That’s my Slaw post for today.  It reads as follows:

Conventional wisdom is that law firm web sites should contain a list of major deals the firm has worked on. I’ve always thought that was wrong – but didn’t really understand why until this morning.

I attended a TechAlliance breakfast club seminar where Nick Hall of Hall Associates ( @hallassociates ) spoke about Brand Promise.

One of the examples he used was a hairdresser. The brand experience a good hairdresser provides is confidence – not a haircut. Confidence that the hairdresser uses her/his expertise to make the customer look and thus feel good. That results in loyal customers who will come back and refer others.

If it was just about experience, a hairdresser would line their walls with bags of hair they had cut.

Law firm web sites listing all the deals they have done is like displaying bags of hair.

For the London Free Press – November 9, 2009

Read this on Canoe

PRIVACY: Sixty-five incidents were reported in 2008, leaving personal information exposed for all to see

Federal Privacy Commissioner Jennifer Stoddart recently released her annual report to Parliament on PIPEDA, the private-sector privacy law.

While her comments on social networking were highlighted and widely reported by the media, the report contained some other interesting trends that have not been as widely discussed.

One of the most notable developments related to the increasing regularity with which personal information is being released without the knowledge or consent of individuals.

Last year’s Personal Information Protection and Electronic Documents Act (PIPEDA) annual report called 2007 the year of the data breach. A data breach is an incident involving loss of, unauthorized access to, or disclosure of personal information as a result of a breach of an organization’s security safeguards.

The number of reported data breaches has been on the rise in recent years, from 23 in 2006, to 48 in 2007, to 65 reported incidents in 2008. These breaches can leave personal information exposed for anyone to see.

For instance, in 2006, a large financial institution sent a portable computer disk drive containing electronic files of nearly half a million customers from one office branch to another. The parcel arrived as intended but the disk drive had been removed.

The disk drive has never been found and it’s unclear what happened to the missing data. The incident prompted Stoddart to launch an investigation into data encryption and supervision in data transfer.

The unanswered question in the report is whether there are more data breaches today or if they are just being more frequently reported.

Stoddart notes that her office has been encouraging organizations to report breaches to develop a better understanding of why violations occur and how they can be prevented.

The report breaks data breaches into four types: Unauthorized access, accidental disclosure, theft and loss.

Unauthorized access is the most common. This is when someone accesses personal information without authority to do so. This is often a rogue employee motivated by fraud.

Accidental disclosure is usually the result of human error. In these cases, employees have unintentionally shared data through mailing foul-ups, improper destruction and disposal, online disclosure, e-mailing errors or errant faxing.

Theft and loss are involved in a little less than a quarter of all data breach incidents. This involves information being stolen from vehicles, offices and courier mailbags.

The report identifies these steps that organizations should consider the following issues to reduce the risk of data breaches:

- Ensure personal information is accessible only on a “need to know” basis.

- Administrative procedures, including destruction and disposal practices.

- Third-party service provider capacity to protect personal information.

- Security and procedures related to employees taking data out of the office.

Each of these should be carefully considered by businesses dealing with sensitive data. A data breach can result in both privacy complaints and significant damage to the reputation of the business.

I just realized that I have been writing this blog for just over 5 years.   At one of the sessions at yesterday’s Dig conference, a speaker referred to a game that came out in 2004 as if it was from the stone age.  Amusing – but illustrates how quickly things are changing.   If anyone doubts that, take a look at this Socialnomics video that I referred to a few weeks ago.

The 2nd annual Digital Interactive Gaming conference was a great success.  Harrison Pensa was pleased to be a sponsor of this event, which attracted over 700 people. 

It featured speakers from many Canadian gaming companies, industry specialists, and post-secondary education.

The conference highlighted just how sophisticated and experienced the London gaming industry is.    For a flavour of the event, take a look at the twitter feed #dig09.

Kudos to the LEDC for a great job pulling it together.   We look forward to Dig10.

That’s the title of my Slaw post for today.  It reads as follows:

A CBS news article says that blueprints of Obama’s helicopter were found on a computer in Tehran. How did it get there?

Seems that a defense contractor legitimately had the documents. An employee saved it on her home PC. That home PC contained, like many do, file sharing software. But that employee did not realize that the file sharing software was configured to share the folder it was put in.

In other words, if anyone anywhere using that file sharing software/network did a search, they could find and download that document.

This danger is not new – but its a good reminder for law firms to be vigilant about where confidential and client documents are stored – even temporarily. Its not unusual for those within law firms to work from home occasionally.

All file sharing software should be set to either not share anything, or to share only files contained in specified folders that one purposely decides to share.

Digital Video Recorders have been attacked by many in the entertainment industry as being harmful to TV ratings and advertisers.   Just like VCR’s were supposed to ruin the video industry.  In general, the entertainment industry historically has tended to fear and fight every new technological development.

Turns out that the reality is that DVRs actually add significantly to live ratings, and have helped some otherwise marginal shows become hits.

From the New York Times:

…television network executives have fallen in love with a former tormentor: the digital video recorder.

The reason is not simply that more households own DVRs — 33 percent compared with 28 percent at this point in 2008 — helping some marginal shows become hits. It is also that more people seem content to sit through the commercials than networks once thought.

These factors combined mean DVR ratings now add significantly to live ratings and thus to ad revenue.

Also see commentary by the EFF, and Cory Doctorow of Boing Boing.

For the London Free Press – November 2, 2009

Read this on Canoe

INTERNET: ICANN regulates the basic functions of the Internet, most notably, the assignment of domain names

ICANN, the body that controls the Internet, is now subject to more worldwide control and less control by Washington.

The Internet Corporation for Assigned Names and Numbers is the U.S.-based non-profit organization responsible for the global co-ordination of the Internet’s addressing system.

ICANN regulates the basic functions of the Internet, most notably, the assignment of domain names. Its principles include: Internet stability, competition, private “bottom-up” co-ordination, and representation.

ICANN was originally created and run by the U.S. government. Not surprisingly, that control was heavily criticized as the Internet became a global phenomenon.

Many countries criticized the U.S.-based agency as having too much influence over the Internet, a system used by hundreds of millions around the globe.

Additional international issues arose, such as the language of domain names and problems associated with non-English characters and multilingualism.

The U.S. maintained its control, however, until this year.

Under pressure from Europea regulators and other international critics, Washington announced an agreement between the U.S. National Telecommunications and Information Administration (NTIA) and ICANN Sept. 30.

The deal completes the transition process by which ICANN will become a multi-stakeholder, private sector-led corporation.

“This framework puts the public interest front and centre, and it establishes processes for stakeholders around the world to review ICANN’s performance,” NTIA administrator Lawrence E. Strickling said.

The agreement has ensured a broader role for international governments in ICANN’s operation through establishment of advisory panels. These panels, made up of government and private-sector representatives from various places around the world, will review ICANN decisions to ensure they’re made openly and reflect the public interest. The aim is to ensure that ICANN is successful, accountable, and transparent.

Each advisory panel will consist of representatives chosen by ICANN leaders and its advisory committee of government officials. The U.S. Commerce Department has only one guaranteed seat on the panels, with the majority of members coming from international governments. ICANN will remain U.S.-based, with head office in Marina del Ray, Calif., but offices will continue to be instituted globally.

Washington, however, has not relinquished all control. Panel recommendations will not be binding on ICANN. And the U.S. Commerce Department will retain control over most domain name administration issues. So the issue of control over ICANN is unlikely to die soon.

Hopefully, the advisory panels will be functional and their advice will be followed. That would go a long way to boosting international comfort with ICANN, and U.S. comfort with looser control over ICANN.