Connect with us


Data privacy in Canada: A look back at 2020, plus a look ahead to 2021 – IT World Canada



For privacy and data protection officers across Canada, COVID-19 was a dominant presence in 2020. Protecting personal data with many employees working from home while using new video, audio and text collaboration tools was a challenge. In some organizations, new e-commerce services were adopted in record time.

COVID will cast a big shadow in 2021, with two prime questions: Can employees be asked to give proof of vaccination for on-premise work, and what sort of proof will be accepted. Will it have to be paper or can there be a digital equivalent?

So far, no federal, provincial or territorial jurisdiction has said how governments will address this, temporarily leaving the private sector to work it out.

It’s assumed that early in the new year as the pace of vaccinations picks up, provinces and territories will have answers.

New legislation

The other dominant issue in 2021 will be the federal government’s proposed new private-sector data privacy law, the Canadian Consumer Privacy Act (CCPA).

Officially known as Bill C-11, it’s a sweeping overhaul of the existing Personal Information Protection and Electronic Documents Act (PIPEDA), changing the federal Office of the Privacy Commissioner from being an ombudsman to a regulator, with the power to recommend multi-million dollar fines to a new Personal Information and Data Protection Tribunal.

To help affected companies — federal privacy law applies only to firms regulated by Ottawa (such as telcos, banks, airlines) or in provinces that don’t have their own privacy legislation — the government has said it will hold off implementing the legislation until 18 months after it is passed.

But for planning purposes, data protection officials and lawyers wonder if it will become law in the current session of Parliament. Minority governments can fall at any time. The last federal election was in October 2019. There is speculation the Liberal government will go to the polls as soon as it can to take advantage of the goodwill it has built up during the pandemic. Prime Minister Justin Trudeau told the CBC that he has no plans to call an election, but he’s ready for a campaign.

Since the government introduced C-11 and held the first reading debate, it hasn’t scheduled committee meetings, which is where the details of the act would be scrutinized and witnesses from the private sector called.

It isn’t known yet how vigorously the opposition and companies will fight to change C-11. Some business groups have said they aren’t enthused about the proposal to give a privacy regulator the power to levy hefty fines.

In case you missed it:

Proposed privacy law may face push-back

Canada has ‘clearly fallen behind’ other countries in privacy law, says privacy commissioner

On the other hand, there will be pressure to pass the bill because the European Union is demanding countries have privacy laws similar to the General Data Protection Regulation (GDPR). PIPEDA is unlikely to make the cut.

“[C-11] may be the big story of the year because we’ve been waiting so long,” said Teresa Scassa. Canada Research Chair in Information Law and Policy at the University of Ottawa’s Faculty of Law. “It’s such an important bill in terms of private sector data protection. It’s a complete reworking of (PIPEDA), and I think the framework is going to be with us for a long time, it’s really important to get it right.”

But it’s not going to be easy, she says. “It’s really hard to be on top of all of it. Unpacking it and trying to figure out what’s changed and whether it’s for the better will take up a lot of energy in 2021.”

Remember, she added, the government has also promised a reformed Privacy Act, which covers the federal government’s duties to protect personal information. The Justice Department is accepting submissions up to Jan. 17.

British Columbia is also consulting on updating its private sector privacy law, while Quebec’s legislature is debating proposed amendments to its privacy legislation. Ontario is consulting on whether it should have its own private-sector privacy law. Its position may change now that C-11 has been introduced.

Scassa said a “sleeper issue” in 2021 may be worker and student surveillance online. With more employees working from home, some employers want to keep tabs in some way on how productive their staff is. It’s particularly an issue in the financial sector where regulations demand management keep an eye on employees handling large sums of money.

Facial recognition woes

Meanwhile, with students forced to take classes online from home, universities and colleges are grappling with how to assure there’s no cheating on tests. Some have turned to so-called proctoring applications which may make students show an image of their room to ensure no texts are open or notes tacked to a wall during an exam. The application may also use facial recognition technology to identify students.

The Globe and Mail recently ran a story on the issue, with one student of colour complaining the application refused to recognize her. This is in line with many studies that show facial recognition is less accurate with non-white faces.

There was enough controversy in 2020 that IBM withdrew its facial recognition solution. Clearview AI agreed in July to stop marketing its product to police here, but that came after federal Privacy Commissioner Daniel Therrien and three provincial commissioners announced an investigation into how Clearview collects the baseline images from the internet that its application uses. Therrien is also investigating the RCMP’s use of Clearview. Both reports may be released in 2021.

In October, Therrien and other privacy commissioners from around the world called for stronger privacy protections and greater accountability in the development and use of facial recognition technology and artificial intelligence.

Therrien started investigations this year into the August cyberattacks on Canada Revenue and the GCKey credentials service used by many federal departments after hackers got into accounts of 11,000 users. With several provincial privacy commissioners, Therrien also launched an investigation into the data collection capabilities of Tim Horton’s mobile app.

The private sector is interested in the possibilities of merging facial recognition with other data it collects. Privacy Commissioner Therrien set some guardrails with the release in October of an investigation into how real estate developer Cadillac Fairview collected and analyzed five million images of shoppers in a mall without their knowledge. The images were captured from cameras hidden in information kiosks. The developer said the purpose wasn’t to identify people but analyze shoppers by age and gender. It has placed decals on mall entrances that explained the privacy policy.

But Therrien said there was no meaningful consent. Cadillac Fairview abandoned the project and said it has no plans to revive it.

More stories about privacy snafus

Among the more searing reports issued this year by Therrien was his investigation into the theft by an employee of data on 9.7 million customers of the Quebec-based Desjardin credit union over a two-year period. Data protection pros must have winced as the report pointed out that:

  • Data on some 4 million people stolen were former customers. It wasn’t clear why Desjardins was holding on to this data. PIPEDA says firms can only retain personal information needed for commercial reasons. Therrien called  the discovery that this data was still sitting around “startling”;
  • Dejardins had 13 directives, policies and procedures for protecting personal information. But some policies and procedures were incomplete or had not been implemented;
  • One of them forbade copying data onto USB keys. That’s what the insider did,  in contravention of the confidentiality agreement he signed;
  • While Desjardins’ information system restricted access to customer data to authorized users it allowed movement of restricted data to unprotected directories and storage media without any controls.
  • Desjardins could have reduced the possible exposure of personal data by theft by using data masking techniques to hide identifying information — as recommended by its own data protection security standards;
  • Desjardins knew there were security problems and had started implementing data loss prevention technology. Slowly implementing. Too slow, as it turned out.

Another insider-related report issued this year dealt with the selling of customer information by two employees of a call centre company with a branch in India hired by Dell for third party support. Several Canadians complained to the privacy commissioner after getting phony tech support calls from someone who knew a lot of information about them including their names and Dell products they owned. Dell discovered that two India-based employees of that call centre provider had sold customer lists of more than 7,800 Canadians to others who apparently made the fake phone calls.

The privacy commissioner’s office found Dell is responsible for the personal information transferred to third parties and is obligated to ensure that those firms properly protect information. However, it found data safeguards were insufficient We found that certain safeguards related to access controls, logging and monitoring, and technical controls were insufficient. It also found that Dell failed to adequately investigate the circumstances of the June 2017 breach and failed to adequately respond to customer complaints.

The investigation was satisfied Dell has since improved its safeguards and oversight.

Bonus round

Scassa pointed out a number of other interesting privacy-related rulings this year:

  • The Supreme Court of Canada upheld the constitutionality of a bill (the Genetic Non-discrimination Act) to protect people from being compelled by insurers and employers to have or show results of a genetic test. Briefly, the law in part makes that a criminal offence. Some argued this was a provincial matter because it touched on health. But, Scassa said, three of the judges in the majority ruled criminal law to support the protection of privacy. That could expand federal power. For example, Scassa said, it might be used to criminalize certain uses of artificial intelligence applications;
  • A British Columbia appeal court decision allowing a class-action lawsuit involving a 2013 data breach at a credit union to go ahead. What was interesting, Scassa said, is what wasn’t discussed in the arguments: Whether the civil wrong of “breach of privacy and intrusion upon inclusion,” a relatively new concept first approved of by an Ontario court, exists in B.C. The appeal court hinted that it would really like someone to step forward and make the case;
  • The uproar in Ontario in April when the province issued an emergency order allowing police, firefighters and paramedics to access health authority databases listing names of those who have tested COVID-19 positive and who they might come into contact with. “There were completely insufficient guardrails on that,” Scassa said, citing allegations that at least two police departments were abusing their access. It’s an example, she said of “maybe not thinking it through” during a crisis. First responder access to those databases was revoked in July.

Would you recommend this article?

Thanks for taking the time to let us know what you think of this article!
We’d love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

#liker-thanksdisplay:none; padding:12px; background:#D2DDFF; border:1px solid #0010AA;

Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO

Cybersecurity Conversations with your Board – A Survival Guide

Download Now

Let’s block ads! (Why?)

Source link

Continue Reading


LG seriously considering existing the smartphone business, all options on the table –



Teased only last week, the LG Rollable may not launch this year as had been planned. (Image: LG)
LG is considering exiting the smartphone business despite teasing new devices as recently as CES 2021 last week. The company’s CEO Kwon Bong-seok has informed staff that all options are currently on the table including exiting the market, a potential sale or downsizing.

LG is pondering whether it should exit the smartphone business altogether. The Korean tech giant has recorded twenty three consecutive quarters without a profit with losses totalling over US$4 billion across the past five years. Rumors first surfaced about the drastic measures being considered earlier this week that the company moved to quickly quash, however a memo from CEO Kwon Bong-seok to staff has now confirmed their worst fears.

An LG official had this to say:

Since the competition in the global market for mobile devices is getting fiercer, it is about time for LG to make a cold judgment and the best choice. The company is considering all possible measures, including sale, withdrawal and downsizing of the smartphone business.

It was only in December it emerged that LG was moving to outsource its entry to low mid-range models to third-party vendors. At the time, the plan was for the company to continue making premium mid-range and high-end smartphones including the experimental LG Wing and the purportedly forthcoming LG Rollable smartphone-tablet hybrid — there is a real danger now, however, that this device might not see the light of day. It is sad news for fans of mobile phones as although LG has never achieved the smartphone success of domestic arch rival Samsung, it has often been the first to introduce innovative new features.

Let’s block ads! (Why?)

Source link

Continue Reading


Samsung Galaxy S21 Ultra teardown reveals hard to swap screen and battery – news –



After the Galaxy S21 got disassembled on video earlier this week, PBKreviews has switched their focus to the flagship of this year’s S-lineup – the Galaxy S21 Ultra.

Taking the glass back off reveals the camera lens cover is made from metal just like the frame of the device. It’s held by adhesive to the glass panel and should be substantially more durable compared to the glass camera covers of the previous S-series models. Since this is the international version of the S21 Ultra, the phone is missing the mmWave antennas which would be located on the left and right sides. The actual slots for the antennas are still in place though.

[embedded content]

Going deeper into the phone we can see Samsung used plenty of graphite film on the NFC antennas and motherboard. We then get confirmation that all three cameras on the S21 Ultra come with optical image stabilization.

Interestingly enough the top speaker does not come with foam ball insulation which was present on the smaller and cheaper Galaxy S21. Unlike the standard S21, the S21 Ultra’s screen connector cable is not detachable and is fixed to the screen which makes the process of replacing the screen more difficult.

Let’s block ads! (Why?)

Source link

Continue Reading


LG considers exiting smartphones in 2021 – The Verge



LG is considering exiting the smartphone market in 2021. After losing around $4.5 billion over the past five years, LG’s smartphone business has been struggling to compete with rivals. Now LG CEO Kwon Bong-seok has notified employees that the company is considering making big changes to its smartphone business.

The Korea Herald reports that Kwon Bong-seok sent out an internal memo to staff on Wednesday, hinting at a change in direction for LG’s phone business. “Since the competition in the global market for mobile devices is getting fiercer, it is about time for LG to make a cold judgment and the best choice,” says an LG official in a statement to The Korea Herald. “The company is considering all possible measures, including sale, withdrawal and downsizing of the smartphone business.”

LG confirmed the internal memo was genuine in a statement to The Verge, noting that nothing has been decided yet. “LG Electronics management is committed to making whatever decision is necessary to resolve its mobile business challenges in 2021,” says an LG spokesperson. “As of today, nothing has been finalized.”

LG’s Rollable phone.

This new internal memo follows a now-deleted report from Korean outlet TheElec earlier this month that claimed LG was planning to exit the smartphone business. LG branded that report “completely false and without merit,” in a statement to Android Police just a week ago.

LG has previously promised “wow factors” to try and attract consumers and make its flagging mobile division profitable. LG has tried multiple times with the G7, the V40, the G8, and the V50 to compete with Samsung and Huawei, but it’s not been enough to push its market share in the right direction. LG’s latest Velvet and Wing smartphones have attempted to try something new, but neither were well received.

Samsung, Huawei, Xiaomi, Vivo, and Apple all continue to dominate worldwide smartphone shipments, according to IDC. LG is now turning its focus to its Rollable phone, in an effort to differentiate it from the competition. LG teased the Rollable device again at the Consumer Electronics Show last week, with a “unique resizable screen” that extends from a phone to become a small tablet display.

LG has promised its Rollable device is real and will launch in 2021, but with the company reconsidering its mobile plans it could be one of the last LG phones we’ll see.

Let’s block ads! (Why?)

Source link

Continue Reading