New Podcast from the Ontario Privacy Commissioner

“Info Matters”

Patricia Kosseim, the Privacy Commissioner of Ontario, has just launched a new podcast: “Info Matters”. You can read the media release announcing the new podcast here.

Billed as a podcast about “people, privacy, and access to information”, the intended audience appears to be the general public rather than FOI Professionals or other privacy experts.

Episode One: “Don’t get caught! Protect yourself against phishing”

The first episode is dedicated to the topic of “phishing scams and how you can protect yourself so you don’t take the bait”.

The introduction of the first episode provides an example of a typical phishing scam:

“[T]here was an incident not too long ago in Uxbridge, a town just north of Toronto, involving an elderly woman who went into a Shoppers Drug Mart to buy $3,000 worth of Google gift cards. She seemed a little scared, rather hesitant, all signs of a typical scam situation. In fact, gift cards are the preferred method of payment for many criminals because they can’t be easily traced. The cashier noticed something wasn’t quite right and started asking a few questions, and it turned out this customer had been targeted by criminals involved in the Canada Revenue Agency tax scam. Luckily, the employee convinced her not to make the purchase in this case, but unfortunately, not everyone can be so lucky. And these kinds of attacks are on the rise. Scams can be very convincing and their impact on victims devastating.”

Commissioner Kosseim then interviews Fred Carter, her Senior Policy & Technology Advisor, who describes various types of phishing scams, including “vishing”, “smishing” and “spear fishing”:

“So phishing is a type of email. It’s kind of like spam. Smishing is text messages. And vishing are voicemail messages, or sometimes we think of them as robocalls. Spear phishing is targeted phishing. It means it’s aimed at particular people.”

Spear Fishing

In an institutional setting, “spear fishing” is most relevant. As described by Mr. Carter:

“I think maybe even the worst example is spear phishing because you’re actually being targeted and you might be an executive in an organization that has the keys of the kingdom. You’re the big fish. And there might be some additional motivations that would motivate an attacker to target you for other reasons that might not just be about money. In any case, phishing is often the first step in a more serious series of crimes. Phishing enables it to happen. There’s lots of things that they can do that are not too good.”

With many of us working remotely, it has become easier than ever for scammers to impersonate senior staff through electronic messages, potentially leading to privacy breaches and criminal theft of personal information. Remember: an email or text directing you to disclose personal information may not be genuine, even if it appears to have come from your institution’s Head or other senior staff. And if their email has been hacked, emailing back for confirmation may be of no use. If in doubt, consider calling the colleague who sent you the message to confirm that it is legitimate.

Verifying Requestor Identity

In my view, this first episode also serves as a timely reminder for FOI professionals to review their policies around verifying the identity of the requestor when processing a request for personal information. For example, some institutions have required that personal information requests be submitted on-site, so that identification can be checked in-person. This type of policy may now be out-of-date during the pandemic, with a greater number of staff working from home, and a growing trend towards providing more services remotely and discouraging unnecessary visits and travel.

Conclusion

Although the new podcast appears to be directed to the general public rather than to FOI professionals, it may still serve as a good source of information for FOI professionals to share with their colleagues and other contacts. Personally, I am interested in how the podcast will cover “access to information”, and would enjoy hearing a more informal take from the Commissioner regarding Freedom Of Information in Ontario.

With the new FOI AssistTM software, Ontario’s provincial and municipal institutions can process and respond to Freedom Of Information requests quickly, easily, and in full compliance with applicable legislation and guidance. Read the release announcement.

To receive guidance and tips on processing FOI requests, as well as up-to-date information about the FOI Assist software, please follow the FOI Assist website. Simply enter your email address at the bottom of the page then click the follow button.

Published by Justin Petrillo

I am creating FOI Assist™ software to help Ontario’s provincial and municipal government institutions of all sizes track and respond to Freedom of Information (FOI) requests. For most of my career I have been a lawyer, advising clients on commercial, intellectual property and FOI/privacy issues. From 2013 to 2015, I managed the FOI program for the Toronto 2015 Pan/Parapan Am Games Organizing Committee while serving as Legal Counsel to the Games. Prior to becoming a lawyer, I obtained a computer science degree and worked as a software developer at several well-known technology companies.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

<span>%d</span> bloggers like this: