Privacy insurance: read the fineprint

June 28, 2009

Documents 2Your business has insurance for typical business risks, but will your insurance protect you from liability arising from privacy law compliance?

People are increasingly aware of their privacy rights. This heightened awareness has translated into a greater willingness to initiate costly and time-consuming privacy complaints. Thanks to laws like the Personal Information Protection and Electronic Documents Act (PIPEDA), the reality for businesses is that non-compliance with privacy laws can take a chunk out of the bottom line. Given the costs associated with failing to meet legal standards, it’s not surprising that many insurers now offer privacy insurance coverage. But what is privacy insurance, and will it actually protect your business when you need it most? The scope of coverage offered varies depending on the provider, so it’s important to read the fineprint.

Be sure to ask what the policy covers. Some policies limit privacy insurance to protection from hacker attacks. But while hackers are a serious issue for any business, your insurance plan may need to do more. Depending on your jurisdiction and the applicable privacy laws, you may want to look for protection against any costs that can be imposed by the regulatory agencies that oversee compliance with privacy legislation. Otherwise, you might find you’re on your own for your businesses’s failure to fully meet the legal requirements for personal information under your control, including obligations to respond to access to information requests, obtain consents and ensure the accuracy of personal information holdings. It’s also a good idea to evalute your existing protection. Your current business insurance may already provide you with the coverage you need. If, for example, your errors and omissions insurance already protects you against privacy breaches, purchasing additional insurance may not be necessary.

Consider what the privacy insurance plan won’t cover. Many plans don’t cover illegal or fraudulent employee conduct, and some stop short of protecting against anything beyond the unauthorized release of personal information. Court defence costs may also be excluded. Make sure you read the plan or have your lawyer go over it before you buy it.

Finally, don’t forget that the best insurance policy is to take as many proactive steps as possible to get your privacy house in order. If you’re reading this blog, chances are you already have some of these measures in place. If not, consider comprehensive privacy policies and procedures that are reviewed and updated on (at least) an annual basis by legal counsel with expertise in privacy law. Staff privacy training is another excellent proactive step. As the saying goes, the best offence is a good defence!

Leave a Comment » | PIPEDA, Privacy, Privacy Insurance, Security | Tagged: , , , , , | Permalink
Posted by Brian Bowman

Manitoba Ombudsman’s 2008 Annual Report Released

June 25, 2009

ResultsThe Manitoba Ombudsman‘s Office recently released its annual report outlining the activities of its Access and Privacy Division in 2008. Here are some highlights…

Of the 198 new access complaints that were launched, 134 (68%) dealt with “refused access”. This indicates that the provincial government and public bodies either have to be more willing to grant access when requested or do a better job at explaining their rationale for refusing access. Of the 207 cases that were closed in 2008, 38% of the complaints were supported by the Ombudsman, 35% were not supported and 5% were resolved before the Ombudsman could issue a finding. This indicates that all of the complaints brought to the Ombudsman are not without merit. The public appears to have a relatively good understanding of what their rights are under FIPPA and PHIA.

The Ombudsman has also been proactively involved in the development stages of legislation and programs in order to address potential privacy issues. For example, the Ombudsman expressed concerns about the technology used in Enhanced Drivers Licenses (EIC). Radio Frequency Identification chips store the necessary information on the EICs, but the chips are always “on”, meaning that they can be read by unauthorized individuals. This concern is being addressed by providing the cardholder with a protective sleeve. However, if the sleeve is ripped, torn or used improperly, it will not provide the necessary protection. Therefore, the Ombudsman has stressed that it is essential that individuals understand the privacy implications of opting into the EIC program.

The Ombudsman was also been involved in assessing the use of closed-circuit television monitoring by Winnipeg Police, who have agreed to follow the recommendations of the Ombudsman and will not live-monitor the cameras and will work towards developing retention policies and technology to “sever” individuals from images which are not relevant.

Overall, the Ombudsman largely applauds public bodies and government agencies for addressing privacy concerns in the development phases of new programs and legislation. However, it is clear that public bodies need to do a better job of dealing with access requests.

Leave a Comment » | Access to Information, Government, Ombudsman, Privacy | Tagged: , , , , , , , | Permalink
Posted by Brian Bowman

Eddie Van Halen takes on Nike in IP battle

June 18, 2009

MusicianRock legend Eddie Van Halen, best known as the lead guitarist of Van Halen, is reportedly taking legal action against Nike over the alleged use of his signature guitar color scheme on Nike’s new Nike Dunk runners.  Van Halen had the red, white and black splattered design most commonly associated with his “frankenstrat” guitar copyrighted in 2001.  Van Halen is claiming that the Nike shoes are damaging his image and “causing irreparable harm and damage” to his design.  Nike has refuted the allegations and stated that “the Dunk shoe design is not substantially similar to any of the Van Halen designs, and Nike has not referenced the Van Halen name or image as part of any marketing campaign or promotional material associated with the shoe.” Interestingly, Van Halen recently released his own shoe line called or EVH shoes, which feature the recognizable pattern.

This case is noteworthy because it demonstrates the importance of intellectual property rights and how some protect such assets.  Having a copyright gives Van Halen the right to control how his design can or cannot be used.  Intellectual property rights allow owners to protect their assets against infringement and defend their rights in court. A successful claim may result in monetary damages, an injunction from the use of the infringing material or destruction of the infringing material.  Van Halen is taking advantage of the court process by claiming damages and the destruction of all products associated with the Nike Dunk runners. On the other hand, lawsuits can be expensive and that in order to infringe the materials have to be substantially similar.  It’s questionable whether the Nike Dunks bare a substantial similarity to Van Halen’s guitar design.  Remember the high profile decision between The Wyrd Sisters, a Winnipeg folk group, and Warner Bros. Entertainment Inc. that saw the band lose a considerable amount of money (including $140,000 in costs) when the judge ruled that the band’s name would not be confused with a band in one of the Harry Potter movies. 

Finally, Van Halen may be “running with the devil” and inviting himself up to his own copyright infringement lawsuit.  The EVH shoe line has been argued by some as bearing a striking resemblance to Converse All-Stars, a company that just happens to be owned by – you guessed it – Nike.

3 Comments | Copyright, Industrial Design, Intellectual Property, Marketing | Tagged: , , , , , , | Permalink
Posted by Brian Bowman

Raitt tape release highlights murky rules of privacy law

June 11, 2009

Today’s National Post story about a Nova Scotia judge’s decision to allow the publication of a private conversation between Natural Resources Minister Lisa Raitt and her former aide casts a spotlight on a murky area of privacy law. 

As reported by the National Post, the unusual case raises questions about what constitutes a “reasonable expectation” of privacy in a world where digital recorders and handheld wireless devices are omnipresent. As I’m quoted in the story, “[researchers] said some years ago that new privacy rules were going to put existing business practices under a microscope. I think what we’re seeing now is technologies are putting existing legal principles under a microscope.” Fellow blogger Dan Michaluk  is also quoted.

Read the full story here

Leave a Comment » | Privacy, Safeguarding, Safekeeping, Technology | Tagged: , , , , | Permalink
Posted by Brian Bowman

IP Osgoode (at Osgoode Hall Law School) names On the Cutting Edge “Pick of the Week”

June 10, 2009

ChoicesI was delighted to learn that IP Osgoode has named this blog the “Pick of the Week”!

IP Osgoode at Osgood Hall Law School in Toronto is a new, independent and authoritative voice which explores legal governance issues at the intersection of intellectual property (IP) and technology. If you haven’t yet visited the IP Osgoode website, I would encourage you to do so as it contains some great content.

If you are also interested in finding additional resources, you may want to visit the Nymity website. Of particular interest, the Nymity website has a section dedicated to recent privacy breaches and recent privacy studies. Finally, you may also want to visit the Canadian Association of Professional Access and Privacy Administrators website.

Hope these links help!

Leave a Comment » | Blogs, Intellectual Property, Privacy, Privacy Breach, Technology | Tagged: , , , , | Permalink
Posted by Brian Bowman

Social networking websites and employer-employee relationships

June 2, 2009

As I’ve previously discussedSocial networking websites such as MySpace and Facebook are provoking new questions about the appropriate boundaries in employee-employer relationships. This is evident in a United States Federal Court case coming to a head in New Jersey. The case pertains to the conduct of a manager who logged into a private social networking website and observed employees slandering company supervisors and customers. Those same employees were later dismissed. The case exemplifies a rapidly expanding “grey area” between an employee’s work life and personal social life. It begs the question, at what point does a “private” comment to friend made outside of the office constitute defamation, and at what point are such comments simply banter between individuals?  Of course, the answer is, it all depends on the facts. 

For an interesting discussion on the matter, check out Myrth on a Blog, a personal journal of law, technology and social media.

1 Comment | Access to Information, Blogs, Defamation, Employee Monitoring, Facebook, Internet, MySpace, Online Reputation Management, Privacy, Social Networking Websites, Technology | Tagged: , , , , , , , , , | Permalink
Posted by Brian Bowman

Follow

Get every new post delivered to your Inbox.

Join 106 other followers