BC – PrivaSecTech https://privasectech.com/ Wed, 13 Nov 2019 18:33:32 +0000 en-US hourly 1 https://wordpress.org/?v=5.4.2 What information can my organization collect from a person under BC PIPA? https://privasectech.com/what-information-can-my-organization-collect-from-a-person-under-bc-pipa/ https://privasectech.com/what-information-can-my-organization-collect-from-a-person-under-bc-pipa/#respond Mon, 13 May 2013 23:23:34 +0000 http://privasectech.com/?p=406 Continue reading What information can my organization collect from a person under BC PIPA?]]> If you’ve ever wondered, “What information can my organization collect from a person according to British Columbia’s Personal Information and Protection Act privacy law?” don’t miss the second event in the Lunch and Learn series, May 22. I’ll be hosting a free online video conferencing event to talk about PIPA’s consent section, and we’ll finish with a Q&A.

The presentation will be an estimated 20 minutes, with at least 10 minutes available to answer any questions you have on B.C’s consent requirements. Feel free to join, and drop off the call at your convenience.

A few of the questions I’ve been asked already:

  • Can I collect email addresses from business cards to add to an email list?
  • Do I need the person’s consent to subscribe them to my newsletter?
  • Is verbal consent the same as written consent as digital/online consent?

If you’re interested in joining us, sign up here. If you have any questions in advance about consent and BC PIPA, let me know and I’ll add them to the above list.

You can find out if BC PIPA applies to you by reviewing the slides from the last presentation.

I’m also looking for future topic ideas, so let me know if you have any!

https://privasectech.com/what-information-can-my-organization-collect-from-a-person-under-bc-pipa/feed/ 0
Wanna put your friends, or enemies, under surveillance? https://privasectech.com/wanna-put-your-friends-or-enemies-under-surveillance/ Tue, 30 Aug 2011 21:22:25 +0000 http://privasectech.com/?p=182 Continue reading Wanna put your friends, or enemies, under surveillance?]]> In an overwhelming scary move, the Vancouver Police Department and the Integrated Riot Squad have just launched a Vancouver riot tell-on-your-friends website. I’m not sure who in their right mind could think this is a good idea, but clearly no one that understands information security, personal privacy or civil liberties. The potential for abuse and false positives are staggering.

British Columbia’s new health care card another waste of resources? https://privasectech.com/british-columbias-new-health-care-card-another-waste-of-resources/ Thu, 19 May 2011 22:34:41 +0000 http://privasectech.com/?p=128 Continue reading British Columbia’s new health care card another waste of resources?]]>

It was announced a few minutes ago that British Columbia hopes to roll out new Care cards (health cards). The government press release states the new card has anti-forgery features, identity proofing, a security chip and will require a recent photograph, updated every 5 years, to be eligible for publicly paid health care services.

Time to put my critical thinking hat on;

  • anti-forgery and identity proofing sound good, but I see no evidence this actually exists other than in the press release.
  • it was announced by my friend Andrea at CanSecWest in Vancouver back in March that chip and pin technology is not only broken, magnetic stripe skimmers are at least surface visible. So what exactly are these new security features that are worth deploying province wide at this time?

A few questions I have of the government proposing this new change:

  • What is the current fraud cost, vs the cost to deploy this new system as well as what are the operational costs moving forward?
  • What security research has been done on the new proposed technology that is not already broken? I’m not aware of any information security research organization standing behind this proposed technology.
  • Are you concerned this new process may only increase the risk of less short-term health services to marginalized people who don’t, or can’t renew, increasing our long-term health care costs as a result?

If the technology is proven secure and cost effective, we will stand behind it, but from here it sounds like snake oil.

UPDATE: In only a few hours, the estimated costs have increased from $10M to $125-150M! As there is no liability for that number to be accurate, see quotes pre and post Olympics for example, it’s not hard to forsee this project leap to the $1B mark, especially when you consider operational costs to maintain this system.