canadian_banner

    Canada, Australia Conduct Privacy Investigation Under APEC

    Sep 13, 2016

    Canadian and Australian privacy investigators issued a joint investigative report on August 23 citing the website AshleyMadison.com with numerous violations of the privacy laws of both countries. 

    The joint report cited the lack of a comprehensive privacy and security framework by the parent company of AshleyMadison.com, which “went so far as to place a phony trust mark icon on its home page to reassure users.” In addition, the investigation found inadequate authentication processes for employees accessing the company’s system remotely, inappropriate storage of encryption keys, and poor key and password management practices.

    The report offered recommendations for all organizations that collect, use, or disclose potentially sensitive personal information, including:

    • Understand that the harm caused by data breaches extends beyond financial impacts.
    • Ensure that safeguards are supported by a coherent and adequate governance framework.
    • Have documented security policies and procedures and conducting regular risk assessments.
    • Use multi-factor authentication for remote administrative access.
    • Avoid false or misleading statements about an organization’s privacy practices.

    According to the report, the collaboration by the Office of the Privacy Commissioner of Canada and Office of the Australian Information Commissioner was made possible by the Asia-Pacific Economic Cooperation (APEC) Cross-border Privacy Enforcement Arrangement (CPEA). The CPEA, established in 2009, seeks to facilitate information sharing among privacy enforcement authorities in APEC economies and to promote cross-border cooperation in the enforcement of privacy laws that meet the principles of the APEC Privacy Framework.

     

     This monthly advisory contains brief summaries of recent legislative and regulatory issues that may affect the management of records and information in Canada.

     Want to sign up to receive an e-mail version of the Canadian Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

     

     

    © 2017, ARMA International