Thanks to everyone from across Canada who attended today’s Access to Information webinar. If you weren’t able to attend, you can now watch/listen to the webinar here. Topics covered included:
Leave a Comment » | 
Access to Information, Government, Ontario's Information and Privacy Commissioner, Redactions, Webinar | Tagged: Access to Information, Corporate Information, Government | 
Permalink
Posted by Brian Bowman
Recent news coverage about WikiLeaks has focused on the leaked documents and ethics, or lack thereof, of WikiLeaks’ founder, Julian Assange. Rightfully so.
The formerly classified documents are tantalizing and the story behind Assange and his WikiLeaks website is fascinating. But amidst the media chatter about the damage inflicted by WikiLeaks itself, the circumstances surrounding the initial release of secret documents from the U.S. government to WikiLeaks should provide a wake up call for other governments and corporations here at home.
Leave a Comment » | Access to Information, Data Protection, Employee Monitoring, Safeguarding, Safekeeping, Security, Security Breach, Technology | Tagged: Access to Information, Corporate Information, Information Technology, Safeguarding, Security, Workplace Surveillance | Permalink
Posted by Brian Bowman
Managing access to information requests by public sector organizations has never been more challenging than it is today. Complex public-private sector business arrangements, growing expectations for access by the public and increasing volumes of electronic records are all making it difficult to navigate access to information laws in the context of the real world. As a result, I thought that a one hour complimentary webinar would help! I hope you can attend.
What topics will be covered?
Who should attend?
Public bodies who are subject to access to information laws, private-sector organizations who regularly deal with public bodies and individuals/organizations who routinely initiate access to information requests under public sector access to information laws.
When is the webinar?
Wednesday, January 26th, 2011 from 1 – 2 PM (CST)
Please register <here> (space is limited)
Leave a Comment » | Access to Information, Ombudsman, Webinar | Tagged: Access to Information, Corporate Information, Manitoba, Manitoba Ombudsman | Permalink
Posted by Brian Bowman
The recent headlines over the Veteran Affairs Canada privacy breach should serve as a useful reminder to all organizations – public and private sector – of the necessity to implement internal policies and procedures for the management of personal information. Much attention is paid these days by the media to privacy breaches that involve external parties, such as hackers, who foil the security safeguards of organizations. However, in my experience the bigger threat to privacy if often from within an organization.
In this recent case involving Veteran Affairs, a veteran had filed a complaint with the Office of the Privacy Commissioner of Canada (“OPC”) alleging that Veterans Affairs had violated the Privacy Act by including excessively detailed and sensitive medical information in briefing notes to the Minister of Veterans Affairs. The complainant also alleged that Veteran Affairs had transferred his medical file to a hospital administered by Veterans Affairs without his consent.
The OPC has issued the following formal recommendations to Veterans Affairs, but they should also serve as useful recommendations to other organizations:
Leave a Comment » | Access to Information, Data Protection, Due Diligence, Government, Privacy, Privacy Breach, Privacy Commissioner of Canada, Safeguarding, Safekeeping, Security Breach, Training | Tagged: Access to Information, Due Diligence, Personal Information, Privacy Commissioner, Privacy Compliance, Safeguarding | Permalink
Posted by Brian Bowman
CJOB|680′s Geoff Currier recently asked me to participate in his live radio program called “The Nighthawk”. Geoff and callers raised a number of issues related to privacy and access to information law including the following question that Geoff asked… “Once I go on Twitter/Facebook, do I automatically surrender my privacy rights? In Vancouver wherein an alleged gang rape and some photos of the victim were posted online and distributed out there…what does our law say about that? You are standing on Portage & Main and you kiss your wife and I happen to take a photograph of that… is that an invasion of your privacy?” To hear the answer to this and other questions please listen to the live broadcast recording here>>.
Thanks to Geoff Currier and CJOB|680 for the invitation to participate in the program.
Leave a Comment » | Access to Information, Defamation, Facebook, Online Reputation Management, Privacy | Tagged: Access to Information, Privacy | Permalink
Posted by Karen
Amendments to Manitoba’s patient privacy law are now in effect. The controversial changes to The Personal Health Information Act went largely unnoticed in the province, but will have big implications for Manitobans and the fundraising foundations that many hospitals, personal care homes or other designated health care facilities rely upon to support innovation in health research and patient care. What were these amendments and why are they controversial?
Leave a Comment » | Access to Information, Health Care, PHIA, Privacy | Tagged: Access to Information, Health Care, PHIA, Privacy | Permalink
Posted by Brian Bowman
Imagine this scenario… The police show up at your office and demand access to records relating to one of your customers. You want to help the police (as you should), but are concerned about violating your customer’s privacy rights. What should you do?
Well, the first thing you should do is ask the police for written documentation relating to their request. You should also immediately contact a lawyer with appropriate expertise because this type of scenario can be a legal minefield. For example, are you actually dealing with the police or some bold scam artist? Do the police have the legal authority to demand the requested information? Should they have a warrant?
Presuming that you end up providing the records to the police, you’ll need to ensure that you’re not providing too much information. If the records of your customer are co-mingled with another individual, you’ll need to consider whether you can legally provide the police with access to the other person’s information. Are you then barred from telling the customer that the police were at your office? What sort of internal records should you keep to document that the police accessed your files? How long do you need to keep those internal records?
It’s never fun to say “no” to the police. They are, after all, typically armed. But hopefully the police will make it easy for you to satisfy yourself, and your lawyer, that working cooperatively with them won’t violate your customer’s privacy and unnecessarily exposing your business to liability.
2 Comments | Access to Information, Due Diligence, Lawful Access, Privacy | Tagged: Access to Information, Due Diligence, Law enforcement, Privacy, Security | Permalink
Posted by Brian Bowman
Since e-mail has become the dominant form of business correspondence, employers have been increasingly forced to deal with issues related to e-mail use, monitoring and access. It’s crucial that organizations stay on top of the legal landscape as it relates to e-mail monitoring, especially as it relates to privacy issues.
Unfortunately, privacy law does not offer black and white answers to the legal issues raised by e-mail monitoring practices. Instead, and like most other privacy law issues, the standard of “reasonableness” rules the day.
I recently penned an article on point (link below) with my colleague Andrew Buck (who is currently completing his Articles at Pitblado LLP) for the Canadian Bar Association’s National Privacy & Access Law section newsletter, Privacy Pages. Our article examines some of the case law and commentary that has arisen from e-mail monitoring with a view towards setting out practical solutions for the creation of “reasonable” e-mail monitoring practices. If you’re interested in reading the full article, please click on the link below.
1 Comment | Access to Information, E-mail, Employee Monitoring, Monitoring, Personal Information, PIPA, PIPEDA, Privacy, Technology | Tagged: Access to Information, E-mail, Monitoring, Privacy | Permalink
Posted by Brian Bowman
The Federal Government’s recent initiative to modernize law enforcement related legislation for the Internet age has (at least within law enforcement and privacy circles) once again propelled the issue of privacy vs. security to the forefront. The issues are incredibly important for Canadians, yet there has been little debate within the wider public. That being said, I’m pleased to read Ian MacLeod’s recent Ottawa Citizen article, which (even if you don’t agree with some of the points) does a good job of raising the issues in plain language. For a more technical analysis of the legal issues, you may want to read fellow blogger David Fraser’s post regarding the debate about warrantless access to ISP customer information.
The debate surrounding the “lawful access” legislation stems from real challenges affecting Canada’s law enforcement agencies and their need for access to personal information in the course of investigations. What is concerning, however, is the prospect of warrantless searches without judicial oversight. As a citizen in a free and democratic society, it troubles me to see any legislative initiative that could lead to investigations without appropriate checks and balances. Privacy and security don’t need to be mutually exclusive. Let’s hope that through the upcoming Parliamentary Hearings on the “lawful access” legislation we see a balance emerge between privacy and security in such a way that empowers law enforcement agencies while preserving the judicial oversight that Canadians have come to rightfully expect in our society.
Leave a Comment » | Access to Information, Internet, Lawful Access, Online Reputation Management, Personal Information, Privacy, Security | Tagged: Access to Information, Internet, Lawful Access, Online Reputation Management, Personal Information, Privacy, Security | Permalink
Posted by Brian Bowman
BBC News is reporting that thousands of Hotmail accounts have been compromised in a phishing attack, which has reportedly affected at least 10,000 individuals.
Phishing involves identity thieves attempting to obtain personal information, such as user names, passwords and financial information, by pretending to be trustworthy organizations in need of such data.
Coincidentally, the Privacy Commissioner of Canada released her annual report today, which stresses the importance of making informed choices when sharing personal information online. The Privacy Commissioner reminds Canadians that there is a risk that unguarded personal information could be exploited by identity thieves. The Hotmail phishing attack, as well as the Privacy Commissioner’s annual report, should also remind businesses to remain vigilant in protecting their brands – or online reputations – from being damaged by identity thieves that use phishing attacks to exploit the well-earned trust that such businesses have built with their customers.
Leave a Comment » | Access to Information, Identity Theft, Internet, Online Reputation Management, Passwords, Personal Information, Phishing, Privacy, Safeguarding, Security | Tagged: Access to Information, E-mail Accounts, Hotmail, Identity Theft, Internet, Online Reputation Management, Passwords, Personal Information, Phishing, Privacy, Safeguarding, Security | Permalink
Posted by Brian Bowman
You are currently browsing the archives for the Access to Information category.
