Archive for the ‘Privacy Act’ Category

8 Mar 2010

We have our winners!

Once again, students from the Encounters with Canada program have selected the winners of our annual student video contest! Here are the winners for our 2009 competition:

The three top video artists in the live action category were:

1st place: Jeffery Burge, Vanessa Caicedo, Alexandra Georgaras, Gareth Imrie and Fiona Sauder of Canterbury High School in Ottawa, Ontario, with a video titled “Think Before You Click”. They win a $100 gift card and an iPod Touch.

2nd place: David Borish and Mory Kaba of Glebe Collegiate Institute in Ottawa, Ontario, with a video titled “Friend or Foe”. They win a $250 gift card.

3rd place: Jennifer Paul from Brampton, Ontario, with a video titled “Too Good to be True”. She wins a $150 gift card.

The three top video artists in the animation category were:

1st place: Tyler Ford and Matthew Kerr of Osgoode Township High School in Metcalfe, Ontario, with a video titled “Privacy: Think Before You Click”. They win a $100 gift card and an iPod Touch.

2nd place: Rebecca Kartzmart and Emily Patterson of Osgoode Township High School in Metcalfe, Ontario, with a video titled “Carol the Carrot”. They win a $250 gift card.

3rd place: Scott Piper of Osgoode Township High School in Metcalfe, Ontario, with a video titled “Privacy Matters”. He wins a $150 gift card.

The three top video artists in the French video category were:

1st place: Benjamin Dion-Weiss of l’École secondaire publique De La Salle in Ottawa, Ontario, with a video titled “Le réseautage social d’après le Comte Hackula”. He wins a $100 gift card and an iPod Touch.

2nd place: Stéphanie Lemieux and Emily Vendette of l’École secondaire catholique Embrun in Embrun, Ontario, with a video titled “Le Journal de Lisa”. They win a $250 gift card.

3rd place: Cosmo Darwin of l’École secondaire publique De La Salle in Ottawa, Ontario, with a video titled “Trouvée & Perdu”. He wins a $150 gift card.

The three top video artists in the Junior category were:

1st place: Mackenzie Giffen, Chris Johnstone, Chris Nattrass, Curtis Sookhoo and Gabriel Zingle of F.R. Haythorne Junior High in Sherwood Park, Alberta, with a video titled “The Spanish Lottery”. They win a $100 gift card and an iPod Touch.

2nd place: Trevor Aiello, Connor Bergersen, Chad Bullock and Lochlan Thomson of F.R. Haythorne Junior High in Sherwood Park, Alberta, with a video titled “A lesson In Privacy”. They win a $250 gift card.

3rd place: Matthew Craner, Scott Deshane, Madison Gilchrist, Joe Matishak and Graeme Wyatt of F.R. Haythorne Junior High in Sherwood Park, Alberta, with a video titled “The Phone Number Test”. They win a $150 gift card.

We also recognized seven teachers for their enthusiastic participation in the contest. They were:

  • Crystal Getschel, of F.R. Haythorne Junior High in Sherwood Park, Alberta, with 26 entries.
  • Majed Mattar, of Osgoode Township High School in Metcalfe, Ontario, with 21 entries.
  • Professor Kaduri, of Tanenbaum Community Hebrew Academy of Toronto, Ontario, with 15 entries.
  • Grant Holmes, of École secondaire publique De La Salle, Ottawa, Ontario, with 11 entries.
  • Carol Shaw, of Woodstock Collegiate Institute, Woodstock, Ontario, with 8 entries.
  • Kevin Shae, of Sir Robert Borden High School, Ottawa, Ontario with 6 entries.
  • Stephen Willcock, of Canterbury High School, Ottawa, Ontario, with 5 entries.

Each teacher will receive a $250 gift certificate at Indigo Books and Music to use for personal use or for the school they represent.

The videos will be posted as soon as possible to our youth site. They will also be available on our YouTube channel.

We were thrilled with the number and quality of submissions we received for our second competition. We’ll be launching the 2010 contest in May!

28 Jan 2010

It’s Data Privacy Day 2010: Are you taking the proper steps to ensure that your personal information is safe?

On Data Privacy 2010 we’d like to take a moment to remind everyone that is the responsibility of both individuals and companies to make sure that personal information is safe.

If you own a company, or work for a big one: in the past, you may have had to ensure that your customers’ name and address information (and in some cases credit card and billing information) were safe. Now, many of you are providing technology and tools for your customers to put increasing amounts of personal information online. Does your company have the systems in place to safeguard this information? Do you give your customers the tools and options to control how their information is used?

If you are a user of new and cool technology: in the past a telephone was a telephone, a video game was a video game, a stuffed toy was simply that – a stuffed toy. Today, more and more toys and handheld tools come with the ability to go online. Do you understand how to enjoy your toys and gadgets without putting your personal information at risk?

If you are a parent or guardian, teacher, coach or caregiver: do the young people in your life understand how to use all these new toys and gadgets while keeping their personal information safe? Our office has recently made youth privacy a key priority. Today, we have posted some new resources to the Parents & Teachers section of our youth web site. The resources include information on 12 privacy issues (such as the importance of privacy settings and knowing who your friends are on social networking sites), along with ideas for generating discussion about each issue with young people. You can use these resources to start discussion about personal privacy and the importance of thinking about what you post on the Internet.

Regardless of which group you are in – if you need any information about how to keep personal information secure, visit our web sites – and

5 Jan 2010

Extracts from “The Reality of Privacy and Security in the 21st Century”

Remarks delivered to the Annual Conference of the Canadian Association for Security and Intelligence Studies, October 30, 2009 by Chantal Bernier, Assistant Privacy Commissioner of Canada

… As you may know, I came to the Office of the Privacy Commissioner of Canada from the Department of Public Safety, where I had the privilege of serving as Assistant Deputy Minister in the Community Safety and Partnerships Branch.

As such, I have had substantial engagement in a range of security and intelligence files.

My entire presentation is premised on this tenet: Privacy and security are not at odds.

On the contrary: I would put to you that measures to protect privacy must be integral to any initiatives to fight terrorism or other crimes.

Why? Because we live in a free and democratic society where individuals enjoy the right to live, to move around, to communicate and to go about their daily lives, free from unwarranted interference by the state.

And for practical reasons too:

Any effort towards greater security that is strictly tailored to the actual risk – and that therefore minimizes the infringement of privacy or other rights – will be more targeted and more effective.

For example, an investigation that is carried out in accordance with the law, and in a way that respects privacy and other rights, will yield cleaner evidence and a more compelling case for the prosecution.

In other words, all the work that is poured into greater security is more likely to pay off if it is carried out in a strategic, targeted manner. And an essential consideration in that regard is due respect for the right to privacy.

Airport scanners

Another file in which we are deeply involved relates to plans by CATSA, the Canadian Air Transport Security Authority, to install millimetre-wave whole-body imaging scanners at several Canadian airports.

These machines can penetrate clothing to expose concealed objects such as weapons or drugs. Their principal advantage over metal detectors is that they can identify non-metallic objects, such as ceramic weapons or liquid or plastic explosives.

Our Office has examined two Privacy Impact Assessments, or PIAs, prepared by CATSA – first for a pilot test conducted at Kelowna Airport, and more recently for the full program.

As we told CATSA earlier this week in our response to its PIA, we consider this technology to be inherently sensitive as it reveals an outline of the traveller’s body. Many people may perceive it as privacy invasive.

As such, we have worked with CATSA to ensure appropriate privacy safeguards.

One of the key results is that the technology will be used only for secondary purposes, after an individual has already passed through the metal detector. What’s more, the scans will be voluntary, with passengers given the option of going through them, or having a physical pat-down.

And – this is key from a privacy perspective – the images will not be recorded, printed or transmitted. Indeed, they will be deleted as the passenger leaves the scanner.

Four tests

In weighing this and any other government initiative with a potential impact on privacy, our approach is to apply four tests: Necessity, proportionality, effectiveness, and the existence of less-intrusive alternatives.

We ask ourselves: Is the proposed measure really necessary? Have the proponents offered proof of a genuine problem, with no other viable solutions?

Our next criterion is proportionality. Many measures will infringe on privacy; that is just the price we pay for living in a community. Any benefit to the group will generally restrict some liberties of the individual, but the invasion of privacy must be proportionate to the benefit derived.

We also want some assurance of effectiveness. We want to ensure that a measure that infringes on privacy, in the name of the collective good, really meets that specific objective.

As for the fourth test: If a measure is proposed that will affect the privacy of individuals, we want to know that it is justifiable on the grounds that there are no less intrusive alternatives already available.

24 Dec 2009

Give your loved ones a little Privacy this holiday

Do your loved ones have toys on their wish lists this holiday? A stuffed animal for a little one… a cell phone or a camera for a teen? These days, these toys and gadgets are more than they used to be. Just a few years ago a stuffed animal was something to cuddle with and a phone was, well, just a phone! Now, many stuffed animals come with codes that allow kids to register them online so that they can play games, feed and care for them, and even chat and play with other kids. And many cellphones are phones, computers and cameras, all in one.

And while such toys and gadgets can be fun, we want people to enjoy them without putting their privacy and personal information at risk.

Here are our tips for protecting your privacy as you and your loved ones enjoy your new gadgets and toys. For parents especially:

Understand new toys and their capabilities – It is important to understand the capabilities of new toys and how your children will use them. Speak with your kids about how they will use the toy and, where appropriate, agree on guidelines and limits.

Pay attention to privacy settings and parental controls – Privacy settings on social networking sites control what people see about you. Only allow your friends to see your page, your posts, your photos and your applications. Parents, if you depend on parental control software that is installed on your desktop, remember that. Those controls won’t be in place on new mobile devices.

Remember, with Wi-Fi, children can access the Internet from anywhere in the house – And if their new toy/gadget has Internet capabilities they can also use it to access the Internet from locations and networks outside your supervision and control.

Here are our tips for protecting your privacy as you and your loved ones enjoy your new gadgets and toys. For everyone:

Think before you click – The Internet is a public arena, and photos and comments you post are permanent. Even if you delete them from a web page, they could continue to exist in archived pages, in your computer’s cache or on the computers of other Internet users who may have copied them. If you don’t want certain people to see something, now or in the future, don’t post it!

Pick and protect the perfect password – Your information is only as safe as your passwords. Use different passwords for different systems; make sure they are strong (eight characters or more and a variety of letters or numbers); never share them with anybody; and change them regularly.

Know your friends – Online, you can’t be 100 per cent sure who you are talking to. Don’t accept friend requests from people you don’t know in real life.

Protect your identity – Identity theft is a growing problem and the Internet is the least private of spaces. Don’t post or e-mail personal details such as your social insurance number, phone number, home address or birth date.

Be careful on online gaming sites – Online gaming sites are hotbeds of people accessing personal information. Be aware that ill-intentioned people can use information from your profile to establish accounts in your name, or use your stolen identity to access your existing accounts.

Be wary of e-mail or instant messages from unknown people – Don’t open online messages that seem odd or are from someone you don’t know. They could contain a virus or let a hacker gain access to your computer.

Have a happy holiday and enjoy all your new toys!


20 Nov 2009

Today is National Child Day

It’s also the 20th anniversary of the day the United Nations General Assembly adopted the Convention of the Rights of the Child. A significant milestone, this made privacy a basic human right for everyone under the age of eighteen.

Privacy is a right that all young people should enjoy, no matter where they live. With today’s world being so different than it was 20 years ago, this is something they may not think much about. Today, young people are videotaped by security cameras almost everywhere they go. They are asked for their postal code or driver’s license number when they buy a pair of jeans. They can instant message, update their statuses, download music, talk to friends on Facebook and play games on their computers with people all around the world. Twenty years ago, if someone wanted to get in touch with you they had to phone you or send you a postcard!

It is so easy for young people to overlook their privacy rights and why they’re so important. And it’s easy to forget about the risks that are out there if they don’t protect their personal information. These risks can range from nuisance (all those marketers who are looking for people to target their ads to) to serious (from the people on the Internet who are looking for identities to steal, to the predators who are looking for victims). Many of them also tend to forget that when they post comments, photos and videos, online, that information is public and permanent and almost impossible to remove.

So today, on National Child Day, take a minute and remind the young people in your life, in your community, that privacy is their right. Have them look around and click through the pages. Encourage them to find information about how they can have fun online while protecting this valuable basic human right.

17 Nov 2009

Audit of the Financial Transactions and Reports Analysis Centre of Canada

(from our news release)

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has more personal information in its database than it needs, uses or has the legislative authority to receive.

This was one of the key findings of the Privacy Commissioner of Canada’s in-depth audit of the independent agency mandated to analyze financial transactions and identify suspected money laundering and terrorist financing in Canada …

Legislative changes passed in 2006 expanded the types of transactions that must be reported to FINTRAC, as well as the number of professionals and organizations that are required to collect information about clients and to report it to FINTRAC. Examples of entities required to report to FINTRAC include financial institutions, life insurance companies, accountants and casinos.

The audit found that FINTRAC needs to do more to ensure that the amount of personal information it acquires is kept to an absolute minimum. A random sample of files examined in the audit turned up several reports that did not clearly demonstrate reasonable grounds to suspect money laundering or terrorist financing.  For example:

  • A reporting entity filed several reports stating it was “taking a conservative approach in reporting this … because there are no grounds for suspecting that this transaction is related to the commission of a money laundering offence, but there is a lack of evidence to prove that the transaction is legitimate.”
  • An individual deposited a government cheque for an amount less than $300 and then withdrew the entire amount. The financial institution filed a suspicious-transaction report, but did not indicate why the transaction was deemed suspicious.
  • A financial institution filed a report about an individual who had deposited a cheque from a law firm.  The institution was satisfied that the individual had provided legitimate reasons for the source of funds, but decided to notify FINTRAC anyway because of the individual’s ethnic origin and the fact that this person had visited a particular country.

“It is clear that such reports, containing not a shred of evidence of money laundering and terrorist financing, should not be making their way into the FINTRAC database,” says Commissioner Stoddart.

“It is a bedrock privacy principle that you collect only the personal information you need for a specific purpose,” she says. “The federal government needs to have a justifiable need to collect someone’s personal information. Clearly, FINTRAC needs to do more work with organizations to ensure it does not acquire personal information that it has no legislative authority to receive – and that it does not need or use.”

The audit recommended enhanced front-end screening of reports; stronger ongoing monitoring and review to ensure that information holdings are relevant and not excessive, and the permanent deletion of information that FINTRAC did not have the statutory authority to receive.

Under amendments passed in 2006, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act requires the Privacy Commissioner to review FINTRAC every two years and report the results to Parliament.

29 Oct 2009

How a severe pandemic might affect your personal information

Now that Canada has officially entered the “second wave” of the H1N1 flu season, and the United States President has proclaimed the H1N1 pandemic to be a national emergency, Canadians are staring at the possibility of a significant flu outbreak. The sense of concern and urgency about how to respond to this situation presents interesting challenges for protecting the right to privacy.

As anyone who has stood in the long lines to get the new H1N1 vaccine can tell you, preparing for the potential disruptions in our daily lives as a result of the flu outbreak may well be new territory for organizations, employees, as well as customers.  And business continuity plans don’t always address important privacy questions!

To help bridge this gap, we’ve developed guidance for organizations and a fact sheet for employees to explain how privacy laws apply in the private sector workplace during the H1N1 pandemic. This important work was prepared in consultation with our counterparts in Alberta and British Columbia.

Right now, in Canada’s current “non-emergency” situation, it’s important to remember that privacy laws apply in the usual way. For example, employers can collect only the minimum amount of personal information necessary to meet a business need.

However, it’s a different story if an emergency is declared. For example, if an outbreak is declared to be a public emergency, the powers to collect, use and disclose personal information to protect the public health may be very broad. Privacy legislation would not prevent the sharing of information in the event that H1N1 is declared to be an emergency pandemic.

This guidance will be updated as circumstances warrant.

25 Sep 2009

You Might Be Interested In

Privacy and the 2010 Olympics – some resources

9 Sep 2009

A sneak peek at a government file ABOUT YOU

Ever wonder what information a government agency might hold about your traveling habits? Thanks to an anonymous U.S citizen, we can sneak a peek at a travel record held by the United States Department of Homeland Security. The scanned copies are posted on philosecurity, and include data like:

  • IP address used to make web travel reservations
  • Hotel information and itinerary
  • Full Name, birth date and passport number
  • Full airline itinerary, including flight numbers and seat numbers
  • Cruise ship itinerary
  • Credit card number and expiration
  • Phone numbers, including. business, home & cell
  • Every frequent flier and hotel number, even ones not used for the specific reservation

Several countries, including Canada, collect similar information as part of an Advanced Passenger Information or Passenger Name Record program.

While we would all prefer it if the government did not collect information about our travel habits, these programs are meant to provide security agencies with enough advance information to screen travelers and identify potential risks to transport security. If your travel plans include the European Union, Switzerland or the United States, information in Canada’s database will also be shared with their security agencies.

More information about the Canada Border Services Agency’s programs is available, including directions on how each individual can access the travel data the Agency holds on you.

22 Aug 2008

A clarification on court decisions

Speaking at the Canadian Bar Association Conference earlier this week, the Privacy Commissioner talked about the privacy implications of courts and administrative tribunals posting to the web decisions and other documents containing personal information.

While her speech generated a handful of articles, her comments created a bit of a stir when one newspaper article misinterpreted what she had said, suggesting that the Commissioner was proposing that all court decisions be scrubbed of personal information before being made widely available.  Of course, neither the Privacy Act nor the Commissioner’s mandate applies to the courts.  In her speech, the Commissioner was actually discussing the legal obligations of government institutions subject to the Privacy Act. (You can read the transcript of her speech here.)  These institutions have tended to evoke the practices of the courts as a justification for the disclosure of personal information, a tendency that inspired the Commissioner’s remarks.  Other interpretations of the Commissioner’s comments better capture her concerns.

Below is the commissioner’s letter to the Toronto Star which appeared yesterday morning.

Re: Hide IDs in court rulings, privacy chief says, Aug. 20

I am writing to correct a false impression left by the article. My mandate does not extend to the courts. However, it is interesting to note that they, like my office, have been wrestling with the issue of posting personal information online. My role is to ensure that federal administrative tribunals respect the privacy rights of Canadians.

Ordinary Canadians provide their personal information to these tribunals for various reasons. They may, for instance, be seeking access to a government benefit or reparation for an alleged government mistake.

A law-abiding citizen fighting for a government benefit should not be forced to expose her medical history or other highly sensitive personal information to public scrutiny. They should not have to abandon their privacy rights.

My office has recently investigated complaints about the online posting of personal information by several administrative tribunals. We expect to release our findings in these cases in the fall.

Jennifer Stoddart, Privacy Commissioner of Canada