Getting Fired for Privacy Violations: The New Normal?

I never thought I’d ever mention Kim Kardashian in a blog post but, surprisingly, I find myself doing so in the context of a privacy breach. The “human element” in privacy violations – whether by error or omission in conduct or a willful or deliberate act – plagues organizations subject to breach notification requirements. Leaving aside […]

Canada & The PATRIOT Act: Get Over It

It is somewhat fitting that Halloween and the anniversary of the enactment of the PATRIOT Act are close together. In Canada, the latter, which turned 10 last week, has come to embody fear about government access to personal information.  The troubling part is that this fear may needlessly complicate life for everyone in this country.

Securities, Security & Transparency

A “tipping point” is the culmination of small events that cause a significant change. Malcolm Gladwell tells us it comes from the world of epidemiology: that point in time in an epidemic where a virus reaches critical mass. Have we now seen the tipping point where business takes cybersecurity far more seriously than ever before?

The Continuing Travails of Digital Identities

I was asked the other day if I thought identity issues were any different from when I dealt with them at TBS some 10 years ago. I paused, thought about it, hummed a bit, thinking of the intervening work done — Oasis (SAML), Liberty Alliance, WS-* — and finally said I didn’t think so. The […]

Trusting Medical Researchers with PHI

The subject of medical research and personal information protection can quickly become a quagmire. Even raising the subject risks one being tagged as a Grinch-like character who surely must drown kittens and tell those young cancer-stricken children appearing in telethons that there’s no Santa Claus. The win-win scenario is de-identified information with good security around […]

“Your Word Is Your Bond”

“Your word is your bond.” It’s a phrase that draws its origins from the Third Commandment and demands a high degree of integrity. However, substitute “password” for “word” and “security” for “bond”, and the story is very different in the world of online authentication.

The Cloud, Security & Standards

For better or worse, the cloud can be seen as a “game-changer” in how we store and process information. While the placement of intellectual property, business confidential or personal information in the Cloud raises security concerns, it does offer benefits. In other words, it’s coming – whether we like it or not.

Privacy Weather: Cloudy with Complications

While in San Francisco for the ABA annual meeting earlier this month, I had lunch with John Tomaszewski, the General Counsel of TRUSTe. At the end of a very good conversation on privacy, security and identity, I couldn’t help but think that Cloud computing, as it actually is supposed to work, raises a lot of […]

Lawyers, Ethics, Security & The Cloud

The regulatory bodies governing lawyers have long recognized the benefits and the risks of information technology in modern legal practices.  However, with “Cloud computing” seemingly (and finally) “catching on”, one can’t help but wonder when the ethical guidance provided lawyers will be amended to address its possible use by the legal community in Canada. 

Governance: Is Ontario Ready for an EHR?

Imagine building a house without wiring it for electricity. Despite good intentions, millions of dollars, years of effort and, probably matching the historical norm of any visionary undertaking, a scandal or two, Ontario does not yet have an electronic health record (“EHR”). Despite some success with building networks and applications to support an EHR, the […]

« Previous Entries