Keep it private

By Guest    September 2, 2009

Did you know that every time you install a Facebook application, you give that application developer ALL of your personal profile information and access to your friends information? That developer could be anyone from a reputable company to a teenager in a foreign country. Did you want to provide all that personal information? Well, you did. And so did I and almost every other Facebook user. Most of us simply click on a pop-up box without reading or understanding all the legal fine print.

Internet companies are by default operating around the world and need to comply with the laws in countries where their users reside. Guest contributor, Nicholas Cheung explains the Facebook incident which also highlights considerations for designing your company’s privacy policies.

Global Privacy Implications for Facebook

Last month, the Office of the Privacy Commissioner of Canada (OPC) issued a report on Facebook after months of investigation into the privacy practices of the popular social networking tool.  In the report, the OPC found that third party applications had unfettered access to personal information that they didn’t need, kept personal information long after accounts had been deactivated and did not make it easy for users to delete their accounts.  Last week, Facebook relented and agreed to make the requested improvements to its privacy practices.

The benefits of these changes are significant as Facebook will make the changes applicable to all users worldwide, not just in Canada. Quite the achievement for the OPC since Canadian users only account for about 12 million of the 250 million users across the globe.

There are over a million developers for the third party applications (such as quizzes and games) in Facebook.  Not only were these developers obtaining access to personal information above and beyond what they needed for their applications, it was virtually impossible for Facebook to protect this data once it was obtained.  Under changes that will take about a year to develop, Facebook will allow users more control over the data being accessed by these third party developers.

Canada is fortunate to have strong privacy laws which apply from coast to coast.  Our federal privacy sector law, the Personal Information Privacy and Electronic Documents Act (PIPEDA), applies to all private sector organizations across the country unless a substantially similar law exists in that province.  Our federal privacy commissioner is an officer of Parliament (similar to the U.S. Congress) and independent of the government of the day.  She enforces our privacy laws and acts as a privacy advocate.

Unfortunately, the U.S. does not have a federal private sector privacy law or a federal privacy commissioner and it may be time to renew the debate over the merits of having either.  The instances of identity theft occur so frequently that it is almost a fact of life.  However for those that are affected, it can take years to rebuild their reputation or have devastating financial consequences.  Just ask Ben Bernanke, the chairman of the U.S. Federal Reserve Bank whose wife lost her purse that contained her checkbook and social security number at a Starbucks.  If it can happen to him, it could surely happen to you.

Sometimes it is possible to change the world in a small way.  Well, at least one emoticon at a time maybe.

Guest contributor Nicholas Cheung is the contributing author of The Canadian Privacy and Data Security Toolkit for Small and Medium Enterprises which is available for purchase at Knotia..