The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Tuesday, March 01, 2005
Bruce Schneier has some interesting comments flowing from an interview with the CISO of ChoicePoint that appeared in SearchSecurity.com:
Schneier on Security: Choicepoint's CISO Speaks: "Choicepoint's CISO Speaks Richard Baich, Choicepoint's CISO, is interviewed on SearchSecurity.com:This is not an information security issue. My biggest concern is the impact this has on the industry from the standpoint that people are saying ChoicePoint was hacked. No we weren't. This type of fraud happens every day.
Nice spin job, but it just doesn't make sense. This isn't a computer hack in the traditional sense, but it's a social engineering hack of their system. Information security controls were compromised, and confidential information was leaked.It's created a media frenzy; this has been mislabeled a hack and a security breach. That's such a negative impression that suggests we failed to provide adequate protection. Fraud happens every day. Hacks don't.
So, Choicepoint believes that providing adequate protection doesn't include preventing this kind of attack. I'm sure he's exaggerating when he says that 'this type of fraud happens every day' and 'frauds happens every day,' but if it's true then Choicepoint has a huge information security problem."
The article and interview are worth reading on their own, as well.
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.