Date post: | 04-Apr-2018 |
Category: |
Documents |
Upload: | 007phantom |
View: | 215 times |
Download: | 0 times |
of 115
7/29/2019 2011_pipeda_e
1/115
7/29/2019 2011_pipeda_e
2/115
7/29/2019 2011_pipeda_e
3/115
Te drawings on this page and throughout the report are the works o
the children o employees at the Oce o the Privacy Commissioner o Canada.
7/29/2019 2011_pipeda_e
4/115
Oce o the Privacy Commissioner o Canada
112 Kent StreetOttawa, Ontario
K1A 1H3
(613) 947-1698, 1-800-282-1376
Fax (613) 947-6850
DD (613) 992-9190
Minister o Public Works and Government Services Canada 2012
Cat. No. IP51-1/20111910-0051
Tis publication is also available on our website atwww.priv.gc.ca.
Follow us on witter: @privacyprivee
7/29/2019 2011_pipeda_e
5/115
June 2012
Te Honourable Nol A. Kinsella, SenatorTe SpeakerTe Senate o CanadaOttawa, Ontario K1A 0A4
Dear Mr. Speaker:
I have the honour to submit to Parliament the Annual Report o the Oce
o the Privacy Commissioner o Canada on the Personal Inormation Protection andElectronic Documents Actor the period rom January 1 to December 31, 2011.
Yours sincerely,
Original signed by
Jennier Stoddart
Privacy Commissioner o Canada
7/29/2019 2011_pipeda_e
6/115
7/29/2019 2011_pipeda_e
7/115
June 2012
Te Honourable Andrew Scheer, M.P.Te SpeakerTe House o CommonsOttawa, Ontario K1A 0A6
Dear Mr. Speaker:
I have the honour to submit to Parliament the Annual Report o the Oce
o the Privacy Commissioner o Canada on the Personal Inormation Protection andElectronic Documents Actor the period rom January 1 to December 31, 2011.
Yours sincerely,
Original signed by
Jennier Stoddart
Privacy Commissioner o Canada
7/29/2019 2011_pipeda_e
8/115
M fr Cr1
Pry y Nr 2011 7
1. Orw f 2011 9
1.1 Serving Canadians 9
1.2 Supporting Parliament10
1.3 Supporting Organizations11
1.4 Advancing Knowledge12
1.5 Global Initiatives 13
1.6 Technology Lab 15
2. Ky I: Clr Y Pry17
2.1 Investigations Relating to Children and Youth 20 Nexopia20 Webcam use in a daycare 25
2.2 Surveillance o Children 26
2.3 Youth Outreach Initiatives 27
2.4 Digital Literacy 28
2.5 Contributions Program - Projects or Youth30
3. T Pry LOverview o other major isses addressed by the OPC 31
3.1 Financial Privacy32 Investigations 32 Task Force or the Payments System Review 36
3.2 Biometrics37 Investigation 37 Biometrics Guidance Document 41
3.3 Online Privacy 42 Investigations (Facebook, Google) 42 Canadas Anti-Spam Legislation 46 Consumer Privacy Consultations 47 Online Behavioural Advertising Guidance 48 Privacy Poll49 Technology Lab50
3.4 Modernization o Privacy Laws 50 Implementing Amendments to PIPEDA 50
Reducing the Risk o Data Breaches 51 PIPEDA review 52
Table of Contents
7/29/2019 2011_pipeda_e
9/115
7/29/2019 2011_pipeda_e
10/115
Te Personal Inormation Protection and Electronic Documents
Act, or PIPEDA, sets out ground rules or the management o
personal inormation in the private sector.
Te legislation balances an individuals right to the privacy o
personal inormation with the need o organizations to collect,use or disclose personal inormation or legitimate business
purposes.
PIPEDA applies to organizations engaged in commercial
activities across the country, except in provinces that have
substantially similar private sector privacy laws. Quebec,Alberta and British Columbia each have their own law
covering the private sector. Even in these provinces, PIPEDA
continues to apply to the ederally regulated private sector andto personal inormation in inter-provincial and international
transactions.
PIPEDA also protects employee inormation, but only in theederally regulated sector.
7/29/2019 2011_pipeda_e
11/115
1
eenagers are growing up in a
very dierent world than I did.
odays youth have an unpreced-
ented ability to communicate.
Tis rst wave o what some
have called the Facebook gen-eration has latched onto the on-
line world to stay in touch with
riends sharing new Youubevideos and the latest hit songs,
making plans to hang out, andtalking about whats happening
in their lives.
I did many o the same things
with my school riends except
that I did all this in person orover the phone shared with other amily members.
Te big dierence about what I used to do and nowis that there is no record o what my riends and I
gossiped about back then. Tat was also the case or
my own children who are still only in their 20s.
But thats clearly not the
case or anyone who is now ateenager.
All o that online communica-
tion creates a permanent record
and that could carry risks totheir privacy and to their repu-
tations. Not just today, but per-
haps even more in the uture.
eenagers are expected to makemistakes - it s a natural part o
growing up.
Te act that electronic records
o many o the mistakes o
todays youth will persist ordecades to come is cause or deep concern.
Indeed, a host o perils threaten the privacy andpersonal inormation o children and youth one o
the reasons that we have made them a key ocus o
this report.
Message from the Commissioner
7/29/2019 2011_pipeda_e
12/115
2
Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act
Not only are the young usually the rst to embraceany new kind o digital communication, they
are also oten unsuspecting about the potential
privacy intrusions that can accompany such novel
technologies.
And theres another good reason why our eorts to
protect the personal inormation o children and
youth warrant their own chapter. Tey constitute an
important example o where my Oce is providing
leadership on a priority privacy issue.
Providing such leadership is a commitment I made
to MPs and Senators when I was reappointed to a
three-year term as Privacy Commissioner o Canada.It was one o three areas on which I promised to
ocus; the other two were supporting inormed
privacy decision-making and improving service
delivery to Canadians.
Now, one year into my renewed mandate, seems an
appropriate point to review progress in ullling
those commitments.
SIGNIFICANTPRIVACYISSUES
First, leadership on signicant privacy issues. Asdescribed later in this report, my Oce has been
particularly active in 2011 in the area o children andyouth, creating a wealth o new outreach materials,
unding innovative research and reviewing the eects
o surveillance on the young.
We also wrapped up a comprehensive investigation
into a complaint about privacy concerns related to a
social networking website that specically targetedyoung people. Tis rst OPC investigation o a
youth-oriented social networking site was highly
complex, resulting in a detailed Report o Findings o
some 100 pages, with 24 recommendations.
However, many o the problems with the site could
have been avoided i only privacy considerations had
been taken into account back when the operation
was being designed and launched. For that reason,
my Oce considers that this particular investigationought to serve as lessons learned or everyone
engaged in handling the personal inormation o
youth.
Another area in which we also provided privacy
leadership was the burgeoning use o online
behavioural advertising. While the term itsel may be
unamiliar, almost all Canadians who go online willhave seen such advertising.
(M)yOcehasbeenparticularlyactivein
2011intheareaochildrenandyouth,creatingawealthonewoutreachmaterials,undinginnovativeresearchandreviewingtheefectsosurveillanceontheyoung.
7/29/2019 2011_pipeda_e
13/115
3
Mss om Commsso
Ocially, online behavioural advertising is dened
as the practice o tracking a consumers online
activities in order to deliver advertising geared to
that consumers inerred interests. What it meansin practice is that Internet ad networks ollow you
around online, watching what you do so they can
serve you targeted ads.
Late in 2011, we published guidance about how theparties involved in or beneting rom online
behavioural advertising can ensure that theirpractices are air, transparent and in compliance with
the Personal Inormation Protection and Electronic
Documents Act(PIPEDA).
We specically pointed out that organizations
engaged in online behavioural advertising should
avoid tracking children or tracking on websites
aimed at children since meaningul consent may bedicult to obtain.
Yet another area o providing leadership on a
priority privacy issue during the year was the lawulaccess legislation which had been announced
by the Government (and which was eventually
introduced as Bill C-30 early in 2012.) Tis
legislation would have obvious impacts on thetelecommunications industry. Following up on earliermutual representations with provincial and territorial
commissioners responsible or privacy, in October
I sent an open letter to Public Saety Minister Vic
oews outlining my concerns that the expanded
surveillance regime proposed in the legislation wouldhave serious repercussions or privacy rights.
INFORMEDPRIVACYDECISIONS
Te second topic on which I committed to ocus
in my renewed mandate was supporting inormed
privacy decision-making by Canadians, organizationsand institutions.
In May, my Oce laid a solid oundation or this
eort by publishing a nal report on extensive publicconsultations the previous year about online tracking,
proling and targeting and cloud computing. Fromwhat we learned in those consultations fowed
such things as tip sheets about cookies and cloud
computing, a speakers series spotlighting rontierprivacy challenges, the work on children and youth,
the online behavioural advertising guidance and some
o the questions in our biennial public opinion survey.
But that was by no means the sum o my Oceseorts to make sure that Canadians develop strong
digital literacy skills and better understand privacy
rights.
For lawyers, we provided a handbook covering theprivacy issues they were most likely to encounter
during litigation and the running o a law oce. For
small businesses, we authored a set o DIY articleson protecting their valuable inormation includingpersonal details about customers rom online
threats.
Working together, the OPC and its counterparts
in Alberta and British Columbia also devised aninnovative, online tool which allows organizations to
assess the personal inormation saeguards necessary
7/29/2019 2011_pipeda_e
14/115
4
Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act
in records management, network security, continuityplanning and 14 other operational areas.
SERVICEDELIVERY
My third commitment was to ocus on improving
service delivery to Canadians. Tis is where the
rubber truly hits the road in my Oce, led by the
day-to-day handling o inormation requests and
complaints.
Streamlined procedures and the benets o experience
continued to yield improvements in our handling o
complaints in 2011. Te average time to deal with an
accepted complaint dropped rom more than 15 monthsin 2010 to just above eight months, signicantly below
the 12-month requirement in the Act.
A major contribution to this perormanceimprovement can be traced to our greater use o anearly resolution process which sidesteps an ocial
investigation or selected complaints. By working
with both the complainant and the respondent
organization, our early resolution ocers were ableto successully clear up more than 90 percent o the
cases this process handles - without resorting to a ull
investigation.
And to continue to meet the needs and expectationso Canadians in the rapidly evolving digital
environment, we strengthened our technology
laboratory, which provides expert support to our
audits and investigations and will also support the
OPCs responsibilities under Canadas new anti-spam
legislation.
As an Ocer o Parliament, I have a special
responsibility to Parliamentarians. Te Assistant
Privacy Commissioner and I, as well as other seniorocials rom my Oce, appear beore committees,
examine legislation or privacy implications, submit
comments and have numerous inormal interactionswith Parliamentarians and sta.
Tis 2011 Annual Report contains many more
examples o how we have delivered on the
commitment to these three ocus areas.
MAKINGADIFFERENCE
However, the overarching question must be: Are we
making a dierence?
Te answer is that, 10 years ater PIPEDA became
law, there is encouraging evidence that the OPC has
had a positive impact on the privacy landscape.
Mythirdcommitmentwastoocuson
improvingservicedeliverytoCanadians.TisiswheretherubbertrulyhitstheroadinmyOce
7/29/2019 2011_pipeda_e
15/115
5
Mss om Commsso
According to public opinion surveys commissioned
by the OPC, the proportion o Canadians saying they
eel they have less protection o their personal privacy
in daily lie than a decade previously has declined,rom 71 percent in 2006 to 61 percent in 2011.
I believe that the Oce o the Privacy Commissioner
o Canada deserves some o the credit or this change
in public attitudes.
Recent years have brought continual challenges tothe OPC and the rst-class team o proessionals
here has consistently upped its game. Te year 2011
was no exception and I am ortunate to work withsuch committed, hard-working and imaginative
people. Tese include my indispensable Assistant
Commissioner, Chantal Bernier, whose unailing
enthusiasm and intellectual curiosity are a source o
constant inspiration.
Despite the welcome change in public attitudes,
however, the proportion o Canadians telling the
survey that protection o personal privacy will be oneo the most important issues acing the country over
the next 10 years has remained essentially unchanged
rom 2006 to 2011, at two-thirds.
o me, the explanation or this apparent paradox isstraightorward.
Canadians appreciate that more is being done to
protect their privacy and personal inormation. Yet
they also understand that new challenges mean thatstill more must be done.
Prominent among those challenges is the rise o
what is being called Big Data. In essence, this reers
to the ability brought about through technological
advances to gather more data than would have beenconceivable just a ew years ago and then sit through
it, looking or patterns.
BENEFITSANDDANGERS
Teres no denying some potential benets to society
rom Big Data. o take a somewhat prosaic example,Google is now able to spot fu outbreaks in North
America days aster than national health authorities
by fagging clusters o online inquiries aboutsymptoms and remedies.
Tis undoubted public health benet was quickly
taken up by commercial interests. An article in the
New York imesdescribed how a large marketingrm devised advertisements or a behind-the-ear
thermometer which were sent to smartphones loaded
with certain apps that collect basic details about
the users, including their gender and whether theyare parents. So the thermometer ad was specically
targeted at smartphones used by mothers o young
children.
In addition, the ad was sent only to smartphonesbeing used in regions where Google detected a fu
spike and where the mothers were within three
kilometres o retailers carrying the thermometer.
apping the onscreen ad took the smartphone user to
a product page with an inormational video and a listo nearby retailers.
7/29/2019 2011_pipeda_e
16/115
6
Some may nd such personalized tracking byadvertisers creepy, others might welcome targeted
ads as relevant and helpul.
Whatever your view, this is only the beginning owhere Big Data is going.
Te many new orms o digital communication
between individuals texting, emails, instant
messaging and so on are all very easily computerreadable and thereore subject to complex analysis
by computers. Sophisticated sotware can track
individuals through their unique identiying device
numbers revealing their location in time and place,
their Internet activities and their interactions withother people with whom they orm a community.
As Leonard Cohen prophetically sang in Te
Future two decades ago, in years to come, wont benothing you cant measure anymore.
INFORMATIONEXPLOSION
Until recently, the denition o personal inormation
was airly clear-cut or most people. It was what
youd nd on a tombstone, plus traditional things like
address, phone number, Social Insurance Number,drivers licence and passport, and so on. Now
people scatter digital crumbs containing personal
inormation as they move through their online
existence.
And the volume o those crumbs is mounting at an
explosive rate.
My Oce has already laid down guidelines or theuse o such inormation in the specic instance
o online behavioural advertising. But there will
undoubtedly be uses we cant currently oresee which
will have serious implications or privacy.
Tats why, in the end, improving the digital literacy
o all Canadians is so crucial.
Jennier Stoddart
Privacy Commissioner o Canada
7/29/2019 2011_pipeda_e
17/115
7
PIPEDAinormationrequestsreceived
PIPEDAormalcomplaintsaccepted PIPEDAearlyresolutioncasessuccessullyclosed
PIPEDAinvestigationsclosed
DratbillsandlegislationraisingPIPEDAissuesreviewedorprivacyimplications
Policyguidancedocumentsissued
Parliamentarycommitteeappearances
OtherinteractionswithParliamentariansorstaf(orexamplemeetingwithMPsorSenators)
Speechesandpresentationsdelivered
Contributionagreementssigned
VisitstomainOcewebsite
VisitstoOceblogsandotherwebsites(includingOPCblogyouthblogyouthwebsitedeeppacketinspectionwebsiteandYouTubechannel)
Total
Tweetssent
Publicationsdistributed
Newsreleasesissued
Note: Unless otherwise specied, these statistics also include activities under the Privacy Act, which aredescribed in a separate annual report.
Privacy by the Numbers in 2011
7/29/2019 2011_pipeda_e
18/115
7/29/2019 2011_pipeda_e
19/115
9
C 1 - O o 2011
1.1 Serving Canadian S
Overview of 2011
CHAPTER
INFORMATIONREQUESTS
During 2011, our Oce handled more than 5,200phone calls, emails and letters rom Canadians
about privacy issues in the private sector covered
by PIPEDA. Issues related to the use o Social
Insurance Numbers remained a common reason
that people contact us or inormation. As well, weare receiving a growing number o requests related
to online issues, particularly with respect to social
networking sites. More details appear in section 4.1.
COMPLAINTS
In yet another move to speed up service to
Canadians, we created a dedicated Intake Unit,which initially reviews all written complaintsreceived. I necessary, the Unit ollows up with the
complainant to clariy our understanding o the
complaint and gather any additional inormation
or documents necessary so we can launch an
investigation as quickly as possible.
Tis streamlined screening has helped to reduce the
average times o an investigation. Combined with
other complaint handling improvements such asthe increased use o early resolution approaches, the
result has been a urther drop in the time it takes
to handle all ormal complaints now down to an
average o 8.2 months well below the 12-month
requirement set out in PIPEDA. (See Appendix 2or details.)
We accepted a total o 281 ormal complaints
in 2011, compared to 207 in 2010. Possibleexplanations or this 35 percent rise include an
increased complexity o issues raised, heightened
public awareness o privacy rights or more intense
interaction with business in the digital economy.
In 2011, we completed 125 early resolution cases
and all but nine were satisactorily resolved without
opening a ormal investigation.
7/29/2019 2011_pipeda_e
20/115
1 0
Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act
COMPLAINTINVESTIGATIONS
We completed 120 ormal investigations into
complaints related to the private sector in 2011.Tis is a signicant decrease rom 2010, when we
completed 249 investigations, in the culmination o atwo-year eort to clear a backlog o complaints.
We have made privacy issues related to children and
youth a ocus o this years report and summaries o
the relevant complaint investigations are included inChapter 2.
Investigations related to nancial privacy, online
privacy and biometrics appear in Chapter 3, a survey othe 2011 privacy landscape. Inormation on still other
complaint investigations is provided in Chapter 4.
PUBLICAWARENESS
Our Oce uses many dierent tools to raise
awareness o privacy among Canadians speechesand other public presentations, media interviews,
paper and online publications, an ever-changingwebsite, social media such as witter and blogs,
Youube videos, contests or young people,
educational kits or teachers and even a popular
privacy calendar.
Details o our public awareness activities can be
ound in Chapter 5.
1 .2 SuppOrting parliaMent
From a legislative perspective, Parliament and its
committees had a reduced sitting schedule during2011 because o the general election. As well, with
Parliamentary priorities ocused mainly on public
sector concerns such as crime and the ederal budget,
our Oce was called upon or ewer PIPEDA-related appearances.
Te general ederal election o May 2, 2011 sent new
members to the House o Commons or the third
time since 2006. Te Conservative Party remained
in power, increasing their seats rom a minority to amajority in the 41st Parliament.
While the government has ocused largely on public
sector-related bills, it also reintroduced Bill C-12,anAct to amend the Personal Inormation Protection
and Electronic Documents Act. When the year ended,
it was still at the beginning o the legislative process
and had not been reerred to a standing committeeor review.
Te Government also said it would introduce
Internet surveillance legislation that did not pass in
the previous Parliament. In this regard, we continued
to express our concerns related to lawul accesslegislation.
C 1 O 2011
7/29/2019 2011_pipeda_e
21/115
1 1
C 1 - O o 2011
APPEARANCESBEFOREMPSANDSENATORS
During 2011,our Commissioner and Assistant
Commissioner made ve Parliamentary committeeappearances.
Te OPC also examined a total o 11 bills as well
as two new committee studies introduced in the
41st Parliament or potential privacy implications.One was the E-Commerce in Canada study o
the Standing Committee on Industry, Science and
echnology.
Troughout the year, we also had many inormal
interactions with Parliamentarians, including ollow-
ups to committee appearances, subject-matter
inquiries rom Members o Parliament, ace-to-acemeetings and briengs.
PIPEDA-RELATEDPARLIAMENTARYWORK
Given the reduced sitting schedule in 2011, theStanding Committee on Access to Inormation,
Privacy and Ethics postponed a review o our 2010
Annual Report to Parliament on PIPEDA.
1.3 SuppOrtin g OrganizatiOnS
Tis past year we released a nal report on our 2010
Consultations on Online racking, Proling and
argeting, and Cloud Computing. Te contributionsand analysis associated with the consultations gave
rise to several activities in 2011, including:
guidelines to help organizations involved inonline behavioural advertising ensure that their
practices are air, transparent and in compliance
with PIPEDA; and
continuing work to develop cloud computingguidance specically directed to privacy
issues relevant to Small- and Medium-sized
Enterprises (SMEs). Tis guidance will be
available early in 2012.
We also oered guidance to legal proessionals in the
private sector. PIPEDA and Your Practice A Privacy
Handbook or Lawyers, launched in August, explainshow PIPEDA relates to the everyday practice o
Canadian lawyers.
Our Oce, along with the Oces o theInormation and Privacy Commissioners o Alberta
and British Columbia, jointly launched a new online
tool to help businesses better saeguard the personal
inormation o customers and employees. SecuringPersonal Inormation: A Sel-Assessment ool or
Organizationsis a detailed online questionnaire and
analysis instrument that helps organizations gauge
how well they are protecting personal inormation, in
keeping with the applicable private sector privacy law.
7/29/2019 2011_pipeda_e
22/115
7/29/2019 2011_pipeda_e
23/115
7/29/2019 2011_pipeda_e
24/115
C 1 - O o 2011
7/29/2019 2011_pipeda_e
25/115
1 5
FRANCOPHONIE
Our Oce was instrumental in the creation in
2007 o the organization representing rancophonedata protection authorities around the world, theAssociation rancophone des autorits de protection des
donnes personelles(AFAPDP). We are committed
to helping the AFAPDP provide increased support
to developing countries in the Francophonie as theyestablish new legislative rameworks to protect the
privacy rights o their citizens.
In 2011, Assistant Commissioner Chantal Bernier
attended the associations rst training seminar
to take place on the Arican continent, in Dakar,
Senegal. In her presentations, she discussed howprivacy principles apply in various legal regimes
and gave an overview o the historical importance
o the OECD guidelines. In a second AFAPDP
seminar beore the International Conerence o Data
Protection and Privacy Commissioners in Mexico,she ocused on the accountability principle and its
practical application.
1.6 teChnOlOgy lab
Our technology lab and its small sta keep the OPC
up-to-date with developing technologies and provide
expert support or audits and investigations where
technology is a major component. Te technologiesrun the gamut rom apps through smartphones to
gaming consoles. Lab technologists can scrutinize
such apps or devices to learn what personal
inormation is being stored, what is being exchangedon the web and how it is being protected.
As an example o current privacy concerns, the lab
has the ability to analyze the tracking techniques
used by online behavioural advertisers and also the
eectiveness o privacy controls on social networkingsites.
7/29/2019 2011_pipeda_e
26/115
7/29/2019 2011_pipeda_e
27/115
1 7
INTRODUCTION
In the battle to preserve the value o privacy in an
online world, children and youth increasingly ndthemselves in the ront lines.
Young Canadians are the most open to adopting
new communications technologies which can, in
some cases, invade their privacy. Tis holds true, notsurprisingly, or those aged 18 to 34, as conrmed by
a national opinion survey carried out this year or the
OPC. (See section 3.3)
But the true adoption age or digital media is much,
much younger.
We know, or example, that thousands o apps
targeted at babies and toddlers are now available to
teach little ones the alphabet and to entertain themwith nursery rhymes.
Te evidence may still be mostly anecdotal, but one
recent study ound that a third o North AmericanGen-Y moms (those aged 18 to 27) have let their
children use a laptop by age two.
By the time the kids are three, those laptops and
tablets are connected to the Internet daily or abouta quarter o U.S. kids, according to the Joan Ganz
Center in New York. By age ve, the proportion
online has soared to hal.
We are giving our children unprecedented access to
the Internet, but what are we doing to teach themabout how to protect their privacy in the online
environment?
We oten hear the claim that young people growing
up in this digital era do not care about privacy. Tis is
not true.
Key Issue: Children and Youth Privacy
CHAPTER
7/29/2019 2011_pipeda_e
28/115
7/29/2019 2011_pipeda_e
29/115
7/29/2019 2011_pipeda_e
30/115
C 2 K iss: C yo pc
7/29/2019 2011_pipeda_e
31/115
21
deault settings inappropriate or its target youth
audience and a lack o clarity about available
privacy settings;
a lack o meaningul consent or the collection,
use and disclosure o personal inormation
collected at registration;
the sharing o personal inormation withadvertisers and other third parties without
proper consent; and
the indenite retention o personal inormation.
IssUEs
1. Disclosure o user profles to the public and
deault privacy settings
At the beginning o our investigation, Nexopias
deault privacy settings were visible to all meaning
visible to the whole Internet.
Given the special circumstances surrounding youth
users and privacy, the OPC ound that a reasonable
person would not consider it appropriate or Nexopia
to pre-select settings that push users towardsdisclosing their personal inormation, in some casesvery sensitive personal inormation, or potentially
everyone on the Internet to see.
Te investigation also revealed that Nexopia does
not adequately notiy its users o deault settings, orexplain the dierence between various settings.
Our Oce ound more could be done to inorm
users about the available privacy settings to ensure
that users can make inormed decisions about how
they can control access to their personal inormation.
Nexopia users should be expected to opt-in to the
visible to all setting and with a ull understanding
o the implications o that choice.
Our Oce ound that more restrictive deault
settings, coupled with increased inormation or users
in a ormat appropriate or a youth audience, wouldstrike an appropriate balance between ensuring young
people can enjoy the benets o social networking,while protecting their privacy.
Te OPC was satised that Nexopias proposed
corrective measures, which include changing deaultsand providing better inormation to users, will meet
our recommendations.
2. Lack o meaningul consent or the collection,
use and disclosure o personal inormation
collected at registration
Our investigation ound that Nexopia ailed to
adequately identiy and inorm users o its purposesor the collection, use and disclosure o thepersonal inormation it requires users to provide at
registration.
For example, it was not clear which core prole
inormation and prole pictures would be visible tousers within the Nexopia community and anyone on
the Internet, by deault.
7/29/2019 2011_pipeda_e
32/115
C 2 K iss: C yo pc
7/29/2019 2011_pipeda_e
33/115
23
Te site did not explain to users the potential
disclosure o their personal inormation to the
rewards company, nor that such disclosures may
be provided over and above any inormation theuser provides directly to the rewards company as a
condition o a particular Earn Plus oer. Nexopia
admitted that their online statements and actual
disclosure practices had become misleading.
Nexopia asserted that the inormation provided to
the payment processor and the rewards company
could not be used to identiy and obtain moreinormation about individual users. However, our
testing revealed that a users unique ID can be usedto link to the users prole and potentially permit
access to all the personal inormation displayed there.
In our view, Nexopia could use another unique codeor identiying number that limits the amount o
personal inormation that passes between the parties
and yet still allows ecient billing and payment
processing.
Nexopia agreed to stop providing unique user IDs to
the payment processor and has made the decision to
completely remove the Earn Plus service rom the
site, and, thereore, will stop sharing users personalinormation with the rewards company.
Te OPC was satised with Nexopias response.
5. Retention o personal inormation
Nexopia collected non-users email addresses through
invitations to join the site initiated by users. Users
were notrequired to conrm to Nexopia that they
had their riends consent or the purposes o sending
an invitation to join the website, prior to providing
the riends email address to the company.
A non-user who didnt want to receive urther
invitations could click on a link to a page entitled
Opt out o Nexopia.com invites.
However, the non-user was not inormed on this
page that their email address would be retained by
Nexopia. For the unsubscribe eature to be eective,Nexopia said it must retain or an indenite period a
list o email addresses to which no urther messageswould be sent.
In our view, it was important or the user who
provides the email address in the rst place to ensurethat they have obtained prior consent rom the email
address owner, their riend, or the invitation email to
be issued by Nexopia.
As well, our Oce recommended that Nexopia oernon-users a clear choice between a) unsubscribing
rom join-the-site invitation emails, or b) permanent
deletion o their email address.
Te OPC was satised with Nexopias response toour concerns about this issue.
Nexopia agreed to add text to its Find and Add
Friends eature to emphasize that users should have
non-users permission to give the website their emailaddresses.
Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act
7/29/2019 2011_pipeda_e
34/115
24
Te organization also agreed that, in the uture, non-
users who receive invitation emails will be able to
request the permanent deletion o their email address
rom Nexopias database.
Our Oce also considered the issue o deletion o
accounts.
When users clicked on an option called DeleteAccount they were advised: Tis will delete your
account, including your profle, your pictures, riends list,
messages, etc. Your orum posts, comments and messages inother users inboxes will remain.
In act, Nexopia advised us that the only inormation
deleted is the users shouts.
Other inormation was stored indefnitely. (For example,username; user ID; email address; IP address and log-
in inormation; riends list; gallery pictures; prole
contents; messages and comments; and prole photos.)
Another concern related to account deactivationand the reezing o accounts, either by Nexopia or
upon request by a user. Te personal inormation
contained in rozen user accounts remained inactive
on Nexopias servers indenitely and was not subjectto any periodic review.
Nexopia admitted it had not deleted account
inormation since 2004, either rom deleted or
rozen accounts.
It was clearly misleading to provide a Delete
Account option. Te OPC recommended that
Nexopia provide a true delete option or the accounts
and personal inormation o users.
Unortunately, Nexopia said it would not implementthis recommendation because the cost o doing so
would be prohibitively high. It also argued that the
inormation stored in the archives was only accessible
to system administrators and recovered in the event
that they received a warrant rom a law enorcementauthority.
Te OPC understood the technical challengespresented in permanently deleting users personal
inormation. However, Nexopias practice o storingindenitely all o an individuals personal inormation
was in contravention o PIPEDA.
Its clear that law enorcement authorities sometimesrequire access to inormation. Such requests or
warrants may justiy a longer retention period in
specic cases, but they do not justiy wholesale and
indenite retention oallrecords just in case there
may be a request at some point in time.
Nexopias practice o storing personal inormation in
its archives indenitely, on the small possibility it may
be the subject o a warrant rom a law enorcementagency, was thereore not acceptable.
Moreover, there are security risks inherent in
retaining vast amounts o ormer users personal
inormation, long ater it has served its original
purpose. As well, our Oce is concerned thatNexopias users are being misled into thinking they
C 2 K iss: C yo pc
7/29/2019 2011_pipeda_e
35/115
25
can delete their personal inormation at some point,
i they want to.
Tis issue remained unresolved at the end o ourinvestigation. Te OPC is proceeding to address
these unresolved issues in accordance with our
authorities under PIPEDA, which include the
option o going to Federal Court to seek to have the
recommendations enorced.
Te ull investigation report is available on our
website.
DacaeCenteModiiedWebcamMonitoingto
InceasePivacPotection
BACKGROUND
Te complainant enrolled his son at a private daycarecentre and was told that parents could pay a ee or its
webcam service to let them see their childs daycare
room in real time. Parents viewed the webcam eed via
the Internet ater entering a unique password.
Te daycare centre stated that it had instituted the
webcam service or two reasons: rst, so it could
monitor the daycare environment or security
purposes; and, second, to provide parents withassurances regarding the daycare environment.
Te centre told the OPC that approximately
60 percent o the parents o registered children
had enrolled in the webcam service.
Te complainant subsequently learned that the
webcam eed was being recorded. He notied the
daycare centre that he objected to the recording and
that he elt appropriate privacy saeguards were not
in place.
Following notication o the investigation, the centre
deleted its saved video les and modied its systems
to no longer record the video stream captured by
its webcam. Te centre also implemented a privacy
policy requiring all parents to sign a orm consentingto the webcam monitoring, regardless o whether a
parent wished to enrol in the service.
Te daycare centre acknowledged that a parent would
be able to record and send out the webcam eed asviewed on a personal computer. Upon our Oces
suggestion, the centre required parents using the
webcam service to sign a contract agreeing to not
record the webcam eed and promising to keep theassigned password condential.
WHAT WE FOUND
At issue was whether the daycare centre collected
the complainants sons personal inormation withoutconsent and ailed to adequately saeguard his sons
personal inormation.
Initially, the OPC was o the view that the daycarecentre was not in compliance with PIPEDAPrinciples 4.7 (security) and 4.3 (consent) and
subsection 5(3) (appropriate purposes) and
recommended the centre cease the webcam
monitoring program.
During the investigation, however, the centre
improved its organizational and technological
7/29/2019 2011_pipeda_e
36/115
C 2 K iss: C yo pc
7/29/2019 2011_pipeda_e
37/115
27
As well, they see that the state uses surveillance to
detect and deter anti-social behaviour, while business
uses online surveillance or commercial prot.
According to the available research, indiscriminate
surveillance on children without proper boundaries
and explanations may potentially aect:
Autonomy and social developmentWithout the reedom to experiment with making
critical and ethical choices, children could
instead make decisions based on ear and risko punishment. Tey could become less likely to
learn to regulate and direct their own behaviour.
Trust, ear and learning to assess risk
Surveillance could create an articial, risk-ree
environment where children might not be given
opportunities to develop sel condence and risk
management skills.
Digital literacy
Monitoring sotware could hamper childrens
development o digital literacy skills needed to
navigate the online world eectively.
Understanding privacy
I children are brought up in a surveillance
environment where privacy is not valued, they inturn may not value privacy. Tese children may
also not learn how to establish their own privacyboundaries and could be less likely to respect the
boundaries o others.
2.3 yOuth OutreaCh initiativeS
We have successully launched two youth
presentation packages intended to be used with
students in Grades 7-8 and Grades 9-121.
Te goal is to show young
people how technology can
aect their privacy, and how
they can build secure onlineidentities while keeping
their personal inormation
sae.
1 Secondary I to II and III to V in Quebec.
Each package includes a set o vibrant PowerPoint
slides with accompanying speaking notes to assist
teachers or other adults in providing eective andengaging presentations in schools or the community.
Presentations take about 30 minutes, but extra time or
group discussion is encouraged.
Presenters are invited to provideeedback to the OPC so the package
can be continually improved.
We have also developed a our-and-a-hal-minute video, What Can YOU Do
to Protect Your Online Rep, which
Resources forparents and teachers
What Can YOU Doto Protect Your
Online Rep - Video
7/29/2019 2011_pipeda_e
38/115
C 2 K iss: C yo pc
7/29/2019 2011_pipeda_e
39/115
29
In its paper, MNet compared Canadian digital
literacy programs with eorts rom the U.K., the U.S.,
Australia and Brazil. It ound the ollowing trends:
Youth are a prime target or digital literacy
interventions, including privacy skills. Although
adults are also vulnerable to privacy risks, they
are made a lower priority or digital literacy skills
development.
Current digital literacy interventions do not
anticipate uture risks but rather scramble tokeep up with the present.
Outside o broadly dened groups such as youth,
adults and seniors, existing programs display
little sensitivity to other actors which may aect
digital literacy, such as immigrant status or gender.
Despite the possibility o delivering digitalliteracy education exclusively online, all the
countries studied preer ace-to-ace instruction,
especially or seniors.
Based on its review, MNet made the ollowing
recommendations:
Dene privacy competencies that Canadiansneed to manage their personal inormation
online. Te suggested competencies range
rom awareness that personal inormation
is increasingly treated as a commodity to a
knowledge o privacy rights and recoursemechanisms.
Promote these privacy competencies as an
entitlement or Canadians.
Integrate issues o data protection anddemocracy in educational modules.
Focus more on adults.
Support continuing digital literacy education orall elementary and secondary students.
Prepare privacy resources which can be adaptedto many audiences.
Support Community Access Program sites as
venues or privacy education.
Promote and support existing, high-qualityresources.
Promote a national ocus on digital literacy.
Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act
7/29/2019 2011_pipeda_e
40/115
30
c
q
o2.5 COntributiOn S prOgraM prOjeCtS fOr yOuth
Over the past ew years, the OPCs Contributions
Program has unded innovative research and publiceducation initiatives that explored the relationship
between youth and privacy and promoted the
protection o personal inormation among youth. For
instance:
Te Media Awareness Network was awarded
unding in 2011-12 or its project Young
Canadians in a Wired World - Phase III.Tisproject is one o the most comprehensive
and wide-ranging studies o Internet use bychildren and teens in Canada. Phase IIIo the
project covers completion o qualitative research
previously undertaken by MNet using parent
and youth ocus groups in Calgary, oronto andMontreal, writing o the qualitative research
nal report, and developing and implementing acommunications strategy.
Also in 2011-12, Atmosphere Industries wasawarded unding or its project Gaming Privacy:
Creating a Privacy Game with Canadian Children.
Tis project proposes to work with Canadian
children to create, deploy and research a cross-
media game that engages children ages eightand up in the development o privacy literacy
skills. Cross-media games mix physical with
digital spaces and technologies to create unique
experiences that get people working together in
public spaces to solve puzzles and accomplishgame goals.
In 2009-10, OPC unded a project carried out
by the University o Guelph, titled Privacyand Disclosure on Facebook: Youth & Adults
Inormation Disclosure and Perceptions o Privacy
Risks. Itaimed to advance the understanding
o inormation sharing on Facebook by high
school students and working adults through aliterature review and a survey o 600 Canadians.
Te research ocused on actors that motivated
disclosure o inormation and the use o privacysettings as well as examining Facebook users
perception o privacy risks and knowledgeo privacy settings. Te nal report includes
recommendations to help the OPC develop
strategies or making the public aware o the
privacy risks o social networking sites and theneed to make more inormed decisions about
inormation sharing.
Te OPC looks orward to the results o
this research being applied and put to gooduse by interested end-users ocusing on the
identication and privacy needs o youth as they
navigate the modern challenges o the online
world.
7/29/2019 2011_pipeda_e
41/115
Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act
7/29/2019 2011_pipeda_e
42/115
32
o keep pace with the rapidly evolving privacy
landscape, our Oce issued guidance documents
about biometrics and online behavioural advertising
two developments spawned by new technology. Wealso strengthened our technological expertise, partly
to support OPCs role in Canadas new anti-spam
legislation, which is expected to go into eect this year.
All these developments are detailed on the ollowing
pages, which examine some o the major issues we
addressed during 2011.
3.1 finanCi al privaCy
Most people guard the details o their nances
as zealously as they guard their PINs at the sales
register or AM. A nightmare shared by everyone
would be learning that some crook is running amok
with your credit card.
Because o such sensitivity and the huge number
o transactions with Canadians, the nancial sector
has regularly accounted or the largest proportion oormal complaints accepted by the OPC. In 2012, it
also gave rise to several noteworthy investigations,
which are summarized here.
INVESTIGATIONS
CeditBueauPugesLoanHistoom
IndividuasCeditRepotithouthisKnoedge
BACKGROUND
An individual nanced the purchase o a used
vehicle through a third-party nancing company. In
nancing the purchase o his vehicle, the complainantsought a lender that reported to a national credit
bureau. He did so in the belie that a positive
repayment history might help augment his overall
credit standing.
Te complainant began repaying his car loan in July
2004. By June 2008, the complainants loan was paid
in ull.
In 2008, ollowing the repayment o his car loan, the
complainant sought to take advantage o a provincial
program which provided grants to qualied
applicants towards the purchase o a home. Tecomplainant appeared to have obtained a mortgage
7/29/2019 2011_pipeda_e
43/115
Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act
7/29/2019 2011_pipeda_e
44/115
34
o our investigation the credit bureau producedsucient evidence to demonstrate how reporting
inormation rom a severed data source might
adversely aect the integrity o its credit reports.Although the eects in this case o the purgingo loan inormation rom the complainants credit
report were such that it rendered his credit history
incomplete, we could envision just as many other
scenarios in which notpurging inormation rom
a severed data source might have led to an equallyinaccurate or incomplete credit picture.
Without continuity in the reporting relationship with
a data source, the credit bureau was unable to ensure
that the inormation in its credit reports was recent,reliable and up-to-date. Not only would the credit
bureau have been unable to report on subsequent
changes to an individuals credit report, the company
would also have been unable to veriy and investigate
inaccuracies in data reporting.
Despite the above, we were still concerned that
credit inormation was entirely purged rom the
complainants credit le, without his knowledge. Inthis case, not only was the complainant completely
unaware that his personal inormation was to be
deleted, but third parties who might have relied on
the companys credit reports or lending appeared to
have been similarly unaware o the companys policiesand practices.
At the time o our investigation, the credit bureau
did not publicly disclose its 60-day retention policy
or inormation rom severed data sources. Te
companys data retention policy stated only that: A
credit transaction will automatically purge rom thesystem six years rom the date o last activity.
Had the complainant been aware o the creditbureaus 60-day policy, he may have been in a betterposition to monitor his le and to consider placing
a narrative on his credit report. He might also have
thought to take action to obtain inormation directly
rom the severed data source in a timely manner in
order to supplement his credit record.
CONCLUsIONAs PIPEDA requires that an organization make
readily available to individuals specic inormation
about its policies and practices relating to themanagement o personal inormation, and so ar
as the credit bureau ailed to be open with the
complainant about its policy on severed data sources,
we ound the complaint to be well ounded. Te
credit bureau agreed to implement our Ocesrecommendations to address this issue.
BankPopeRedactedInomationReatedto
CeditCadFaudPobe
Te complainant alleged that a bank denied her
access to her personal inormation relating to the
banks investigation into the alleged raudulent use o
her credit card.
Te respondent bank had inormed the complainant
that her credit card would be cancelled because o
potential raudulent use o the card. Ater more than
six months dealing with the customer care centre
and ombudsmans oce o the bank, the complainant
7/29/2019 2011_pipeda_e
45/115
Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act
7/29/2019 2011_pipeda_e
46/115
36
Our Oce concluded the complaints relating to
both collection and consent with regard to the
complainants personal inormation were not well
ounded.
Regarding the retention issue, we were satised that
the legal obligation cited by the credit union or the
retention o the complainants personal inormation
or a period o seven years was reasonable.Accordingly, we concluded that the complaint was
not well ounded.
Te complaints relating to consent to the collection
o his spouses personal inormation and the use anddisclosure o her inormation were well ounded and
resolved.
TASKFORCEFORTHEPAYMENTSSYSTEM
REVIEW
Te modern payments system extends all the way
rom cash purchases at a convenience store to
multi-million dollar transers between businesses. Itincludes all the institutions, instruments and services
that support the transer o valuebetween parties,
including money, nancial instruments, and even the
exchange o inormation.
Tat landscape is being dramatically altered by
advances in the digital economy, which have
acilitated an online marketplace where payments are
being made in new and innovative ways.
In June 2010, the Minister o Finance announced the
launch o the ask Force or the Payments System
Review. In the summer o 2011, the ask Force asked
or submissions related to the transormation o the
Canadian payments system. Our Oce made a
submission on privacy and security issues which weconsidered relevant or the ask Force, or stakeholders in
the payments system environment, and or individuals.
Since payments oten involve very sensitive
inormation such as details o personal nances, theOPC submission stressed that the payments industry
needs to be aware o the challenges o dening
personal inormation in the digital age, challengesassociated with new technologies, and the potential
to re-identiy individuals. We urged a diligent eortto implement the strongest measures o privacy
protection throughout the payments system process.
We were encouraged that the ask Force hasacknowledged privacy as a guiding principle
associated with the transormation o the paymentssystem and also has incorporated privacy into its
governance ramework. Keeping this issue in mind,
we recommended that all reerences to privacy in thepayments system not only recognize this principle,
but also that the payments system be designed to
meet privacy obligations required by statute.
Te OPC recognizes that innovation in the paymentssystem helps encourage economic growth. New
and dynamic business practices and technologies
are introduced to enhance business and consumer
experiences. Yet these business and technological
innovations increasingly collect, use and disclose vastamounts o consumer personal inormation at the
C 3 t pc lsc
7/29/2019 2011_pipeda_e
47/115
37
point o payment, making it essential to ully address
privacy and security issues.
o support innovation and build a strong digitaleconomy, consumers must adopt the new practices
and technologies. Tat adoption depends on
consumer trust. Meeting obligations related to
inormation and privacy rights serves as a catalyst to
build such trust and, as a result, encourages economic
participation.
Tere is something new under the privacy sun theemerging eld o biometrics. A word unamiliar to
many just ve years ago is increasingly becoming part
o daily lie, as machines scan irises, aces, ngertips,palms and even the way people walk to conrm or
authenticate identities.
With this new technology come new privacy
concerns, which is why the OPC produced a
biometrics guidance document this year. As well, an
investigation recounted below demonstrates how
biometrics and privacy can intersect in practice.
INVESTIGATION
TesttakeObjectstoPamVeinScanning
BACKGROUND
A woman objected to having her palm scanned
beore writing a test in 2009 and to this inormation
being disclosed to an American organization.
Te owner and administrator o the test is a U.S.-
based organization. Personal inormation is collected
and used in Canada or the test by Canadian sta at
Canadian test centres, where more than 8,000 tests
were delivered in 2008.
Te test administrator authenticates test-takers withpalm-vein scanning technology by identiying the
vein patterns beneath the skin o the individualshand and then retaining the pattern in an encrypted
numerical (binary) template (a numerical key).
Te test administrator uses this technology to detect
raud and/or impersonation during tests.
3.2 biOMetriCS
7/29/2019 2011_pipeda_e
48/115
C 3 t pc lsc
A ti i t i ti th F l t th t th l i
7/29/2019 2011_pipeda_e
49/115
39
As or preventing instances o impersonation, the
test administrator reported that the companys rst
orays into palm-vein scanning detected a person
who had taken the test ve times using ve dierentidentities. It also identied 23 people who had hired
the same imposter to take the test on their behal.
In both cases, the imposters had used countereit
government-issued ID.
A Canadian test-taker tried to register at a test centre
in 2009 to write the exam or the ourth time but was
reused because the individuals palm template didnot match that rom the previous exam sitting. Te
individual has never contacted the test administratorsince.
PRIVACY sENsITIVE
In light o the test administrators recent history withauthentication methods and the various alternatives
that it has adopted over the years, its current use opalm-vein scanning does not appear to be overly
privacy invasive. Te test administrator began
looking or an alternative to its digital ngerprintidentication system in 2006, ater concerns were
voiced about ngerprinting, by students, data-
protection authorities and some test centre personnel.
Our Oce sees all biometrics as privacy invasive toa certain extent because they involve the collection
o an individuals physical characteristics. But not
all biometrics are highly privacy invasive in and o
themselves. In our view, the binary representation
o a candidates palm-vein scan, given the testadministrators current use o the technology, is not
overly sensitive personal inormation.
For example, we note that the palm-vein scans are
immediately transormed into an encrypted binary
template, the binary code is non-reversible and no
raw biometric image is retained. As well, the binarycode inormation retained rom the scan cannot
easily be interpreted by other parties or applied to
other purposes, and the binary template is stored
separately rom any other personal inormation about
the test taker. Palm-vein scanning is also considereda non-trace biometric, since latent images cannot
be let on objects, including the system used or the
scan.
DATA sTORAGE sECURITY sTANDARDs AND
RETENTION
With respect to personal inormation transmission,
retention and storage, we did not nd that the test
administrator was in contravention o its obligationsunder the Act.
Ater a site visit to a test centre, we were satised
that biometric, identication and test inormation
is encrypted or transmission and storage, and thatdata access is restricted. Te encryption algorithm
that the test administrators third-party contractor
uses is a recognized encryption standard with good
security levels or sensitive data. Further, the data
is protected by numerous high-level saeguardsat the data storage centre. Security policies were
ound to be documented and written agreements
or data protection procedures exist between the test
administrator and the third-party contractor. Te
accountability called or in PIPEDA Principle 4.1.3was thus upheld.
Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act
Te complainant also expressed concern about her privacy policy (all web links provided) On the
7/29/2019 2011_pipeda_e
50/115
40
Te complainant also expressed concern about her
personal inormation being transmitted to, as well
as retained and stored in, the U.S. In this regard, we
noted that in the test administrators InormationBulletin, the reader is clearly advised that their
inormation will be transmitted to the United States.
We thus deemed the test administrators actions to be
concurrent with PIPEDA Principle 4.8 (openness).
In 2009, this Oce issued its Guidelines or
ranserring Personal Inormation Across Borders,
which distilled key ndings rom investigations overthe years. One such nding is: PIPEDA does not
prohibit organizations in Canada rom transerringpersonal inormation to an organization in another
jurisdiction or processing.
We also deemed reasonable the test administratorsset retention period o ve years or biometric data
and test scores collected, and noted the existenceo an automated, scheduled clean-up process o
this data ater the ve years. Tus, the need to limit
use, disclosure and retention described in PIPEDAPrinciple 4.5 was respected.
CONsENT
When we retraced the steps necessary to register or
the test, we ound that individuals were adequatelyinormed that their personal inormation will be
collected and that they were notied o the purposes
or the collection.
Ninety-ve percent o registrations or the testare online, which requires checking a box to agree
to specic terms and conditions, as well as to the
privacy policy (all web links provided). On the
site, test-takers are specically reerred to the test
administrators Inormation Bulletin, a key online
document(also available by mail)thatexplains theidentication requirements to be met on the test day
and the reasons or those requirements.
Te Bulletin provides test policies and procedures,
and also the privacy policy, where more inormationcan be ound. It inorms individuals o the specic
types o personal inormation to be collected,
retained and transmitted to the U.S., data encryption,and the test administrators designated uses o this
inormation. It also orewarns test-takers that, onthe day o their exam and upon signing the rules
and agreement document, they will be providing
their consent to palm-vein scanning or raud-
detection purposes. Also on its website, the testadministrator posts other detailed inormation about
its use o test-day biometrics and also links to FAQsspecically about the test administrators use o palm-
vein recognition. Te website clearly advises that
providing a palm-vein scan to the test administratoris mandatory or all exam-takers.
CONCLUsION
Our Oce concluded that the complaint was not
well ounded.
Note: Please see Chapter 6 (In the Courts) or
another case involving the use o biometrics.
7/29/2019 2011_pipeda_e
51/115
7/29/2019 2011_pipeda_e
52/115
C 3 t pc lsc
FRIEND sUGGEsTIONs sOCIAL PLUG-INs
7/29/2019 2011_pipeda_e
53/115
43
Tree individuals led complaints with our Oce
ater receiving emails inviting them to join the
social networking site. Te invitations included so-called Friend Suggestions a list o users which,in most cases, were people the complainants knew.
Lacking any explanation about how the company
had generated these suggestions, the complainants
were concerned that the company may haveinappropriately accessed their electronic address
books.
Te investigation did not nd any evidence to suggest
that the company was accessing the complainantspersonal address books or those o their suggested
riends. Friend Suggestions were instead generated by
a complex algorithm which matched common sets o
data uploaded by users.
At the time the complaints were led, the invitationsrom the social networking site provided very little
inormation about how the companys Friend
Suggestion eature worked. During our investigation,
however, the company agreed to make changes.In particular, the company removed all Friend
Suggestions rom its initial invitation and only
provided these in subsequent reminders, allowing a
non-user to either learn more about the service orto opt out o receiving Friend Suggestions and any
urther messages rom the company.
In the case o the social plug-ins, the company
introduced a eature that would allow its users to see
content drawn rom their user proles on third-partywebsites. Buttons such as Like and Recommendappeared on third-party websites and allowed the
site users to suggest and recommend content to other
site riends. For example, a logged-in site member
visiting a news website using the companys socialplug-ins would be able to see a list o the articles
recommended by his or her riends.
Te complainant in this case was concerned about
the potential exchange o inormation between thecompany and the two-million-plus websites which
host the companys social plug-ins.
While the investigation conrmed that the company
was not sharing personal inormation with third-
party websites through the social plug-ins, how thateature operated was unclear to many Canadians.
Once again, we elt that the company could have
done a better job o educating the public and its users
on the operation o the new eature, and o ensuringthat sucient privacy protections were being built
into new product designs.
IDENTITY VERIFICATION
A urther complaint raised the issue o whether
Facebook collected more personal inormation rom
the complainant than necessary as a condition or
obtaining services. It also questioned whether the
company had provided the complainant with theopportunity to raise a challenge to the organizations
compliance with PIPEDA with the designated
7/29/2019 2011_pipeda_e
54/115
C 3 t pc lsc
On the issue o challenging compliance, the Oce In a preliminary report published in October 2010,
7/29/2019 2011_pipeda_e
55/115
45
ound that Facebook provided a web orm at the start
o its Privacy Policy that allowed users to complain
to the company regarding a privacy issue. As such,the Oce ound that the company had privacy
complaint procedures in place that were accessible
and easy to use.
Te Oce concluded that the allegations were notwell ounded.
GOOGLEREQUIREDTOADDRESSPRIVACYDEFICIENCIES
In June 2011, our Oce announced results o our
ollow-up work stemming rom an investigation into
Google Incs collection o highly sensitive data rom
unsecured wireless networks.
We reported that Google had committed toimplement remedial measures that will reduce
the risk o uture privacy violations but that
Commissioner Stoddart had also taken theunprecedented step o requesting the company
undergo an independent, third-party audit o its
privacy programs within a year and share the results
with her Oce.
Te incident involved Google Street View cars
inappropriately collecting personal inormation such
as emails, usernames, passwords, phone numbers and
addresses during 13 months tracing roadways across
Canada. Tousands o Canadians were likely aected.
we noted that Google had advised our Oce that
the incident stemmed rom an engineers initiative
and Googles lack o controls over processes to ensurethat necessary privacy protections were ollowed.
We concluded that the collection was a serious
violation o the privacy rights o Canadians and
unlawul because it did not ollow core principleso PIPEDA user knowledge and consent to the
collection o personal inormation. Details o that
investigation were published in our 2010 AnnualReport and are available on the OPC website.
Te remedial measures that Google agreed to
implement included:
signicantly augmenting privacy and securitytraining provided to all employees;
implementing a system or tracking all projects
that collect, use or store personal inormation
and or holding the engineers and managersresponsible or those projects accountable or
privacy;
requiring engineering project leaders to drat,
maintain, submit and update Privacy DesignDocuments or all projects to help ensure that
engineering and product teams assess the privacy
impact o their products and services rom
inception through launch;
7/29/2019 2011_pipeda_e
56/115
7/29/2019 2011_pipeda_e
57/115
Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act
community (web browser developers). We took the
t it t i h i t th di i d id Individuals are inormed o these purposes at or
b th ti ll ti d id d ith
7/29/2019 2011_pipeda_e
58/115
48
opportunity to weigh into the discussion and provide
a ramework, grounded in PIPEDA, or these
practices.
ONLINEBEHAVIOURALADVERTISING
GUIDANCE
In our Privacy and Online Behavioural Advertising(OBA) Guidelines, we
take the position that
the inormation involvedin OBA will generally
be considered personalinormation. We view
the purposes or OBA
as reasonable in the
circumstances, but we thinkthat OBA should not be
considered a conditiono service to access the
Internet. We note that individuals need to be
properly inormed o the practice and must provideconsent. Tat consent can be implied, providing that:
Individuals are made aware o the purposes
or the practice in a manner that is clear and
understandable the purposes must be madeobvious and cannot be buried in a privacy policy.
Organizations should be transparent about
their practices and consider how to eectively
inorm individuals o their online behavioural
advertising practices, by using a variety ocommunication methods, such as online banners,
layered approaches, and interactive tools;
beore the time o collection and provided with
inormation about the various parties involved in
online behavioural advertising;
Individuals are able to easily opt out o the
practice ideally at or beore the time the
inormation is collected;
Te opt-out takes eect immediately and is
persistent;
Te inormation collected and used is limited,
to the extent practicable, to non-sensitiveinormation (avoiding sensitive inormation such
as medical or health inormation); and
Inormation collected and used is destroyed assoon as possible or eectively de-identied.
Te guidelines also singled out a couple o practices
that we eel are problematic.
Certain types o technology have recently been
used or OBA (or example, zombie cookies) that
individuals cannot delete or prevent rom tracking
their web browsing. Te guidelines are clear that
i individuals cannot decline the tracking andtargeting because there is no viable way or them to
exert control over the technology used, or i doing
so renders the service unusable, then organizations
should not be employing that type o technology or
OBA purposes.
Privacy andOnline Behavioural
Advertising
C 3 t pc lsc
Te guidelines also note that, given the diculty
o ensuring meaningul consent rom children to
communications device, such as a cell phone,
smartphone or tablet
7/29/2019 2011_pipeda_e
59/115
49
o ensuring meaningul consent rom children to
OBA practices, organizations should avoid tracking
children and tracking on websites aimed at children.
PRIVACYPOLL
Privacy concerns about a range o new
communications technologies have risen sharplyamong Canadians over the past two years, according
to a public opinion survey commissioned by our
Oce.
Yet many people using these new technologies arestill not taking even rudimentary steps to protect
their privacy, the same survey reported.
Te telephone survey o 2,000 randomly selectedadults ound that our in 10 said that computers and
the Internet pose a risk to their privacy, up rom one-quarter (26 percent) in a similar survey just two years
ago.
Another 15 percent specically mentioned online
social networking sites something barely on the
radar in 2009 (two percent). As well, privacy concerns
about cell phones and other telecommunications
nearly quadrupled (rom three percent to 11 percent)and unease also increased concerning credit/debit
cards and banking/online banking.
Surveying in late February and early March, Harris/
Decima ound that three-quarters (74 percent) orespondents said they owned at least one mobile
smartphone or tablet.
However, only our in 10 used password locks or thedevices, or adjusted their settings to limit the sharing
o personal inormation that may be stored on the
devices.
Te 2011 Canadians and Privacy
Surveyalso ound that one-
third o Canadians use public
WiFi sites, such as those locatedat coee shops and airports,
where online communicationmay not always be protected
by encryption. O those, ully
85 percent admitted to some
concern about possible risks tothe security o their personal inormation.
An overwhelming majority avour tough sanctions
against organizations that ail to properly protect
the privacy o individuals. More than eight in 10respondents wanted to see measures such as publicly
naming oending organizations, ning them, or
taking legal action against them.
While younger Canadians aged 18 to 34 are the mostenthusiastic users o the new technology, the survey
showed they are also the most likely to use available
mechanisms to protect their privacy, suggesting
that, while young people are eager to embrace new
technology, they also care about privacy and arewilling to take steps to protect it.
2011 Canadians andPrivacy Survey
7/29/2019 2011_pipeda_e
60/115
C 3 t pc lsc
With respect to inormation sharing, the
amendments allow the Commissioner to enter intoREDUCINGTHERISKOFDATABREACHES
7/29/2019 2011_pipeda_e
61/115
5 1
amendments allow the Commissioner to enter into
arrangements with both provincial and international
counterparts to share inormation, includinginormation otherwise condential under PIPEDA,
subject to certain saeguards.
At the provincial level, our Oce has long worked
with the provincial privacy commissioners toensure a harmonized and coordinated approach to
the application o private sector privacy laws. Te
enhanced ability to share inormation will allow theOPC to work even more closely with the provincial
commissioners.
In this regard, in November, we entered into a
revised Memorandum o Understanding with the
Commissioners in British Columbia and Albertathat provides or cooperation and collaboration in
private sector privacy policy, enorcement, and publiceducation. As part o this collaboration, we review
the cases being investigated by provincial colleagues
to identiy any common issues.
Internationally, the ability to cooperate with oreign
counterparts is becoming a necessity considering
increasing transborder data fows and privacy
breaches with impacts in multiple jurisdictions.Our Oce initiated discussions about inormation
sharing and cooperation arrangements with several
oreign data protection authorities and was nearing
agreement with the Dutch and Irish as the year
ended.
In the all o 2011, the ederal government
reintroduced legislative amendments that would
make it mandatory to report certain breaches to ourOce and to the aected individuals.
Under Bill C-12, organizations would be required
to report any material breach o security saeguardsto our Oce. Tey would assess whether the breach
is material by considering actors such as the
sensitivity o the inormation involved, the numbero individuals aected and the systemic nature o the
breach.
Organizations would also be required to notiy
individuals where it is reasonable to consider in
the circumstances that there exists a real risk o
signicant harm to aected individuals, depending
on the sensitivity o the inormation and theprobability o it being misused.
While a mandatory reporting scheme would give us
a clearer picture o how many breaches are occurring,why they are occurring, and what steps should be
undertaken to reduce the risk o uture incidents,
we believe the data breach reporting provisions
contained in Bill C-12 have become out o date.
It is noteworthy that the proposed changes
beore Parliament at the end o 2011 stem rom
recommendations that were made back in 2006 and
which still have not been implemented.
Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act
Much has changed as the years have passed. Data
breach reporting provisions contained in the
Te rst review began in 2006. Bill C-12, which
proposes amendments to PIPEDA resulting rom
7/29/2019 2011_pipeda_e
62/115
52
p g p
proposed legislation were a good rst step or
promoting accountability and transparency, but moreis clearly needed now.
In recent years, we have seen very serious, large-scale
data breaches. Data breach notication, in itsel,
may not be sucient to create the kind o incentivesnecessary to ensure that organizations take security
issues more seriously in the current environment.
Many other countries are taking a harder line on
breaches. For example, the United States has beena leader in this area and virtually all states have data
breach laws. Meanwhile, a European Commission
Regulation proposed in early 2012 included data
breach provisions and very signicant ning powersor European data protection authorities.
Commissioner Stoddart has encouraged the ederal
government to explore strengthened enorcement
options that would create stronger incentives ororganizations to ensure personal inormation is
adequately protected.
PIPEDAREVIEW
PIPEDA, which was designed to be a principle-
based and technologically neutral legislation, became
law in 2001 and requires a Parliamentary review
every ve years.
p p g
that rst review, was introduced in the House o
Commons in September 2011. It replaced the earlierBill C-29, which died on the Order Paper ollowing
the dissolution o Parliament on March 26, 2011.
Parliament had not issued a ormal call or a
second review by the end o 2011. Nonetheless, weare currently examining how the law and current
practices should evolve to best serve Canadians in the
ace o modern privacy challenges.
Te next review will be an opportunity to examinewhether PIPEDA remains suciently fexible and
eective in responding to privacy challenges created
by rapidly evolving technology.
Our position on whether and how PIPEDA needs to
evolve to address these new and emerging challengeswill be inormed by our refections on three key
themes: 1) appropriate enorcement mechanisms
and incentives to ensure compliance with the Act;2) gateway concepts, such as personal inormation
and commercial activity, which directly infuence
the scope o application o PIPEDA; and 3)
innovative approaches or organizations to assume
and demonstrate accountability or their personalinormation management practices.
7/29/2019 2011_pipeda_e
63/115
7/29/2019 2011_pipeda_e
64/115
C 4 M Cocs o Cs
4.4 COMplaintS by induStry SeCtOr
7/29/2019 2011_pipeda_e
65/115
55
Complaints related to the nancial sector continued
to account or the largest proportion o ormalcomplaints we accepted, roughly one in ve.
Our experience is that nancial institutions have
among the best-developed privacy policies and
practices, although we continue to identiy someareas o concern through our investigations. Te
explanation or the consistent high placement
appears to lie in the size o the nancial sector andthe huge number o transactions conducted with
individual Canadians.
Complaints in the transportation sector jumped this
year compared to previous years, doubling historical
norms to become the second largest sector. Just over
hal o these complaints related to access issues. Itisnt clear why we have seen this increase, which has
been noted across all transportation sub sectors. We
intend to observe this potential trend closely over the
next year or possible implications.
Meanwhile, complaints in the insurance sector
(previously one o the top three sectors) have
declined over the last two years.
Tis could be because in the last couple o years wehave seen an increase in clarity and awareness o
privacy rules in the insurance sector.
MajorSectorsTargetedinCompaints
Sector 2011 2010 2009
Financial 22% 22% 24%
Transportation 12% 6% 6%
Telecommunications 11% 9% 18%*
Services 10% 17% 4%
Insurance 9% 13% 18%
*Prior to 2010, elecommunications included Internet complaints, which are now a separate category.
Note: Statistics and denitions or all industry sectors can be ound in Appendix 2.
Annual Report to Parliament 2011 Report on thePersonal Information Protection and Electronic Documents Act
4.5 typeS Of COMplaintS reCeived
T d di l l i i l i i i i l hi
7/29/2019 2011_pipeda_e
66/115
56
Te use and disclosure o personal inormation,
access to personal inormation, and collection opersonal inormation were once again the top three
issues raised in complaints to our Oce.
In addition, we noticed that the proportion o
complaints about corrections to, or notations on,
personal inormation rose signicantly this year
to ve percent o all ormal complaints accepted(compared to one percent or less in previous years).
Tis could be linked to increased awareness by
Canadians o how their personal inormation is
collected and used and awareness o their rights to
see and correct these records.
Top3TypesoCompaintsReceivedintheast3years
Type of complaint 2011 2010 2009Use and disclosure: Complaintsinvolvingallegationsthatpersonalinormationwasinappropriatelyusedordisclosedwithoutconsentorpurposesotherthanthoseorwhichitwascollected
32% 27% 26%
Access: Complaintsaboutdicultiesgainingaccesstopersonalinormation
26% 24% 28%
Collection:Complaintsinvolvingtheunnecessarycollectionopersonalinormationorpersonalinormationcollected
unairlyorunlawullysuchaswithoutproperconsent
20% 16% 14%
4.6 early reSOlutiO n
We have an early resolution process with designated
Early Resolution Ocers. Tis allows us to better
serve Canadians by addressing complaints quickly,
with a less ormal approach than our ocialcomplaint investigation process.
When we receive a written complaint where there
is a high likelihood that the issue could be resolved
quickly, the Intake Unit reers the case to an EarlyResolution Ocer.
Te Early Resolution Ocer works with both the
complainant and the respondent organization to
resolve a complaint.
Te early resolution process has been very successul.
In some cases, an issue that would have taken months
to resolve through the ocial complaint investigation
process is now concluded in days. We have received
very positive eedback on the early resolution processrom both complainants and organizations.
C 4 M Cocs o Cs
EARLYRESOLUTIONCOMPLAINTS
I 2011 l t d 125 l l ti
In addition, we are also maintaining an extremely
high rate o successul resolution more than 90
t
7/29/2019 2011_pipeda_e
67/115
57
In 2011, we completed 125 early resolution cases.
As illustrated in the detailed statistics in Appendix
2, we were able to reach a satisactory conclusion in116 o these cases. Te remaining nine cases were
transerred or ormal investigation.
o continue to improve the timeliness andeectiveness o our service to Canadians, we have
signicantly increased the number o complaints
handled through this process almost hal o ormalcomplaints, up rom about a quarter in 2010.
Despite this increase in volume, we are still
maintaining last years improvements in timeliness o
resolution o these complaints. In 2011, complaints
resolved through early resolution were completed in
an average o two months rom complaint acceptance,
compared with 14 months or ull investigations.
percent.
Te early resolution process will continue to be an
important tool or quickly and eectively addressing