Weekly CyberTip: Celebrate Data Privacy Week!
Are you celebrating Data Privacy Week 2023? Many countries around the world celebrate Data Privacy Week, which traditionally falls over the last week of January. This year, Data Privacy Week starts January 22, culminating with Data Privacy Day on January 28. Data Privacy Day commemorates the signing of Convention 108 in 1981, the first legally binding international instrument on privacy and data protection.
Data Privacy Week is a time to reflect on the impact that technology has on your privacy rights, as well as a reminder of the importance of protecting your rights and personal information. In recognition of Data Privacy Week this year, we have compiled a list of timely resources:
- Office of the Privacy Commissioner of Canada (OPC) Data Privacy Week home page
- Canada’s Get Cyber Safe home page
- Canadian Anti-Fraud Centre home page
- Government of Canada – Canadian Centre for Cyber Security home page
- Educational Computing Network of Ontario (ECNO) Data Privacy Week infosheet
- K. National Cyber Security Centre data breach guidance page
- S. Federal Privacy Council Data Privacy Week home page
- S. National Cyber Security Alliance Data Privacy Week home page
Nunavut energy provider hit by cyber attack
In a January 19 press release, Qulliq Energy Corporation disclosed that it had been targeted by a cyber attack on the weekend of January 14-15. While power plants in the Canadian territory continue to operate as normal, “computer systems at the corporation’s Customer Care and administrative offices continue to remain unavailable,” according to the release.
Qulliq did not provide details on the nature of the attack, and advised that “it is too early to determine whether the attackers were able to access any customer information.”
In a statement issued the same day, Nunavut Premier P.J. Akeeagok assured residents that the government is helping Qulliq in their response to the incident, saying that the “Departments of Community and Government Services, Justice, Finance and Executive and Intergovernmental Affairs have deployed services and personnel” to assist.
CCCS Head speaks on social media app safety
In a recent interview with CBC News, Sami Khoury, Head of the Canadian Centre for Cyber Security, announced that the Canadian government is in the process of updating its guidance with respect to social media. The current guidance from changes are coming in the wake of the latest accusations that the social media app TikTok is being used by China to spy on its customers. The current guidance on “assessing possible risk before using social media platforms and apps” has not been updated since July 2019.
While Khoury didn’t cite the TikTok situation specifically, he implied that aggregated user data from some apps is being gathered and used unethically in some parts of the world: “Why does an application need to access all of my contact list? Why does it need to access my calendar, my email, my phone records, my [texts]? You layer on top of that the risk of connecting my 200 [contacts] with your 200 and then you have an aggregate… of information. In some cases, it lands in places that don’t live by the same principles of rule of law [and] respect for human rights.”
“Some platforms are responsible platforms where you potentially don’t have to worry about the data falling into the hands of a nation state. But other platforms are too close to that line,” Khoury added.
TikTok, which reputedly has over 1 billion users per month, is under growing scrutiny in a number of countries. The app has already been banned from U.S. federal entities, and a number of American universities are considering following suit, citing national security concerns. The European Data Protection Board (EDPB) is investigating what it has called “transfers by TikTok of personal data to China”, while France recently fined TikTok €5.4M over suspicious handling of cookies on the social media giant’s website. TikTok’s parent company ByteDance is based on China, though TikTok representatives repeatedly deny any data transfer to the parent company.
Canadian government issues warning about a new tech service fraud campaign
On January 19, the Canadian Anti-Fraud Centre issued a warning about a new tech support scam targeting Canadians.
“We’re getting reports of a new variation of tech support scams targeting Canadians, where fraudsters send emails to victims with fake invoices attached saying your subscription to an antivirus, tech or internet supports [sic] service has been renewed. They provide a phone number to call to cancel the service or resolve the issue. When you call the number, they’ll request remote access to your device and try to steal your financial or personal information,” according to the bulletin, which provides a set of tips to help avoid being tricked by cyber criminals.