Canada Law Book

"'And what, prithee, thinks our Royal Ethics Commissioner of our little plan?'"

(0) comments

ACCA Rulebook

[CLB: Well thought out code, and of use generally to auditors.]

(0) comments

The Royal Society: Final Report

Our report on nanotechnologies - ‘Nanoscience and nanotechnologies: opportunities and uncertainties’ - was published on 29 July 2004. The report illustrates the fact that nanotechnologies offer many benefits both now and in the future but that public debate is needed about their development. It also highlights the immediate need for research to address uncertainties about the health and environmental effects of nanoparticles – one small area of nanotechnologies. It also makes recommendations about regulation to control exposure to nanoparticles. We hope that you find the report of interest, and welcome your feedback on it (see Send us your comments).

(0) comments

The Daily, Statistics Canada

According to a new study, manufacturing companies that increase their use of advanced technology during the mid-1990s also experienced greater growth in labour productivity during the same period.

The study also found a significant link between productivity growth and growth in market share. In other words, advanced technology use led to growth in labour productivity, which in turn led to growth in market share.

[...]

Investment in advanced technology key for productivity growth: Adoption of advanced technology can result in gains in labour productivity for a number of reasons. Use of these technologies can result in improvements in production efficiencies, as firms are able to produce more with less. Or they may allow firms to produce higher quality products. Furthermore, they may even result in an increase in the capital intensity of the firm.[...]

[...]

Use of ICTs during production ordering process leads to productivity gains: This study also sheds light on how ICTs contribute to success. The study found that the highest growth was in the adoption of network communications technologies (local area networks, company-wide networks and inter-company networks).[...]

Growth in labour productivity key factor behind market-share growth
Over the period studied, plants exchanged substantial amounts of market share as some plants grew and others declined. About 15% of market share in an average four-digit industry was transferred from continuing plants that lost market share to plants that gained market share. At the beginning of the period, plants that subsequently increased their market share were 16% less productive than those about to lose market share; by the end of the period, they had become 17% more productive.[...]

Research and development important for market-share growth
Complementary investments in firm competencies were also shown to be important. Firms did particularly well if they stressed a strategy that focussed on the use of advanced technologies.[...]

The economic analysis study The Effect of Changing Technology Use on Plant Performance in the Canadian Manufacturing Sector (11F0027MIE2004020, free) is now available online. From the Our Products and Services page, under Browse our Internet publications, choose Free, then National Accounts.

More studies on technology and innovation can be found on the Update on Economic Analysis page (11-623-XIE, free) of our website.

__posted by Carolyn L Burke @ 9:27 a.m.
subscribe to Integrity

(1) comments

Identity management: Finding the balance between rights and responsibilities: "People's tolerance for online privacy breaches and data leakages is reaching a tipping point, according to Burton Group senior analyst Mike Neuenschwander. 'They're going to find in the next couple of years, especially in Canada and Europe, that the world is mad as hell and we're not going to take it anymore.'"

(0) comments

Privacy Commissioner of Canada - PIPED Act Case Summary #270
Bank agrees to modify automated message
[Section 2; Principle 4.3, paragraph 7(3)(b)]
Complaint
An individual alleged that her bank improperly disclosed her personal information when it left an automated message on her answering machine stating that she was behind on making a payment on her credit card. She stated that she had not given her consent for the bank to leave a message that anyone in her family or a visitor could hear, and objected to this disclosure of her financial status in an unsecured and non-private forum.

[...]

Findings

Application: Section 2 defines personal information as "information about an identifiable individual"; and Principle 4.3 states that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. An exception to this requirement is provided under paragraph 7(3)(b), which states that an organization may disclose personal information without the knowledge and consent of the individual only if the disclosure is for the purpose of collecting a debt owed by the individual to the organization.

The Assistant Privacy Commissioner rejected the bank's contention that the information at issue was not personal information, as defined under section 2. She noted that although the message did not name the complainant, it was sent to her telephone number, which she had provided to the bank. The Assistant Commissioner noted that an individual does not have to be named for something to constitute his or her personal information; rather, as the Act says, he or she has to be simply "identifiable." In the same way that removing the name of a person from a description of an event does not render the person unidentifiable if other people know the circumstances of the event, the fact that the complainant was the only credit card holder (of this bank) in the household made her identifiable as the individual for whom the message was intended. Thus, the Assistant Commissioner concluded that the information at issue was the complainant's personal information.

In considering the exception to consent cited by the bank, the Assistant Commissioner deliberated as follows:

The bank used the complainant's personal information to collect a debt, but it did not intend to disclose this information to her husband.

The disclosure, therefore, was inadvertent, and not done for the purpose contemplated in paragraph 7(3)(b). Consequently, the Assistant Commissioner determined that the exception provided under paragraph 7(3)(b) did not apply.

The Assistant Commissioner noted that the statement contained in the message to the effect that the cardholder is slightly behind in making a payment does reveal sensitive financial information.

While the Assistant Commissioner found it reasonable to alert customers to a problem, she was of the view that this could be done in a more privacy-conscious manner.

The bank acknowledged this, and agreed to review the wording of its message with a view to mitigating the privacy implications, while still alerting customers to a potential issue with their accounts.

The Assistant Commissioner was pleased with the bank's undertaking, and its active pursuit of options. The complainant indicated that she was also satisfied with this result.

__posted by Carolyn L Burke @ 10:03 p.m.
subscribe to Integrity

(0) comments

Security Pipeline | Trends | Necessary Evil: Microsoft's WinXP Service Pack 2: "Windows XP Service Pack 2 represents the first real evidence that security threats will not only profoundly change the way IT departments operate, but the way 95 percent or so of the world's computer users work with that most fundamental of applications: the Web browser. And the biggest consequences fall on the shoulders of businesses and organizations, whose Web sites, intranets, and Web-based enterprise apps have relied on the freedom and functionality extended by the more lax security of previous versions of Internet Explorer."

(0) comments

DMNews.com | News | Article: "The increasing focus on privacy laws and regulations has rekindled enthusiasm for concentrating on existing customers"

(0) comments

ITBusiness.ca: "Memo to Privacy Commissioner Jennifer Stoddart: Why not make these kinds of programs more palatable by encouraging government agencies to publish accessible privacy policies that explain how data will be used? At least then there would be a modicum of accountability and some openness around what can be an unsettling use of IT. "

(0) comments

National Post

Determined computer hackers broke through federal firewalls several times last year, gaining access to Defence Department networks.

A newly obtained report on security breaches at the department in 2003 also reveals dozens of internal lapses. Computer security has become a high-profile concern in federal circles in light of cyber-terrorism, operations mounted by foreign intelligence services and, more often, the sloppy practices of employees.

The Defence Department's Computer Incident Response Team tracked a total of 160 events - from digital break-ins to dodgy e-mail procedures - last year.

Located in Ottawa at the Canadian Forces network operations centre, the team defends department computers by monitoring intrusion detection systems, zeroing in on threats and issuing alerts.

A declassified version of the team's report was released to The Canadian Press under the Access to Information Act.

[...]

(0) comments

Ziff Davis Media

Corporate management needs to respond to economic and market fluctuations while complying with ever more stringent financial reporting rules. Technology is the strategic resource that allows organizations to achieve their corporate goals while meeting their fiduciary obligations.

Involvement of Various Levels of IT Corporate Management at Large Companies (500+ Employees)

Title	Vision	Plan	Evaluate	Authorize
Corporate Management (Net)	74	72	62	61%
Senior Corporate Management	57%	45%	38%	49%
Middle Corporate Management	53%	46%	43%	28%
Corporate/Line of Business Staff	26%	18%	20%	8%

Types of Information Rated Most Critical by Job Title at Small to Mid-Sized Companies
(< 500 Employees)

Information Type	Total	Senior IT	Middle IT	Senior Business	Middle Business
Deployment Analysis	94%	90%	93%	94%	100%
Product/Vendor Profile	83%	86%	89%	78%	78%
News/Trends	78%	70%	74%	81%	94%
Vendor Stability	63%	61%	70%	62%	56%
IT Testing and Evaluation	62%	64%	64%	59%	75%
Best Business Practices	60%	46%	67%	60%	63%
Peer Opinion	52%	46%	60%	57%	35%
Financial Metrics	27%	24%	32%	25%	31%

(0) comments

Ziff Davis Media Inc.

The Technology Confidence Index (TCI) - a quarterly consumer and business technology survey indicates that business and consumer technology spending is rising. Half of the respondents, technology buyers, expect to spend more on technology in 2004 than in 2003.

Household IT Spending

The majority of those polled expect their household to spend more on computing and consumer electronics products in 2004 than in 2003:

Corporate IT Spending

IT professionals are even more confident about workplace spending:

Furthermore, IT professionals are overwhelmingly positive that now is a good time for companies to make big investments in new information technologies:

• 83% say that now is a good time to make major technology investments
  
• 17% say that now is not a good time
  

Large portions of IT professionals expect their workplace to purchase more of the following equipment next year as compared to 2003:

About the Technology Confidence Index

The Technology Confidence Index was fielded September 11 to October 8, 2003. The results are based on 4,777 panelists projectable to PC Magazine subscribers. The margin of error for this survey is +/- 1 percentage point at the 95% confidence level.

(0) comments

What is the Liberty Alliance?

The Liberty Alliance Project was formed in September 2001 to establish an open standard for federated network identity. The Alliance has stated this will be accomplished by developing technical specifications that support a broad range of identity-based products and network devices. It is a consortium of more than 150 technology and consumer organizations working together towards this common goal.

Why Do We Need Liberty?

Federated identity is a technology and business issue affecting practically every industry. Both businesses and consumers want the convenience and cost-savings of conducting transactions online and through mobile networks. However, businesses responsible for implementing and supporting these services are now experiencing barriers impeding growth in this area.

For example, [currently,] businesses have heterogeneous and often non-interoperable systems among each other and even within their own organizations. This translates into users being required to register separate accounts and maintain their personal information across isolated sites and systems. Connecting these systems is expensive, painful, slow, and in some cases, impossible. This results in lost revenue for businesses, decreased security and frustration for users. Federated identity can solve these challenges.

The Liberty Alliance's vision is to enable a networked world in which individuals and businesses can more easily conduct transactions while protecting the privacy and security of identity information. Liberty's open federated identity standard and business guidance will create the flexible, secure and open infrastructure that is required to support and manage these online services and transactions.

(0) comments

theglobeandmail.com

Canadian executives lead the world in their concern over network security, a new study says.

According to a global survey and report on networking and business strategy from AT&T in co-operation with the Economist Intelligence Unit, 87 per cent of Canadian executives identified security as the top concern for corporate networks, compared to 78 per cent of executives worldwide.

Moreover, the study said that executives believe that 83 per cent of security breaches come from within the company, and are the result of sabotage, espionage or accidental error.

Not surprisingly, Canadian businesses also led the world in creating positions for chief security officers (CSO): Canada stood at 16 per cent, while the rest of the world stood at 10 per cent.

Overall, security sat at the top of the list of concerns. It was in second place in 2003, just behind network reliability and availability as the most critical network attribute, which moved down a position.

[...]

(0) comments

Dan Bricklin's Web Site

Today's world and Societal Infrastructure Software

The world is different now than it was even just a decade or two ago. In more and more cases, there are no paper records. People expect all information to be available at all times and for new uses, just as they expect to drive the latest vehicle over an old bridge, or fill a new high-tech water bottle from an old well's pump. Applications need to have access to all of the records, not just summaries or the most recent. Computers are involved in, or even control, all aspects of the running society, business, and much of our lives. What were once only bricks, pipes, and wires, now include silicon chips, disk drives, and software. The recent acquisition and operating cost and other advantages of computer-controlled systems over the manual, mechanical, or electrical designs of the past century and millennia have caused this switch.

I will call this software that forms a basis on which society and individuals build and run their lives 'Societal Infrastructure Software'. This is the software that keeps our societal records, controls and monitors our physical infrastructure (from traffic lights to generating plants), and directly provides necessary non-physical aspects of society such as connectivity.

We need to start thinking about software in a way more like how we think about building bridges, dams, and sewers. What we build must last for generations without total rebuilding. This requires new thinking and new ways of organizing development. This is especially important for governments of all sizes as well as for established, ongoing businesses and institutions.

There is so much to be built and maintained. The number of applications for software is endless and continue to grow with every advance in hardware for sensors, actuators, communications, storage, and speed. Outages and switchovers are very disruptive. Having every part of society need to be upgraded on a yearly or even tri-yearly basis is not feasible. Imagine if every traffic light and city hall record of deeds and permits needed to be upgraded or "patched" like today's browsers or email programs. Needing every application to have a self-sustaining company with long-term management is not practical. How many of the software companies of 20 years ago are still around and maintaining their original products?

[...]

The needs of Societal Infrastructure Software

Let us look at the needs for societal infrastructure software. They include the following:

• Meet the functional requirements of the task.
  
• Robustness and long-term stability and security.
  
• Transparency to determine when changes are needed and that undesired functions are not being performed.
  
• Verifiable trustworthiness of all three of the above.
  
• Ease and low cost of training for effective use.
  
• Ease and low cost of maintenance.
  
• Minimization of maintenance.
  
• Ease and low cost of modification.
  
• Ease of replacement.
  
• Compatibility and ease of integration with other applications.
  
• Long-term availability of individuals able to train, maintain, modify, determine need for changes, etc.
  

The structure and culture of a typical prepackaged software company is not attuned to the needs of societal infrastructure software. The "ongoing business entity" and "new version" mentality downplay the value of the needs of societal infrastructure software and are sometimes at odds.

By contrast, custom software development can be tuned better to the needs of societal infrastructure software. The mentality is more around the one-time project leaving an ongoing result, and the cost structures are sometimes such that low maintenance is encouraged. The drivers of custom software are often the eventual users themselves, paying upfront for development.

Some of the problems with custom development with regards to societal infrastructure software are the inability to spread the development and maintenance costs among a large number of customers and the narrow focus on the current requirements of the particular customer and their current stage of need (which often may change in ways visible to other customers but not yet to them).

[...]

(0) comments

Salon.comm

Why should humans have to do all the work? It's high time machines learned how to take care of themselves.

[Subscription or adware viewing required.]

[CLB: What are the ramifications through of 'giving away' control of software architecture and development? What are the ramifications of dividing responsibilities into what 'humans are good at,' and 'what computers are good at,' given that the latter is a moving target? Will there be a full overlap? If so, would that overlap include ethical considerations?

(0) comments

E-Commerce News

Checklist for Insurability

[...]

Lawyer John Pendleton highlighted three essential steps business leaders need to take to be prepared to handle loss.

First, they must establish a communications system. Before any problem occurs, a CIO needs to have a communication system in place so when it looks like a failure has occurred or if a company is getting major complaints from a client, he or she can easily notify the company's risk manager -- CFO, in-house counsel or someone used to handling claims.

'If a company goes into fix mode right away, it may have already compromised the coverage,' he said.

Second, companies should notify their insurance broker. It is critical to get the broker involved so that together they can notify the insurer of the potential problem. Whether it is technically a claim or not, CIOs should loop brokers in sooner rather than later to prevent actions that would nullify the coverage.

'The insurer can say the company made a voluntary payment and won't pay what was spent to fix the problem. The broker can make sure coverage is utilized properly and act as an intermediary,' explained Pendleton.

Third, company officials must contact the coverage counsel. It is never too early to contact coverage counsel to make sure the company is positioned properly. But Pendleton advises CIO's not to let the insurer know that coverage counsel has been contacted too soon in the process.

'That raises a red flag to the insurer, who may try to find reasons not to provide coverage. However, counsel can at least give advice in the very early stages of a potential failure.'

(0) comments

Ethical Corporation
The Center for Corporate Citizenship at Boston College and the US Chamber of Commerce Center for Corporate Citizenship, with support from the Hitachi Foundation, surveyed 515 business leaders from companies of various sizes and from a broad range of industries to examine the executives’ perceptions of the state of corporate citizenship in the US.

The State of Corporate Citizenship in the US: A View from Inside” concludes that regardless of company size, business executives see corporate citizenship as a fundamental part of business and central to good business practice.

Eighty-two per cent of respondents say good corporate citizenship helped the bottom line and 59% feel these practices improve company image and reputation.

Fifty-three per cent report corporate citizenship is important to their customers.

More than half of the executives surveyed say corporate citizenship is part of their business strategy. The vast majority say corporate citizenship should be completely voluntary and not dictated by law.

The survey’s results indicate that business leaders consider their obligation as citizens to be broader than the classic definition of good business practice – returning profit to shareholders, paying taxes and obeying the law. Most US companies say good corporate citizenship also includes meeting ethical, environmental and social objectives.

[...]

(0) comments

Wiretap Ruling Could Signal End of E-Mail Privacy

While it is likely that some privacy advocates will bemoan this ruling, it is more of a codification of what most tech-savvy people already know - sending e-mails is like sending postcards. They pass through too many hands, and are too easily visible, to be regarded as a private communication.

Most of us benefit from 'privacy through obscurity' because no one is looking for our particular e-mails, and because most people who CAN look at e-mails are either too busy, too ethical, or both to do so.

What does this mean?

Get over it. E-mail was designed in a different time. It is NOT secure.

Pay attention to what you are saying. Say NOTHING in an e-mail that you won't mind having repeated in open court.

Investigate secure collaboration technologies. Both of Ray Ozzie's creations (Lotus Notes and Groove) provide ways to establish secure collaboration networks. There are others.

If you design your business processes and communications appropriately, then you will have little to fear from court decisions such as this, given how far behind technology the courts usually lag.

(1) comments