I pointed yesterday to a preview of MacLean's magazine's most recent cover story (see The Canadian Privacy Law Blog: That's a little cheeky: MacLean's Magazine buys Privacy Commissioner's cellphone records off the 'net). I saw the magazine on the new stand today and, luckily, the article is available on the MacLeans' website. A snippet:

Macleans.ca | Top Stories | Canada | You are exposed:

...Yet Maclean's was able to purchase the privacy commissioner's phone logs online from a U.S. data broker, no questions asked. For about US$200 per order, Locatecell.com delivered months of long-distance records from her Bell Canada home and cottage accounts. They were also able to access her Telus Mobility cellphone call logs for October -- a monthly bill she probably hadn't even received at the time. And all the Internet requests were turned around in a matter of hours. (In a test run, the company was also able to obtain the cell records of a senior Maclean's editor from Fido, a division of Rogers, the company that owns this magazine.) Reverse phone number lookup engines on federal government and phone company websites provided the identities of many of the people Stoddart called, or who called her. On Sept. 15, for example, there was a call from her Montreal home to a relative in Frelighsburgh, Que. On Oct. 15, she called the house of one of her communications advisers from her cellphone. And on Oct. 27, she twice called the desk of another. While many of the numbers on the bills were cellphones or unlisted, anyone looking to fill in the blanks would only have to call until they hit voicemail recordings.

Confidential phone records are just the latest breach in the levee of government laws and corporate policies intended to protect private and personal data. Abuses -- whether it is medical records being scattered about a Toronto street as "garbage" for a film shoot, or Edmonton police running the names of pesky reporters and lawyers -- are reported almost every week. And in the wired world, almost anything is available for a price. A British teen recently tracked down his sperm-donor father using his own DNA and two different for-hire databases.

Many of the same websites that offer call records advertise even more invasive services like "personality profiles," complete with sexual preferences, names of exes, and gossip from neighbours. Or email and instant messenger traces that will provide the name of the person who owns the account, and their location, sometimes down to the street they live on. While some of the sites demand a signed release from the person being sought for items like credit reports and driver's records, the "verification" process wouldn't be much of an impediment for anyone willing to commit some garden-variety forgery.

Stoddart, whose office website offers tips to foil those trying to access or steal personal information -- including the prompt removal of incoming mail from your mailbox and shredding those pre-approved credit card applications -- was not a particularly easy catch. Despite her years in the public eye, and the numerous interviews she has given to journalists, there was little on the record beyond her professional qualifications. No one Maclean's contacted had her cellphone number, knew her home address, or even basic family information like the name of her spouse. "I've always been fairly mistrustful of people," she says. "If people want my personal data, I want to know why." Nonetheless, a thorough Internet search with Google yielded enough bits and pieces of information to start the process rolling.

Labels: google, information breaches, privacy