British Columbia – PrivaSecTech Wed, 13 Nov 2019 18:33:57 +0000 en-US hourly 1 What information can my organization collect from a person under BC PIPA? Mon, 13 May 2013 23:23:34 +0000 Continue reading What information can my organization collect from a person under BC PIPA?]]> If you’ve ever wondered, “What information can my organization collect from a person according to British Columbia’s Personal Information and Protection Act privacy law?” don’t miss the second event in the Lunch and Learn series, May 22. I’ll be hosting a free online video conferencing event to talk about PIPA’s consent section, and we’ll finish with a Q&A.

The presentation will be an estimated 20 minutes, with at least 10 minutes available to answer any questions you have on B.C’s consent requirements. Feel free to join, and drop off the call at your convenience.

A few of the questions I’ve been asked already:

  • Can I collect email addresses from business cards to add to an email list?
  • Do I need the person’s consent to subscribe them to my newsletter?
  • Is verbal consent the same as written consent as digital/online consent?

If you’re interested in joining us, sign up here. If you have any questions in advance about consent and BC PIPA, let me know and I’ll add them to the above list.

You can find out if BC PIPA applies to you by reviewing the slides from the last presentation.

I’m also looking for future topic ideas, so let me know if you have any!

]]> 0
Bill-3: Amendments to B.C. FIPPA to remove more of citizen’s privacy Wed, 26 Oct 2011 18:55:37 +0000 Continue reading Bill-3: Amendments to B.C. FIPPA to remove more of citizen’s privacy]]> If you’re a citizen of British Columbia and concerned about the government’s handling of your personal information, you probably want to read Bill-3 (full text of the proposed amendments) which has already passed second reading in the BC provincial legislature. These are proposed amendments to the Freedom of Information and and Protection of Privacy Act.

What they want to do is remove accountability for which Ministry is responsible for the data, instead, they’re hoping to build a monster database, which they call Integrated Case Management (ICM), and allow effectively anyone in government to read your personal information. As an investigator for breaches in British Columbia, it’s probably a good time to remind you that most breaches are not from hackers on the outside, but inside employees abusing the access they have. This puts your personally identifiable information at an exponentially greater risk. In fact, there would be nothing stopping them from also sharing this data with “partner” organizations, which include private companies, and/or foreign governments.

This is the most important bill this year in British Columbia regarding your personal information, be sure to share your concerns with your MLA!

EDIT: It’s a done deal, as of October 25, 2011, this bill passed third reading.  (watch the 3rd reading video, or read the transcript)

What info does Facebook have on me? Thu, 29 Sep 2011 15:45:08 +0000 Continue reading What info does Facebook have on me?]]> After the F8 conference, there is even more concern than before about what personal information Facebook has on an individual. I was sent Facebook’s personal data request form which I was told was created specifically for people in the EU. It made me think that the same request could be made under PIPEDA which is a Canadian law that gives individuals the right to expect the personal information an organization holds about them to be accurate, complete and up-to-date, and what better way to ensure this than to have the data to verify against.

As an aside, for those also in British Columbia, there is PIPA which states you have the right to:

  • request corrections to your personal information
  • request access to your personal information

PIPA provisions that consent must be garnered for collection of personal information; once you receive this data they have on you, did you consent to it? It’s also worth nothing that they give 40 days as a turn around time, but my understanding is under Canadian legislation they must respond within 30 days.

Interested? Fill out the form here, referencing PIPEDA and/or PIPA depending on your jurisdiction.

British Columbia’s new health care card another waste of resources? Thu, 19 May 2011 22:34:41 +0000 Continue reading British Columbia’s new health care card another waste of resources?]]>

It was announced a few minutes ago that British Columbia hopes to roll out new Care cards (health cards). The government press release states the new card has anti-forgery features, identity proofing, a security chip and will require a recent photograph, updated every 5 years, to be eligible for publicly paid health care services.

Time to put my critical thinking hat on;

  • anti-forgery and identity proofing sound good, but I see no evidence this actually exists other than in the press release.
  • it was announced by my friend Andrea at CanSecWest in Vancouver back in March that chip and pin technology is not only broken, magnetic stripe skimmers are at least surface visible. So what exactly are these new security features that are worth deploying province wide at this time?

A few questions I have of the government proposing this new change:

  • What is the current fraud cost, vs the cost to deploy this new system as well as what are the operational costs moving forward?
  • What security research has been done on the new proposed technology that is not already broken? I’m not aware of any information security research organization standing behind this proposed technology.
  • Are you concerned this new process may only increase the risk of less short-term health services to marginalized people who don’t, or can’t renew, increasing our long-term health care costs as a result?

If the technology is proven secure and cost effective, we will stand behind it, but from here it sounds like snake oil.

UPDATE: In only a few hours, the estimated costs have increased from $10M to $125-150M! As there is no liability for that number to be accurate, see quotes pre and post Olympics for example, it’s not hard to forsee this project leap to the $1B mark, especially when you consider operational costs to maintain this system.