June 28, 2009
Your business has insurance for typical business risks, but will your insurance protect you from liability arising from privacy law compliance?
People are increasingly aware of their privacy rights. This heightened awareness has translated into a greater willingness to initiate costly and time-consuming privacy complaints. Thanks to laws like the Personal Information Protection and Electronic Documents Act (PIPEDA), the reality for businesses is that non-compliance with privacy laws can take a chunk out of the bottom line. Given the costs associated with failing to meet legal standards, it’s not surprising that many insurers now offer privacy insurance coverage. But what is privacy insurance, and will it actually protect your business when you need it most? The scope of coverage offered varies depending on the provider, so it’s important to read the fineprint.
Be sure to ask what the policy covers. Some policies limit privacy insurance to protection from hacker attacks. But while hackers are a serious issue for any business, your insurance plan may need to do more. Depending on your jurisdiction and the applicable privacy laws, you may want to look for protection against any costs that can be imposed by the regulatory agencies that oversee compliance with privacy legislation. Otherwise, you might find you’re on your own for your businesses’s failure to fully meet the legal requirements for personal information under your control, including obligations to respond to access to information requests, obtain consents and ensure the accuracy of personal information holdings. It’s also a good idea to evalute your existing protection. Your current business insurance may already provide you with the coverage you need. If, for example, your errors and omissions insurance already protects you against privacy breaches, purchasing additional insurance may not be necessary.
Consider what the privacy insurance plan won’t cover. Many plans don’t cover illegal or fraudulent employee conduct, and some stop short of protecting against anything beyond the unauthorized release of personal information. Court defence costs may also be excluded. Make sure you read the plan or have your lawyer go over it before you buy it.
Finally, don’t forget that the best insurance policy is to take as many proactive steps as possible to get your privacy house in order. If you’re reading this blog, chances are you already have some of these measures in place. If not, consider comprehensive privacy policies and procedures that are reviewed and updated on (at least) an annual basis by legal counsel with expertise in privacy law. Staff privacy training is another excellent proactive step. As the saying goes, the best offence is a good defence!
June 25, 2009
The Manitoba Ombudsman‘s Office recently released its annual report outlining the activities of its Access and Privacy Division in 2008. Here are some highlights…
Of the 198 new access complaints that were launched, 134 (68%) dealt with “refused access”. This indicates that the provincial government and public bodies either have to be more willing to grant access when requested or do a better job at explaining their rationale for refusing access. Of the 207 cases that were closed in 2008, 38% of the complaints were supported by the Ombudsman, 35% were not supported and 5% were resolved before the Ombudsman could issue a finding. This indicates that all of the complaints brought to the Ombudsman are not without merit. The public appears to have a relatively good understanding of what their rights are under FIPPA and PHIA.
The Ombudsman has also been proactively involved in the development stages of legislation and programs in order to address potential privacy issues. For example, the Ombudsman expressed concerns about the technology used in Enhanced Drivers Licenses (EIC). Radio Frequency Identification chips store the necessary information on the EICs, but the chips are always “on”, meaning that they can be read by unauthorized individuals. This concern is being addressed by providing the cardholder with a protective sleeve. However, if the sleeve is ripped, torn or used improperly, it will not provide the necessary protection. Therefore, the Ombudsman has stressed that it is essential that individuals understand the privacy implications of opting into the EIC program.
The Ombudsman was also been involved in assessing the use of closed-circuit television monitoring by Winnipeg Police, who have agreed to follow the recommendations of the Ombudsman and will not live-monitor the cameras and will work towards developing retention policies and technology to “sever” individuals from images which are not relevant.
Overall, the Ombudsman largely applauds public bodies and government agencies for addressing privacy concerns in the development phases of new programs and legislation. However, it is clear that public bodies need to do a better job of dealing with access requests.
June 18, 2009
Rock legend Eddie Van Halen, best known as the lead guitarist of Van Halen, is reportedly taking legal action against Nike over the alleged use of his signature guitar color scheme on Nike’s new Nike Dunk runners. Van Halen had the red, white and black splattered design most commonly associated with his “frankenstrat” guitar copyrighted in 2001. Van Halen is claiming that the Nike shoes are damaging his image and “causing irreparable harm and damage” to his design. Nike has refuted the allegations and stated that “the Dunk shoe design is not substantially similar to any of the Van Halen designs, and Nike has not referenced the Van Halen name or image as part of any marketing campaign or promotional material associated with the shoe.” Interestingly, Van Halen recently released his own shoe line called or EVH shoes, which feature the recognizable pattern.
This case is noteworthy because it demonstrates the importance of intellectual property rights and how some protect such assets. Having a copyright gives Van Halen the right to control how his design can or cannot be used. Intellectual property rights allow owners to protect their assets against infringement and defend their rights in court. A successful claim may result in monetary damages, an injunction from the use of the infringing material or destruction of the infringing material. Van Halen is taking advantage of the court process by claiming damages and the destruction of all products associated with the Nike Dunk runners. On the other hand, lawsuits can be expensive and that in order to infringe the materials have to be substantially similar. It’s questionable whether the Nike Dunks bare a substantial similarity to Van Halen’s guitar design. Remember the high profile decision between The Wyrd Sisters, a Winnipeg folk group, and Warner Bros. Entertainment Inc. that saw the band lose a considerable amount of money (including $140,000 in costs) when the judge ruled that the band’s name would not be confused with a band in one of the Harry Potter movies.
Finally, Van Halen may be “running with the devil” and inviting himself up to his own copyright infringement lawsuit. The EVH shoe line has been argued by some as bearing a striking resemblance to Converse All-Stars, a company that just happens to be owned by – you guessed it – Nike.
June 11, 2009
Today’s National Post story about a Nova Scotia judge’s decision to allow the publication of a private conversation between Natural Resources Minister Lisa Raitt and her former aide casts a spotlight on a murky area of privacy law.
As reported by the National Post, the unusual case raises questions about what constitutes a “reasonable expectation” of privacy in a world where digital recorders and handheld wireless devices are omnipresent. As I’m quoted in the story, “[researchers] said some years ago that new privacy rules were going to put existing business practices under a microscope. I think what we’re seeing now is technologies are putting existing legal principles under a microscope.” Fellow blogger Dan Michaluk is also quoted.
Read the full story here…
June 10, 2009
I was delighted to learn that IP Osgoode has named this blog the “Pick of the Week”!
IP Osgoode at Osgood Hall Law School in Toronto is a new, independent and authoritative voice which explores legal governance issues at the intersection of intellectual property (IP) and technology. If you haven’t yet visited the IP Osgoode website, I would encourage you to do so as it contains some great content.
If you are also interested in finding additional resources, you may want to visit the Nymity website. Of particular interest, the Nymity website has a section dedicated to recent privacy breaches and recent privacy studies. Finally, you may also want to visit the Canadian Association of Professional Access and Privacy Administrators website.
Hope these links help!