Advice:
The
right to privacy is as fundamental as "freedom of speech". We
have studied various attempts by governments in Canada, UK and the United
States to enact legislation to set guidelines for business and individuals.
Sadly, most laws have no teeth or are confusing.
Even government is reluctant
to follow their own rules which stems more from a lack of good policies,
procedures and enthusiasm.
Quite frankly, our best
advice is to take pro-active steps to protection your own personally
identifiable information from evaders,
government and business interests. Do not be afraid to ask what your
information is going to be used for. If you do not receive a good explanation- "No" is
perfectly acceptable response.
Personal Information protection privacy legislation
Computer
Misuse Act 1990 - UK Obscene
Publications- UK
Privacy
Legislation
Ontario,
Canada
Fair
Credit Reporting Act- USA
Personal
Data Privacy
& Security Act- (proposed)- USA
Steps you can take to protect your on-line Privacy.
Learn
how to discard- older data that is no longer relevant, such as emails,
outdated documents, etc. using a data
destruction program. Know that just about anything entered into
a computer can be traced back to you. Computers are very good at collecting
information about you, cross-referencing, sharing and profile building.
Your data is available for a price. Make sure- it reflects an accurate
picture of the "real" you.
ID theft is becoming a larger problem for computer users. A recent study
(May 2007) in Canada, indicates the rate of occurrence has grown to one
in fifteen people. ID theft occurs when thieves steal items such as your
government issued ID cards, licenses, credit card bills, tax assessments
and by digitally snagging data from your computer, cell phones,e-mail
and electronic transactions.
Digital
Rights Management (DRM) technology which is used to
control access has over-stepped the boundaries of most privacy legislation.
Publishers and copyright owners of DVD, MP3 and most consumer software
which have been desperately trying to protect their products from unauthorized
use and copying. Unfortunately, many have overstepped the bounds of
personal privacy by using the information you share with them for other
purposes by not providing adequate disclosure. These other purposes
include arrangements made with third party marketing organizations
to pay to use or sell your information without your consent.
So what do you do? When you register your products take out a separate
nondescript email address to have all the poop sent to. Log off your
internet connection and clear
your cache and temp files.
Log back on- do the registration and log off again. Most DSL and dial
up connections use shared IP addresses so it makes it harder to track
back your IP if you only used it briefly.
Do not agree to having credit card and contact information
retained to allow you to log in quicker. These opened ended agreements
leave you vulnerable to abuse (companies do change ownership, privacy
policies change, etc.) If you have the opportunity to email or write
the supplier- make sure to mention your information is confidential & their
agreement is confusing. If asked to do a survey- decline (especially
the ones that ask about marital status, kids, income level, ethnicity,
etc.) It is none of their business.
Yes- DRM has been found to include companies that provide tax preparation
software & filing services and even electronic books in libraries.
Have you been contacted by people out of the blue that seem to happen
to know more than a little about you? What choice do you have if you
want to consume these products- not much especially when terms are not
disclosed or buried in a long agreement. But, you do have the option
to ask the caller where they got your info or hang up, throw their adverting
in the garbage or delete their spam email. Not really great choices.
The
debate still rages on whether your IP address is part of your personal
information. Just assume that it is not. Most Internet Service providers
just cave in when presented with a Court order, even though it is a
hassle for them to track back all of your activity. Computers are very
good at retaining detailed information.
Be aware that operating systems, applications, instant messaging and
browsers were designed to retain information as a function of their logging
activities for troubleshooting and authenticating licensing. Both Windows
Vista and XP do not permanently remove data when deleted, emptied from
the re-cycle bin or formatted. If anything- vendors are becoming more
intrusive with no legislation on the books to protect your interests.
Once, you say "Yes" to an licence or agreement-
your personal privacy is at the mercy of the provider. For example- some
state that your personal information, usage and demographics are the
business property of their company.
We are optimistic laws and software will evolve to benefit both the ability
to conduct legitimate business & to protect people from info predators
and abusers in North America. The opposite is true of countries in Europe
where privacy is a high priority. Strict laws control the cross border
flow of personal information without very specific consent from the individual.
Non-compliance results in restrictions & barriers to trade and heavy
fines for violators. See the Privacy Legislation directory
for more details.
State, provincial and regional laws can circumvent or conflict with national
legislation. It is not uncommon that business and government interests
will trump yours. We feel all parties should be interested in striking
a balance between the right to personal privacy and the need to conduct
business or provide services. Do not expect much protection until government
can figure out how to enforce their own legislation and make a few bucks
off it.
Business needs to entrench responsive privacy policies. People should
feel confident that their interests are being protected. This confidence
is an asset to business and government that practice "due diligence".
This involves establishing principals to meet the demand for privacy.
Inform your Staff and Clients of your policies and prove you mean it
by reinforcing the message. Organizations that have the foresight to
realize that respecting privacy is important are going to set the pace,
since the right message trickles down to your own Staff. Examples:
USA: The Patriot
Act and recent moves by the Federal government to assert the power
to access both internal and international communications is taking personal
privacy protection to an all time low.
Legislation in several States is being enacted expose the worst offenders
and to make disclosure of breaches- public knowledge. California has
forced companies and government to disclose breaches that involve their
own citizens. The result has been the exposure of major
breaches impacting thousands of US citizens.
Next in line to be drawn in the sand is the Real
ID Act (2005) which is expected to be implemented in
early 2008. Some privacy advocates maintain universal id's will
be the end of privacy as we know it. In essence, States will need
to provide their residents new driver's licenses and ID cards based
on new- high-tech standards in order to be accepted by federal
authorities as places such as airports to U.S. courthouses. Anticipate
the same scrutiny when applying to federal programs, such as retirement
and health benefits. Is a National ID scheme a good thing? It depends
on whether the information is well protected by the government
itself. Bad guys won't like it if it is hard to steal and use your
ID.
Canada:
The Personal Information Protection and Electronic Documents Act:
(P.I.P.E.D.A) passed into law April 13th, 2000. This Act was based
on the Ten "internationally recognized" principals.
Of particular interest is their Resource
Centre- where good information on the basics are provided
and updated for business use.
These benchmarks can be used for business, government and individuals.
In addition, the Canadian Federal Privacy Commissioner has released
her report to Parliament in the fall of 2005. It gave some insight
into what people are thinking and possibly, what lies ahead.
There was no significant action taken on these recommendations.
Until there is some form of enforcement & meaningful penalties-
the offenders will continue to pry into your personal information.
Unfortunately, most are very sloppy when it comes to protecting
the information they gather.
The Canadian Code of Practice for Consumer Protection in Electronic
Commerce is intended to establish benchmarks for good business practices
for merchants conducting commercial activities with consumers online.
The Code leaves unchanged rights, remedies and other obligations that
may exist as a result of consumer protection, privacy or other laws and
regulations, or other general or sector-specific voluntary codes of conduct
to which vendors may subscribe.
If
you want to hang on on-line- create a email address in Hotmail or others
that does not point to your real name, address, phone number, school
attended, age or general location. Any good data analyst will tell
you- only two snippets of information is needed to personally id a
person- right down to your physical address and name. It is easy to
find out your IP address since it travels every site you access. The
same is true for social sites, such as file sharing, picture sites,
blogs, dating services, alerts and cell phones. We suggest that all
business' keep tabs on data destruction standards and operate
"clean machines" by
obliterating traces of old internet logs, deleted emails/ instant messages
and emptied recycle bin files at all times. P2P sites can open your whole
hard drive to sharing unless you change the settings under options including
your address book(s). With
the right types of anonymous surfing software,
you can prevent personal information from falling into the wrong hands.
Understand that you can refuse to provide information requested in
fill-in forms and service sign ups. It is not in your interest to give
in to questions that result in profiling, such as age, # of children,
martial status, ethnicity, etc.
