LINK

Bill 31 is being called a response to PIPEDA and a way to ensure patients' personal information is protected. Take an early look at how some organizations are already working to comply

Ontario health organizations will soon have to review the way they handle customer information to ensure their procedures comply with the new bill presented to the Ontario government.

Bill 31 requires all companies and organizations that deal with personal health information to ensure they obtain consent from all patients to use their information in non-medical cases, such as marketing. It also requires companies to verify the software protects the security of all files.

If Bill 31 passes, it would require health information custodians (health-care practitioners, operators of hospitals, nursing homes, pharmacies or ambulance services) to notify patients if their personal information is stolen, lost or accessed by unauthorized persons.

The federal privacy law created problems with respect to health care because it implied that doctors had to receive written consent from their patients before using or sharing personal information. That was one of the reasons health-care organizations did not have to comply with PIPEDA when it first came into effect in 2001.

"PIPEDA was never designed with personal health legislation in mind for the province of Ontario," said John Beardwood, lawyer for Fasken-Martineau-Dumoul in law firm in Toronto.

The new provincial privacy law would not require health information custodians, who have custody or control of personal information as a result of their work, to have patients fill out a consent form every time the information they visit the doctor’s office. Instead, the personal information would be stored on secure database, only accessible by the custodians.

(0) comments

Corporate Leaders Say Rules Can't Replace Ethics or Ward Off Determined Management Crooks: "This year, there were more voices cautioning that regulation alone can't substitute for strong boards of directors and executives willing to stress personal integrity.

Boards need to be independent and make sure they're hiring people of integrity as chief executive officers, said Robert Diamond, chief executive of Barclays Capital, the investment banking arm of Britain's Barclays.

'The quality of the CEO goes to the heart of the board's responsibilities,' said Diamond.

'I do think rules are important, I do think law is important, and I absolutely endorse a strong regulatory framework. But within that, what we've found is that crooks can be crooks and that bad behavior can be bad behavior,'"

[...]

Denise Nappier, Connecticut's treasurer, said the new disclosure rules had "substantial gaps" and could be toughened for issues ranging from disclosure on companies' relationships with outside entities to unreadable language.

"When are we going to get plain language?" she asked. Company statements "read like they've been written by a corporate lawyer to a plaintiff's attorney."

Guy Ryder, general secretary of the International Confederation of Free Trade Unions, based in Belgium, argued that unless standards of behavior are written down in law, good companies leave themselves vulnerable to less scrupulous competitors willing to cut corners.

"That actually makes the business case for your values impossible to sustain," he said.

"If you believe in values, then shouldn't you legislate those values?"

CLB: Bingo. All game theoretic models, whether in business or not, have native dilemmas and paradoxes to be discovered. This includes systems of laws, even those as sophisticated (read overly complex) as our modern political/ economic structure.

Quite specifically, it is about how you play the game, with good intentions or without. Ask Mr. Black in Canada. Did he play the aptly called game with integrity? For those who have claimed toadmire him in the past, do you still?

(0) comments

CLB: If you scan a banknote using Adobe / HP technologies amongst many, and then procede to print the image, your computer will make a call to the rulesforuse.org website, and print only half the image followed by a URL: rulesforuse.org. I use these technologies. I did not know there were enforced prohibitions on use. Nor did I know that pattern recog software was sophisticated enough to evaluate the images I may decide to scan or print. Could this technology be used to prevent downloading graphic material as well? Could it be used to kid-proof an internet connection? Read on to learn more about banknote counterfeit prevention techniques:

What does r u l e s f o r u s e . o r g tell us:

English: You have been directed to this website because banknote images are subject to specific rules governing reproduction. Restrictions for use of banknote images vary by country.

For information specific to either the country you ar in, or the banknote image you want to use, click on the appropriate country from the list or region from the map.

This procedure is enabled by a system developed by a consortium of central banks to deter the use of personal computers, digital imaging equipment and software in the counterfeiting of banknotes. This group is soliciting the support of the digital imaging and computer industry and cooperation with equipment manufacturers and sortware developers to facilitate the adoption of the system.

And from Security Focus' Bugtraq, Richard M. Smith writes:

"Last week, the Associated Press reported that Adobe has incorporated anti-copying technology in their Photoshop CS software which prevents users from opening image files of U.S. and European currency. Here's the article:

Adobe admits to currency blocker

http://tinyurl.com/2xnno

(http://www.sanmateocountytimes.com/Stories/0,1413,87~11271~1882929,00.html)

I did some investigating on my own computer and discovered that HP has also been shipping currency anti-copying software in their printer drives since at least the summer of 2002. I have an HP 130 photo printer and found the string "http://www.rulesforuse.org" embedded in the driver.

According to a few newsgroup messages posted in 2002 and 2003, folks are seeing this URL printed out when they attempt to print images of certain types of bills. An HP printer with this anti-copying technology only prints out an inch of a currency image before aborting the print job.

Here is a list of HP printers which appear to have this anti-copy technology embedded in their Windows printer drivers:

• HP 130
  
• HP 230
  
• HP 7150
  
• HP 7345
  
• HP 7350
  
• HP 7550
  

I suspect the list of affected HP printers is much longer.

I located these printer drivers simply by searching all files in my Windows and Program Files directories for the string "rulesforuse". If other folks run this same experiment, please let me know of other programs which appear to contain currency anti-copy technology.

There are some unanswered questions raised by this quiet effort by U.S. and European governments to turn home computers into anti-counterfeiting "cops":

1. Besides graphic programs and printer drivers, what
   other kinds of software is this currency anti-copy
   technology being embedded in?
   
2. Are companies being required to include currency
   anti-copying technology in their products? If not,
   what incentives are being offered to companies to
   include the technology on a voluntary basis?
   
3. Will future versions of this technology, "phone home"
   to the rulesforuse.org Web site with details about
   a violation of the currency copying rules? It would
   be very easy to include an email address, name of the
   image file, software version number, etc. embedded in
   a URL to the rulesforuse.org when a violation has been
   detected."
   

Richard M. Smith

http://www.ComputerBytesMan.com

And, from a whois search, rulesforuse.org is owned by:

Registrant:

EUROPEAN CENTRAL BANK (RULESFORUSE3-DOM)

Eurotower Kaiserstrasse 29

FRANKFURT, FRANKFURT 160319

DE



Domain Name: RULESFORUSE.ORG

Administrative Contact, Technical Contact:

EUROPEAN CENTRAL BANK (EC2410-ORG) no.valid.email@worldnic.net

Eurotower Kaiserstrasse 29

FRANKFURT, FRANKFURT 160319

DE

4969 13447439



Record expires on 21-Oct-2006.

Record created on 22-Oct-1999.

Database last updated on 17-Jan-2004 13:13:54 EST.

"Mondo the awesome phillipino bass player” and several of your blogging friends do the same, he should start to appear in a google search. I’ll ask the kids to do the same thing on Live Journal. His website is http://www.m2020.com/ so a reference to that would increase traffic to his (rather cryptic) website

(0) comments

Wearing computers and cameras will give people more power to protect their privacy and individuality.

Steve Mann, right, with graduate student Chris Aimone, believes that wearing computers and cameras will give people more power to protect their privacy and individuality. Photo: Aaron Harris/CP. Associated Press

And in a world of ever-increasing surveillance cameras for security, and strong database-mining software for government intelligence and corporate marketing, Mann believes regular people ought to have cameras and powerful computers on them, too. It's all about leveling the power dynamic.

A cyborg could, say, take pictures of hostile police officers during a political demonstration and instantly post them on the Web -- to spur others to join in the protest, perhaps, or to simply provide alternative documentation of the scene. Prof. Mann calls such postings 'glogs' -- short for 'cyborg blogs' ('blogs,' of course, is itself shorthand for 'Web logs').

For example, he has created performance art by shooting video in stores that prohibit it, using handheld cameras more noticeable than the 'EyeTap' ocular computing system he normally wears. When employees tell him filming is not allowed, Mann points to the stores' own surveillance cameras behind darkened domes in the ceiling.

Then he tells the employees that 'his manager' makes him film public places for his security -- how does he know, he tells them, that the fire exits aren't chained shut? -- and that they'll have to talk to his manager.

But don't try telling Prof. Mann that the complaining employees are just doing their jobs, and that his real beef is with executives who make store policy. He believes everyone should fight The System, those powerful institutions lurking behind the one-way mirrors.

"Clerks should be confronted with their clerkiness," he says one afternoon in the DECONism Gallery, an electronic-art studio he runs near a Chinese district in Toronto.

(0) comments

Tshares plunge:

Adecco shares plunge 35% on results delay Company warns of accounting issues

By NAOMI KOPPEL

Associated Press, with files from Bloomberg News

Tuesday, January 13, 2004 - Page B11

Adecco SA, the world's largest employment agency, yesterday said it was delaying publication of its annual results for 2003 because of 'material weaknesses in internal controls' in its North American business and possible accounting and compliance issues elsewhere.

The news sent frightened investors rushing to sell, and shares in the company plummeted. Analysts lowered their recommendations amid fears of an accounting scandal like that which has devastated Italian food group Parmalat.

The company had been due to publish its audited annual results on Feb. 4 but said it now did not know when they would be released. Spokesman François Vassard declined to give any more information because of the investigation.

Adecco said it was looking into "material weaknesses in internal controls in the company's North American operations of Adecco Staffing" and "the resolution of possible accounting, control and compliance issues in the company's operations in certain countries."

Adecco said its audit and finance committee has appointed an independent counsel to resolve the issue.

"This opens the field for speculation, and I would say there are a lot of possibilities, from just a relatively minor accident up to something that goes to the substance of the company," said Roland Wildman, an analyst at Bank Leu in Zurich.

"The management has been under pressure to deliver better results and to fulfill the wishes of the market, especially in North America. The profitability of that business is far below the average of the group. If management is under such pressure, the risk is always higher for having compliance problems."

Adecco's announcement follows the collapse of the Italian food group Parmalat, in which more than a score of people are under investigation, including two officials with auditor Deloitte & Touche's Italian branch and the former head of the Italian branch of auditor Grant Thornton and his partner.

Last year Dutch food retailer Ahold NV admitted overstating earnings by more than $1-billion in 2000-2002, mostly due to inflated sales at its U.S. Foodservice subsidiary.

Analysts expressed concern that Adecco changed auditors in 2001, prompting fears that any previous accounting mistakes could have resurfaced since the change.

Its former auditor was Arthur Andersen, the company that audited the figures of collapsed U.S. energy company Enron Corp.

Though Adecco switched to Ernst & Young in 2001, the main auditor for both Arthur Andersen and subsequently Ernst & Young was Mike Sills.

(0) comments

Will big-name public companies to revert to private life?

By Scott Foster, Ottawa Business Journal Staff

Mon, Jan 12, 2004 12:00 AM EST

New corporate governance rules will drive down the number of companies that go public and even prompt big-name public companies to revert to private life, an Ottawa legal expert predicts.

The American Sarbanes-Oxley Act, or SOX, will put 'a big chill' on this year's initial public offerings, said Geoffrey Gilbert, a lawyer at Ogilvy Renault and formerly with Torys LLP in New York.

'The burdens of being a public company in 2004 are tremendous,' he said, citing the compliance requirements of the act as a huge deterrent for startups looking to go public. 'The compliance costs get larger and larger and these are costs that don't make the company any money.'

(0) comments

LINK TO FULL PDF OF ARTICLE

Make privacy a priority or face the consequences, warns Cavoukian

Corporate directors who fail to address privacy as a major issue are failing to live up to their responsibilities to both customers and shareholders, says Ontario Information and Privacy Commissioner Ann Cavoukian.

The reputation that corporations quickly acquire for how they deal with their customers' personal information can either drive business - or drive it away, said the Commissioner, who released a paper today aimed directly at corporate directors.

Privacy and Boards of Directors: What You Don't Know as a Director Can Hurt You cites a number of recent privacy breaches where organizations failed to protect personal information. These included:

a pharmaceutical company that inadvertently disclosed the e-mail addresses of 600 patients who took Prozac;

a data management company that failed to protect a computer hard-drive that contained the personal information of thousands of Canadians;

the misuse of personal health information as part of a promotional campaign for an anti-depressant.

These are just some of the incidents raising questions about the liability of directors in protecting the personal information collected, used and disclosed by their organizations, said the Commissioner.

A lack of attention to privacy, she said, can result in a number of adverse consequences. Among those she cites in the paper are:

violations of privacy laws;

harm to customers whose personal information is used or disclosed inappropriately;

damage to the organization's reputation and brand;

financial losses associated with deterioration in the quality and integrity of personal informatioinformation;

financial losses due to a loss of business or the failure or delay in the implementation of a new product or service due to privacy concerns; and

loss of market share or a drop in stock prices following negative publicity about a "privacy hit."

"Personal information must be protected - and more companies are starting to realize it is in their own best interest to do so," said the Commissioner. She stressed that companies that succeed in carving out a reputation for protecting personal information can gain a significant advantage over others. "Research has shown that consumers are becoming increasingly concerned, better informed and more demanding with regard to the protection of their personal privacy."

The paper explains what fair information practices are (internationally recognized privacy principles), outlines the business case for implementing sound privacy practices and suggests key steps that directors should take. The paper concludes with a series of questions that can be used to help determine if a company has fully addressed privacy compliance.

__posted by Carolyn L Burke @ 4:24 p.m.
subscribe to Integrity

(0) comments

The Internet Is a Very Sick Place

The year 2003 has been deemed the worst in computer-virus history by security experts, despite the fact that worm and virus writers displayed no significant technological progress in the code of their newest nasty little creations.

But why bother to develop new tricks when the old ones work so well? This year computer worms managed to shut down ATMs, slow airline and train travel by infecting reservation and signaling systems, clog emergency phone services, and crash networks controlling critical systems at hospitals and at least one nuclear power plant.

(0) comments

EPIC Year in Review 2003

======================================================================= E P I C - 2003 Year in Review ======================================================================= Volume 10.26 December 31, 2003 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. ====================================================================== 2 0 0 3 P R I V A C Y Y E A R I N R E V I E W ======================================================================

(0) comments

New McD Game Comes With Tight Security

McDonald's said it has developed three guiding principles to follow for its promotional games:

There is no longer a single party overseeing game security.

A new technique has been developed whereby independent auditors can authenticate McDonald's game pieces.

There will be a random rotation of supplier roles from each game promotion to the next.

McDonald's said Thursday that it will launch a new systemwide promotional game, "Winning Time," its first such effort since the fiasco with Simon Marketing relating to its "Monopoly" and "Who Wants To Be a Millionaire" games.

The game, which will be unveiled nationally March 25, will be managed by The Marketing Store, Oak Brook, Ill. In connection with the announcement, McDonald's also said that "it has completed a thorough review of its promotional game security procedures" and, in conjunction with a Games Advisory Board, "has developed new game security protocols to protect and ensure the integrity" of its promotional games.

"Winning Time" will offer a variety of prizes, including cash, personal services, sports cars and special times with celebrities. All prizes can be won by obtaining a winning game piece rather than obtaining a winning collection of game pieces. Game pieces are bilingual and will be attached to Big Mac sandwich, Quarter Pounder with Cheese sandwich, medium, large or Super Size French Fries, hash browns or 32 or 42 ounce drink packaging, per McDonald's. Marketing was not revealed but is expected to include multi-media national efforts, POP and Internet.

__posted by Carolyn L Burke @ 1:53 p.m.
subscribe to Integrity

(0) comments

Further deal making

If Mr. Fastow pleads guilty as expected, those other cases are sure to feature him as a primary government witness, including one against executives from Merrill Lynch & Company who were charged with aiding Enron in illegally puffing up its reported profits through a bogus sale of an electrical barge.

CLB: Perhaps it helps the greater good to plea bargain one person in order to build cases against others. The near deal here is to protect this fellow's children. Both he and his wife are up on charges. The deal could include leaving at least one of them out of jail at a time - to look after the children. How far should deal-making go?

(0) comments

Ponemon Institute

What Is Ethical Information Management?

Recent corporate scandals have created widespread cynicism among consumers about the ethics of business leaders. Post 9/11 terrorism threats have created additional privacy concerns among U.S. citizens about the possible misuse of their personal data in the application of surveillance.

These attitudes pose a major challenge because without the loyalty and trust of key stakeholders, a company's ability to stay in business is threatened. Moreover, recovery from the current economic downturn is jeopardized because consumer confidence in the strength of U.S. business is the cornerstone of a vibrant economy.

A Process to Create Trust

Ethical Information Management is a process for ensuring trust and confidence in how a company's leaders conduct business. Specifically, it has to do with the alignment of the privacy preferences of key stakeholders-such as consumers, employees, the general public-with business, data and technology management practices within the organization.

CLB: Astute.

(0) comments

Companies Alter Privacy Policies

As online marketing matures, many companies are finding privacy policies that once seemed acceptable as constricting as clothing that has been outgrown and, like a too-tight suit, must be altered.

'Often, a company will create a privacy policy that seems to have all the important parts, but then turns out to be untenable in some way,' said Larry Ponemon, head of the Arizona-based Ponemon Institute. His organization researches privacy issues and verifies companies' privacy and data protection practices.

(0) comments

Liability: Policy vs. Responsibility

Fri January 2, 2004 08:07 AM ET

LONDON, Jan 2 (Reuters) - The U.S. unit of Grant Thornton pledged on Friday to uncover the facts of the Parmalat fraud scandal but sought to distance itself from its Italian counterpart, which is under investigation in the case.

The head of the accounting group's Italian affiliate, Grant Thornton SpA, and a senior colleague were arrested on Wednesday following magistrates' accusations the unit was involved in 'the fraudulent preparation of false reports' from Parmalat.

'Within our power, we will ensure that what happened is uncovered and that the appropriate actions, no matter how severe, are taken,' Grant Thornton LLP, the global group's U.S. unit, said in a statement.

The firm added it did not share liability for the actions of Grant Thornton SpA which audited key Parmalat subsidiary Bonlat Financing Corporation. *

A spokeswoman for Grant Thornton International (GTI), the group's international umbrella organisation, said the facility existed to evict the Italian firm from the network but that so far none of its national practices had pressed for this.

Each of the network's national firms are independent, with GTI employing only a small staff of marketing people and some partners on secondment from member firms.

On Wednesday the Italian unit suspended its chairman Lorenzo Penca and partner Maurizio Bianchi following their arrest, on advice from GTI, the spokeswoman said.

The move came days after Italian media had reported the men were under investigation and a fortnight after the discovery of the multi-billion euro accounting scandal at Parmalat.

However, the spokeswoman denied suggestions from accounting professionals that GTI should have pressed sooner for the men's suspension to protect Grant Thorton's reputation.

Grant Thornton LLP said GTI "is pursuing all avenues to obtain information regarding Grant Thornton SpA's conduct. Representatives from Grant Thornton LLP will be part of that investigative team."

* CLB: if the Italian unit doesn't share liability with the USA unit or others, this being governed by the boundaries of each corporation and subsiduary, do they also not share policy and practices? This is the concern we need to look into. I'm curious about the coprorate structure of both organizations now.

(0) comments

Canadians have entrusted nearly $425-billion to the country's mutual fund managers.

The big question facing Canadian mutual fund companies is how the scandal rocking the U.S. industry will affect investors here, industry observers say.

Canadians have entrusted nearly $425-billion to the country's mutual fund managers. But the trading abuses uncovered in the United States once again raise questions about governance and who is watching over the managers.

[...]

The lack of independent governing bodies in Canada to oversee mutual fund managers makes it more difficult to monitor their operations, Mr. Erlichman said. He recommended in a report in 2000 that funds be required to have compliance plans and that managers answer to an independent group of advisers.

While Canadian regulators have yet to adopt such proposals, their counterparts in the United States last month introduced rules requiring investment advisers to implement compliance plans. U.S. mutual funds are already required to report to a board of directors.

...

(0) comments