• Moving from Access Control to Use Control

    Bringing Privacy Regulation into an AI World, Part 5 I would like to outline a new concept of use control: a way of designing AI systems so that personal data can be used only for specified purposes.


  • Is AI Compatible with Privacy Principles?

    Bringing Privacy Regulation into an AI World, Part 2 Many experts on privacy and artificial intelligence (AI) have questioned whether AI technologies such as machine learning, predictive analytics, and deep learning are compatible with basic privacy principles.


  • A 3D Test for Evaluating COVID Alert: Canada’s Official Coronavirus App

    Great news – Canada has just released its free COVID-19 exposure notification app [1], COVID Alert. Several questions now arise: Is it private and secure? Will it be widely adopted? And how effective will it be at slowing the spread of the virus? We have evaluated the COVID alert app against three dimensions: Concept, Implementation, […]


  • Outbreak Notification App Design

    From Contact Tracing to Outbreak Notification Call for Participation This post is a call for participation for design thinkers – please email or tweet @drwhassan. As countries assess how best to respond to the COVID-19 pandemic, many have introduced smartphone apps to help identify which users have been infected. These apps vary from country to […]


  • Do ‘Contact Tracing Apps’​ need a Privacy Test?

    We are asking readers to contribute to this post – please comment in line or send directly to me wael@kidesign.io. The Coronavirus continues to cause serious damage to humanity: loss of life, employment, and economic opportunity. In an effort to restart economic activity, governments at every level, local, regional, and national, have been working on […]


  • Blackbaud breach – Executive Options in light of Reports to OPC & ICO

    Three Executive Actions to help mitigate further risk If your company leverages Blackbaud CRM – this article will provide you of three actions that will help mitigate risk. Blackbaud a reputable company that offers a customer relationship management system has been hit and paid off ransomware. According to G2, Blackbaud CRM is a cloud fundraising and […]


  • Police use of AI-based facial recognition – Privacy threats and opportunities !!

    This article describes the issue of Police use of AI-based facial recognition technology, discusses why it poses a problem, describes the methodology of assessment, and proposes a solution  The CBC reported on March 3[1]  that the federal privacy watchdog in Canada and three of its provincial counterparts will jointly investigate police use of facial-recognition technology […]


  • Best-Practice Data Transfers for Canadian Companies – III – Vendor Contracts

    PREPARING FOR DATA TRANSFER – CLAUSES FOR VENDOR CONTRACTS A three-part series from KI Design: Part I: Data Outsourcing Part II: Cross-border Data Transfers The following guidelines are best-practice recommendations for ensuring that transferred data is processed in compliance with standard regulatory privacy laws. While a contract creates legal obligations for a Vendor, your company must still […]


  • Best-Practice Data Transfers for Canadian Companies – Part II

    CROSS-BORDER DATA TRANSFERS A three-part series from KI Design:  Part I: Data Outsourcing ,  Part III: Preparing for Data Transfer – Clauses for Vendor Contracts When personal information (PI) is moved across federal or provincial boundaries in the course of commercial activity, it’s considered a cross-border data transfer. Transferring data brings risk. As well as increasing […]


  • Best-Practice Data Transfers for Canadian Companies – I – Outsourcing

    DATA OUTSOURCING In our digitally interconnected world, most organizations that handle personal information will transfer it to a third party at some stage of the data life cycle. Your company may send personal information (PI) to an external service provider such as PayPal to process customer payments – that’s a data transfer. Perhaps you hired […]


  • “False Light” – Canada’s Newest Tort

    A tort recognized by the Ontario Superior Court of Justice last month expands privacy protections for Canadians by adopting a well-established US cause of action. Torts are an essential element of common law. A tort is a wrongful act or injury that leads to physical, emotional, or financial damage to a person, for which another […]


  • Privacy in Design: A Practical Guide to Corporate Compliance

    A series of articles offering a sneak peek into my e-book, Privacy in Design: A Practical Guide to Corporate Compliance.