Privacy Commish on Staples and eHarmony: Why Keep Investigations & Audit Results Under Wraps?
|
Categories
Enterprise Resource Planning (ERP) Archives
|
June 24, 2011 12:00 PM
The Privacy Commissioner of Canada released her PIPEDA annual report yesterday [21 June, 2011] with a clear emphasis on the Internet (Google Buzz & Wifi, Facebook, eHarmony, etc.). The headline grabbing stories included an audit of Staples that found the company had frequently failed to wipe customer information from computers and other devices being resold in the stores and an investigation of eHarmony, the online dating site, that had led to changes to its customer data deletion practices.
While these are important privacy developments, the release of this information weeks or months after the investigation or audit was concluded points to a significant flaw in the current reporting approach. I recognize that that is how the system currently functions - the OPC reports to Parliament on audit findings and only occasionally publicly reports on PIPEDA investigations - yet there is something fundamentally flawed with a system that keeps consumers in the dark for months about privacy risks. This is particularly ironic given the OPC's emphasis on data breaches and the need for the private sector to disclose breaches as quickly as possible. The same should be true for audits and investigations to allow the public to react to newly identified privacy risks.
Originally posted on Michael Geist's Blog
| Blogger Profile: Michael Geist | |
| Dr. Michael Geist is a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law. Dr. Geist has written numerous academic articles and government reports on the Internet and law and was a member of Canada's National Task Force on Spam. He is an internationally syndicated columnist on technology law issues. He is an internationally syndicated columnist on technology law issues. |  |
