Last year I commented on an excellent survey of IT Security practices that was conducted by Telus and the Rotman School of Management at the University of Toronto. The survey for 2009 is now online.
Some interesting findings from 2008:
- 4 percent of government organizations reported financial data loss due to information security breaches
- 1 in 11 government organizations have lost confidential data
- IT security investments directly impact (reduce) security incident reports
- breach costs average 23 percent higher in Canada vs US
If you are involved in information security in a Canadian public organization or private-sector company, please click here and fill out the survey. Your information will be help to provide a complete picture of information security practices in Canada.
I took a day off today so I happened to be driving through my own neighbourhood around 10:00am. As I turned the bend, I noticed a Chevy Cobalt with an odd derrick-like structure mounted on the roof:
Of course it was the Google Street View car!
The cameras on the car take pictures in all directions. Specialized software then ‘stitches’ the still images together to provide the Street View experience. Here is a picture of the camera cluster:
There has been lots of discussion across the country about Street View and its potential for privacy invasion. The Privacy Commissioner of Canada weighed in on this with their Fact Sheet titled Captured on Camera. The basic point is that we do have privacy rights:
In Canada, there is private-sector privacy legislation that applies to these street-level imaging applications if they are collecting images of identifiable people. And, while the Privacy Commissioners of Canada, British Columbia, Alberta and Quebec recognize the popularity of these applications, they have also expressed reservations because the technology captures images not just of places, but of people as well.
I believe the federal commissioner lobbied Google and was able to extract two key concessions: Google would notify residents of the Street View car visit and the company would allow citizens to have images scrubbed if they were deemed privacy invasive.
I’ll dig up the facts related to this on a subsequent update to this post, but for now I have to go tidy up my front yard!
Update: Google has a video describing how to remove sensitive or inappropriate images from the service.
Update: Thanks to Master Maq for a link to an Edmonton Journal article that, I suppose, meets the Privacy Commissioner’s requirement to notify us they are in town. Or does it?
Every so often I like to do a scan of the bloggers on my blog roll — to highlight what they are up to and to perhaps throw some traffic their way…
- Canadian Privacy Law Blog — Hey, if Oprah is on Twitter why not privacy lawyers? The latest post from David T.S. Fraser looks at how lawyers can use Twitter to follow people and subjects of interest, or to promote their practice or firm.
- Identity Blogger — This US-based blogger, Jeff Bohren, covers a wide range of topics, from general interest to technical. And he’s prolific, posting almost every day. I like the post on main stream media vs bloggers…
- Kim Cameron — Mr. Cameron and his team’s work on Geneva is pretty relevant to me right now on my current project, so I’m sure to check in on his musings every so often. His latest post, with the link to the Identity Software + Services Roadmap is a must read for Microsoft and non-Microsoft professionals alike. There is also a video if you prefer.)
- Discovering Identity — Mark Dixon from Sun, uh, I mean Oracle has an interesting post on the UK-based MyID.is service. Mark is also an active Twitter-er (Twitter-ite? Tweat-er?) and worth following if you do that Twitter thing.
- Self Issued — Mike Jones has some really good posts on Information Cards througout this blog. In particular, I like that he has examples of Info Cards and CardSpace in action — it is much easier to illustrate this emerging technology to my clients when I can show example.
Please visit these and my other Blogroll bloggers — there’s a lot of good information, authoritative opinion and the occasional rant to keep you entertained…
For the past several months, I’ve been working to identify a business partner to help service security, privacy and identity management projects in the Edmonton market. Today, I’m pleased to announce a new partnership with Seccuris Inc., a Canadian leader in Information Security services.
From our joint press release issued this week:
IT security specialists Code Technology and Seccuris have teamed together to tackle Information Security projects in Western Canada.
Seccuris is a provider of information security and information systems risk management solutions with a focus on government, financial, and healthcare sectors. Seccuris’ sole focus on information assurance is achieved through a deep commitment to education and research. This ensures that Seccuris has the capability and expertise required to deliver and reinforce protection to organizations. Seccuris is on the leading-edge of technical and governance knowledge in the information security industry.
“We are very pleased to partner with Mike and his team at Code Technology. While we have been providing services and solutions to all Western provinces for many years, Code Technology’s Alberta focus will allow us to increase our footprint and offer our full breadth of services and solutions to organizations across Alberta”, said Geoff Besko, President & CEO, Seccuris Inc.
Under the new agreement, Code Technology will assist with business development, promote Seccuris’ services and provide professional project managers, consultants and business analysts in Alberta. We will also help Seccuris with client projects that require identity management expertise.
I’m excited about this new relationship with Seccuris because they are a quality services company that offers true Information Security expertise and has an exceptional track record. For more information, please visit their website at www.seccuris.com.
Welcome. This is a new blog devoted to thoughts, ideas and commentary on Identity & Access Management. While IAM is the focus, I’m sure everything from privacy to encryption will find their way onto these pages.
All comments and dissenting opinions are welcomed…