User:Millyg123456/sandbox



= Privacy and Canadian Schools =

Privacy issues or invasions can vary from failure to follow privacy laws and regulations such as, "surveillance, data collection and protection of all personal and/or technological data." Institutions are required to disclose their privacy laws and regulations on their websites so it can be accessible to all users in order to know and understand their rights.

Technology
The use of surveillance equipment by large companies or institutions, such as schools, has became wildly popular since technology has advanced. The notion that an institution can see large and wide distances in real time has become very appealing and a source of protection against several criminal acts against them.

The use of technology as a commodity has grown as well. For institutions and companies, it may be seen as a marker of their success or progress. It may also be used as an incentive for their customers or applicants.

Identity
Surveillance of the identity has two dimensions associated with the concept. The first is: "the monitoring of pre-constituted social groupings" and the second includes, "establishing new forms of identity".

Resistance
There are several ways surveillance can be resisted by an individual. Specifically, they include; "switching, distorting, blocking, piggybacking, discovery, avoidance, refusal, masking, breaking, cooperation, and counter-surveillance."

Information Privacy Practices
Similar to resistance, there are also several ways in which an individual can participate in information privacy practices. They include; "using caution when divulging information, using privacy protection software (McGinity 2000), falsifying personal information, employing passive restraints such as filtering or deleting unwanted e-mail, and utilizing identity modification (i.e., creating new e-mail accounts when one is being spammed or using a gender neutral ID during chat) (Chen and Rea 2004)."

Information Privacy Education
The Office of the Privacy Commissioner of Canada (OPC) has been emphasizing the importance of privacy education in school curricula. They want to avoid dangers associated with the use of technology such as sexual predators, harassment, bullying, and hacking or email scams that may effect children with little education of privacy. The OPC stated, "It is important that students become savvy digital citizens who are able to enjoy the benefits of being online. Young people need to be equipped with the knowledge necessary to navigate the online world and participate in the digital domain while protecting their privacy.” The education on privacy for students should include information such as;


 * 1) What personal information is.
 * 2) How the digital environment operates.
 * 3) Techniques of resistance in order to avoid giving away too much personal information.
 * 4) Learning how to be a "digital citizen" while exercising privacy rights.

With an education emplaced, risks associated with the use of technology may be avoided for children and adults.

Federal Privacy Laws
"Canada has two federal privacy laws that are enforced by the Office of the Privacy Commissioner of Canada:


 * the Privacy Act, which covers how the federal government handles personal information;
 * the Personal Information Protection and Electronic Documents Act( PIPEDA ), which covers how businesses handle personal information."

The Privacy Act
"The Privacy Act relates to a person’s right to access and correct personal information that the Government of Canada holds about them. The Act also applies to the Government’s collection, use and disclosure of personal information in the course of providing services such as:


 * old age security pensions
 * employment insurance
 * border security
 * federal policing and public safety
 * tax collection and refunds.

The Privacy Ac t only applies to federal government institutions listed in the Privacy Act Schedule of Institutions. It applies to all of the personal information that the federal government collects, uses, and discloses. This includes personal information about federal employees.

The Privacy Act offers protections for personal information, which it defines as any recorded information “about an identifiable individual."

Personal Information Protection and Electronic Documents Act (PIPEDA)
As described by the governments privacy laws information website,

"PIPEDA sets the ground rules for how private-sector organizations collect, use, and disclose personal information in the course of for-profit, commercial activities across Canada. It also applies to the personal information of employees of federally-regulated businesses such as:


 * banks
 * airlines
 * telecommunications companies."

Freedom of Information and Protection of Privacy Act (FIPPA)
In June 2006, Ontario universities enforced the Freedom of Information and Protection of Privacy Act (FIPPA). "This act has two main purposes: (1) access to information under the control of the institutions and educational institutions covered by the Act; and (2) protection of the privacy of individuals with respect to personal information about themselves and to provide individuals with a right of access to that information held by the institutions/educational institutions."

Using the "Cloud"
In today's technological world, many organizations and institutions have decided to move their information to something known as the "cloud". The term "Moving to the Cloud", could be referred to as "creating content and storing the digital archives of information produced—including confidential, proprietary and deeply personal information—outside of your organization’s physical control, on someone else’s computers, somewhere else in the world...When Information Technology professionals talk about cloud computing, they are talking about the ability to sell or buy slices of computer services over the global Internet." This technique is extremely popular for organizations and large institutions because it is inexpensive and extremely convenient. In an article titled, "Seeing Through the Cloud: National Jurisdiction and Location of Data, and Networked Still Matter in a Digitally Interconnected World" authors; Heidi Bohaker, Lisa Austin, Andrew Clement, and Stephanie Perrin, conducted a year-long study investigating privacy issues associated with storing information in the global cloud, as it may be associated with another nation's dominion. The authors studied laws in both Canada and the United States of America along with data flow across boarders such as North America, and their related Internet traffic patterns. They also studied Canada's public universities and their use of Google apps, Microsoft Office 365, and "suites of eCommunications and collaboration software (which includes email, messaging, telephony, video-conferencing and document creation, editing and storage)."

Some information collected through these platforms may contain intellectual property as well as personal information of the people using them through the institution. The article highlights the issues associated with information contained in the global cloud passing over the boarder from Canada to the US, and therefore surrendering privacy laws associated with either country. When the US government accessing information of a Canadian citizen, they may assess it according to the privacy laws of a lower-level because they are associated with the data of a non-US citizen. The article specifically states that, "Canadians and Canadian organizations have significantly better legal privacy protection from state surveillance when their data are processed, stored, routed or more generally kept exclusively within Canadian jurisdiction than elsewhere. This protection extends to valuable intellectual property which is also vulnerable to industrial espionage from state surveillance in foreign jurisdictions. Canadians have significantly more options to address data protection concerns through their own courts, legal reform and the electoral process." If information shared over the global cloud is considered private or confidential, then it is assumed that the individual must forfeit their right to their private information since there is a possibility of it being breached by another nation.

After the research conducted by the authors of this article, they suggest that;


 * 1) "Canadian organizations should not outsource eCommunications services beyond Canadian jurisdiction until adequate measures for ensuring legal and constitutional protections equivalent to those in Canada are in place."
 * 2) "When considering eCommunications options, including outsourcing, organizations should conduct thorough and transparent Privacy Impact Assessments (PIAs) and Threat Risk Assessments (TRAs), taking into account constitutional and other protections provided under Canadian law, as well as the risks of using services hosted in foreign jurisdictions. The “similar risk” assertion should no longer be used in PIAs to support extra-national outsourcing."
 * 3) "Organizations that have already outsourced to companies that place data outside Canadian jurisdiction should revisit these decisions in light of the deeply flawed “similar risk” assertion and what is now known about, for example, mass surveillance practices in the USA. Organizations should consider the risk of similar practices occurring in other countries"

Canadian University and College Privacy Issues
Universities typically collect personal data through students applications, registry, class schedules, tuition payment or scholarships and bursaries. However, most students are unaware of how universities use and apply their personal data after it is collected by the institution.

Security cameras on university campuses are essential to both safety and protection of all staff and students. However, there are certain laws and regulations a university must follow when installing and monitoring these security cameras. Information on Canadian university privacy laws and regulation can be found at https://www.univcan.ca/privacy-policy/.

York University
York University is a public university that is located in Toronto, Ontario. It is considered to be Canada's third-largest university's and has the largest campus in Canada with 457 acres of land. With this in mind, such a large campus must include intensive security and privacy protection for students and faculty staff. An organization or institution is required to provide specific information about policies to individuals, according to the Personal Information Protection and Electronic Documents Act ‘Openness Principle. All information regarding privacy and personal information can be found on the York University website.

York University's Privacy Debate
An issue featured in the York University's school newspaper known as the Excalibur explained that several cameras located on the university's campus did not obey Canadian privacy laws. Each camera on campus is required to have a corresponding sign informing individuals that they are on camera. However, many students in a fourth-year communications class analyzed the cameras around the campus and noted that most of them do not have the proper signage associated with them. According to the Canadian privacy act, an individual has a right to know if the area they have entered in is being surveilled.

A second issue published on December 1st, 2010 in the Excalibur reviewed another issue with York University's student privacy. The article titled, "Room 110 Invades York Student Privacy" was created by Jacqueline Perlin and explores a popular website called, "Room 110" that allowed students to upload information, such as pictures anonymously. Derek Paul, a spokesperson for the site, explained that the website "Is a place for students to get a glimpse into the university life beyond the regular perception of going to class and studying for hours on end". The website contained a "York University" section with multiple pictures and captions associated with them. The website discusses new, gossip and updates concerning the university and the students involved. On November 17, 2010 the Ryerson university newspaper, Ryersonian, and the Wilfred Laurier university newspaper, The Cord, on November 25, 2010 published stories concerning university officials attempting to shut the site down due to its invasion of student privacy. When the York University's media relations director, Alex Bilyk was asked about the site, he stated that it did not concern the university or any of it's privacy law.

Currently, the site formally known as "Room 110", has been shut down and no longer contains content associated with any university.

University of Regina
The University of Regina is a public university that was established in 1911. It was originally named, "Regina College", but was then renamed to University of Saskatchewan in 1961. It is located in Regina, Saskatchewan, in Canada.

An article published by CBC titled “Hacked Computers Cause University Privacy Breach” by Glenn Reid highlights an incident when three computers were accessed without permission in the year, 2016. After the university was targeted by hackers, they decided to launch a thorough investigation. They concluded that three computers were accessed without authorization. The main issue seemed to have been that one of the computers hacked "contained personal information such as names, addresses, phone numbers, student identification numbers, birth dates, and grades." The executive director of communications, Kim McKechney stated, "At this point we don't have any evidence that any personal information has actually been disclosed or used maliciously, but it was enough of a breach that we're taking it very seriously,". The University of Regina order a forensic analysis in order to figure out how much information was hacked and if further implications need to be taken.

University of Calgary
The University of Calgary is a public university that was established in 1944. It is located in Calgary, Alberta in Canada and is considered to be one of Canada's top research universities.

An article published on a website known as ABlawg.ca, titled Privacy and Video Surveillance on Campus, discussed surveillance issues on the University of Calgary school's campus. The University is currently governed by Alberta's Freedom of Information and Protection of Privacy Act, R.S.A. 2000, c. F-25 ("FOIPA"). This act has the ability to protect and control the way information of an individual is collected and stored. This act covers personal information such as video surveillance of the individual.

This article discusses the possible privacy concerns associated with an anti-abortion protest group (Campus Pro-Life Club) videotaping themselves as we'll as others, on the university's campus. The university did post a warning sign near the protest indicating that if an individual involved themselves in the protest in any way, there would be a possibility that they may be recorded on camera. The university itself seems to be compliant with Alberta's privacy laws in terms of;

"• the number and placement of the cameras,

• control of access to information gathered through the use of surveillance measures, and

• adequate retention and disposition schedules."

However, the argument here is whether or not the University should take action if a student group if violating surveillance and privacy policies while on the University of Calgary's school campus. The author, Linda Mckay-Panos states that, "Since the persons doing the videotaping were on campus despite the objections of the University, it would seem difficult to establish that they would be subject to the University’s Privacy Policy. Perhaps it could be argued that as students, they are subject to the policy and were in violation of it. The Privacy Policy is stated to apply to personal information in the custody or under the control of the University of Calgary. One might argue that the students’ footage is under the control of the University; however, I am not sure if this argument would be successful. Could the University actually demand that it be given the footage? In addition, the wording of the Video Surveillance Policy suggests that that policy applies only to those who are operating or maintaining the CCTV system."

Individuals were instructed to avoid being videotaped at their own risk due to the controversy surrounding the issue.

Memorial University of Newfoundland
Memorial University of Newfoundland is located in St.Johns Newfoundland, Canada. It is considered to be the largest university in Atlantic Canada.

In August 2014, an article was published by CBC describing the privacy breach associated with Memorial University and the School of Social Work in St.Johns, Newfoundland. Dave Sorensen, the Communications Director on campus, explained that several computers were stole from offices in Coughlan Collage in August, 2014. The computers contained personal information of nine individuals on the hard drives. This incident was not considered to be severe so an investigation was not conducted.

Classroom Apps and Privacy Concerns
Classroom apps have become popularly used by both students and teachers in grade school. They allow for teacher-student communication as well as updates on homework and assignments that students may refer to at anytime. Parents are also able to use them and remain updated on their child's progress in each class. Some of these apps include ClassDojo, Seesaw, Google Classroom, Teach Learn Lead, Remind, Classtree, Slack, and Emodo, to name a few.

An article published by CBC on October 24th, 2018, highlighted some issues parents were concerned about in terms of their child's privacy associated with these apps. The apps are often seen as a positive addition to children's education, as they allow for interaction between children, teachers and parents. However, Joel Westheimer, a professor in the faculty of education at the University of Ottawa, and Mark Nunnikhoven, CBC's technology columnist and vice-president of cloud research at Trend Micro in Ottawa, highlight some issues the applications may have with data collection. Mark states that, "Most of these are U.S.-based companies, and we know the laws around data privacy and collection are extremely different in the U.S. versus Canada. As a parent and as a security professional, it's extremely difficult to find out what the rules are — let alone how the teachers and the students have been instructed in the use of these technologies." Joel explains that if a classroom is using the application known as ClassDojo, the teach is allowed to monitor the children with an iPad, and if a child misbehaves they are able to take a picture of them and take a point away using the point system associated with the app. Whether this breaches student's privacy or not is still unknown, and the popularity with the apps continue to grow each year.