First Reference Talks » IT, Privacy and Security

Archive for the ‘IT, Privacy and Security’ Category

Slaw: Internet child pornography reporting regulations

Thursday, January 12th, 2012

On December 6, 2011, the Internet Child Pornography Reporting Regulations were registered in the Canada Gazette and came into force. The goal of the regulations is to establish a framework necessary to implement the mechanics for the designated organizations receiving reports and service providers who report to discharge their duties under An Act respecting the mandatory reporting of Internet child pornography by persons who provide an Internet service.

Read the rest of this post »

Tags: Act respecting the mandatory reporting of Internet child pornography by persons who provide an Internet service, Canadian Centre for Child Protection, Criminal law, employment law, Internet Child Pornography Reporting Regulations, Internet Service Providers, online sexual exploitation, reporting obligations, secure online system
Posted in Employee Relations, Human Resources, Internal Controls, IT, Privacy and Security | Make a Comment »

Year-end round-up

Tuesday, January 10th, 2012

Like most of you, I’m sure, I was extra busy before Christmas last year, and to top it all off, I got sick and had to leave some things unfinished. So I couldn’t bring you this brief round-up of things that happened in the last three months of 2011, much of which has to do with technology and how employers will use it to interact with employees and customers. But it’s a new year and I’ve recovered from my illness and my holidays, so without further ado…

Read the rest of this post »

Tags: Anti-spam bill, Canadian anti-spam legislation, cloud computing, copyright, Copyright Modernization Act, ECPA, facebook, Facebook comments as evidence, Facebook evidence, FISA, just cause to quit, no reasonable alternative to leaving the employment, online sales, online targeting, online tracking, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, profiling, public disclosure, social media, social networking, workplace conflict, Workplace Injury Tribunal
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

Slaw: Mandatory reporting of Internet child pornography by persons who provide an Internet service now law

Thursday, December 22nd, 2011

On December 8, 2011, the federal Act respecting the mandatory reporting of Internet child pornography by persons who provide an Internet service (formerly Bill C-22) came into force. The new legislation aims to protect children from online sexual exploitation, by requiring suppliers of Internet services to the public to:

Read the rest of this post »

Tags: child pornography, criminal code, Cybertip.ca, employment law, Internet child pornography, Internet service, ISP, Mandatory reporting, persons who provide an Internet service, suppliers of Internet services, The Canadian Centre for Child Protection, to protect children from online sexual exploitation
Posted in Employee Relations, Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

IT compliance dictionary – yes!

Monday, December 19th, 2011

Maybe this will help directors get up to speed on IT. If you want to know the meanings of tech terms like WEP, WPA, kernel,malware, trojan, sniffing, MIME, deployment strategy, server,implementation and just about any other IT term you can think of, then check it out.

Read the rest of this post »

Tags: compliance dictionary, harmonized controls, IT compliance, jargon, Network Frontiers, Unified Compliance Framework
Posted in Internal Controls, IT, Privacy and Security | 4 Comments »

Is it time for directors to take responsibility for IT governance and strategy?

Monday, December 19th, 2011

The International Organization for Standardization (ISO) thinks so. It has developed ISO 38500 to complement COBIT and ITIL, comparing the standards to the roof, walls and foundation of a house…

Read the rest of this post »

Tags: beyond compliance, business strategy, COBIT, information technology, International Organization for Standardization, ISO, ISO 38500, IT governance, IT priorities, IT strategy, ITIL, strategy review
Posted in Internal Controls, IT, Privacy and Security | Make a Comment »

Laws not enough to stop fraud

Monday, December 5th, 2011

A recent US survey finds that “Business losses due to fraud increased 20% in the last 12 months, from $1.4 million to $1.7 million per billion dollars of sales. … 88% of the respondents reported being victims of corporate fraud over the past 12 months.” Does this worry you?

Read the rest of this post »

Tags: business fraud, corporate malfeasance, embezzlement, fraud, fraud-prevention controls, information theft, preventing fraud, risk management
Posted in Finance and Accounting, Internal Controls, IT, Privacy and Security | Make a Comment »

Canada’s anti-spam law: it’s getting closer every day

Monday, November 28th, 2011

The latest info from Industry Canada has the new anti-spam legislation coming into force in early 2012. The consultation period is over, and the government will now finalize the regulations that organizations will have to follow.

Read the rest of this post »

Tags: Anti-spam bill, anti-spam regulations, CAN-SPAM Act, Canadian anti-spam legislation, CASL, commercial electronic messages, electronic commerce, Electronic Commerce Protection Act, email addresses, email lists, Fighting Internet and Wireless Spam Act, FISA, marketing, privacy policy, spam
Posted in Internal Controls, IT, Privacy and Security | Make a Comment »

Can customers be encouraged to read privacy policies?

Tuesday, November 15th, 2011

When was the last time you read a privacy policy? I use dozens of online services—email, social networking, data storage, banking, photos, shopping, etc.—and I’ve only skimmed a couple. What does this mean for the companies that offer these services? Can they reasonably say that they have informed their users of the content of their policies, if most users simply click “Okay” without bothering to read the things?

Read the rest of this post »

Tags: cloud computing, compliance, data storage, email, mobile devices, mobile technology, mobile users, New York Times, online banking, online services, online shopping, plain language, privacy policy, privacy tools, social media, social networking
Posted in Internal Controls, IT, Privacy and Security | Make a Comment »

The hyperlink case – a licence to defame?

Monday, November 14th, 2011

In Crookes v. Newman, Mr. Crookes sued Mr. Newman for online defamation because of hyperlinks that Mr. Newman had placed in articles he published online. The hyperlinks, when clicked, took the readers to websites that contained statements that Mr. Crookes claimed were defamatory of him. Mr. Crookes lost at trial and on appeal and took his case all the way to the Supreme Court of Canada.

Read the rest of this post »

Tags: Crookes v. Newman, defamatory statements, hyperlink, is linking publishing?, liability for defamation, online defamation, what is publishing?
Posted in Internal Controls, IT, Privacy and Security | Make a Comment »

Another example of how Facebook comments can jeopardize an employee’s job

Friday, November 11th, 2011

A first-grade teacher in New Jersey could lose her job following a questionable Facebook post. While this story comes out of the US, the lessons can apply to workplaces located in Canada.

Read the rest of this post »

Tags: consistent monitoring and enforcement of policy, context, facebook, Facebook firing, inexusable, lose her job, off-duty posting on Facebook, online comments, questionable Facebook post, social media, social media policy, stuck by a student, teacher, terminated
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

First Reference author and collaborator Jeffrey Sherman named Fellow of the Institute of Chartered Accountants

Tuesday, October 25th, 2011

Jeffrey D. Sherman is the lead author of all four volumes of First Reference’s Internal Controls Library: Finance and Accounting PolicyPro (including Operations and Marketing PolicyPro), Information Technology PolicyPro and Not-for-Profit PolicyPro. While we knew our internal control publications were in good hands before, we don’t mind saying we’re especially proud to have Jeffrey’s name on them now.

Read the rest of this post »

Tags: FAPP, FCA, Fellowship of the Institute of Chartered Accountants of Ontario, Finance and Accounting PolicyPro, ICAO, Information Technology PolicyPro, Institute of Chartered Accountants of Ontario, ITPP, Jeffrey Sherman, not-for-profit policypro, NPPP, OMPP, Operations and Marketing PolicyPro
Posted in Announcements, Finance and Accounting, Internal Controls, IT, Privacy and Security, Not-for-Profit | 1 Comment »

Personal information online: new tools, old responsibilities

Monday, October 24th, 2011

Sometimes, technology creates new ways to exploit information faster than the law and business can keep up. The Office of the Privacy Commissioner of Canada is trying to make sure that doesn’t happen in the case of behavioural advertising. Last year, the Privacy Commissioner conducted consultations on the new ways that organizations are collecting and using customers’ personal information, and prepared its Report on the 2010 Office of the Privacy Commissioner of Canada’s Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing.

Read the rest of this post »

Tags: behavioural advertising, marketing, mobile technology, Office of the Information and Privacy Commissioner, oipc, privacy, Privacy Commissioner, profiling, targeting, technology, tracking
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

What HR professionals need to know about ‘kidnap and ransom’ insurance

Tuesday, October 18th, 2011

Organizations that send employees to destinations with a high risk of kidnapping should seriously contemplate kidnap and ransom (K&R) insurance. K&R insurance protects individuals and corporations, typically covering kidnapping, extortion, wrongful detention and hijacking. K&R policies may also indemnify personal accident losses caused by kidnapping, and will generally cover the fees and expenses of crisis management consultants.

Read the rest of this post »

Tags: crisis management, employment law, extortion, hijacking, hostage, insurance, kidnap & ransom insurance, kidnapping, post-captivity support, risk management, wrongful detention
Posted in Finance and Accounting, Health and Safety, Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

Proposed privacy changes in British Columbia

Friday, October 14th, 2011

The Freedom of Information and Protection of Privacy Amendment Act, 2011 (Bill 3) was introduced in the British Columbia legislature on October 4, 2011. The Bill aims to facilitate digitization, compiling, sharing and combining of personal data across government ministries (including the Ministry of Labour, Citizens’ Services and Open Government). Individuals would be able to access government services with a secure digital identification card and personal ID number.

Read the rest of this post »

Tags: bill 3, combine personal data across ministries, data linking, digital identification, FOIPP, Freedom of Information and Protection of Privacy Act, Ministry of Labour, open government, personal data, personal information, Privacy Commissioner, privacy concerns
Posted in Human Resources, Internal Controls, IT, Privacy and Security, Privacy and Security | Make a Comment »

Do you offer ‘paperless receipts’?

Monday, October 3rd, 2011

If you do, you should make sure you understand the privacy and personal information implications. CTV reports that some Canadian retailers are now offering their customers an “e-receipt”, which they can receive by email or access at dedicated websites. Sure, it’s a “green” option, and maybe more convenient for customers who want to track their purchases, but it requires the customer to provide an email address, which might allow retailers to “learn a lot about a customer’s preferences and buying habits”.

Read the rest of this post »

Tags: anti-spam law, e-receipt, electronic marketing, FAPP, Finance and Accounting PolicyPro, marketing, paperless receipt, personal information, Personal Information Protection and Electronic Documents Act, PIPEDA, privacy, privacy law, spam
Posted in Internal Controls, IT, Privacy and Security | 2 Comments »