Volume IV, Issue 5: March 9, 2006
Alberta Privacy Commissioner Issues Report on Outsourcing
RIM Concludes Patent Battle With $612.5M Payment to NTP
Toronto Hydro Plans Wireless Internet Access for Downtown
FTC Settles with Cardsystems over Data Breach
Vonage Canada Complains About "VoIP Tax"
IBM's New Consumer Identity Protection Program
Missouri Attorney General Targets Another Cell Phone Records Provider
Yahoo! Restricts Bids on Competitors' Trade-marked Keywords
Alberta Privacy Commissioner Issues Report on Outsourcing
The Information and Privacy Commissioner of Alberta has released a report on information security, and privacy concerns arising from public sector outsourcing.
In 2004, privacy concerns inherent in outsourcing became a major issue when the government of British Columbia planned to outsource the public health insurance program to a U.S.-linked contractor. This plan was challenged by the British Columbia Government and Service Employee’s Union on the ground that if Canadians’ personal information was sent to the U.S., or made accessible by U.S. entities, this information might also be accessible by U.S. authorities under the USA PATRIOT Act. The BC Information and Privacy Commissioner issued a lengthy report on these issues in October 2004.
The objective of the Alberta report was not to duplicate what had been done in BC, but rather to outline the privacy issues and risks involved in outsourcing government programs to private contractors. Some of the risks and issues identified include:
- Outsourcing contracts do not always contain appropriate controls relating to privacy and information security.
- When personal information is housed outside of Canada, it may become susceptible to the laws of that jurisdiction (e.g,. the USA PATRIOT Act).
- Data-laden hardware (e.g, hard drives, computer tapes, microfiches, etc.), which is used in many outsourcing arrangements, can be lost in transit.
- Outsourcing increases the risk of communications being intercepted and databases being accessed by unintended users (ranging from foreign law enforcement agents to criminal hackers).
After a detailed examination of the outsourcing landscape in Alberta, the Commissioner made various recommendations, including:
- Amending applicable privacy legislation to define responsibility for outsourcing personal information and to make it clear that personal information can only be disclosed pursuant to an order of a Canadian court with appropriate jurisdiction.
- Taking a careful and systematic approach to outsourcing, including using a checklist or template of matters to consider (e.g., a privacy impact assessment).
- Using a model outsourcing contract and a checklist of contractual provisions to consider in outsourcing contracts. Such provisions might include: prohibiting the contractor from assigning or subcontracting the outsourcing contract without consent; requiring the contractor to give notice upon any demand for access to, or disclosure of, personal information received by the outsourcer; and, giving the public body the right to audit the contractor for compliance with the contract and for compliance with any legislation stipulated to be applicable to the contract.
- Operating from the first principle that personal information should only be outsourced within Alberta first, Canada second, and anywhere else third, depending on the specific circumstances.
- Requiring a privacy impact assessment for all outsourcing arrangements involving significant amounts of personal information.
- Requiring public bodies to keep a master inventory of all their outsourcing agreements, and to have someone specifically responsible for each such agreement.
The Alberta Report ends with a generally reassuring conclusion:
“Through generally cautious management and policy foresight, information resources entrusted to Alberta public bodies are for the most part secure within Alberta or Canada and not exposed to unintended users in foreign jurisdictions.”
However, the Alberta Commissioner does point out that outsourcing to U.S.-based companies continues to be an uncertain prospect, and recommends legislative and contractual improvements, as well as, “more rigorous attention” to the management of outsource arrangements by public bodies who choose them.
For additional information, visit:
http://www.gov.ab.ca/acn/200602/19490.pd
Back to Headlines
RIM Concludes Patent Battle With $612.5M Payment to NTP
Research In Motion Limited’s (RIM) long running battle with patent holding company, NTP, concluded last Friday with the announcement that RIM has agreed to pay NTP US$612.5M to settle the patent infringement dispute and to receive a license for itself and its customers for the future.
NTP’s patents remain rejected by the United States Patent and Trademark Office pursuant to re-examination proceedings. However, RIM has confirmed that NTP will keep the entire amount, even if the patents are finally ruled invalid. With the settlement, RIM avoids having to introduce any workaround, and maintains continuity in its service to its largest market.
The future for RIM is clearer than that for NTP. RIM faces challenges in the marketplace from competitors and the long-delayed arrival of higher-speed wireless networks. But NTP’s only play is in the courts. Who may it pursue next?
For additional information, visit:
http://news.com.com/2100-1047_3-6046573.html
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/14011881.htm
Back to Headlines
Toronto Hydro Plans Wireless Internet Access for Downtown
On March 7th, Toronto Hydro unveiled plans for an ambitious municipal Wi-Fi service that will blanket the downtown core of the City of Toronto. The rollout schedule provides for service in the financial district by June, with expansion to the whole of downtown Toronto by next year.
The service will be free for the first six months, and then subject to an access fee that is still to be determined. Early estimates of the cost to implement the project, which will involve installing transmitters and receivers on streetlight poles, range from $10 million to $100 million. The network will also be used to support Toronto Hydro’s smart meter plan which will allow for time of day billing.
For additional information, visit:
http://tinyurl.com/qv2mn
Back to Headlines
FTC Settles with Cardsystems over Data Breach
Cardsystems Solutions Inc. has settled charges arising from a data breach that left 40 million customer accounts vulnerable to hackers. Last summer, tens of millions of MasterCard and Visa accounts were exposed to possible fraud after a hacker broke into Atlanta-based Cardsystems’ computer system. Cardsystems was charged with breaking the law by failing to ensure that adequate safeguards for sensitive customer information were in place. According to the chairman of the Federal Trade Commission, “CardSystems kept information it had no reason to keep and then stored it in a way that put consumers’ financial information at risk.” FTC officials have said that the data breach will lead to tighter security measures to protect credit and debit card users.
Cardsystems’ assets have since been bought by San Francisco-based Pay By Touch. The settlement requires that Pay By Touch implement a comprehensive security program and obtain independent audits every other year for 20 years.
For additional information, visit:
http://www.bizreport.com/news/9688/
Back to Headlines
Vonage Canada Complains About "VoIP Tax"
Vonage Canada, the Internet phone service company, has requested that the Canadian Radio-Television & Telecommunications Commission (CRTC) investigate Shaw Communications’ practices related to Voice over Internet Protocol (VoIP) services. Shaw recommends to its high-speed Internet customers that they pay an additional $10 charge for an “enhancement service” if they use VoIP phone service providers such as Vonage. Vonage claims that this additional charge amounts to a “tax” on VoIP, and is an unfair attempt to drive up the price of competing VoIP services to protect Shaw’s own high priced service. Vonage Canada argues that the monopoly telephone and cable Internet service providers should not be able to restrict what services, applications or content Canadians can access. They liken such restrictions to a power company dictating the brand of appliance you plug into your wall. The questions they have asked the CRTC to investigate are:
- What does Shaw’s enhancement service consist of?
- What evidence is there to show that the enhancement service actually improves a customer’s use of a non-Shaw phone service?
- How does Shaw justify a recurring charge, when the service appears to consist of a one-time configuration of the Shaw-approved cable modem?
- What is the take-up rate of the enhancement service, and what is the likely effect on competition and local VoIP services?
For additional information, visit:
http://www.newswire.ca/en/releases/archive/March2006/07/c4352.html?view=point
Back to Headlines
IBM's New Consumer Identity Protection Program
In the age of rampant identity theft, questions have been mounting about the integrity of one’s personal information on the Internet. Recently, major software providers have turned their attention to the topic of identity management. For example, Microsoft has released an identity management technology called InfoCards, which will be a “Windows only” system and will be featured in new operating system releases.
IBM, however, has taken a different approach towards this type of technology. It has partnered with Novell, Parity Communications and Harvard Law School’s Berkman Center for Internet and Society to produce “Project Higgins”. The underlying principle of the project is that people do not have a single online identity, but rather, multiple identities, which they should control.
Rather than being server-based, Project Higgins is “user-centric” and will allow users to retain control over their personal information. The theory is that users can delegate with specificity what personal information is shared, and with whom. The expectation is that it will make users more comfortable with sharing personal information on the Internet in appropriate contexts.
A further distinction between Project Higgins and Microsoft’s new system is that Project Higgins will be open-source rather than native to a particular operating system. This will facilitate easy integration with third party identity management systems and will simply make the software more accessible.
Why the name Project Higgins? According to IBM’s press release, the project is named after the Tasmanian long-tailed Higgins mouse. Apparently, this was selected to “reflect today’s ‘long tail’ of micro-markets that complement traditional industries”.
For additional information, visit:
http://www.itjungle.com/two/two030106-story01.html
For information on Berkman Centre for Internet & Society at Harvard Law School, visit:
http://cyber.law.harvard.edu/home/home
For information on IBM’s Project Higgins press release, visit:
http://www-03.ibm.com/press/us/en/pressrelease/19280.wss
Back to Headlines
Missouri Attorney General Targets Another Cell Phone Records Provider
Missouri Attorney General, Jay Nixon, has asked for a court order to stop the website datatraceusa.com, operated by Data Trace USA Inc., from operating in the State of Missouri. The basis for the order is that Data Trace is violating Missouri consumer protection laws by misrepresenting that it is legal for them to obtain, possess and sell information gained from cellular phone records. As of the time of writing, the website was no longer operational.
The State of Missouri has obtained preliminary injunctions against similar websites Locatecell.com and Completeskiptrace.com within the last month, making it the first state to successfully do so.
For additional information, visit:
http://www.kansascity.com/mld/kansascity/news/local/14032902.htm
For the Official press release, visit:
http://www.ago.mo.gov/newsreleases/2006/030606.htm
Back to Headlines
Yahoo! Restricts Bids on Competitors' Trade-marked Keywords
A recent report indicates that Yahoo! Search Marketing, the branch of Yahoo! Inc. that helps companies draw consumer traffic to their websites through services like sponsored searches and local advertising, has altered its trade-mark keyword policy. Previously, U.S. advertisers could bid on competitors’ trade-marked keywords if the advertiser’s website contained a detailed comparison of the trade-marked item to that of the competitor. This allowed companies to place advertisements on web pages that would be viewed by consumers who performed online searches using a competitor’s trade-marked keyword. However, as of March 1, 2006, U.S. advertisers are no longer permitted to bid on competitors’ trade-marked keywords. The report explains that, under the new policy, only non-competitive resellers that sell or facilitate the sale of the trade-marked item, and non-competitive information sites that give substantial information about the trade-mark owner or its products or services, will be allowed to bid on trade-marked keywords.
Some have suggested that the new policy is designed to encourage more brand owners to link offline campaigns to Yahoo! searches by reducing the risk that consumer traffic will be “hijacked” by competitors. The new policy may also be a response to several lawsuits filed against Yahoo! by trade-mark owners, all of which have been settled out of court.
For additional information, visit:
http://www.clickz.com/news/print.php/3587316
http://blog.searchenginewatch.com/blog/060130-160823
Back to Headlines
Laws of .Com is sponsored by:
Focused in Practice - Diversified in Talent™
www.ITLawyers.ca
&
&
Canadian Advance Technology Alliance
25 Years of Innovation as Canada's Leading Advance Technology Industry Association
www.cata.ca
If you would like to become a sponsor of Laws of .Com, please contact Javad Heydary.
Laws of .com is published by Laws of .Com Inc.
© 2005 Laws of .Com Inc.