Great news – Canada has just released its free COVID-19 exposure notification app [1], COVID Alert. We evaluated it against three dimensions: Concept, Implementation, and User Experience. The concept we consider is leading-edge (A+), the implementation was just, adequate (C) and the user experience less than satisfactory (D). This post explains why. Ontario Digital Service (ODS)…
From Contact Tracing to Outbreak Notification Call for Participation This post is a call for participation for design thinkers – please email or tweet @drwhassan. Contact tracing has not been met with enthusiasm from the general public. Several applications have been pulled off the shelf, others are being revisited [ref]. Some countries have mandated their…
Three Executive Actions to help mitigate further risk If your company leverages Blackbaud CRM – this article will provide you of three actions that will help mitigate risk. Blackbaud a reputable company that offers a customer relationship management system has been hit and paid off ransomware. According to G2, Blackbaud CRM is a cloud fundraising and…
This article describes the issue of Police use of AI-based facial recognition technology, discusses why it poses a problem, describes the methodology of assessment, and proposes a solution The CBC reported on March 3[1] that the federal privacy watchdog in Canada and three of its provincial counterparts will jointly investigate police use of facial-recognition technology…
PREPARING FOR DATA TRANSFER – CLAUSES FOR VENDOR CONTRACTS A three-part series from KI Design: Part I: Data Outsourcing Part II: Cross-border Data Transfers The following guidelines are best-practice recommendations for ensuring that transferred data is processed in compliance with standard regulatory privacy laws. While a contract creates legal obligations for a Vendor, your company must still…
CROSS-BORDER DATA TRANSFERS A three-part series from KI Design: Part I: Data Outsourcing , Part III: Preparing for Data Transfer – Clauses for Vendor Contracts When personal information (PI) is moved across federal or provincial boundaries in the course of commercial activity, it’s considered a cross-border data transfer. Transferring data brings risk. As well as increasing the dangers…
DATA OUTSOURCING In our digitally interconnected world, most organizations that handle personal information will transfer it to a third party at some stage of the data life cycle. Your company may send personal information (PI) to an external service provider such as PayPal to process customer payments – that’s a data transfer. Perhaps you hired…
A tort recognized by the Ontario Superior Court of Justice last month expands privacy protections for Canadians by adopting a well-established US cause of action. Torts are an essential element of common law. A tort is a wrongful act or injury that leads to physical, emotional, or financial damage to a person, for which…
I am pleased to announce that Privacy in Design Book is now available for preorder on Amazon and Kindle. The book describes a journey into achieving corporate compliance while maintaining and improving business objectives. Compliance is an essential resource for privacy officers, executive leadership, and boards of directors. From developing a privacy program, through data handling…
The initial excitement over Alphabet’s Smartcity may be dwindling out of the perception that the tech giant will use the new development in the Harbourfront to collect personal data. The special attention given by interest groups to a project that actually has engaged the public and shown good faith may be giving companies the wrong lesson: Don’t engage…