2011_pipeda_e

7/29/2019 2011_pipeda_e

1/115

7/29/2019 2011_pipeda_e

2/115

7/29/2019 2011_pipeda_e

3/115

Te drawings on this page and throughout the report are the works o

the children o employees at the Oce o the Privacy Commissioner o Canada.

7/29/2019 2011_pipeda_e

4/115

Oce o the Privacy Commissioner o Canada

112 Kent StreetOttawa, Ontario

K1A 1H3

(613) 947-1698, 1-800-282-1376

Fax (613) 947-6850

DD (613) 992-9190

Minister o Public Works and Government Services Canada 2012

Cat. No. IP51-1/20111910-0051

Tis publication is also available on our website atwww.priv.gc.ca.

Follow us on witter: @privacyprivee

7/29/2019 2011_pipeda_e

5/115

June 2012

Te Honourable Nol A. Kinsella, SenatorTe SpeakerTe Senate o CanadaOttawa, Ontario K1A 0A4

Dear Mr. Speaker:

I have the honour to submit to Parliament the Annual Report o the Oce

o the Privacy Commissioner o Canada on the Personal Inormation Protection andElectronic Documents Actor the period rom January 1 to December 31, 2011.

Yours sincerely,

Original signed by

Jennier Stoddart

Privacy Commissioner o Canada

7/29/2019 2011_pipeda_e

6/115

7/29/2019 2011_pipeda_e

7/115

June 2012

Te Honourable Andrew Scheer, M.P.Te SpeakerTe House o CommonsOttawa, Ontario K1A 0A6

Dear Mr. Speaker:

I have the honour to submit to Parliament the Annual Report o the Oce

o the Privacy Commissioner o Canada on the Personal Inormation Protection andElectronic Documents Actor the period rom January 1 to December 31, 2011.

Yours sincerely,

Original signed by

Jennier Stoddart


7/29/2019 2011_pipeda_e

8/115

M fr Cr1

Pry y Nr 2011 7

1. Orw f 2011 9

1.1 Serving Canadians 9

1.2 Supporting Parliament10

1.3 Supporting Organizations11

1.4 Advancing Knowledge12

1.5 Global Initiatives 13

1.6 Technology Lab 15

2. Ky I: Clr Y Pry17

2.1 Investigations Relating to Children and Youth 20 Nexopia20 Webcam use in a daycare 25

2.2 Surveillance o Children 26

2.3 Youth Outreach Initiatives 27

2.4 Digital Literacy 28

2.5 Contributions Program - Projects or Youth30

3. T Pry LOverview o other major isses addressed by the OPC 31

3.1 Financial Privacy32 Investigations 32 Task Force or the Payments System Review 36

3.2 Biometrics37 Investigation 37 Biometrics Guidance Document 41

3.3 Online Privacy 42 Investigations (Facebook, Google) 42 Canadas Anti-Spam Legislation 46 Consumer Privacy Consultations 47 Online Behavioural Advertising Guidance 48 Privacy Poll49 Technology Lab50

3.4 Modernization o Privacy Laws 50 Implementing Amendments to PIPEDA 50

Reducing the Risk o Data Breaches 51 PIPEDA review 52

Table of Contents

7/29/2019 2011_pipeda_e

9/115

7/29/2019 2011_pipeda_e

10/115

Te Personal Inormation Protection and Electronic Documents

Act, or PIPEDA, sets out ground rules or the management o

personal inormation in the private sector.

Te legislation balances an individuals right to the privacy o

personal inormation with the need o organizations to collect,use or disclose personal inormation or legitimate business

purposes.

PIPEDA applies to organizations engaged in commercial

activities across the country, except in provinces that have

substantially similar private sector privacy laws. Quebec,Alberta and British Columbia each have their own law

covering the private sector. Even in these provinces, PIPEDA

continues to apply to the ederally regulated private sector andto personal inormation in inter-provincial and international

transactions.

PIPEDA also protects employee inormation, but only in theederally regulated sector.

7/29/2019 2011_pipeda_e

11/115

1

eenagers are growing up in a

very dierent world than I did.

odays youth have an unpreced-

ented ability to communicate.

Tis rst wave o what some

have called the Facebook gen-eration has latched onto the on-

line world to stay in touch with

riends sharing new Youubevideos and the latest hit songs,

making plans to hang out, andtalking about whats happening

in their lives.

I did many o the same things

with my school riends except

that I did all this in person orover the phone shared with other amily members.

Te big dierence about what I used to do and nowis that there is no record o what my riends and I

gossiped about back then. Tat was also the case or

my own children who are still only in their 20s.

But thats clearly not the

case or anyone who is now ateenager.

All o that online communica-

tion creates a permanent record

and that could carry risks totheir privacy and to their repu-

tations. Not just today, but per-

haps even more in the uture.

eenagers are expected to makemistakes - it s a natural part o

growing up.

Te act that electronic records

o many o the mistakes o

todays youth will persist ordecades to come is cause or deep concern.

Indeed, a host o perils threaten the privacy andpersonal inormation o children and youth one o

the reasons that we have made them a key ocus o

this report.

Message from the Commissioner

7/29/2019 2011_pipeda_e

12/115

2

Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act

Not only are the young usually the rst to embraceany new kind o digital communication, they

are also oten unsuspecting about the potential

privacy intrusions that can accompany such novel

technologies.

And theres another good reason why our eorts to

protect the personal inormation o children and

youth warrant their own chapter. Tey constitute an

important example o where my Oce is providing

leadership on a priority privacy issue.

Providing such leadership is a commitment I made

to MPs and Senators when I was reappointed to a

three-year term as Privacy Commissioner o Canada.It was one o three areas on which I promised to

ocus; the other two were supporting inormed

privacy decision-making and improving service

delivery to Canadians.

Now, one year into my renewed mandate, seems an

appropriate point to review progress in ullling

those commitments.

SIGNIFICANTPRIVACYISSUES

First, leadership on signicant privacy issues. Asdescribed later in this report, my Oce has been

particularly active in 2011 in the area o children andyouth, creating a wealth o new outreach materials,

unding innovative research and reviewing the eects

o surveillance on the young.

We also wrapped up a comprehensive investigation

into a complaint about privacy concerns related to a

social networking website that specically targetedyoung people. Tis rst OPC investigation o a

youth-oriented social networking site was highly

complex, resulting in a detailed Report o Findings o

some 100 pages, with 24 recommendations.

However, many o the problems with the site could

have been avoided i only privacy considerations had

been taken into account back when the operation

was being designed and launched. For that reason,

my Oce considers that this particular investigationought to serve as lessons learned or everyone

engaged in handling the personal inormation o

youth.

Another area in which we also provided privacy

leadership was the burgeoning use o online

behavioural advertising. While the term itsel may be

unamiliar, almost all Canadians who go online willhave seen such advertising.

(M)yOcehasbeenparticularlyactivein

2011intheareaochildrenandyouth,creatingawealthonewoutreachmaterials,undinginnovativeresearchandreviewingtheefectsosurveillanceontheyoung.

7/29/2019 2011_pipeda_e

13/115

3

Mss om Commsso

Ocially, online behavioural advertising is dened

as the practice o tracking a consumers online

activities in order to deliver advertising geared to

that consumers inerred interests. What it meansin practice is that Internet ad networks ollow you

around online, watching what you do so they can

serve you targeted ads.

Late in 2011, we published guidance about how theparties involved in or beneting rom online

behavioural advertising can ensure that theirpractices are air, transparent and in compliance with

the Personal Inormation Protection and Electronic

Documents Act(PIPEDA).

We specically pointed out that organizations

engaged in online behavioural advertising should

avoid tracking children or tracking on websites

aimed at children since meaningul consent may bedicult to obtain.

Yet another area o providing leadership on a

priority privacy issue during the year was the lawulaccess legislation which had been announced

by the Government (and which was eventually

introduced as Bill C-30 early in 2012.) Tis

legislation would have obvious impacts on thetelecommunications industry. Following up on earliermutual representations with provincial and territorial

commissioners responsible or privacy, in October

I sent an open letter to Public Saety Minister Vic

oews outlining my concerns that the expanded

surveillance regime proposed in the legislation wouldhave serious repercussions or privacy rights.

INFORMEDPRIVACYDECISIONS

Te second topic on which I committed to ocus

in my renewed mandate was supporting inormed

privacy decision-making by Canadians, organizationsand institutions.

In May, my Oce laid a solid oundation or this

eort by publishing a nal report on extensive publicconsultations the previous year about online tracking,

proling and targeting and cloud computing. Fromwhat we learned in those consultations fowed

such things as tip sheets about cookies and cloud

computing, a speakers series spotlighting rontierprivacy challenges, the work on children and youth,

the online behavioural advertising guidance and some

o the questions in our biennial public opinion survey.

But that was by no means the sum o my Oceseorts to make sure that Canadians develop strong

digital literacy skills and better understand privacy

rights.

For lawyers, we provided a handbook covering theprivacy issues they were most likely to encounter

during litigation and the running o a law oce. For

small businesses, we authored a set o DIY articleson protecting their valuable inormation includingpersonal details about customers rom online

threats.

Working together, the OPC and its counterparts

in Alberta and British Columbia also devised aninnovative, online tool which allows organizations to

assess the personal inormation saeguards necessary

7/29/2019 2011_pipeda_e

14/115

4


in records management, network security, continuityplanning and 14 other operational areas.

SERVICEDELIVERY

My third commitment was to ocus on improving

service delivery to Canadians. Tis is where the

rubber truly hits the road in my Oce, led by the

day-to-day handling o inormation requests and

complaints.

Streamlined procedures and the benets o experience

continued to yield improvements in our handling o

complaints in 2011. Te average time to deal with an

accepted complaint dropped rom more than 15 monthsin 2010 to just above eight months, signicantly below

the 12-month requirement in the Act.

A major contribution to this perormanceimprovement can be traced to our greater use o anearly resolution process which sidesteps an ocial

investigation or selected complaints. By working

with both the complainant and the respondent

organization, our early resolution ocers were ableto successully clear up more than 90 percent o the

cases this process handles - without resorting to a ull

investigation.

And to continue to meet the needs and expectationso Canadians in the rapidly evolving digital

environment, we strengthened our technology

laboratory, which provides expert support to our

audits and investigations and will also support the

OPCs responsibilities under Canadas new anti-spam

legislation.

As an Ocer o Parliament, I have a special

responsibility to Parliamentarians. Te Assistant

Privacy Commissioner and I, as well as other seniorocials rom my Oce, appear beore committees,

examine legislation or privacy implications, submit

comments and have numerous inormal interactionswith Parliamentarians and sta.

Tis 2011 Annual Report contains many more

examples o how we have delivered on the

commitment to these three ocus areas.

MAKINGADIFFERENCE

However, the overarching question must be: Are we

making a dierence?

Te answer is that, 10 years ater PIPEDA became

law, there is encouraging evidence that the OPC has

had a positive impact on the privacy landscape.

Mythirdcommitmentwastoocuson

improvingservicedeliverytoCanadians.TisiswheretherubbertrulyhitstheroadinmyOce

7/29/2019 2011_pipeda_e

15/115

5

Mss om Commsso

According to public opinion surveys commissioned

by the OPC, the proportion o Canadians saying they

eel they have less protection o their personal privacy

in daily lie than a decade previously has declined,rom 71 percent in 2006 to 61 percent in 2011.

I believe that the Oce o the Privacy Commissioner

o Canada deserves some o the credit or this change

in public attitudes.

Recent years have brought continual challenges tothe OPC and the rst-class team o proessionals

here has consistently upped its game. Te year 2011

was no exception and I am ortunate to work withsuch committed, hard-working and imaginative

people. Tese include my indispensable Assistant

Commissioner, Chantal Bernier, whose unailing

enthusiasm and intellectual curiosity are a source o

constant inspiration.

Despite the welcome change in public attitudes,

however, the proportion o Canadians telling the

survey that protection o personal privacy will be oneo the most important issues acing the country over

the next 10 years has remained essentially unchanged

rom 2006 to 2011, at two-thirds.

o me, the explanation or this apparent paradox isstraightorward.

Canadians appreciate that more is being done to

protect their privacy and personal inormation. Yet

they also understand that new challenges mean thatstill more must be done.

Prominent among those challenges is the rise o

what is being called Big Data. In essence, this reers

to the ability brought about through technological

advances to gather more data than would have beenconceivable just a ew years ago and then sit through

it, looking or patterns.

BENEFITSANDDANGERS

Teres no denying some potential benets to society

rom Big Data. o take a somewhat prosaic example,Google is now able to spot fu outbreaks in North

America days aster than national health authorities

by fagging clusters o online inquiries aboutsymptoms and remedies.

Tis undoubted public health benet was quickly

taken up by commercial interests. An article in the

New York imesdescribed how a large marketingrm devised advertisements or a behind-the-ear

thermometer which were sent to smartphones loaded

with certain apps that collect basic details about

the users, including their gender and whether theyare parents. So the thermometer ad was specically

targeted at smartphones used by mothers o young

children.

In addition, the ad was sent only to smartphonesbeing used in regions where Google detected a fu

spike and where the mothers were within three

kilometres o retailers carrying the thermometer.

apping the onscreen ad took the smartphone user to

a product page with an inormational video and a listo nearby retailers.

7/29/2019 2011_pipeda_e

16/115

6

Some may nd such personalized tracking byadvertisers creepy, others might welcome targeted

ads as relevant and helpul.

Whatever your view, this is only the beginning owhere Big Data is going.

Te many new orms o digital communication

between individuals texting, emails, instant

messaging and so on are all very easily computerreadable and thereore subject to complex analysis

by computers. Sophisticated sotware can track

individuals through their unique identiying device

numbers revealing their location in time and place,

their Internet activities and their interactions withother people with whom they orm a community.

As Leonard Cohen prophetically sang in Te

Future two decades ago, in years to come, wont benothing you cant measure anymore.

INFORMATIONEXPLOSION

Until recently, the denition o personal inormation

was airly clear-cut or most people. It was what

youd nd on a tombstone, plus traditional things like

address, phone number, Social Insurance Number,drivers licence and passport, and so on. Now

people scatter digital crumbs containing personal

inormation as they move through their online

existence.

And the volume o those crumbs is mounting at an

explosive rate.

My Oce has already laid down guidelines or theuse o such inormation in the specic instance

o online behavioural advertising. But there will

undoubtedly be uses we cant currently oresee which

will have serious implications or privacy.

Tats why, in the end, improving the digital literacy

o all Canadians is so crucial.

Jennier Stoddart


7/29/2019 2011_pipeda_e

17/115

7

PIPEDAinormationrequestsreceived

PIPEDAormalcomplaintsaccepted PIPEDAearlyresolutioncasessuccessullyclosed

PIPEDAinvestigationsclosed

DratbillsandlegislationraisingPIPEDAissuesreviewedorprivacyimplications

Policyguidancedocumentsissued

Parliamentarycommitteeappearances

OtherinteractionswithParliamentariansorstaf(orexamplemeetingwithMPsorSenators)

Speechesandpresentationsdelivered

Contributionagreementssigned

VisitstomainOcewebsite

VisitstoOceblogsandotherwebsites(includingOPCblogyouthblogyouthwebsitedeeppacketinspectionwebsiteandYouTubechannel)

Total

Tweetssent

Publicationsdistributed

Newsreleasesissued

Note: Unless otherwise specied, these statistics also include activities under the Privacy Act, which aredescribed in a separate annual report.

Privacy by the Numbers in 2011

7/29/2019 2011_pipeda_e

18/115

7/29/2019 2011_pipeda_e

19/115

9

C 1 - O o 2011

1.1 Serving Canadian S

Overview of 2011

CHAPTER

INFORMATIONREQUESTS

During 2011, our Oce handled more than 5,200phone calls, emails and letters rom Canadians

about privacy issues in the private sector covered

by PIPEDA. Issues related to the use o Social

Insurance Numbers remained a common reason

that people contact us or inormation. As well, weare receiving a growing number o requests related

to online issues, particularly with respect to social

networking sites. More details appear in section 4.1.

COMPLAINTS

In yet another move to speed up service to

Canadians, we created a dedicated Intake Unit,which initially reviews all written complaintsreceived. I necessary, the Unit ollows up with the

complainant to clariy our understanding o the

complaint and gather any additional inormation

or documents necessary so we can launch an

investigation as quickly as possible.

Tis streamlined screening has helped to reduce the

average times o an investigation. Combined with

other complaint handling improvements such asthe increased use o early resolution approaches, the

result has been a urther drop in the time it takes

to handle all ormal complaints now down to an

average o 8.2 months well below the 12-month

requirement set out in PIPEDA. (See Appendix 2or details.)

We accepted a total o 281 ormal complaints

in 2011, compared to 207 in 2010. Possibleexplanations or this 35 percent rise include an

increased complexity o issues raised, heightened

public awareness o privacy rights or more intense

interaction with business in the digital economy.

In 2011, we completed 125 early resolution cases

and all but nine were satisactorily resolved without

opening a ormal investigation.

7/29/2019 2011_pipeda_e

20/115

1 0


COMPLAINTINVESTIGATIONS

We completed 120 ormal investigations into

complaints related to the private sector in 2011.Tis is a signicant decrease rom 2010, when we

completed 249 investigations, in the culmination o atwo-year eort to clear a backlog o complaints.

We have made privacy issues related to children and

youth a ocus o this years report and summaries o

the relevant complaint investigations are included inChapter 2.

Investigations related to nancial privacy, online

privacy and biometrics appear in Chapter 3, a survey othe 2011 privacy landscape. Inormation on still other

complaint investigations is provided in Chapter 4.

PUBLICAWARENESS

Our Oce uses many dierent tools to raise

awareness o privacy among Canadians speechesand other public presentations, media interviews,

paper and online publications, an ever-changingwebsite, social media such as witter and blogs,

Youube videos, contests or young people,

educational kits or teachers and even a popular

privacy calendar.

Details o our public awareness activities can be

ound in Chapter 5.

1 .2 SuppOrting parliaMent

From a legislative perspective, Parliament and its

committees had a reduced sitting schedule during2011 because o the general election. As well, with

Parliamentary priorities ocused mainly on public

sector concerns such as crime and the ederal budget,

our Oce was called upon or ewer PIPEDA-related appearances.

Te general ederal election o May 2, 2011 sent new

members to the House o Commons or the third

time since 2006. Te Conservative Party remained

in power, increasing their seats rom a minority to amajority in the 41st Parliament.

While the government has ocused largely on public

sector-related bills, it also reintroduced Bill C-12,anAct to amend the Personal Inormation Protection

and Electronic Documents Act. When the year ended,

it was still at the beginning o the legislative process

and had not been reerred to a standing committeeor review.

Te Government also said it would introduce

Internet surveillance legislation that did not pass in

the previous Parliament. In this regard, we continued

to express our concerns related to lawul accesslegislation.

C 1 O 2011

7/29/2019 2011_pipeda_e

21/115

1 1

C 1 - O o 2011

APPEARANCESBEFOREMPSANDSENATORS

During 2011,our Commissioner and Assistant

Commissioner made ve Parliamentary committeeappearances.

Te OPC also examined a total o 11 bills as well

as two new committee studies introduced in the

41st Parliament or potential privacy implications.One was the E-Commerce in Canada study o

the Standing Committee on Industry, Science and

echnology.

Troughout the year, we also had many inormal

interactions with Parliamentarians, including ollow-

ups to committee appearances, subject-matter

inquiries rom Members o Parliament, ace-to-acemeetings and briengs.

PIPEDA-RELATEDPARLIAMENTARYWORK

Given the reduced sitting schedule in 2011, theStanding Committee on Access to Inormation,

Privacy and Ethics postponed a review o our 2010

Annual Report to Parliament on PIPEDA.

1.3 SuppOrtin g OrganizatiOnS

Tis past year we released a nal report on our 2010

Consultations on Online racking, Proling and

argeting, and Cloud Computing. Te contributionsand analysis associated with the consultations gave

rise to several activities in 2011, including:

guidelines to help organizations involved inonline behavioural advertising ensure that their

practices are air, transparent and in compliance

with PIPEDA; and

continuing work to develop cloud computingguidance specically directed to privacy

issues relevant to Small- and Medium-sized

Enterprises (SMEs). Tis guidance will be

available early in 2012.

We also oered guidance to legal proessionals in the

private sector. PIPEDA and Your Practice A Privacy

Handbook or Lawyers, launched in August, explainshow PIPEDA relates to the everyday practice o

Canadian lawyers.

Our Oce, along with the Oces o theInormation and Privacy Commissioners o Alberta

and British Columbia, jointly launched a new online

tool to help businesses better saeguard the personal

inormation o customers and employees. SecuringPersonal Inormation: A Sel-Assessment ool or

Organizationsis a detailed online questionnaire and

analysis instrument that helps organizations gauge

how well they are protecting personal inormation, in

keeping with the applicable private sector privacy law.

7/29/2019 2011_pipeda_e

22/115

7/29/2019 2011_pipeda_e

23/115

7/29/2019 2011_pipeda_e

24/115

C 1 - O o 2011

7/29/2019 2011_pipeda_e

25/115

1 5

FRANCOPHONIE

Our Oce was instrumental in the creation in

2007 o the organization representing rancophonedata protection authorities around the world, theAssociation rancophone des autorits de protection des

donnes personelles(AFAPDP). We are committed

to helping the AFAPDP provide increased support

to developing countries in the Francophonie as theyestablish new legislative rameworks to protect the

privacy rights o their citizens.

In 2011, Assistant Commissioner Chantal Bernier

attended the associations rst training seminar

to take place on the Arican continent, in Dakar,

Senegal. In her presentations, she discussed howprivacy principles apply in various legal regimes

and gave an overview o the historical importance

o the OECD guidelines. In a second AFAPDP

seminar beore the International Conerence o Data

Protection and Privacy Commissioners in Mexico,she ocused on the accountability principle and its

practical application.

1.6 teChnOlOgy lab

Our technology lab and its small sta keep the OPC

up-to-date with developing technologies and provide

expert support or audits and investigations where

technology is a major component. Te technologiesrun the gamut rom apps through smartphones to

gaming consoles. Lab technologists can scrutinize

such apps or devices to learn what personal

inormation is being stored, what is being exchangedon the web and how it is being protected.

As an example o current privacy concerns, the lab

has the ability to analyze the tracking techniques

used by online behavioural advertisers and also the

eectiveness o privacy controls on social networkingsites.

7/29/2019 2011_pipeda_e

26/115

7/29/2019 2011_pipeda_e

27/115

1 7

INTRODUCTION

In the battle to preserve the value o privacy in an

online world, children and youth increasingly ndthemselves in the ront lines.

Young Canadians are the most open to adopting

new communications technologies which can, in

some cases, invade their privacy. Tis holds true, notsurprisingly, or those aged 18 to 34, as conrmed by

a national opinion survey carried out this year or the

OPC. (See section 3.3)

But the true adoption age or digital media is much,

much younger.

We know, or example, that thousands o apps

targeted at babies and toddlers are now available to

teach little ones the alphabet and to entertain themwith nursery rhymes.

Te evidence may still be mostly anecdotal, but one

recent study ound that a third o North AmericanGen-Y moms (those aged 18 to 27) have let their

children use a laptop by age two.

By the time the kids are three, those laptops and

tablets are connected to the Internet daily or abouta quarter o U.S. kids, according to the Joan Ganz

Center in New York. By age ve, the proportion

online has soared to hal.

We are giving our children unprecedented access to

the Internet, but what are we doing to teach themabout how to protect their privacy in the online

environment?

We oten hear the claim that young people growing

up in this digital era do not care about privacy. Tis is

not true.

Key Issue: Children and Youth Privacy

CHAPTER

7/29/2019 2011_pipeda_e

28/115

7/29/2019 2011_pipeda_e

29/115

7/29/2019 2011_pipeda_e

30/115

C 2 K iss: C yo pc

7/29/2019 2011_pipeda_e

31/115

21

deault settings inappropriate or its target youth

audience and a lack o clarity about available

privacy settings;

a lack o meaningul consent or the collection,

use and disclosure o personal inormation

collected at registration;

the sharing o personal inormation withadvertisers and other third parties without

proper consent; and

the indenite retention o personal inormation.

IssUEs

1. Disclosure o user profles to the public and

deault privacy settings

At the beginning o our investigation, Nexopias

deault privacy settings were visible to all meaning

visible to the whole Internet.

Given the special circumstances surrounding youth

users and privacy, the OPC ound that a reasonable

person would not consider it appropriate or Nexopia

to pre-select settings that push users towardsdisclosing their personal inormation, in some casesvery sensitive personal inormation, or potentially

everyone on the Internet to see.

Te investigation also revealed that Nexopia does

not adequately notiy its users o deault settings, orexplain the dierence between various settings.

Our Oce ound more could be done to inorm

users about the available privacy settings to ensure

that users can make inormed decisions about how

they can control access to their personal inormation.

Nexopia users should be expected to opt-in to the

visible to all setting and with a ull understanding

o the implications o that choice.

Our Oce ound that more restrictive deault

settings, coupled with increased inormation or users

in a ormat appropriate or a youth audience, wouldstrike an appropriate balance between ensuring young

people can enjoy the benets o social networking,while protecting their privacy.

Te OPC was satised that Nexopias proposed

corrective measures, which include changing deaultsand providing better inormation to users, will meet

our recommendations.

2. Lack o meaningul consent or the collection,

use and disclosure o personal inormation

collected at registration

Our investigation ound that Nexopia ailed to

adequately identiy and inorm users o its purposesor the collection, use and disclosure o thepersonal inormation it requires users to provide at

registration.

For example, it was not clear which core prole

inormation and prole pictures would be visible tousers within the Nexopia community and anyone on

the Internet, by deault.

7/29/2019 2011_pipeda_e

32/115

C 2 K iss: C yo pc

7/29/2019 2011_pipeda_e

33/115

23

Te site did not explain to users the potential

disclosure o their personal inormation to the

rewards company, nor that such disclosures may

be provided over and above any inormation theuser provides directly to the rewards company as a

condition o a particular Earn Plus oer. Nexopia

admitted that their online statements and actual

disclosure practices had become misleading.

Nexopia asserted that the inormation provided to

the payment processor and the rewards company

could not be used to identiy and obtain moreinormation about individual users. However, our

testing revealed that a users unique ID can be usedto link to the users prole and potentially permit

access to all the personal inormation displayed there.

In our view, Nexopia could use another unique codeor identiying number that limits the amount o

personal inormation that passes between the parties

and yet still allows ecient billing and payment

processing.

Nexopia agreed to stop providing unique user IDs to

the payment processor and has made the decision to

completely remove the Earn Plus service rom the

site, and, thereore, will stop sharing users personalinormation with the rewards company.

Te OPC was satised with Nexopias response.

5. Retention o personal inormation

Nexopia collected non-users email addresses through

invitations to join the site initiated by users. Users

were notrequired to conrm to Nexopia that they

had their riends consent or the purposes o sending

an invitation to join the website, prior to providing

the riends email address to the company.

A non-user who didnt want to receive urther

invitations could click on a link to a page entitled

Opt out o Nexopia.com invites.

However, the non-user was not inormed on this

page that their email address would be retained by

Nexopia. For the unsubscribe eature to be eective,Nexopia said it must retain or an indenite period a

list o email addresses to which no urther messageswould be sent.

In our view, it was important or the user who

provides the email address in the rst place to ensurethat they have obtained prior consent rom the email

address owner, their riend, or the invitation email to

be issued by Nexopia.

As well, our Oce recommended that Nexopia oernon-users a clear choice between a) unsubscribing

rom join-the-site invitation emails, or b) permanent

deletion o their email address.

Te OPC was satised with Nexopias response toour concerns about this issue.

Nexopia agreed to add text to its Find and Add

Friends eature to emphasize that users should have

non-users permission to give the website their emailaddresses.


7/29/2019 2011_pipeda_e

34/115

24

Te organization also agreed that, in the uture, non-

users who receive invitation emails will be able to

request the permanent deletion o their email address

rom Nexopias database.

Our Oce also considered the issue o deletion o

accounts.

When users clicked on an option called DeleteAccount they were advised: Tis will delete your

account, including your profle, your pictures, riends list,

messages, etc. Your orum posts, comments and messages inother users inboxes will remain.

In act, Nexopia advised us that the only inormation

deleted is the users shouts.

Other inormation was stored indefnitely. (For example,username; user ID; email address; IP address and log-

in inormation; riends list; gallery pictures; prole

contents; messages and comments; and prole photos.)

Another concern related to account deactivationand the reezing o accounts, either by Nexopia or

upon request by a user. Te personal inormation

contained in rozen user accounts remained inactive

on Nexopias servers indenitely and was not subjectto any periodic review.

Nexopia admitted it had not deleted account

inormation since 2004, either rom deleted or

rozen accounts.

It was clearly misleading to provide a Delete

Account option. Te OPC recommended that

Nexopia provide a true delete option or the accounts

and personal inormation o users.

Unortunately, Nexopia said it would not implementthis recommendation because the cost o doing so

would be prohibitively high. It also argued that the

inormation stored in the archives was only accessible

to system administrators and recovered in the event

that they received a warrant rom a law enorcementauthority.

Te OPC understood the technical challengespresented in permanently deleting users personal

inormation. However, Nexopias practice o storingindenitely all o an individuals personal inormation

was in contravention o PIPEDA.

Its clear that law enorcement authorities sometimesrequire access to inormation. Such requests or

warrants may justiy a longer retention period in

specic cases, but they do not justiy wholesale and

indenite retention oallrecords just in case there

may be a request at some point in time.

Nexopias practice o storing personal inormation in

its archives indenitely, on the small possibility it may

be the subject o a warrant rom a law enorcementagency, was thereore not acceptable.

Moreover, there are security risks inherent in

retaining vast amounts o ormer users personal

inormation, long ater it has served its original

purpose. As well, our Oce is concerned thatNexopias users are being misled into thinking they

C 2 K iss: C yo pc

7/29/2019 2011_pipeda_e

35/115

25

can delete their personal inormation at some point,

i they want to.

Tis issue remained unresolved at the end o ourinvestigation. Te OPC is proceeding to address

these unresolved issues in accordance with our

authorities under PIPEDA, which include the

option o going to Federal Court to seek to have the

recommendations enorced.

Te ull investigation report is available on our

website.

DacaeCenteModiiedWebcamMonitoingto

InceasePivacPotection

BACKGROUND

Te complainant enrolled his son at a private daycarecentre and was told that parents could pay a ee or its

webcam service to let them see their childs daycare

room in real time. Parents viewed the webcam eed via

the Internet ater entering a unique password.

Te daycare centre stated that it had instituted the

webcam service or two reasons: rst, so it could

monitor the daycare environment or security

purposes; and, second, to provide parents withassurances regarding the daycare environment.

Te centre told the OPC that approximately

60 percent o the parents o registered children

had enrolled in the webcam service.

Te complainant subsequently learned that the

webcam eed was being recorded. He notied the

daycare centre that he objected to the recording and

that he elt appropriate privacy saeguards were not

in place.

Following notication o the investigation, the centre

deleted its saved video les and modied its systems

to no longer record the video stream captured by

its webcam. Te centre also implemented a privacy

policy requiring all parents to sign a orm consentingto the webcam monitoring, regardless o whether a

parent wished to enrol in the service.

Te daycare centre acknowledged that a parent would

be able to record and send out the webcam eed asviewed on a personal computer. Upon our Oces

suggestion, the centre required parents using the

webcam service to sign a contract agreeing to not

record the webcam eed and promising to keep theassigned password condential.

WHAT WE FOUND

At issue was whether the daycare centre collected

the complainants sons personal inormation withoutconsent and ailed to adequately saeguard his sons

personal inormation.

Initially, the OPC was o the view that the daycarecentre was not in compliance with PIPEDAPrinciples 4.7 (security) and 4.3 (consent) and

subsection 5(3) (appropriate purposes) and

recommended the centre cease the webcam

monitoring program.

During the investigation, however, the centre

improved its organizational and technological

7/29/2019 2011_pipeda_e

36/115

C 2 K iss: C yo pc

7/29/2019 2011_pipeda_e

37/115

27

As well, they see that the state uses surveillance to

detect and deter anti-social behaviour, while business

uses online surveillance or commercial prot.

According to the available research, indiscriminate

surveillance on children without proper boundaries

and explanations may potentially aect:

Autonomy and social developmentWithout the reedom to experiment with making

critical and ethical choices, children could

instead make decisions based on ear and risko punishment. Tey could become less likely to

learn to regulate and direct their own behaviour.

Trust, ear and learning to assess risk

Surveillance could create an articial, risk-ree

environment where children might not be given

opportunities to develop sel condence and risk

management skills.

Digital literacy

Monitoring sotware could hamper childrens

development o digital literacy skills needed to

navigate the online world eectively.

Understanding privacy

I children are brought up in a surveillance

environment where privacy is not valued, they inturn may not value privacy. Tese children may

also not learn how to establish their own privacyboundaries and could be less likely to respect the

boundaries o others.

2.3 yOuth OutreaCh initiativeS

We have successully launched two youth

presentation packages intended to be used with

students in Grades 7-8 and Grades 9-121.

Te goal is to show young

people how technology can

aect their privacy, and how

they can build secure onlineidentities while keeping

their personal inormation

sae.

1 Secondary I to II and III to V in Quebec.

Each package includes a set o vibrant PowerPoint

slides with accompanying speaking notes to assist

teachers or other adults in providing eective andengaging presentations in schools or the community.

Presentations take about 30 minutes, but extra time or

group discussion is encouraged.

Presenters are invited to provideeedback to the OPC so the package

can be continually improved.

We have also developed a our-and-a-hal-minute video, What Can YOU Do

to Protect Your Online Rep, which

Resources forparents and teachers

What Can YOU Doto Protect Your

Online Rep - Video

7/29/2019 2011_pipeda_e

38/115

C 2 K iss: C yo pc

7/29/2019 2011_pipeda_e

39/115

29

In its paper, MNet compared Canadian digital

literacy programs with eorts rom the U.K., the U.S.,

Australia and Brazil. It ound the ollowing trends:

Youth are a prime target or digital literacy

interventions, including privacy skills. Although

adults are also vulnerable to privacy risks, they

are made a lower priority or digital literacy skills

development.

Current digital literacy interventions do not

anticipate uture risks but rather scramble tokeep up with the present.

Outside o broadly dened groups such as youth,

adults and seniors, existing programs display

little sensitivity to other actors which may aect

digital literacy, such as immigrant status or gender.

Despite the possibility o delivering digitalliteracy education exclusively online, all the

countries studied preer ace-to-ace instruction,

especially or seniors.

Based on its review, MNet made the ollowing

recommendations:

Dene privacy competencies that Canadiansneed to manage their personal inormation

online. Te suggested competencies range

rom awareness that personal inormation

is increasingly treated as a commodity to a

knowledge o privacy rights and recoursemechanisms.

Promote these privacy competencies as an

entitlement or Canadians.

Integrate issues o data protection anddemocracy in educational modules.

Focus more on adults.

Support continuing digital literacy education orall elementary and secondary students.

Prepare privacy resources which can be adaptedto many audiences.

Support Community Access Program sites as

venues or privacy education.

Promote and support existing, high-qualityresources.

Promote a national ocus on digital literacy.


7/29/2019 2011_pipeda_e

40/115

30

c

q

o2.5 COntributiOn S prOgraM prOjeCtS fOr yOuth

Over the past ew years, the OPCs Contributions

Program has unded innovative research and publiceducation initiatives that explored the relationship

between youth and privacy and promoted the

protection o personal inormation among youth. For

instance:

Te Media Awareness Network was awarded

unding in 2011-12 or its project Young

Canadians in a Wired World - Phase III.Tisproject is one o the most comprehensive

and wide-ranging studies o Internet use bychildren and teens in Canada. Phase IIIo the

project covers completion o qualitative research

previously undertaken by MNet using parent

and youth ocus groups in Calgary, oronto andMontreal, writing o the qualitative research

nal report, and developing and implementing acommunications strategy.

Also in 2011-12, Atmosphere Industries wasawarded unding or its project Gaming Privacy:

Creating a Privacy Game with Canadian Children.

Tis project proposes to work with Canadian

children to create, deploy and research a cross-

media game that engages children ages eightand up in the development o privacy literacy

skills. Cross-media games mix physical with

digital spaces and technologies to create unique

experiences that get people working together in

public spaces to solve puzzles and accomplishgame goals.

In 2009-10, OPC unded a project carried out

by the University o Guelph, titled Privacyand Disclosure on Facebook: Youth & Adults

Inormation Disclosure and Perceptions o Privacy

Risks. Itaimed to advance the understanding

o inormation sharing on Facebook by high

school students and working adults through aliterature review and a survey o 600 Canadians.

Te research ocused on actors that motivated

disclosure o inormation and the use o privacysettings as well as examining Facebook users

perception o privacy risks and knowledgeo privacy settings. Te nal report includes

recommendations to help the OPC develop

strategies or making the public aware o the

privacy risks o social networking sites and theneed to make more inormed decisions about

inormation sharing.

Te OPC looks orward to the results o

this research being applied and put to gooduse by interested end-users ocusing on the

identication and privacy needs o youth as they

navigate the modern challenges o the online

world.

7/29/2019 2011_pipeda_e

41/115


7/29/2019 2011_pipeda_e

42/115

32

o keep pace with the rapidly evolving privacy

landscape, our Oce issued guidance documents

about biometrics and online behavioural advertising

two developments spawned by new technology. Wealso strengthened our technological expertise, partly

to support OPCs role in Canadas new anti-spam

legislation, which is expected to go into eect this year.

All these developments are detailed on the ollowing

pages, which examine some o the major issues we

addressed during 2011.

3.1 finanCi al privaCy

Most people guard the details o their nances

as zealously as they guard their PINs at the sales

register or AM. A nightmare shared by everyone

would be learning that some crook is running amok

with your credit card.

Because o such sensitivity and the huge number

o transactions with Canadians, the nancial sector

has regularly accounted or the largest proportion oormal complaints accepted by the OPC. In 2012, it

also gave rise to several noteworthy investigations,

which are summarized here.

INVESTIGATIONS

CeditBueauPugesLoanHistoom

IndividuasCeditRepotithouthisKnoedge

BACKGROUND

An individual nanced the purchase o a used

vehicle through a third-party nancing company. In

nancing the purchase o his vehicle, the complainantsought a lender that reported to a national credit

bureau. He did so in the belie that a positive

repayment history might help augment his overall

credit standing.

Te complainant began repaying his car loan in July

2004. By June 2008, the complainants loan was paid

in ull.

In 2008, ollowing the repayment o his car loan, the

complainant sought to take advantage o a provincial

program which provided grants to qualied

applicants towards the purchase o a home. Tecomplainant appeared to have obtained a mortgage

7/29/2019 2011_pipeda_e

43/115


7/29/2019 2011_pipeda_e

44/115

34

o our investigation the credit bureau producedsucient evidence to demonstrate how reporting

inormation rom a severed data source might

adversely aect the integrity o its credit reports.Although the eects in this case o the purgingo loan inormation rom the complainants credit

report were such that it rendered his credit history

incomplete, we could envision just as many other

scenarios in which notpurging inormation rom

a severed data source might have led to an equallyinaccurate or incomplete credit picture.

Without continuity in the reporting relationship with

a data source, the credit bureau was unable to ensure

that the inormation in its credit reports was recent,reliable and up-to-date. Not only would the credit

bureau have been unable to report on subsequent

changes to an individuals credit report, the company

would also have been unable to veriy and investigate

inaccuracies in data reporting.

Despite the above, we were still concerned that

credit inormation was entirely purged rom the

complainants credit le, without his knowledge. Inthis case, not only was the complainant completely

unaware that his personal inormation was to be

deleted, but third parties who might have relied on

the companys credit reports or lending appeared to

have been similarly unaware o the companys policiesand practices.

At the time o our investigation, the credit bureau

did not publicly disclose its 60-day retention policy

or inormation rom severed data sources. Te

companys data retention policy stated only that: A

credit transaction will automatically purge rom thesystem six years rom the date o last activity.

Had the complainant been aware o the creditbureaus 60-day policy, he may have been in a betterposition to monitor his le and to consider placing

a narrative on his credit report. He might also have

thought to take action to obtain inormation directly

rom the severed data source in a timely manner in

order to supplement his credit record.

CONCLUsIONAs PIPEDA requires that an organization make

readily available to individuals specic inormation

about its policies and practices relating to themanagement o personal inormation, and so ar

as the credit bureau ailed to be open with the

complainant about its policy on severed data sources,

we ound the complaint to be well ounded. Te

credit bureau agreed to implement our Ocesrecommendations to address this issue.

BankPopeRedactedInomationReatedto

CeditCadFaudPobe

Te complainant alleged that a bank denied her

access to her personal inormation relating to the

banks investigation into the alleged raudulent use o

her credit card.

Te respondent bank had inormed the complainant

that her credit card would be cancelled because o

potential raudulent use o the card. Ater more than

six months dealing with the customer care centre

and ombudsmans oce o the bank, the complainant

7/29/2019 2011_pipeda_e

45/115


7/29/2019 2011_pipeda_e

46/115

36

Our Oce concluded the complaints relating to

both collection and consent with regard to the

complainants personal inormation were not well

ounded.

Regarding the retention issue, we were satised that

the legal obligation cited by the credit union or the

retention o the complainants personal inormation

or a period o seven years was reasonable.Accordingly, we concluded that the complaint was

not well ounded.

Te complaints relating to consent to the collection

o his spouses personal inormation and the use anddisclosure o her inormation were well ounded and

resolved.

TASKFORCEFORTHEPAYMENTSSYSTEM

REVIEW

Te modern payments system extends all the way

rom cash purchases at a convenience store to

multi-million dollar transers between businesses. Itincludes all the institutions, instruments and services

that support the transer o valuebetween parties,

including money, nancial instruments, and even the

exchange o inormation.

Tat landscape is being dramatically altered by

advances in the digital economy, which have

acilitated an online marketplace where payments are

being made in new and innovative ways.

In June 2010, the Minister o Finance announced the

launch o the ask Force or the Payments System

Review. In the summer o 2011, the ask Force asked

or submissions related to the transormation o the

Canadian payments system. Our Oce made a

submission on privacy and security issues which weconsidered relevant or the ask Force, or stakeholders in

the payments system environment, and or individuals.

Since payments oten involve very sensitive

inormation such as details o personal nances, theOPC submission stressed that the payments industry

needs to be aware o the challenges o dening

personal inormation in the digital age, challengesassociated with new technologies, and the potential

to re-identiy individuals. We urged a diligent eortto implement the strongest measures o privacy

protection throughout the payments system process.

We were encouraged that the ask Force hasacknowledged privacy as a guiding principle

associated with the transormation o the paymentssystem and also has incorporated privacy into its

governance ramework. Keeping this issue in mind,

we recommended that all reerences to privacy in thepayments system not only recognize this principle,

but also that the payments system be designed to

meet privacy obligations required by statute.

Te OPC recognizes that innovation in the paymentssystem helps encourage economic growth. New

and dynamic business practices and technologies

are introduced to enhance business and consumer

experiences. Yet these business and technological

innovations increasingly collect, use and disclose vastamounts o consumer personal inormation at the

C 3 t pc lsc

7/29/2019 2011_pipeda_e

47/115

37

point o payment, making it essential to ully address

privacy and security issues.

o support innovation and build a strong digitaleconomy, consumers must adopt the new practices

and technologies. Tat adoption depends on

consumer trust. Meeting obligations related to

inormation and privacy rights serves as a catalyst to

build such trust and, as a result, encourages economic

participation.

Tere is something new under the privacy sun theemerging eld o biometrics. A word unamiliar to

many just ve years ago is increasingly becoming part

o daily lie, as machines scan irises, aces, ngertips,palms and even the way people walk to conrm or

authenticate identities.

With this new technology come new privacy

concerns, which is why the OPC produced a

biometrics guidance document this year. As well, an

investigation recounted below demonstrates how

biometrics and privacy can intersect in practice.

INVESTIGATION

TesttakeObjectstoPamVeinScanning

BACKGROUND

A woman objected to having her palm scanned

beore writing a test in 2009 and to this inormation

being disclosed to an American organization.

Te owner and administrator o the test is a U.S.-

based organization. Personal inormation is collected

and used in Canada or the test by Canadian sta at

Canadian test centres, where more than 8,000 tests

were delivered in 2008.

Te test administrator authenticates test-takers withpalm-vein scanning technology by identiying the

vein patterns beneath the skin o the individualshand and then retaining the pattern in an encrypted

numerical (binary) template (a numerical key).

Te test administrator uses this technology to detect

raud and/or impersonation during tests.

3.2 biOMetriCS

7/29/2019 2011_pipeda_e

48/115

C 3 t pc lsc

A ti i t i ti th F l t th t th l i

7/29/2019 2011_pipeda_e

49/115

39

As or preventing instances o impersonation, the

test administrator reported that the companys rst

orays into palm-vein scanning detected a person

who had taken the test ve times using ve dierentidentities. It also identied 23 people who had hired

the same imposter to take the test on their behal.

In both cases, the imposters had used countereit

government-issued ID.

A Canadian test-taker tried to register at a test centre

in 2009 to write the exam or the ourth time but was

reused because the individuals palm template didnot match that rom the previous exam sitting. Te

individual has never contacted the test administratorsince.

PRIVACY sENsITIVE

In light o the test administrators recent history withauthentication methods and the various alternatives

that it has adopted over the years, its current use opalm-vein scanning does not appear to be overly

privacy invasive. Te test administrator began

looking or an alternative to its digital ngerprintidentication system in 2006, ater concerns were

voiced about ngerprinting, by students, data-

protection authorities and some test centre personnel.

Our Oce sees all biometrics as privacy invasive toa certain extent because they involve the collection

o an individuals physical characteristics. But not

all biometrics are highly privacy invasive in and o

themselves. In our view, the binary representation

o a candidates palm-vein scan, given the testadministrators current use o the technology, is not

overly sensitive personal inormation.

For example, we note that the palm-vein scans are

immediately transormed into an encrypted binary

template, the binary code is non-reversible and no

raw biometric image is retained. As well, the binarycode inormation retained rom the scan cannot

easily be interpreted by other parties or applied to

other purposes, and the binary template is stored

separately rom any other personal inormation about

the test taker. Palm-vein scanning is also considereda non-trace biometric, since latent images cannot

be let on objects, including the system used or the

scan.

DATA sTORAGE sECURITY sTANDARDs AND

RETENTION

With respect to personal inormation transmission,

retention and storage, we did not nd that the test

administrator was in contravention o its obligationsunder the Act.

Ater a site visit to a test centre, we were satised

that biometric, identication and test inormation

is encrypted or transmission and storage, and thatdata access is restricted. Te encryption algorithm

that the test administrators third-party contractor

uses is a recognized encryption standard with good

security levels or sensitive data. Further, the data

is protected by numerous high-level saeguardsat the data storage centre. Security policies were

ound to be documented and written agreements

or data protection procedures exist between the test

administrator and the third-party contractor. Te

accountability called or in PIPEDA Principle 4.1.3was thus upheld.


Te complainant also expressed concern about her privacy policy (all web links provided) On the

7/29/2019 2011_pipeda_e

50/115

40

Te complainant also expressed concern about her

personal inormation being transmitted to, as well

as retained and stored in, the U.S. In this regard, we

noted that in the test administrators InormationBulletin, the reader is clearly advised that their

inormation will be transmitted to the United States.

We thus deemed the test administrators actions to be

concurrent with PIPEDA Principle 4.8 (openness).

In 2009, this Oce issued its Guidelines or

ranserring Personal Inormation Across Borders,

which distilled key ndings rom investigations overthe years. One such nding is: PIPEDA does not

prohibit organizations in Canada rom transerringpersonal inormation to an organization in another

jurisdiction or processing.

We also deemed reasonable the test administratorsset retention period o ve years or biometric data

and test scores collected, and noted the existenceo an automated, scheduled clean-up process o

this data ater the ve years. Tus, the need to limit

use, disclosure and retention described in PIPEDAPrinciple 4.5 was respected.

CONsENT

When we retraced the steps necessary to register or

the test, we ound that individuals were adequatelyinormed that their personal inormation will be

collected and that they were notied o the purposes

or the collection.

Ninety-ve percent o registrations or the testare online, which requires checking a box to agree

to specic terms and conditions, as well as to the

privacy policy (all web links provided). On the

site, test-takers are specically reerred to the test

administrators Inormation Bulletin, a key online

document(also available by mail)thatexplains theidentication requirements to be met on the test day

and the reasons or those requirements.

Te Bulletin provides test policies and procedures,

and also the privacy policy, where more inormationcan be ound. It inorms individuals o the specic

types o personal inormation to be collected,

retained and transmitted to the U.S., data encryption,and the test administrators designated uses o this

inormation. It also orewarns test-takers that, onthe day o their exam and upon signing the rules

and agreement document, they will be providing

their consent to palm-vein scanning or raud-

detection purposes. Also on its website, the testadministrator posts other detailed inormation about

its use o test-day biometrics and also links to FAQsspecically about the test administrators use o palm-

vein recognition. Te website clearly advises that

providing a palm-vein scan to the test administratoris mandatory or all exam-takers.

CONCLUsION

Our Oce concluded that the complaint was not

well ounded.

Note: Please see Chapter 6 (In the Courts) or

another case involving the use o biometrics.

7/29/2019 2011_pipeda_e

51/115

7/29/2019 2011_pipeda_e

52/115

C 3 t pc lsc

FRIEND sUGGEsTIONs sOCIAL PLUG-INs

7/29/2019 2011_pipeda_e

53/115

43

Tree individuals led complaints with our Oce

ater receiving emails inviting them to join the

social networking site. Te invitations included so-called Friend Suggestions a list o users which,in most cases, were people the complainants knew.

Lacking any explanation about how the company

had generated these suggestions, the complainants

were concerned that the company may haveinappropriately accessed their electronic address

books.

Te investigation did not nd any evidence to suggest

that the company was accessing the complainantspersonal address books or those o their suggested

riends. Friend Suggestions were instead generated by

a complex algorithm which matched common sets o

data uploaded by users.

At the time the complaints were led, the invitationsrom the social networking site provided very little

inormation about how the companys Friend

Suggestion eature worked. During our investigation,

however, the company agreed to make changes.In particular, the company removed all Friend

Suggestions rom its initial invitation and only

provided these in subsequent reminders, allowing a

non-user to either learn more about the service orto opt out o receiving Friend Suggestions and any

urther messages rom the company.

In the case o the social plug-ins, the company

introduced a eature that would allow its users to see

content drawn rom their user proles on third-partywebsites. Buttons such as Like and Recommendappeared on third-party websites and allowed the

site users to suggest and recommend content to other

site riends. For example, a logged-in site member

visiting a news website using the companys socialplug-ins would be able to see a list o the articles

recommended by his or her riends.

Te complainant in this case was concerned about

the potential exchange o inormation between thecompany and the two-million-plus websites which

host the companys social plug-ins.

While the investigation conrmed that the company

was not sharing personal inormation with third-

party websites through the social plug-ins, how thateature operated was unclear to many Canadians.

Once again, we elt that the company could have

done a better job o educating the public and its users

on the operation o the new eature, and o ensuringthat sucient privacy protections were being built

into new product designs.

IDENTITY VERIFICATION

A urther complaint raised the issue o whether

Facebook collected more personal inormation rom

the complainant than necessary as a condition or

obtaining services. It also questioned whether the

company had provided the complainant with theopportunity to raise a challenge to the organizations

compliance with PIPEDA with the designated

7/29/2019 2011_pipeda_e

54/115

C 3 t pc lsc

On the issue o challenging compliance, the Oce In a preliminary report published in October 2010,

7/29/2019 2011_pipeda_e

55/115

45

ound that Facebook provided a web orm at the start

o its Privacy Policy that allowed users to complain

to the company regarding a privacy issue. As such,the Oce ound that the company had privacy

complaint procedures in place that were accessible

and easy to use.

Te Oce concluded that the allegations were notwell ounded.

GOOGLEREQUIREDTOADDRESSPRIVACYDEFICIENCIES

In June 2011, our Oce announced results o our

ollow-up work stemming rom an investigation into

Google Incs collection o highly sensitive data rom

unsecured wireless networks.

We reported that Google had committed toimplement remedial measures that will reduce

the risk o uture privacy violations but that

Commissioner Stoddart had also taken theunprecedented step o requesting the company

undergo an independent, third-party audit o its

privacy programs within a year and share the results

with her Oce.

Te incident involved Google Street View cars

inappropriately collecting personal inormation such

as emails, usernames, passwords, phone numbers and

addresses during 13 months tracing roadways across

Canada. Tousands o Canadians were likely aected.

we noted that Google had advised our Oce that

the incident stemmed rom an engineers initiative

and Googles lack o controls over processes to ensurethat necessary privacy protections were ollowed.

We concluded that the collection was a serious

violation o the privacy rights o Canadians and

unlawul because it did not ollow core principleso PIPEDA user knowledge and consent to the

collection o personal inormation. Details o that

investigation were published in our 2010 AnnualReport and are available on the OPC website.

Te remedial measures that Google agreed to

implement included:

signicantly augmenting privacy and securitytraining provided to all employees;

implementing a system or tracking all projects

that collect, use or store personal inormation

and or holding the engineers and managersresponsible or those projects accountable or

privacy;

requiring engineering project leaders to drat,

maintain, submit and update Privacy DesignDocuments or all projects to help ensure that

engineering and product teams assess the privacy

impact o their products and services rom

inception through launch;

7/29/2019 2011_pipeda_e

56/115

7/29/2019 2011_pipeda_e

57/115


community (web browser developers). We took the

t it t i h i t th di i d id Individuals are inormed o these purposes at or

b th ti ll ti d id d ith

7/29/2019 2011_pipeda_e

58/115

48

opportunity to weigh into the discussion and provide

a ramework, grounded in PIPEDA, or these

practices.

ONLINEBEHAVIOURALADVERTISING

GUIDANCE

In our Privacy and Online Behavioural Advertising(OBA) Guidelines, we

take the position that

the inormation involvedin OBA will generally

be considered personalinormation. We view

the purposes or OBA

as reasonable in the

circumstances, but we thinkthat OBA should not be

considered a conditiono service to access the

Internet. We note that individuals need to be

properly inormed o the practice and must provideconsent. Tat consent can be implied, providing that:

Individuals are made aware o the purposes

or the practice in a manner that is clear and

understandable the purposes must be madeobvious and cannot be buried in a privacy policy.

Organizations should be transparent about

their practices and consider how to eectively

inorm individuals o their online behavioural

advertising practices, by using a variety ocommunication methods, such as online banners,

layered approaches, and interactive tools;

beore the time o collection and provided with

inormation about the various parties involved in

online behavioural advertising;

Individuals are able to easily opt out o the

practice ideally at or beore the time the

inormation is collected;

Te opt-out takes eect immediately and is

persistent;

Te inormation collected and used is limited,

to the extent practicable, to non-sensitiveinormation (avoiding sensitive inormation such

as medical or health inormation); and

Inormation collected and used is destroyed assoon as possible or eectively de-identied.

Te guidelines also singled out a couple o practices

that we eel are problematic.

Certain types o technology have recently been

used or OBA (or example, zombie cookies) that

individuals cannot delete or prevent rom tracking

their web browsing. Te guidelines are clear that

i individuals cannot decline the tracking andtargeting because there is no viable way or them to

exert control over the technology used, or i doing

so renders the service unusable, then organizations

should not be employing that type o technology or

OBA purposes.

Privacy andOnline Behavioural

Advertising

C 3 t pc lsc

Te guidelines also note that, given the diculty

o ensuring meaningul consent rom children to

communications device, such as a cell phone,

smartphone or tablet

7/29/2019 2011_pipeda_e

59/115

49

o ensuring meaningul consent rom children to

OBA practices, organizations should avoid tracking

children and tracking on websites aimed at children.

PRIVACYPOLL

Privacy concerns about a range o new

communications technologies have risen sharplyamong Canadians over the past two years, according

to a public opinion survey commissioned by our

Oce.

Yet many people using these new technologies arestill not taking even rudimentary steps to protect

their privacy, the same survey reported.

Te telephone survey o 2,000 randomly selectedadults ound that our in 10 said that computers and

the Internet pose a risk to their privacy, up rom one-quarter (26 percent) in a similar survey just two years

ago.

Another 15 percent specically mentioned online

social networking sites something barely on the

radar in 2009 (two percent). As well, privacy concerns

about cell phones and other telecommunications

nearly quadrupled (rom three percent to 11 percent)and unease also increased concerning credit/debit

cards and banking/online banking.

Surveying in late February and early March, Harris/

Decima ound that three-quarters (74 percent) orespondents said they owned at least one mobile

smartphone or tablet.

However, only our in 10 used password locks or thedevices, or adjusted their settings to limit the sharing

o personal inormation that may be stored on the

devices.

Te 2011 Canadians and Privacy

Surveyalso ound that one-

third o Canadians use public

WiFi sites, such as those locatedat coee shops and airports,

where online communicationmay not always be protected

by encryption. O those, ully

85 percent admitted to some

concern about possible risks tothe security o their personal inormation.

An overwhelming majority avour tough sanctions

against organizations that ail to properly protect

the privacy o individuals. More than eight in 10respondents wanted to see measures such as publicly

naming oending organizations, ning them, or

taking legal action against them.

While younger Canadians aged 18 to 34 are the mostenthusiastic users o the new technology, the survey

showed they are also the most likely to use available

mechanisms to protect their privacy, suggesting

that, while young people are eager to embrace new

technology, they also care about privacy and arewilling to take steps to protect it.

2011 Canadians andPrivacy Survey

7/29/2019 2011_pipeda_e

60/115

C 3 t pc lsc

With respect to inormation sharing, the

amendments allow the Commissioner to enter intoREDUCINGTHERISKOFDATABREACHES

7/29/2019 2011_pipeda_e

61/115

5 1

amendments allow the Commissioner to enter into

arrangements with both provincial and international

counterparts to share inormation, includinginormation otherwise condential under PIPEDA,

subject to certain saeguards.

At the provincial level, our Oce has long worked

with the provincial privacy commissioners toensure a harmonized and coordinated approach to

the application o private sector privacy laws. Te

enhanced ability to share inormation will allow theOPC to work even more closely with the provincial

commissioners.

In this regard, in November, we entered into a

revised Memorandum o Understanding with the

Commissioners in British Columbia and Albertathat provides or cooperation and collaboration in

private sector privacy policy, enorcement, and publiceducation. As part o this collaboration, we review

the cases being investigated by provincial colleagues

to identiy any common issues.

Internationally, the ability to cooperate with oreign

counterparts is becoming a necessity considering

increasing transborder data fows and privacy

breaches with impacts in multiple jurisdictions.Our Oce initiated discussions about inormation

sharing and cooperation arrangements with several

oreign data protection authorities and was nearing

agreement with the Dutch and Irish as the year

ended.

In the all o 2011, the ederal government

reintroduced legislative amendments that would

make it mandatory to report certain breaches to ourOce and to the aected individuals.

Under Bill C-12, organizations would be required

to report any material breach o security saeguardsto our Oce. Tey would assess whether the breach

is material by considering actors such as the

sensitivity o the inormation involved, the numbero individuals aected and the systemic nature o the

breach.

Organizations would also be required to notiy

individuals where it is reasonable to consider in

the circumstances that there exists a real risk o

signicant harm to aected individuals, depending

on the sensitivity o the inormation and theprobability o it being misused.

While a mandatory reporting scheme would give us

a clearer picture o how many breaches are occurring,why they are occurring, and what steps should be

undertaken to reduce the risk o uture incidents,

we believe the data breach reporting provisions

contained in Bill C-12 have become out o date.

It is noteworthy that the proposed changes

beore Parliament at the end o 2011 stem rom

recommendations that were made back in 2006 and

which still have not been implemented.


Much has changed as the years have passed. Data

breach reporting provisions contained in the

Te rst review began in 2006. Bill C-12, which

proposes amendments to PIPEDA resulting rom

7/29/2019 2011_pipeda_e

62/115

52

p g p

proposed legislation were a good rst step or

promoting accountability and transparency, but moreis clearly needed now.

In recent years, we have seen very serious, large-scale

data breaches. Data breach notication, in itsel,

may not be sucient to create the kind o incentivesnecessary to ensure that organizations take security

issues more seriously in the current environment.

Many other countries are taking a harder line on

breaches. For example, the United States has beena leader in this area and virtually all states have data

breach laws. Meanwhile, a European Commission

Regulation proposed in early 2012 included data

breach provisions and very signicant ning powersor European data protection authorities.

Commissioner Stoddart has encouraged the ederal

government to explore strengthened enorcement

options that would create stronger incentives ororganizations to ensure personal inormation is

adequately protected.

PIPEDAREVIEW

PIPEDA, which was designed to be a principle-

based and technologically neutral legislation, became

law in 2001 and requires a Parliamentary review

every ve years.

p p g

that rst review, was introduced in the House o

Commons in September 2011. It replaced the earlierBill C-29, which died on the Order Paper ollowing

the dissolution o Parliament on March 26, 2011.

Parliament had not issued a ormal call or a

second review by the end o 2011. Nonetheless, weare currently examining how the law and current

practices should evolve to best serve Canadians in the

ace o modern privacy challenges.

Te next review will be an opportunity to examinewhether PIPEDA remains suciently fexible and

eective in responding to privacy challenges created

by rapidly evolving technology.

Our position on whether and how PIPEDA needs to

evolve to address these new and emerging challengeswill be inormed by our refections on three key

themes: 1) appropriate enorcement mechanisms

and incentives to ensure compliance with the Act;2) gateway concepts, such as personal inormation

and commercial activity, which directly infuence

the scope o application o PIPEDA; and 3)

innovative approaches or organizations to assume

and demonstrate accountability or their personalinormation management practices.

7/29/2019 2011_pipeda_e

63/115

7/29/2019 2011_pipeda_e

64/115

C 4 M Cocs o Cs

4.4 COMplaintS by induStry SeCtOr

7/29/2019 2011_pipeda_e

65/115

55

Complaints related to the nancial sector continued

to account or the largest proportion o ormalcomplaints we accepted, roughly one in ve.

Our experience is that nancial institutions have

among the best-developed privacy policies and

practices, although we continue to identiy someareas o concern through our investigations. Te

explanation or the consistent high placement

appears to lie in the size o the nancial sector andthe huge number o transactions conducted with

individual Canadians.

Complaints in the transportation sector jumped this

year compared to previous years, doubling historical

norms to become the second largest sector. Just over

hal o these complaints related to access issues. Itisnt clear why we have seen this increase, which has

been noted across all transportation sub sectors. We

intend to observe this potential trend closely over the

next year or possible implications.

Meanwhile, complaints in the insurance sector

(previously one o the top three sectors) have

declined over the last two years.

Tis could be because in the last couple o years wehave seen an increase in clarity and awareness o

privacy rules in the insurance sector.

MajorSectorsTargetedinCompaints

Sector 2011 2010 2009

Financial 22% 22% 24%

Transportation 12% 6% 6%

Telecommunications 11% 9% 18%*

Services 10% 17% 4%

Insurance 9% 13% 18%

*Prior to 2010, elecommunications included Internet complaints, which are now a separate category.

Note: Statistics and denitions or all industry sectors can be ound in Appendix 2.


4.5 typeS Of COMplaintS reCeived

T d di l l i i l i i i i l hi

7/29/2019 2011_pipeda_e

66/115

56

Te use and disclosure o personal inormation,

access to personal inormation, and collection opersonal inormation were once again the top three

issues raised in complaints to our Oce.

In addition, we noticed that the proportion o

complaints about corrections to, or notations on,

personal inormation rose signicantly this year

to ve percent o all ormal complaints accepted(compared to one percent or less in previous years).

Tis could be linked to increased awareness by

Canadians o how their personal inormation is

collected and used and awareness o their rights to

see and correct these records.

Top3TypesoCompaintsReceivedintheast3years

Type of complaint 2011 2010 2009Use and disclosure: Complaintsinvolvingallegationsthatpersonalinormationwasinappropriatelyusedordisclosedwithoutconsentorpurposesotherthanthoseorwhichitwascollected

32% 27% 26%

Access: Complaintsaboutdicultiesgainingaccesstopersonalinormation

26% 24% 28%

Collection:Complaintsinvolvingtheunnecessarycollectionopersonalinormationorpersonalinormationcollected

unairlyorunlawullysuchaswithoutproperconsent

20% 16% 14%

4.6 early reSOlutiO n

We have an early resolution process with designated

Early Resolution Ocers. Tis allows us to better

serve Canadians by addressing complaints quickly,

with a less ormal approach than our ocialcomplaint investigation process.

When we receive a written complaint where there

is a high likelihood that the issue could be resolved

quickly, the Intake Unit reers the case to an EarlyResolution Ocer.

Te Early Resolution Ocer works with both the

complainant and the respondent organization to

resolve a complaint.

Te early resolution process has been very successul.

In some cases, an issue that would have taken months

to resolve through the ocial complaint investigation

process is now concluded in days. We have received

very positive eedback on the early resolution processrom both complainants and organizations.

C 4 M Cocs o Cs

EARLYRESOLUTIONCOMPLAINTS

I 2011 l t d 125 l l ti

In addition, we are also maintaining an extremely

high rate o successul resolution more than 90

t

7/29/2019 2011_pipeda_e

67/115

57

In 2011, we completed 125 early resolution cases.

As illustrated in the detailed statistics in Appendix

2, we were able to reach a satisactory conclusion in116 o these cases. Te remaining nine cases were

transerred or ormal investigation.

o continue to improve the timeliness andeectiveness o our service to Canadians, we have

signicantly increased the number o complaints

handled through this process almost hal o ormalcomplaints, up rom about a quarter in 2010.

Despite this increase in volume, we are still

maintaining last years improvements in timeliness o

resolution o these complaints. In 2011, complaints

resolved through early resolution were completed in

an average o two months rom complaint acceptance,

compared with 14 months or ull investigations.

percent.

Te early resolution process will continue to be an

important tool or quickly and eectively addressing

Date post:	04-Apr-2018
Category:	Documents
Upload:	007phantom
View:	215 times
Download:	0 times