The Canadian Federal law An Act respecting the mandatory reporting of Internet child pornography by persons who provide an Internet service came into force on Dec 8.  (Even though the regulations under the act won’t be published until next week.)

The Act requires those providing an “Internet Service” to report to either the police, or to Cybertip.ca depending on the circumstances, any child pornography they become aware of on the net, or if anyone is using their service to commit child pornography offences under the Criminal Code. 

They don’t have to look for it, but if they become aware of it, and don’t report it, it is an offense subject to significant fines.

It is noteworthy that the law applies to more than just what we would consider ISP’s.  It applies to anyone “providing Internet access, Internet content hosting or electronic mail” to the public.

So that would include anyone providing open wi-fi to the public, such as a coffee shop or municipality.  If you provide any kind of public access to the internet, you need to understand your obligations under this law.

That’s the title of my Slaw post for today.  It reads as follows.

Ann Cavoukian – the Ontario Privacy Commissioner – has written an excellent op-ed in the Financial Post entitled Beware of ‘Surveillance by Design’.

It starts off with:

I feel the need to raise a growing concern regarding the lack of understanding of a key privacy issue – the ease of data linkages in an ever-increasing online world.

In this day and age of 24/7 online expanded connectivity and immediate access to digitized information, new analytic tools and algorithms now make it possible, not only to link a number with a name, but also to combine information from multiple sources, ultimately creating an accurate profile of a personally identifiable individual.

The Commissioner weighs in on the controversial Alberta Leon’s case that decided license plates are not personal information – which differs from other provinces.

She also expresses her concerns about the pending federal “lawful access” laws, saying that:

In my view, this represents a looming system of “surveillance by design,” that should concern us all in a free and democratic society.

For the London Free Press – December 12, 2011 – Read this on Canoe

If you are looking for a gift to buy someone who seems to have or want the latest tech products, here are some suggestions.

If they have an iPhone or iPad, get a gift card to the Apple app store. The recipient will be able to choose from a long list of items, ranging from music and apps to car mounts.

Many accessories are available for smartphones and tablets. For someone who is partial to classic arcade video games, such as Missile Command, ThinkGeek sells the iCade Arcade Cabinet that turns an iPad into a table top arcade game complete with joystick and buttons.

For the musically inclined, an external microphone to use with the GarageBand iPad app might be appreciated. Or an Amplitude iRig to plug a guitar into an iPad or iPhone to turn it into a mobile amplifier/effects studio.

Smartphone cameras are getting so good that they can replace point and shoot cameras. Adapters are available, such as the Glif for an iPhone, that will mount a smartphone to a tripod just like a real camera.

Some day using your cell phone as your credit card will seem as normal as using a debit card today. Smartphones are becoming equipped with technology called near-field communications, or NFC, that will allow the phone to act as a digital wallet. All one has to do is to hold the phone near a card reader. NFC and digital wallets have been in trials for several years.

But we don’t have to wait for NFC. You can, for example, get a Starbucks gift card that can be used by a smartphone app to pay for your Starbucks purchase.

Smartphones and tablets are all controlled by touch. The screens are capacitive, meaning that your fingers have to actually touch the screen to work it. That’s fine until you want to use it with gloves on in the cold. But there is a solution to that. You can buy gloves made with conductive fibres that work with touch screens. Or Twittens brand gloves that let you expose you thumb and forefinger to operate a phone or camera.

If you are buying for the adventurous sort, consider a GoPro HD Hero video camera. It comes with mounts to attach it to a helmet, wing, surfboard, bike or pretty much anything.

High-definition video content is available online from various sources, or might reside in files on one’s computer. Much better, though, to watch it on a big screen TV than a small computer screen.

There are many ways to stream content to a TV from Internet-based services or a computer. Depending on what the individual’s technology of choice is, options include Apple TV, Roku (which you may have to import from the U.S. until sometime in 2012), or even an Xbox. Some Blu-Ray players also include this ability.

If price is no object, check out the “Expensive Gifts” category at blastr.com. The rocket belt, or the working TRON light cycle would no doubt be appreciated.

That’s the title of my Slaw post for today.  It reads as follows.

Several amendments are proposed to PIPEDA, (Bill C-12) the federal private sector privacy legislation. It is sitting now at first reading stage, and we are not yet sure how long it will be before it is passed.

This post summarizes an IT.Can teleconference on the subject presented today by David Fraser of McInnes Cooper and Lisa Lifshitz of Gowling Lafleur Henderson LLP.

The definition of personal information has been changed slightly. It is now simply defined as: “information about an identifiable individual”. Along with that comes a new definition of “business contact information”, which expands the “business card” exception that does not now include e-mail address. It also adds a requirement that the reason for the use or disclosure of business contact information be “in relation to their employment, business or profession”.

A new section 6.1 clarifies “valid consent” in terms of the need for the individual to understand what they are consenting to – including the nature, purpose and consequences. This may lead to some practical challenges in how to communicate that effectively – particularly “consequences”.

It will add mandatory breach notifications in certain situations, the provisions for which are very detailed.

Material breaches of “security safeguards” must be reported to the Privacy Commissioner.

Notifications must be made to individuals involved if the breach could lead to a “real risk of significant harm to the individual”.

There is also a 3^rd possible notification to a third party organization if that organization could reduce the risk of harm. It is unclear who that might be.

It adds a business transactions exemption, which is long overdue. Most practitioners have proceeded as if these amendments were already there.

It includes a broad definition of “business transaction” (business sale, merger, financing…), and allows personal information to be transferred without consent, provided that certain safeguards are complied with. These rules do not apply if the primary purpose of the transaction is the disposition of the personal information. If that is the case (such as the sale of a customer list), then the basic PIPEDA requirements come into play.

PIPEDA has the concept that information can be given to “investigative bodies” as approved by regulation. That concept will be removed, and replaced with a more flexible arrangement that allows disclosure to another organization if “necessary” to investigate a breach of an agreement or law, or to prevent, detect or suppress fraud.