a real sense of discomfort in terms of how they conveyed their privacy practices and, in some cases, with respect to what they said they might do with the personal information collected.

Among them:

Super-Bright LED Flashlight

This free app made it to No. 17 overall in Canada on Distimo’s top Google Play Store app chart the very week of our sweep. It allows users to turn their mobile phone into a flashlight.

The app sought permission to access the user’s camera/microphone, device ID/ call information and even photos/media/files. Besides the camera flash function, it was not made clear to sweepers why the app would need all that information to operate a flashlight.

Sweepers found no link to a privacy policy in the app’s Google Play marketplace listing so they followed a link to the “developer’s website,” which led them to a “domain parking” service. The website contained no content, except for two links, one of which was for individuals who may be interested in buying that website’s domain name – i.e. the point of domain parking. The other link took users to the privacy policy of the domain parking company, which contained nothing about the flashlight app’s collection, use and disclosure of personal information.

Without a clear and accessible policy outlining how their personal information would be used, this flashlight app left our sweepers in the dark!

 

Super-Bright LED Flashlight on Android

This image taken from an Android device shows the large number of permissions sought by this flashlight app.

Pixel Gun 3D

This free app reached No. 18 among game downloads in Canada on Distimo’s top Apple Store chart the month before our sweep. It is a multiplayer, pixel cartoon shooting game that allows users to create and customize their own characters.

This app seeks permission to access device ID/call information, device/app history and photos/media/files, among other things, but there is no privacy policy available on this app’s marketplace listing, on its website or within the app itself.

While there is no privacy policy, a “terms of use” policy available in-app, speaks to granting the developer full control over user content. This includes the ability to “sublicense and assign to third parties and a right to copy, reproduce, fix, adapt, modify, improve, translate, reformat, create derivative works from, manufacture, introduce into circulation, commercialize, publish, distribute, sell, license, sublicense, transfer, rent, lease . . . your user content . . . in connection with our provision of the game, including marketing and promotions . . .” It adds that the license granting the company this unlimited access to user content will only end once the user deletes their content or uninstalls the game, unless it’s been shared with a third party that has not deleted the information. Furthermore, the policy notes that the content “may persist in back-up copies for a reasonable period of time.”

Not only did sweepers find the terms of use policy long and legalistic, an oft-cited complaint during last year’s sweep that’s particularly challenging on the small-screen, they also found it very difficult to read as it was written in a tiny white font over a colourful, moving, animated background and required significant scrolling.

Sweepers ultimately felt the app’s privacy communications left much to be desired and, given the potentially personal nature of the permissions, they were uncomfortable using the app.

 Pixel Gun 3D on iOS

It’s best to think of our sweep as a snapshot in time. Apps are constantly evolving. While our sweepers assessed and reassessed each app over these last few months in the interest of quality control, each examination either raised new questions or answered old ones.

At the end of this experiment, one thing is clear to our sweepers: privacy communications are fluid and the level of accessibility will depend on user know-how, the platform being used (e.g. Android, iOS or BlackBerry) and the type of device, whether it’s a Lenovo tablet, an iPad or a Samsung Galaxy smartphone.

Nevertheless, we wanted to provide you with some concrete examples of what we found during our sweep.

Once we’ve finished sorting through our results, in conjunction with our provincial and international partners who are doing the same, we will determine any appropriate follow-up action.

As with last year’s sweep, our follow-up activities will include reaching out to organizations to inform them of our findings and making suggestions for improvements. We also have the option to pursue enforcement action.

Full disclosure: we wrote to the companies mentioned in the blog a week before posting to share our concerns. So far Random Logic Games/Conversion LLC, the maker of Guess the Emoji, has committed to making positive changes.

 


5 Sep 2014

It’s back to school!


Looking for ways to kick the school year off right?

Start with a reminder to kids that privacy matters! Canadian kids are digitally savvy and they value their privacy, but they can sometimes be unsuspecting about the potential privacy risks of new digital communications technologies.

Our office has created a graphic novel, Social Smarts: Privacy, the Internet and You, to help young Canadians better understand and navigate privacy issues in the online world.

Social Smarts

Parents and educators can also take advantage of our new discussion guide and privacy activity sheets to generate more in-depth discussions on the privacy risks related to social networking, mobile devices and texting, and online gaming. These tools also provide ample opportunities to raise real-life situations in which privacy can be impacted.

Because kids go online earlier in life than ever before, the privacy activity sheets vary in difficulty, from very simple (a colouring page) to more difficult (a simple cryptography activity).

You can find these and more on the Youth Privacy section of our site!


19 Jun 2014

Mind the gap: Poll finds many Canadian businesses believe privacy is important but not taking basic steps to protect customer information


Ten years after Canada’s private sector privacy law came into full effect, our latest survey has found that many Canadian businesses are still not taking the basic steps necessary to protect the personal information of their customers and clients – despite believing that protecting privacy is “extremely important”.

An overwhelming majority of businesses (82%) said protecting privacy is important—in fact 59% rated it as “extremely important.”  As well, more than two-thirds (69%) indicated they were “very confident” in the ability of their business to protect the personal information they collect about customers.

However, the telephone survey of 1,006 companies across Canada identified serious gaps in basic privacy protection by businesses both large and small, for example:

  • More than half (55%) do not have a privacy policy;
  • Half (50%) do not have procedures for responding to customer requests to access their personal information;
  • Nearly half (49%) do not have procedures for dealing with privacy complaints; and
  • More than two in five (42%) have not designated an employee responsible for ensuring privacy protection.
  • Two-thirds (67%) have no policies or procedures for assessing the privacy risks of new products, services or technologies.

The survey, carried out in November 2013 by Phoenix Strategic Perspectives of Ottawa, also found that 59% of the surveyed businesses have little or no concern about the prospect of a data breach. Despite numerous high-profile media reports of data breaches in the private sector over the past few years, the number of businesses indicating a lack of concern about data breaches has increased over time to 59% from 49% in 2011 and 42% in 2010.

In addition, 58% of the businesses surveyed had no guidelines for dealing with a breach where the personal information of their customers was compromised.

We commissioned the survey, which is considered to be accurate to within +/- 3.1%, 19 times out of 20, in order to better understand the extent to which businesses are familiar with privacy issues and requirements, and the types of privacy policies and practices they have in place. Similar surveys were conducted in 2011, 2010 and 2007.

What do you think – are businesses doing an adequate job of safeguarding customer information? What challenges do they face in protecting privacy? Let us know in the comments.


20 Sep 2013

An update on our Internet privacy sweep


Last month, we released the initial results of our Internet privacy sweep. You can read the original blog post to see what we observed. (We should note here that the screenshots and references in that blog post reflect what we saw online during the sweep and were still in place when we originally blogged about the sweep results on August 13.)

As part of our efforts on the sweep, our Office advised the companies that were mentioned in the blog, inviting them to contact the OPC if they wished to discuss the Sweep and our observations.

Since that original post, we are very pleased to see that some of the organizations we highlighted have made changes to enhance their online privacy policies.

A&W changed its privacy policy shortly after we issued the results of our Privacy Sweep. Their original 110-word privacy policy has now been expanded to just under 1600 words and covers the collection, use, disclosure and retention of customers’ personal information collected through customer feedback, events, gift card purchases and contests.

Bell Media also updated their privacy policy shortly thereafter, fixing the broken link to their Privacy Officer’s email address:

 New Bell Media privacy policy

We think customers will be pleased as well to see that the companies they choose to do business with are more open and straightforward about how they use customer information.

Hopefully other companies we looked at, as well as those that didn’t, will take note.


21 Aug 2013

Privacy Pop – Privacy in art


Surveillance, identity, social networks and big data are all compelling subjects for an artist to explore  – in fact, IAPP has already combined art and privacy through its Navigate event mashing up art interventions with provocative talks on the future of privacy, and a presentation by their president Trevor Hughes on top privacy issues in which he marries each trend with a compelling piece of modern art.

Inspired, we decided to put together our own list of artistic discoveries we’ve culled from around the Internet.

Steganosaur by Charis Poon

New York-based artist Charis Poon created the playful Steganosaur, an interactive work that allows users to create encrypted messages and share them with friends. She writes, “Because the encryption is a colorful geometric pattern, someone could potentially display it physically or digitally anywhere and have others perceive it as simply a design. The author knows, privately, to themselves, the true meaning.”

Lorrie Faith Cranor's D-'identification quilt

Privacy geeks know Lorrie Faith Cranor (that’s her, above) as a computer science professor and privacy and security researcher at Carnegie Mellon. She’s also an accomplished quilter who has explored combining art with ways to visualize privacy and de-identification. Her De-identification quilt was sliced, spliced, re-assembled, overlaid, embroidered, hand-quilted and machine-quilted but, as Cranor writes, “It is a lot like personal data de-identification, in which data is removed and digital noise is introduced, but in the end the de-identified data might be re-identified given sufficient contextual information.”

And while we’re on the subject of fabric art, when Facebook built a new data centre in Prineville, Oregon they invited the local quilters at the Prineville Senior Center to create quilts depicting how Facebook connects the world.

Laurent Grasso's Uraniborg

French artist Laurent Grasso’s innovative exhibition Uraniborg, is named after the observatory built and operated by Danish astronomer Tycho Brahe. The exhibition itself is housed in a labyrinth built by the artist featuring artifacts examining themes of control and surveillance, such as the short film shown above, featuring a camera-equipped falcon – a parallel to modern-day drone technology.

Adam Harvey's Stealth Wear

Who says privacy isn’t fashionable? Artist Adam Harvey has designed a line of Stealth Wear that employs design and specialized materials to shield the wearer from being detected and recognized by surveillance technologies. He was compelled to develop the line as a response to the increasing use of domestic surveillance drones in the U.S.: “Data and privacy are increasingly valuable personal assets and it doesn’t make sense to not protect them.”

Arne Svenson's The Neighbours

Taken from his own home in New York City, Arne Svenson’s photographs in The Neighbors are the result of the artist pointing his lens at the floor-to-ceiling windows of the building across the street. As a recent review of the controversial exhibit points out:

“That is the power of Svenson’s art: it challenges the artificial lines we draw around the public and the private, especially in a place where true privacy is a luxury. It also shines a light on the fact that for the many in this city who live in luxury, part of the appeal is in its display.”

In a similar vein, Anthony Reinhart and Darin White of Kitchener, Ontario have examined the prevalence of inconspicuous and ubiquitous surveillance in the photography exhibit, DISCONNECT.

Trevor Paglen's The Other Night Sky

Artist and geographer Trevor Paglen has used observational data to track and photograph satellites in a vivid and high-tech method of “watching the watchers”. The photographs that make up The Other Night Sky are other-worldly –enough to tell you something is out there, but not sharp enough to know exactly what it is.

Paolo Cirio's Street Ghosts

And finally, with a nod to street art and graffiti, the Street Ghosts project brings life-sized pictures of people found on Google Street View to the same spot where they were taken. The result is a jarring juxtaposition of the virtual and the real, or as artist Paolo Cirio puts it: “The real world of things and people, from which these images were originally captured, and the virtual afterlife of data and copyrights, from which the images were retaken.”

So what are some of your favourite artistic expressions about privacy? Let us know in the comments!


13 Aug 2013

Initial results from our Internet Privacy Sweep: The Good, The Bad, and The Ugly


You might recall, a few weeks back our Office led and participated in the first annual Global Privacy Enforcement Network (GPEN) Internet Privacy Sweep.

We sought to replicate the consumer experience by spending a few minutes on each site, assessing how organizations communicated their privacy practices with the public.  The sweep was meant to assess transparency online and was not an assessment of organizations’ privacy practices in general. It was not an investigation, nor was it intended to conclusively identify compliance issues or legislative breaches.

After searching over 300 sites that day, our Office is still poring over the reports we’ve created, but we wanted to share some of our preliminary results with you.

The good:

We found several positive examples of transparency when it came to sharing privacy practices. The best policies were oriented towards the consumer, providing information that real people would actually want to know and would find helpful. Here are a few of our favourites:

Tim Horton’s outlines the different types of personal information they collect and use in relation to a number of activities – for example, when people shop online, enter contests, or register for a payment card. Overall, we found their policy uncluttered and straightforward – click on the screenshot to read this excerpt:

Collection and Use of Personal Information  Tim Hortons collects and uses personal information from customers and others (an "Individual") as follows:     Tim Hortons may collect and maintain personal information such as an Individual's name, contact information, payment card information and purchase history when an Individual subscribes for services or purchases products on our website, in one of our stores or at a kiosk.      Tim Hortons may collect personal information from an Individual where the Individual submits an application for programs operated from time-to-time by Tim Hortons, such as the Tim Hortons Scholarship Program (the "Programs") or for an employment opportunity (such as that contained in a resume, cover letter, or similar employment-related materials). We use submitted personal information as is reasonably required to assess the Individual's eligibility in the Programs and to advertise and promote the Programs or to assess the Individual's suitability for employment at Tim Hortons as well as to process the application and respond to the Individual.     When participating in a contest or promotion, we may collect personal information, such as a contest winner's name, city of residence, and prize winnings in order to award prizes and promote such contests. This information may be published in connection with contests.      From time to time, we may obtain an Individual's consent to use the Individual's contact information to provide periodic newsletters or updates, announcements and special promotions regarding Tim Hortons products and services.

Tripadvisor’s Privacy Policy takes the extra step of offering a detailed explanation of its Instant Personalization feature, which uses information provided by Facebook to give the user a more customized experience. Their explanation not only details what information is collected and how it’s used, but also provides instruction on how to enable or disable the feature – take a look at this screenshot:

We have partnered with Facebook to provide Instant Personalization on TripAdvisor for members of Facebook. If you have Instant Personalization set to “enabled” in your Facebook privacy settings and you are logged into Facebook, then TripAdvisor will be personalized for you when you visit the Web site, even if you are a first-time user of TripAdvisor’s Web site. For example, we will show you reviews that your Facebook friends have posted on TripAdvisor and places they have visited. In order to provide you with this personalized experience, Facebook provides us with information that you have chosen to make available pursuant to your Facebook privacy settings. That information may include your name, profile picture, gender, friend lists and any other information you have chosen to make available.  When you first visit TripAdvisor, you will see an option to turn off Instant Personalization in just one click. If you decide to turn it off at a later date, you can do so by first logging into Facebook and clicking on the disable link on this page, or by scrolling over the “Learn More” link on the top of the page on TripAdvisor and clicking on “How to turn off personalization”. You can also turn off Instant Personalization by editing your privacy settings on Facebook. Please note that, if you have Facebook friends who are using TripAdvisor, they may also have shared information about you with us through Facebook. If you wish to prevent that sharing, you can do so by editing your Facebook privacy settings.   Learn more about Instant Personalization on Facebook or read TripAdvisor’s Instant Personalization FAQ’s.

Also going that extra step is Allstate, which has established an anonymous and confidential reporting system through a third party for its customers to report privacy breaches with discretion.  Promoting and facilitating two-way communication about privacy with consumers is a key element of transparency, so it’s heartening to see that a company like Allstate is thinking about how their consumers might want to communicate with them about privacy concerns.

As part of our ongoing commitment to privacy, we have established an anonymous (optional) and confidential reporting system, so that customers can report any breaches of privacy.  All comments made through this reporting mechanism are considered important to Allstate.  Accordingly, they will be reviewed in a timely manner and, rest assured, with the utmost discretion.    To report any issue relating to privacy concerns, please go online or mail:  ClearView Connects™  P.O. Box 11017 Toronto, Ontario M1E 1N0  1-866-505-9915

Privacy policies that cover both online and in-store practices made our list of bouquets as well. IKEA Canada’s privacy notice points out IKEA’s use of closed circuit television (CCTV) cameras in its stores and parking lots and references their separate CCTV Surveillance Policy, which can be obtained by contacting their privacy officer. Given that many stores and parking lots use CCTV monitoring technology, this example shouldn’t be as rare as it is!

For security, safety and liability purposes, we use CCTV cameras in our stores and adjoining areas such as parking lots. Information recorded by such cameras is retained for a short period (approximately 90 days), unless needed in connection with an investigation. Notices advising of the use of such cameras are posted in our stores. By visiting a store, you consent to our use of such cameras and the recording of your information. For further information regarding CCTV use in our stores, please see IKEA’s CCTV Surveillance Policy, a copy of which may be obtained by contacting our Privacy Office, as provided at the end of this Notice.

The bad:

Approximately 20 percent of sites we reviewed either listed no privacy contact, or made it difficult to find contact information for a privacy officer.

For example several sites, including theloop.ca and tsn.ca, linked to Bell Media’s Privacy Policy which reads in part:

QUESTIONS, COMMENTS OR SUGGESTIONS? If you have questions, comments or suggestions about this Privacy Policy or Bell Media's privacy practices that were not answered here, send us an email.

And that e-mail address is….?

Well, we couldn’t find it.

Many of the websites we looked at spent thousands of words regurgitating PIPEDA but providing very limited information of actual interest to readers. Just as the good examples made an effort to provide clear and useful information to the consumer, the not-so-good stuck to a more legalistic approach and merely claimed compliance to legislation.

For instance, take a look at GlaxoSmithKline’s explanation of how they seek consent for the collection, use and disclosure of individuals’ personal information, below. While their privacy policy hews closely to the language found in Canadian privacy legislation, it’s not all that helpful to a consumer who wants to know when their consent might be sought.  We’ve highlighted the text that appears almost verbatim from Schedule 1 of PIPEDA :

3.PRINCIPLE 3 - CONSENT The knowledge and consent of the individual are required for the collection, use and disclosure of personal information, except where inappropriate. 3.1 The way in which we seek consent, including whether it is express or implied consent, may vary depending on the sensitivity of the information and the reasonable expectations of the individual. An individual may withdraw consent at any time, subject to legal and contractual restrictions and reasonable notice. 3.2 GSK will typically seek consent for the use or disclosure of personal information at the time of collection, but in certain circumstances consent may be sought after collection but before use. 3.3 GSK will only ask individuals to consent to the collection, use or disclosure of personal information as a condition of the supply or purchase of a product, if such use, collection or disclosure is required to fulfil an identified purpose. 3.4 In certain circumstances, as permitted or required by law, we may collect, use or disclose personal information without the knowledge and consent of the individual. These circumstances include: Personal Information which is subject to solicitor-client privilege or is publicly available as defined by regulation; where collection or use is clearly in the interests of the individual and consent cannot be obtained in a time way; to investigate a breach of agreement of a contravention of the law; to act in respect to an emergency that threatens the life, health or security of an individual; for debt collection; or to comply with a subpoena, warrant or court order.

Huh?

GlaxoSmithKline also offer readers an Internet privacy policy which, in some ways does a better job than their privacy code at explaining how a consumer’s information might be collected and used. However we found this policy, like others we saw during our sweep, focused on the use of cookies and other technical information collected via their site, while not providing enough information relevant to how the organization was collecting and using other types of information about the consumer.

The ugly:

About one out of every ten sites we looked at did not appear to have a privacy policy.

Another 10 percent had a privacy policy that was hard to find – sometimes exceedingly difficult to find, since it was buried in a lengthy Legal Notice or in the Terms and Conditions.

While almost 90 percent of the sites we swept had some sort of privacy policy or privacy notice, some policies offered so little transparency to customers and site visitors that the sites may as well have said nothing on the subject.

For example, A&W Canada, which collects personal information such as photos, addresses and dates of birth for various initiatives, has a 110-word privacy policy tacked on to the very end of the Terms and Conditions that offers nothing but a blanket promise of compliance with the law. While they do provide some other detail with respect to their privacy practices elsewhere on the site, and it is possible for visitors to their site to learn more by contacting their privacy officer through the e-mail address provided, we think organizations can do better. Individuals shouldn’t have to jump through hoops and provide their own personal contact information just to learn what an organization is going to do with their information.

Privacy Policy A&W Food Services of Canada Inc. is committed to protecting the privacy of personal information. Personal information obtained in the course of conducting our business will not be collected, used or disclosed except in compliance with governing legislation, including Canada’s Personal Information Protection and Electronic Documents Act and British Columbia’s Personal Information Protection Act. For further information on our Privacy Policy, contact our Privacy Officer at privacyofficer@aw. We may revise this Privacy Policy from time to time. You are responsible for checking this Policy when you visit our site to review the current policy. If you do not agree with the Policy, you should cease use of the site immediately.

Paternity Testing Centers of Canada, which collects and processes highly sensitive DNA samples of its clients, has a privacy statement so short it would fit in a tweet: “Paternity Testing Centers of Canada care about our clients and ensure that every test performed is strictly confidential.”

Confidentiality Uncertainty about parentage can have life-long psychological consequences. DNA paternity testing is the most advanced and accurate method available for resolving these parentage questions. Paternity Testing Centers of Canada can perform both Legal (court approved) and Non-legal tests. With advanced DNA technology, paternity testing is accurate, rapid and an affordable means for obtaining conclusive answers with respect to parentage. Paternity Testing Centers of Canada care about our clients and ensure that every test performed is strictly confidential.

We wanted to provide you with some preliminary results that stood out to us from our sweep.  Once we’ve completed a review of the results from our Office and the other jurisdictions that participated in the sweep, we will determine any appropriate follow-up action, in conjunction with our international sweep partners.


9 Jul 2013

Safe journey, Bon voyage !


Learn more about privacy at airports and border crossings by referring to the new featured topic, and have a safe journey! 

Canadian border crossing

photo by 12th St David

There’s a common expression that says, “It’s not the destination that counts, it’s the journey.” Well, if you’re like me, when I have to travel—especially with moody teenagers—I get anxious just thinking about all of the hoops I have to jump through before I arrive at my destination. At airports, border crossings and sea ports, there are security screenings everywhere.

Security measures are presented as a trade-off for safer skies for travellers. But that doesn’t mean you have to check your privacy rights with your luggage.

It is important to know that as a Canadian traveller, your privacy rights kick in from the moment you book a flight—online or through a travel agency—and continue on through the airport terminal and into the pre-boarding area.

However, the measures used to ensure your safety make you wonder: where do your privacy rights begin and end? To help you answer that question, the Office of the Privacy Commissioner of Canada (OPC) just posted a new topic page entitled Privacy Rights at Airports and Border Crossings. It contains explanations of the law, describes the impact of security measures on your personal information and privacy rights, and lets you know where you can turn to if you feel your rights have been violated.

The topic page presents all of the OPC’s materials related to airports and border crossings in one place: fact sheets, reports, publications, Parliamentary appearances and audits to give you an overview from a privacy perspective of key security initiatives that have been implemented over the last 10 years.

Want to learn more? Click here to consult the new page.


10 Jun 2013

Fixing leaky faucets: Raising the bar of privacy protection


“Web leakage” research and follow-up work by the Office of the Privacy Commissioner of Canada has resulted in improvements to the privacy practices of some popular Canadian websites.

You may recall that our Office’s technologists tested 25 sites last year and found a significant number were “leaking” registered users’ personal information – including names and email addresses– to third-party sites such as advertising companies.

The research project prompted extensive discussions with the operators of 11 sites where concerns or questions were identified.

Positive changes

In the end, we’re happy to say that the initiative has resulted in a number of positive changes for Canadians:

  • Several organizations have taken measures to stop unintentional or unnecessary disclosures of personal information.
  • Many also agreed to take steps to ensure they provide consumers with clear, accessible information about their privacy practices.

All of the organizations cooperated with our Office and we were able to resolve our concerns in each and every case.  Here is a summary of the results of our work with the 11 sites:

  • In three cases, the site operators had been previously unaware that personal information was being disclosed to third parties, but took steps to ensure the disclosures stopped.
  •  In a further three cases, websites that had been intentionally sharing information such as email addresses to third parties, but agreed to stop after we questioned the practice.  Another organization was looking at whether its site could be re-designed to prevent sharing with two of its online service providers.
  • One organization acknowledged that personal information was being shared with  third-party service providers in order to manage its website – even though its privacy policy states personal information is not made available to third parties.  The organization is in the midst of making changes to its privacy policy to provide greater clarity.
  •  In other cases, our discussions with organizations confirmed that no information was being disclosed to third parties beyond that found in our research – for instance, postal codes.  As a result, we determined the disclosed information was not personal information.

Of course, our initiative involved a very small sample of sites and “web leakage” concerns are not confined to the organizations identified in our research.  All web site operators and third parties should review the personal information they share and test own sites to check whether data is unintentionally leaking.

Issues beyond “web leakage”

During our work, it became apparent that organizations’ privacy practices, such as the legitimate sharing of information with third parties, were not always disclosed in a meaningful way to consumers.

Commissioner Stoddart has expressed concern about privacy policies that are too long, too convoluted, and, as a result, tend to be largely ignored by users.

Organizations should have clear, descriptive privacy policies.  Our Office has also started looking at other practices that could also be adopted to help inform people about how their personal information will be handled.  For example, we like just-in-time notifications – providing explanations of privacy practices when data is collected.

To that end, we were pleased that several organizations committed to improve the way in which they tell consumers about their personal information handling practices.  For example, some are reviewing their privacy policies and exploring more innovative ways – such as just-in-time notices – to provide privacy information.

All of these steps will go a long ways to help ensure these organizations have obtained informed consent for the collection, use and disclosure of personal information online – as required under Canadian privacy law.

And since the issues we identified have been addressed, the Privacy Commissioner has decided not to exercise her power to name these organizations.

Given our study has revealed systemic issues in this area, our Office is developing a guidance document on best practices with respect to how organizations obtain informed consent from Canadians for the collection, use and disclosure of personal information in the online world. We expect to publish the guidance document later this year.


30 May 2013

Hat trick at IAPP Canada


Commissioners Stoddart, Denham and Clayton at IAPP Canada 2013

Who says hockey season is over in Canada? Check out these three stars from last week’s IAPP Canada Privacy Symposium - from left to right, Privacy Commissioner of Canada Jennifer Stoddart; Elizabeth Denham, B.C.’s Information and Privacy Commissioner; and Jill Clayton, Alberta’s Information and Privacy Commissioner. This year’s Commissioners’ Panel, in honour of the playoffs, was modelled after TSN’s The Quiz. The panel also included Ann Cavoukian, Information and Privacy Commissioner of Ontario. Commissioners were great sports – they poked fun at each other and themselves, and answered questions about a wide range of privacy issues, including big data, accountability and breach notification.  Moderator Kris Klein, IAPP Canada’s managing director, wore a striped referee’s sweater, but didn’t have to blow his whistle or put anyone in the penalty box even once.