Access to Information Webinar

November 29, 2010

Managing access to information requests by public sector organizations has never been more challenging than it is today. Complex public-private sector business arrangements, growing expectations for access by the public and increasing volumes of electronic records are all making it difficult to navigate access to information laws in the context of the real world. As a result, I thought that a one hour complimentary webinar would help! I hope you can attend.

What topics will be covered?

  • Overview of access to information 101: the basics
  • The 3 vantage points: public bodies, applicants & third parties
  • Review of recent cases/headlines
  • Identifying key legal and PR landmines
  • Discussion of trends in access to information
  • Practical tips for managing requests in a cost-effective manner

Who should attend?

Public bodies who are subject to access to information laws, private-sector organizations who regularly deal with public bodies and individuals/organizations who routinely initiate access to information requests under public sector access to information laws. 

When is the webinar? 

Wednesday, January 26th, 2011 from 1 – 2 PM (CST)

Please register <here> (space is limited)

Leave a Comment » | Access to Information, Ombudsman, Webinar | Tagged: , , , | Permalink
Posted by Brian Bowman

Supreme Court of Canada releases electric meter privacy decision

November 24, 2010

The Supreme Court of Canada (SCC) released an important decision today that considered whether an individual home owner had a reasonable expectation of privacy in electric meter data.

The police had asked a local utility company to attach a digital recording ammeter (DRA) to the electric meter on a home in order to monitor electrical usage. The data gleaned from the DRA and from other sources was then used to obtain a warrant to search the home. The search resulted in exposing a marijuana grow op. The defence argued that the installation of the DRA infringed the privacy rights of the accused to be secure against unreasonable search contained in Canada’s Charter of Rights and Freedoms.

A critical factual consideration, on which much of the disagreement in the case turned, was the degree to which the use of DRA technology reveals private information. The SCC ultimately decided that DRA technology merely indicates electricity use, not what the electricity was used for, so it was a reasonable loss of privacy.

Here’s an excerpt from the decision:

The central issue in this case is thus whether the DRA discloses intimate details of the lifestyle and personal choices of the individual that form part of the biographical core data protected by the Charter’s guarantee of informational privacy.  The evidence available on the record offers no foundation for concluding that the information disclosed by the utility company yielded any useful information at all about household activities of an intimate or private nature that form part of the inhabitants’ biographical core data.  The DRA’s capabilities depend of course on the state of the technology at the time of its use.  As DRA technology now stands, it is not capable of giving access to the occupants’ personal information.  Instead, the DRA data merely yield an additional piece of information to evaluate suspicions — based on an independent evidentiary foundation — police already have about a particular activity taking place in the home.

A final factor affecting the informational privacy analysis is the fact that G’s interest in the electricity use data was not exclusive.  G’s electricity consumption history was not confidential or private information which he had entrusted to the utility company.  As the supplier of electricity, the utility company had a legitimate interest of its own in the quantity of electricity its customers consumed.  Consequently, it is beyond dispute that the utility company was within its rights to install a DRA on a customer’s line on its own initiative to measure the electricity being consumed.  The utility company was not an interloper exploiting its access to private information to circumvent the Charter at the behest of the state; rather, its role is limited to the wholly voluntary cooperation of a potential crime victim.

While a territorial privacy interest involving the home is a relevant aspect of the totality of the circumstances informing the reasonable expectation of privacy determination, the Charter’s protection of territorial privacy in the home is not absolute.  Where, as in the case at bar, there was no direct search of the home itself, the informational privacy interest should be the focal point of the analysis.  The fact that the home was the focus of an otherwise non-invasive and unintrusive search should be subsidiary to what the investigative technique was capable of revealing about the home and what information was actually disclosed.  The fact that the search includes a territorial privacy aspect involving the home should not be allowed to inflate the actual impact of the search to a point where it bears disproportionately on the expectation of privacy analysis.

 

2 Comments | Monitoring, Personal Information, Privacy, Technology | Tagged: , | Permalink
Posted by Brian Bowman

When Barbie invades your privacy

November 19, 2010

Mattel’s Barbie doll is now wired. Literally.

The new Barbie Video Girl, which retails for just over $100, has a built-in camera in the doll’s necklace and an LCD screen on her back. The doll also comes equipped with a USB cable that enables you to transfer video recordings to your home computer and then online to YouTube or Facebook.

Not surprisingly, some are calling for a ban on Barbie Video Girl because of the potential that children will post online videos which infringe their privacy. Should we ban Barbie Video Girl? If so, should we ban all children’s toys with cameras? Read more>>

Leave a Comment » | Internet, Monitoring, Privacy, Technology | Tagged: , , | Permalink
Posted by Brian Bowman

How to monitor your reputation on social networks

November 15, 2010

CTV News has an excellent article that discusses important issue of how to monitor your reputation on social networks. While including some practical tips, the article discusses the importance of being proactive with your online reputation and privacy in what is described as “this Wild West world”.

Leave a Comment » | Defamation, Due Diligence, Facebook, Internet, Monitoring, Social Networking Websites | Tagged: , , , , , | Permalink
Posted by Brian Bowman

What is device fingerprinting, or machine ID?

November 4, 2010

Some online banks, e-commerce merchants and Internet-based market research firms are turning to a new technology called device fingerprinting (or machine ID as it’s often called) for online verification and fraud detection. Unlike cookies, however, which can be blocked, filtered and deleted, device fingerprinting is invisible to consumers. For website owners that use the technology, adequate disclosures, consent and safeguards are required, at minimum, to comply with privacy laws.  

In fact, device fingerprinting works so well that many businesses that use it might not even be aware that they’re doing so. Is your organization using the technology? If so, it’s vital that your organization’s use of device fingerprinting complies with applicable privacy laws.

To learn more about device fingerprinting click here to view a presentation that I recently delivered alongside Steven Johnston (Senior Security and Technology Advisor, Office of the Privacy Commissioner of Canada) and David Stark (CIPP, Vice President, Compliance and Privacy Officer, GFK Group) to the International Association of Privacy Professionals in Baltimore, Maryland. As you’ll see, the presentation includes an overview of device fingerprinting, identifies relevant privacy law issues (my contribution to the presentation), the OPC’s perspective and provides practical examples.   

Thanks to the IAPP for the opportunity to present and compliments to Steven Johnston and David Stark for excellent remarks.

Leave a Comment » | Device Fingerprinting, PIPEDA, Privacy, Technology | Tagged: , , , , | Permalink
Posted by Brian Bowman

PIPEDA amendments getting closer to reality

November 2, 2010

Bill C-29, An Act to Amend the Personal Information Protection and Electronic Documents Act, went through second reading in the House of Commons last week. This brings it one step closer to becoming law.

Anticipated amendments to PIPEDA include:

  • a mandatory breach notification regime that would require organizations to promptly notify affected individuals and to report major data breaches to the Privacy Commissioner of Canada; 
  • amendments to account for the unique circumstances regarding consent in employer/employee relationships; and
  • modifications to allow organizations to collect, use and disclose personal information as necessary for the conduct of business transactions, such as mergers and acquisitions.

Stay tuned…

Leave a Comment » | Bill C-29, PIPEDA | Tagged: , | Permalink
Posted by Brian Bowman

Anti-Spam Bill moves forward

November 1, 2010

Bill C-28, commonly referred to as the “Fighting Internet and Wireless Spam Act”, went through second reading in the House of Commons last week. The Standing Committee for Industry, Science and Technology will meet tomorrow for further discussions.

Some of my previous posts regarding the anti-spam law can be viewed here. You can find detailed information on this bill, and any other, through LegisInfo, a “collaborative effort of the Parliamentary Information and Research Service and the Information and Document Resource Service of the Library of Parliament”. Stay tuned…

Leave a Comment » | Anti-Spam Legislation, Bill C-28, Government, Legislation Update | Tagged: , | Permalink
Posted by Brian Bowman

Follow

Get every new post delivered to your Inbox.

Join 72 other followers