The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Tuesday, January 17, 2006
Wired News is running an article by Kim Zetter on the sale of phone records. The article is notable because it discusses at least one of the tactics used by these "services" to get phone records:
Wired News: Devious Tactic Snags Phone Data
According to the suit, online cell-phone record vendors placed hundreds of thousands of calls to Verizon customer service requesting customer account information while posing as Verizon employees from the company's "special needs group," a nonexistent department. The caller would claim to be making the request on behalf of a voice-impaired customer who was unable to request the records himself. If the service representative asked to speak with the customer directly, the caller would impersonate a voice-impaired customer, using a mechanical device to distort his voice and make it impossible for the service representative to understand him -- a variant of a widely used social-engineering technique known as the "mumble attack."
Rob Douglas, a private investigator turned privacy activist, says federal authorities have known about the sale of private phone records since at least 1998 but have done little to address the problem. In the absence of federal action, phone companies have been resorting to civil lawsuits to prevent sellers from obtaining and selling records.
Labels: information breaches
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.